From 0118528260d190c273d4e793f523e81db6dd8587 Mon Sep 17 00:00:00 2001 From: Peter Avalos Date: Sun, 26 Sep 2010 12:38:45 -1000 Subject: [PATCH] Update build for OpenSSL-1.0.0a. -Add Camellia, CMS, GOST, MDC-2, modes, SEED, ts, and Whirlpool. mdc2 is freely available since its patent expired in 2002. -Remove md2 for CVE-2009-2409. -See CHANGES for the enitire changeset. --- Makefile_upgrade.inc | 9 + crypto/openssl/crypto/cms/cms_env.c | 2 +- crypto/openssl/crypto/cms/cms_sd.c | 2 +- crypto/openssl/crypto/dh/dh_ameth.c | 2 +- crypto/openssl/crypto/dh/dh_pmeth.c | 2 +- crypto/openssl/crypto/dsa/dsa_ameth.c | 2 +- crypto/openssl/crypto/dsa/dsa_pmeth.c | 2 +- crypto/openssl/crypto/ec/ec_ameth.c | 2 +- crypto/openssl/crypto/ec/ec_pmeth.c | 2 +- crypto/openssl/crypto/engine/tb_asnmth.c | 2 +- crypto/openssl/crypto/evp/evp_pkey.c | 2 +- crypto/openssl/crypto/evp/p_lib.c | 2 +- crypto/openssl/crypto/evp/pmeth_lib.c | 2 +- crypto/openssl/crypto/hmac/hm_ameth.c | 2 +- crypto/openssl/crypto/hmac/hm_pmeth.c | 2 +- crypto/openssl/crypto/pem/pem_lib.c | 2 +- crypto/openssl/crypto/pem/pem_pkey.c | 2 +- crypto/openssl/crypto/pkcs7/pk7_lib.c | 2 +- crypto/openssl/crypto/rsa/rsa_ameth.c | 2 +- crypto/openssl/crypto/rsa/rsa_pmeth.c | 2 +- lib/libfetch/common.h | 2 +- libexec/dma/crypto.c | 2 +- secure/lib/libcrypto/Makefile | 147 ++-- secure/lib/libcrypto/Makefile.inc | 4 +- secure/lib/libcrypto/Makefile.man | 197 +++++- secure/lib/libcrypto/man/ASN1_OBJECT_new.3 | 18 +- secure/lib/libcrypto/man/ASN1_STRING_length.3 | 18 +- secure/lib/libcrypto/man/ASN1_STRING_new.3 | 18 +- .../lib/libcrypto/man/ASN1_STRING_print_ex.3 | 14 +- .../lib/libcrypto/man/ASN1_generate_nconf.3 | 28 +- secure/lib/libcrypto/man/BIO_ctrl.3 | 14 +- secure/lib/libcrypto/man/BIO_f_base64.3 | 14 +- secure/lib/libcrypto/man/BIO_f_buffer.3 | 23 +- secure/lib/libcrypto/man/BIO_f_cipher.3 | 14 +- secure/lib/libcrypto/man/BIO_f_md.3 | 20 +- secure/lib/libcrypto/man/BIO_f_null.3 | 14 +- secure/lib/libcrypto/man/BIO_f_ssl.3 | 22 +- secure/lib/libcrypto/man/BIO_find_type.3 | 14 +- secure/lib/libcrypto/man/BIO_new.3 | 14 +- .../man/{ERR_print_errors.3 => BIO_new_CMS.3} | 80 ++- secure/lib/libcrypto/man/BIO_push.3 | 14 +- secure/lib/libcrypto/man/BIO_read.3 | 14 +- secure/lib/libcrypto/man/BIO_s_accept.3 | 14 +- secure/lib/libcrypto/man/BIO_s_bio.3 | 14 +- secure/lib/libcrypto/man/BIO_s_connect.3 | 14 +- secure/lib/libcrypto/man/BIO_s_fd.3 | 14 +- secure/lib/libcrypto/man/BIO_s_file.3 | 18 +- secure/lib/libcrypto/man/BIO_s_mem.3 | 16 +- secure/lib/libcrypto/man/BIO_s_null.3 | 14 +- secure/lib/libcrypto/man/BIO_s_socket.3 | 14 +- secure/lib/libcrypto/man/BIO_set_callback.3 | 14 +- secure/lib/libcrypto/man/BIO_should_retry.3 | 16 +- secure/lib/libcrypto/man/BN_BLINDING_new.3 | 34 +- secure/lib/libcrypto/man/BN_CTX_new.3 | 14 +- secure/lib/libcrypto/man/BN_CTX_start.3 | 14 +- secure/lib/libcrypto/man/BN_add.3 | 14 +- secure/lib/libcrypto/man/BN_add_word.3 | 14 +- secure/lib/libcrypto/man/BN_bn2bin.3 | 14 +- secure/lib/libcrypto/man/BN_cmp.3 | 14 +- secure/lib/libcrypto/man/BN_copy.3 | 14 +- secure/lib/libcrypto/man/BN_generate_prime.3 | 14 +- secure/lib/libcrypto/man/BN_mod_inverse.3 | 14 +- .../lib/libcrypto/man/BN_mod_mul_montgomery.3 | 14 +- .../lib/libcrypto/man/BN_mod_mul_reciprocal.3 | 14 +- secure/lib/libcrypto/man/BN_new.3 | 14 +- secure/lib/libcrypto/man/BN_num_bytes.3 | 14 +- secure/lib/libcrypto/man/BN_rand.3 | 14 +- secure/lib/libcrypto/man/BN_set_bit.3 | 14 +- secure/lib/libcrypto/man/BN_swap.3 | 14 +- secure/lib/libcrypto/man/BN_zero.3 | 14 +- .../{ERR_print_errors.3 => CMS_add0_cert.3} | 78 ++- ..._load_file.3 => CMS_add1_recipient_cert.3} | 82 +-- .../man/{PKCS7_encrypt.3 => CMS_compress.3} | 92 +-- .../man/{PKCS7_decrypt.3 => CMS_decrypt.3} | 62 +- .../man/{PKCS7_encrypt.3 => CMS_encrypt.3} | 109 +-- .../man/{ASN1_STRING_new.3 => CMS_final.3} | 57 +- .../libcrypto/man/CMS_get0_RecipientInfos.3 | 230 +++++++ ...VP_BytesToKey.3 => CMS_get0_SignerInfos.3} | 104 +-- .../{ASN1_STRING_new.3 => CMS_get0_type.3} | 72 +- ...BytesToKey.3 => CMS_get1_ReceiptRequest.3} | 102 ++- secure/lib/libcrypto/man/CMS_sign.3 | 244 +++++++ .../lib/libcrypto/man/CMS_sign_add1_signer.3 | 224 ++++++ .../{EVP_PKEY_new.3 => CMS_sign_receipt.3} | 57 +- .../man/{PKCS7_decrypt.3 => CMS_uncompress.3} | 59 +- .../man/{PKCS7_verify.3 => CMS_verify.3} | 122 ++-- ...ASN1_OBJECT_new.3 => CMS_verify_receipt.3} | 58 +- secure/lib/libcrypto/man/CONF_modules_free.3 | 14 +- .../libcrypto/man/CONF_modules_load_file.3 | 14 +- secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 | 16 +- secure/lib/libcrypto/man/DH_generate_key.3 | 14 +- .../libcrypto/man/DH_generate_parameters.3 | 14 +- .../lib/libcrypto/man/DH_get_ex_new_index.3 | 14 +- secure/lib/libcrypto/man/DH_new.3 | 14 +- secure/lib/libcrypto/man/DH_set_method.3 | 14 +- secure/lib/libcrypto/man/DH_size.3 | 14 +- secure/lib/libcrypto/man/DSA_SIG_new.3 | 14 +- secure/lib/libcrypto/man/DSA_do_sign.3 | 14 +- secure/lib/libcrypto/man/DSA_dup_DH.3 | 14 +- secure/lib/libcrypto/man/DSA_generate_key.3 | 14 +- .../libcrypto/man/DSA_generate_parameters.3 | 14 +- .../lib/libcrypto/man/DSA_get_ex_new_index.3 | 16 +- secure/lib/libcrypto/man/DSA_new.3 | 14 +- secure/lib/libcrypto/man/DSA_set_method.3 | 14 +- secure/lib/libcrypto/man/DSA_sign.3 | 14 +- secure/lib/libcrypto/man/DSA_size.3 | 14 +- secure/lib/libcrypto/man/ERR_GET_LIB.3 | 14 +- secure/lib/libcrypto/man/ERR_clear_error.3 | 14 +- secure/lib/libcrypto/man/ERR_error_string.3 | 14 +- secure/lib/libcrypto/man/ERR_get_error.3 | 14 +- .../libcrypto/man/ERR_load_crypto_strings.3 | 14 +- secure/lib/libcrypto/man/ERR_load_strings.3 | 14 +- secure/lib/libcrypto/man/ERR_print_errors.3 | 14 +- secure/lib/libcrypto/man/ERR_put_error.3 | 14 +- secure/lib/libcrypto/man/ERR_remove_state.3 | 14 +- secure/lib/libcrypto/man/ERR_set_mark.3 | 14 +- secure/lib/libcrypto/man/EVP_BytesToKey.3 | 14 +- secure/lib/libcrypto/man/EVP_DigestInit.3 | 36 +- .../{EVP_SignInit.3 => EVP_DigestSignInit.3} | 107 ++- ...VP_VerifyInit.3 => EVP_DigestVerifyInit.3} | 93 ++- secure/lib/libcrypto/man/EVP_EncryptInit.3 | 14 +- secure/lib/libcrypto/man/EVP_OpenInit.3 | 14 +- secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 | 251 +++++++ .../{EVP_PKEY_new.3 => EVP_PKEY_CTX_new.3} | 58 +- .../man/{EVP_PKEY_new.3 => EVP_PKEY_cmp.3} | 70 +- .../{EVP_BytesToKey.3 => EVP_PKEY_decrypt.3} | 125 ++-- .../{EVP_BytesToKey.3 => EVP_PKEY_derive.3} | 125 ++-- ...dd_all_algorithms.3 => EVP_PKEY_encrypt.3} | 126 ++-- ...EY_new.3 => EVP_PKEY_get_default_digest.3} | 55 +- secure/lib/libcrypto/man/EVP_PKEY_keygen.3 | 288 ++++++++ secure/lib/libcrypto/man/EVP_PKEY_new.3 | 14 +- ...VP_PKEY_new.3 => EVP_PKEY_print_private.3} | 59 +- secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 | 14 +- .../man/{DSA_do_sign.3 => EVP_PKEY_sign.3} | 110 ++- .../man/{EVP_OpenInit.3 => EVP_PKEY_verify.3} | 112 +-- ...N_num_bytes.3 => EVP_PKEY_verifyrecover.3} | 125 ++-- secure/lib/libcrypto/man/EVP_SealInit.3 | 14 +- secure/lib/libcrypto/man/EVP_SignInit.3 | 23 +- secure/lib/libcrypto/man/EVP_VerifyInit.3 | 23 +- secure/lib/libcrypto/man/OBJ_nid2obj.3 | 18 +- secure/lib/libcrypto/man/OPENSSL_Applink.3 | 14 +- .../libcrypto/man/OPENSSL_VERSION_NUMBER.3 | 14 +- secure/lib/libcrypto/man/OPENSSL_config.3 | 14 +- secure/lib/libcrypto/man/OPENSSL_ia32cap.3 | 14 +- .../man/OPENSSL_load_builtin_modules.3 | 14 +- .../man/OpenSSL_add_all_algorithms.3 | 14 +- ...ear_error.3 => PEM_write_bio_CMS_stream.3} | 45 +- ...509_new.3 => PEM_write_bio_PKCS7_stream.3} | 49 +- secure/lib/libcrypto/man/PKCS12_create.3 | 14 +- secure/lib/libcrypto/man/PKCS12_parse.3 | 44 +- secure/lib/libcrypto/man/PKCS7_decrypt.3 | 20 +- secure/lib/libcrypto/man/PKCS7_encrypt.3 | 75 +- secure/lib/libcrypto/man/PKCS7_sign.3 | 133 ++-- ..._write_PKCS7.3 => PKCS7_sign_add_signer.3} | 102 +-- secure/lib/libcrypto/man/PKCS7_verify.3 | 24 +- secure/lib/libcrypto/man/RAND_add.3 | 14 +- secure/lib/libcrypto/man/RAND_bytes.3 | 14 +- secure/lib/libcrypto/man/RAND_cleanup.3 | 14 +- secure/lib/libcrypto/man/RAND_egd.3 | 14 +- secure/lib/libcrypto/man/RAND_load_file.3 | 14 +- .../lib/libcrypto/man/RAND_set_rand_method.3 | 14 +- secure/lib/libcrypto/man/RSA_blinding_on.3 | 14 +- secure/lib/libcrypto/man/RSA_check_key.3 | 14 +- secure/lib/libcrypto/man/RSA_generate_key.3 | 14 +- .../lib/libcrypto/man/RSA_get_ex_new_index.3 | 14 +- secure/lib/libcrypto/man/RSA_new.3 | 14 +- .../man/RSA_padding_add_PKCS1_type_1.3 | 14 +- secure/lib/libcrypto/man/RSA_print.3 | 14 +- .../lib/libcrypto/man/RSA_private_encrypt.3 | 14 +- secure/lib/libcrypto/man/RSA_public_encrypt.3 | 14 +- secure/lib/libcrypto/man/RSA_set_method.3 | 14 +- secure/lib/libcrypto/man/RSA_sign.3 | 14 +- .../man/RSA_sign_ASN1_OCTET_STRING.3 | 14 +- secure/lib/libcrypto/man/RSA_size.3 | 14 +- .../{SMIME_read_PKCS7.3 => SMIME_read_CMS.3} | 81 +-- secure/lib/libcrypto/man/SMIME_read_PKCS7.3 | 20 +- ...{SMIME_write_PKCS7.3 => SMIME_write_CMS.3} | 77 +-- secure/lib/libcrypto/man/SMIME_write_PKCS7.3 | 40 +- .../man/X509_NAME_ENTRY_get_object.3 | 36 +- .../man/X509_NAME_add_entry_by_txt.3 | 36 +- .../man/X509_NAME_get_index_by_NID.3 | 34 +- secure/lib/libcrypto/man/X509_NAME_print_ex.3 | 14 +- .../libcrypto/man/X509_STORE_CTX_get_error.3 | 385 +++++++++++ ...ex.3 => X509_STORE_CTX_get_ex_new_index.3} | 44 +- secure/lib/libcrypto/man/X509_STORE_CTX_new.3 | 247 +++++++ .../man/X509_STORE_CTX_set_verify_cb.3 | 289 ++++++++ ..._new.3 => X509_STORE_set_verify_cb_func.3} | 63 +- .../man/X509_VERIFY_PARAM_set_flags.3 | 292 ++++++++ secure/lib/libcrypto/man/X509_new.3 | 18 +- .../{EVP_PKEY_new.3 => X509_verify_cert.3} | 64 +- secure/lib/libcrypto/man/bio.3 | 14 +- secure/lib/libcrypto/man/blowfish.3 | 14 +- secure/lib/libcrypto/man/bn.3 | 14 +- secure/lib/libcrypto/man/bn_internal.3 | 55 +- secure/lib/libcrypto/man/buffer.3 | 14 +- secure/lib/libcrypto/man/crypto.3 | 14 +- secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 | 14 +- secure/lib/libcrypto/man/d2i_DHparams.3 | 14 +- secure/lib/libcrypto/man/d2i_DSAPublicKey.3 | 14 +- .../lib/libcrypto/man/d2i_PKCS8PrivateKey.3 | 14 +- secure/lib/libcrypto/man/d2i_RSAPublicKey.3 | 22 +- secure/lib/libcrypto/man/d2i_X509.3 | 26 +- secure/lib/libcrypto/man/d2i_X509_ALGOR.3 | 14 +- secure/lib/libcrypto/man/d2i_X509_CRL.3 | 18 +- secure/lib/libcrypto/man/d2i_X509_NAME.3 | 14 +- secure/lib/libcrypto/man/d2i_X509_REQ.3 | 18 +- secure/lib/libcrypto/man/d2i_X509_SIG.3 | 14 +- secure/lib/libcrypto/man/des.3 | 14 +- secure/lib/libcrypto/man/des_modes.7 | 26 +- secure/lib/libcrypto/man/dh.3 | 14 +- secure/lib/libcrypto/man/dsa.3 | 14 +- secure/lib/libcrypto/man/ecdsa.3 | 14 +- secure/lib/libcrypto/man/engine.3 | 24 +- secure/lib/libcrypto/man/err.3 | 18 +- secure/lib/libcrypto/man/evp.3 | 36 +- secure/lib/libcrypto/man/hmac.3 | 36 +- .../man/{DH_new.3 => i2d_CMS_bio_stream.3} | 54 +- .../man/{DH_new.3 => i2d_PKCS7_bio_stream.3} | 52 +- secure/lib/libcrypto/man/lh_stats.3 | 14 +- secure/lib/libcrypto/man/lhash.3 | 258 ++++--- secure/lib/libcrypto/man/md5.3 | 14 +- secure/lib/libcrypto/man/mdc2.3 | 14 +- secure/lib/libcrypto/man/pem.3 | 16 +- secure/lib/libcrypto/man/rand.3 | 14 +- secure/lib/libcrypto/man/rc4.3 | 14 +- secure/lib/libcrypto/man/ripemd.3 | 14 +- secure/lib/libcrypto/man/rsa.3 | 14 +- secure/lib/libcrypto/man/sha.3 | 14 +- secure/lib/libcrypto/man/threads.3 | 97 +-- secure/lib/libcrypto/man/ui.3 | 14 +- secure/lib/libcrypto/man/ui_compat.3 | 18 +- secure/lib/libcrypto/man/x509.3 | 14 +- secure/lib/libcrypto/opensslconf-i386.h | 56 +- secure/lib/libcrypto/opensslconf-x86_64.h | 56 +- secure/lib/libssl/Makefile.man | 11 + secure/lib/libssl/man/SSL_CIPHER_get_name.3 | 16 +- .../man/SSL_COMP_add_compression_method.3 | 14 +- .../libssl/man/SSL_CTX_add_extra_chain_cert.3 | 14 +- secure/lib/libssl/man/SSL_CTX_add_session.3 | 14 +- secure/lib/libssl/man/SSL_CTX_ctrl.3 | 14 +- .../lib/libssl/man/SSL_CTX_flush_sessions.3 | 14 +- secure/lib/libssl/man/SSL_CTX_free.3 | 14 +- .../lib/libssl/man/SSL_CTX_get_ex_new_index.3 | 14 +- .../lib/libssl/man/SSL_CTX_get_verify_mode.3 | 14 +- .../man/SSL_CTX_load_verify_locations.3 | 14 +- secure/lib/libssl/man/SSL_CTX_new.3 | 16 +- secure/lib/libssl/man/SSL_CTX_sess_number.3 | 14 +- .../libssl/man/SSL_CTX_sess_set_cache_size.3 | 14 +- .../lib/libssl/man/SSL_CTX_sess_set_get_cb.3 | 14 +- secure/lib/libssl/man/SSL_CTX_sessions.3 | 14 +- .../lib/libssl/man/SSL_CTX_set_cert_store.3 | 14 +- .../man/SSL_CTX_set_cert_verify_callback.3 | 14 +- .../lib/libssl/man/SSL_CTX_set_cipher_list.3 | 14 +- .../libssl/man/SSL_CTX_set_client_CA_list.3 | 14 +- .../libssl/man/SSL_CTX_set_client_cert_cb.3 | 14 +- .../man/SSL_CTX_set_default_passwd_cb.3 | 14 +- .../man/SSL_CTX_set_generate_session_id.3 | 14 +- .../libssl/man/SSL_CTX_set_info_callback.3 | 14 +- .../libssl/man/SSL_CTX_set_max_cert_list.3 | 14 +- secure/lib/libssl/man/SSL_CTX_set_mode.3 | 23 +- .../lib/libssl/man/SSL_CTX_set_msg_callback.3 | 14 +- secure/lib/libssl/man/SSL_CTX_set_options.3 | 131 +++- ...er.3 => SSL_CTX_set_psk_client_callback.3} | 72 +- .../libssl/man/SSL_CTX_set_quiet_shutdown.3 | 14 +- .../man/SSL_CTX_set_session_cache_mode.3 | 14 +- .../man/SSL_CTX_set_session_id_context.3 | 14 +- .../lib/libssl/man/SSL_CTX_set_ssl_version.3 | 20 +- secure/lib/libssl/man/SSL_CTX_set_timeout.3 | 14 +- .../libssl/man/SSL_CTX_set_tmp_dh_callback.3 | 14 +- .../libssl/man/SSL_CTX_set_tmp_rsa_callback.3 | 14 +- secure/lib/libssl/man/SSL_CTX_set_verify.3 | 14 +- .../lib/libssl/man/SSL_CTX_use_certificate.3 | 14 +- ...nect.3 => SSL_CTX_use_psk_identity_hint.3} | 115 ++-- secure/lib/libssl/man/SSL_SESSION_free.3 | 14 +- .../libssl/man/SSL_SESSION_get_ex_new_index.3 | 14 +- secure/lib/libssl/man/SSL_SESSION_get_time.3 | 14 +- secure/lib/libssl/man/SSL_accept.3 | 14 +- secure/lib/libssl/man/SSL_alert_type_string.3 | 14 +- secure/lib/libssl/man/SSL_clear.3 | 14 +- secure/lib/libssl/man/SSL_connect.3 | 14 +- secure/lib/libssl/man/SSL_do_handshake.3 | 14 +- secure/lib/libssl/man/SSL_free.3 | 14 +- secure/lib/libssl/man/SSL_get_SSL_CTX.3 | 14 +- secure/lib/libssl/man/SSL_get_ciphers.3 | 14 +- .../lib/libssl/man/SSL_get_client_CA_list.3 | 14 +- .../lib/libssl/man/SSL_get_current_cipher.3 | 14 +- .../lib/libssl/man/SSL_get_default_timeout.3 | 14 +- secure/lib/libssl/man/SSL_get_error.3 | 14 +- .../man/SSL_get_ex_data_X509_STORE_CTX_idx.3 | 14 +- secure/lib/libssl/man/SSL_get_ex_new_index.3 | 14 +- secure/lib/libssl/man/SSL_get_fd.3 | 14 +- .../lib/libssl/man/SSL_get_peer_cert_chain.3 | 14 +- .../lib/libssl/man/SSL_get_peer_certificate.3 | 14 +- ...L_get_version.3 => SSL_get_psk_identity.3} | 50 +- secure/lib/libssl/man/SSL_get_rbio.3 | 14 +- secure/lib/libssl/man/SSL_get_session.3 | 14 +- secure/lib/libssl/man/SSL_get_verify_result.3 | 14 +- secure/lib/libssl/man/SSL_get_version.3 | 14 +- secure/lib/libssl/man/SSL_library_init.3 | 32 +- .../lib/libssl/man/SSL_load_client_CA_file.3 | 14 +- secure/lib/libssl/man/SSL_new.3 | 14 +- secure/lib/libssl/man/SSL_pending.3 | 14 +- secure/lib/libssl/man/SSL_read.3 | 14 +- secure/lib/libssl/man/SSL_rstate_string.3 | 14 +- secure/lib/libssl/man/SSL_session_reused.3 | 14 +- secure/lib/libssl/man/SSL_set_bio.3 | 14 +- secure/lib/libssl/man/SSL_set_connect_state.3 | 14 +- secure/lib/libssl/man/SSL_set_fd.3 | 14 +- secure/lib/libssl/man/SSL_set_session.3 | 14 +- secure/lib/libssl/man/SSL_set_shutdown.3 | 14 +- secure/lib/libssl/man/SSL_set_verify_result.3 | 14 +- secure/lib/libssl/man/SSL_shutdown.3 | 14 +- secure/lib/libssl/man/SSL_state_string.3 | 14 +- secure/lib/libssl/man/SSL_want.3 | 14 +- secure/lib/libssl/man/SSL_write.3 | 14 +- secure/lib/libssl/man/d2i_SSL_SESSION.3 | 14 +- secure/lib/libssl/man/ssl.3 | 97 +-- secure/usr.bin/openssl/Makefile | 10 +- secure/usr.bin/openssl/Makefile.man | 7 + secure/usr.bin/openssl/man/CA.pl.1 | 14 +- secure/usr.bin/openssl/man/asn1parse.1 | 29 +- secure/usr.bin/openssl/man/ca.1 | 26 +- secure/usr.bin/openssl/man/ciphers.1 | 79 ++- secure/usr.bin/openssl/man/{smime.1 => cms.1} | 387 ++++++++--- secure/usr.bin/openssl/man/config.5 | 18 +- secure/usr.bin/openssl/man/crl.1 | 14 +- secure/usr.bin/openssl/man/crl2pkcs7.1 | 14 +- secure/usr.bin/openssl/man/dgst.1 | 53 +- secure/usr.bin/openssl/man/dhparam.1 | 16 +- secure/usr.bin/openssl/man/dsa.1 | 16 +- secure/usr.bin/openssl/man/dsaparam.1 | 16 +- secure/usr.bin/openssl/man/ec.1 | 16 +- secure/usr.bin/openssl/man/ecparam.1 | 16 +- secure/usr.bin/openssl/man/enc.1 | 78 ++- secure/usr.bin/openssl/man/errstr.1 | 14 +- secure/usr.bin/openssl/man/gendsa.1 | 16 +- secure/usr.bin/openssl/man/genpkey.1 | 312 +++++++++ secure/usr.bin/openssl/man/genrsa.1 | 16 +- secure/usr.bin/openssl/man/nseq.1 | 14 +- secure/usr.bin/openssl/man/ocsp.1 | 19 +- secure/usr.bin/openssl/man/openssl.1 | 115 +++- secure/usr.bin/openssl/man/passwd.1 | 14 +- secure/usr.bin/openssl/man/pkcs12.1 | 92 ++- secure/usr.bin/openssl/man/pkcs7.1 | 16 +- secure/usr.bin/openssl/man/pkcs8.1 | 16 +- secure/usr.bin/openssl/man/{dsa.1 => pkey.1} | 125 ++-- .../openssl/man/{speed.1 => pkeyparam.1} | 91 ++- secure/usr.bin/openssl/man/pkeyutl.1 | 320 +++++++++ secure/usr.bin/openssl/man/rand.1 | 14 +- secure/usr.bin/openssl/man/req.1 | 99 ++- secure/usr.bin/openssl/man/rsa.1 | 16 +- secure/usr.bin/openssl/man/rsautl.1 | 14 +- secure/usr.bin/openssl/man/s_client.1 | 38 +- secure/usr.bin/openssl/man/s_server.1 | 27 +- secure/usr.bin/openssl/man/s_time.1 | 14 +- secure/usr.bin/openssl/man/sess_id.1 | 14 +- secure/usr.bin/openssl/man/smime.1 | 131 ++-- secure/usr.bin/openssl/man/speed.1 | 16 +- secure/usr.bin/openssl/man/spkac.1 | 16 +- secure/usr.bin/openssl/man/ts.1 | 649 ++++++++++++++++++ secure/usr.bin/openssl/man/tsget.1 | 311 +++++++++ secure/usr.bin/openssl/man/verify.1 | 101 ++- secure/usr.bin/openssl/man/version.1 | 14 +- secure/usr.bin/openssl/man/x509.1 | 53 +- secure/usr.bin/openssl/man/x509v3_config.5 | 142 +++- usr.sbin/sendmail/Makefile | 2 +- 365 files changed, 8713 insertions(+), 5606 deletions(-) copy secure/lib/libcrypto/man/{ERR_print_errors.3 => BIO_new_CMS.3} (62%) copy secure/lib/libcrypto/man/{ERR_print_errors.3 => CMS_add0_cert.3} (63%) copy secure/lib/libcrypto/man/{RAND_load_file.3 => CMS_add1_recipient_cert.3} (60%) copy secure/lib/libcrypto/man/{PKCS7_encrypt.3 => CMS_compress.3} (59%) copy secure/lib/libcrypto/man/{PKCS7_decrypt.3 => CMS_decrypt.3} (70%) copy secure/lib/libcrypto/man/{PKCS7_encrypt.3 => CMS_encrypt.3} (57%) copy secure/lib/libcrypto/man/{ASN1_STRING_new.3 => CMS_final.3} (76%) create mode 100644 secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 copy secure/lib/libcrypto/man/{EVP_BytesToKey.3 => CMS_get0_SignerInfos.3} (57%) copy secure/lib/libcrypto/man/{ASN1_STRING_new.3 => CMS_get0_type.3} (64%) copy secure/lib/libcrypto/man/{EVP_BytesToKey.3 => CMS_get1_ReceiptRequest.3} (56%) create mode 100644 secure/lib/libcrypto/man/CMS_sign.3 create mode 100644 secure/lib/libcrypto/man/CMS_sign_add1_signer.3 copy secure/lib/libcrypto/man/{EVP_PKEY_new.3 => CMS_sign_receipt.3} (71%) copy secure/lib/libcrypto/man/{PKCS7_decrypt.3 => CMS_uncompress.3} (71%) copy secure/lib/libcrypto/man/{PKCS7_verify.3 => CMS_verify.3} (59%) copy secure/lib/libcrypto/man/{ASN1_OBJECT_new.3 => CMS_verify_receipt.3} (73%) copy secure/lib/libcrypto/man/{EVP_SignInit.3 => EVP_DigestSignInit.3} (59%) copy secure/lib/libcrypto/man/{EVP_VerifyInit.3 => EVP_DigestVerifyInit.3} (61%) create mode 100644 secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 copy secure/lib/libcrypto/man/{EVP_PKEY_new.3 => EVP_PKEY_CTX_new.3} (68%) copy secure/lib/libcrypto/man/{EVP_PKEY_new.3 => EVP_PKEY_cmp.3} (64%) copy secure/lib/libcrypto/man/{EVP_BytesToKey.3 => EVP_PKEY_decrypt.3} (57%) copy secure/lib/libcrypto/man/{EVP_BytesToKey.3 => EVP_PKEY_derive.3} (57%) copy secure/lib/libcrypto/man/{OpenSSL_add_all_algorithms.3 => EVP_PKEY_encrypt.3} (57%) copy secure/lib/libcrypto/man/{EVP_PKEY_new.3 => EVP_PKEY_get_default_digest.3} (76%) create mode 100644 secure/lib/libcrypto/man/EVP_PKEY_keygen.3 copy secure/lib/libcrypto/man/{EVP_PKEY_new.3 => EVP_PKEY_print_private.3} (67%) copy secure/lib/libcrypto/man/{DSA_do_sign.3 => EVP_PKEY_sign.3} (56%) copy secure/lib/libcrypto/man/{EVP_OpenInit.3 => EVP_PKEY_verify.3} (57%) copy secure/lib/libcrypto/man/{BN_num_bytes.3 => EVP_PKEY_verifyrecover.3} (52%) copy secure/lib/libcrypto/man/{ERR_clear_error.3 => PEM_write_bio_CMS_stream.3} (77%) copy secure/lib/libcrypto/man/{X509_new.3 => PEM_write_bio_PKCS7_stream.3} (78%) copy secure/lib/libcrypto/man/{SMIME_write_PKCS7.3 => PKCS7_sign_add_signer.3} (52%) copy secure/lib/libcrypto/man/{SMIME_read_PKCS7.3 => SMIME_read_CMS.3} (67%) copy secure/lib/libcrypto/man/{SMIME_write_PKCS7.3 => SMIME_write_CMS.3} (65%) create mode 100644 secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 copy secure/lib/libcrypto/man/{DSA_get_ex_new_index.3 => X509_STORE_CTX_get_ex_new_index.3} (75%) create mode 100644 secure/lib/libcrypto/man/X509_STORE_CTX_new.3 create mode 100644 secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 copy secure/lib/libcrypto/man/{EVP_PKEY_new.3 => X509_STORE_set_verify_cb_func.3} (70%) create mode 100644 secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 copy secure/lib/libcrypto/man/{EVP_PKEY_new.3 => X509_verify_cert.3} (70%) copy secure/lib/libcrypto/man/{DH_new.3 => i2d_CMS_bio_stream.3} (77%) copy secure/lib/libcrypto/man/{DH_new.3 => i2d_PKCS7_bio_stream.3} (77%) copy secure/lib/libssl/man/{SSL_get_current_cipher.3 => SSL_CTX_set_psk_client_callback.3} (65%) copy secure/lib/libssl/man/{SSL_connect.3 => SSL_CTX_use_psk_identity_hint.3} (55%) copy secure/lib/libssl/man/{SSL_get_version.3 => SSL_get_psk_identity.3} (76%) copy secure/usr.bin/openssl/man/{smime.1 => cms.1} (50%) create mode 100644 secure/usr.bin/openssl/man/genpkey.1 copy secure/usr.bin/openssl/man/{dsa.1 => pkey.1} (62%) copy secure/usr.bin/openssl/man/{speed.1 => pkeyparam.1} (70%) create mode 100644 secure/usr.bin/openssl/man/pkeyutl.1 create mode 100644 secure/usr.bin/openssl/man/ts.1 create mode 100644 secure/usr.bin/openssl/man/tsget.1 diff --git a/Makefile_upgrade.inc b/Makefile_upgrade.inc index e269a0a4c7..e02de5be68 100644 --- a/Makefile_upgrade.inc +++ b/Makefile_upgrade.inc @@ -1525,6 +1525,15 @@ TO_REMOVE+=/usr/share/man/cat9/mtx_notowner.9.gz TO_REMOVE+=/usr/share/man/cat9/mtx_owner.9.gz TO_REMOVE+=/usr/share/man/man9/mtx_notowner.9.gz TO_REMOVE+=/usr/share/man/man9/mtx_owner.9.gz +TO_REMOVE+=/usr/include/openssl/fips_err.h +TO_REMOVE+=/usr/include/openssl/krb5_asn.h +TO_REMOVE+=/usr/include/openssl/md2.h +TO_REMOVE+=/usr/include/openssl/pq_compat.h +TO_REMOVE+=/usr/include/openssl/rc5.h +TO_REMOVE+=/usr/include/openssl/store.h +TO_REMOVE+=/usr/include/openssl/tmdiff.h +TO_REMOVE+=/usr/share/openssl/man/cat3/CRYPTO_set_id_callback.3.gz +TO_REMOVE+=/usr/share/openssl/man/man3/CRYPTO_set_id_callback.3.gz # XXX Remove when adjusted to the new 802.11 framework TO_REMOVE+=/boot/modules/if_acx.ko diff --git a/crypto/openssl/crypto/cms/cms_env.c b/crypto/openssl/crypto/cms/cms_env.c index b3237d4b94..01963f3de7 100644 --- a/crypto/openssl/crypto/cms/cms_env.c +++ b/crypto/openssl/crypto/cms/cms_env.c @@ -60,7 +60,7 @@ #include #include #include "cms_lcl.h" -#include "asn1_locl.h" +#include "../asn1/asn1_locl.h" /* CMS EnvelopedData Utilities */ diff --git a/crypto/openssl/crypto/cms/cms_sd.c b/crypto/openssl/crypto/cms/cms_sd.c index e3192b9c57..dd2b759793 100644 --- a/crypto/openssl/crypto/cms/cms_sd.c +++ b/crypto/openssl/crypto/cms/cms_sd.c @@ -58,7 +58,7 @@ #include #include #include "cms_lcl.h" -#include "asn1_locl.h" +#include "../asn1/asn1_locl.h" /* CMS SignedData Utilities */ diff --git a/crypto/openssl/crypto/dh/dh_ameth.c b/crypto/openssl/crypto/dh/dh_ameth.c index 377caf96c9..d73d6eb39f 100644 --- a/crypto/openssl/crypto/dh/dh_ameth.c +++ b/crypto/openssl/crypto/dh/dh_ameth.c @@ -61,7 +61,7 @@ #include #include #include -#include "asn1_locl.h" +#include "../asn1/asn1_locl.h" static void int_dh_free(EVP_PKEY *pkey) { diff --git a/crypto/openssl/crypto/dh/dh_pmeth.c b/crypto/openssl/crypto/dh/dh_pmeth.c index 5ae72b7d4c..943839a4e5 100644 --- a/crypto/openssl/crypto/dh/dh_pmeth.c +++ b/crypto/openssl/crypto/dh/dh_pmeth.c @@ -62,7 +62,7 @@ #include #include #include -#include "evp_locl.h" +#include "../evp/evp_locl.h" /* DH pkey context structure */ diff --git a/crypto/openssl/crypto/dsa/dsa_ameth.c b/crypto/openssl/crypto/dsa/dsa_ameth.c index 6413aae46e..84c4e9a0b8 100644 --- a/crypto/openssl/crypto/dsa/dsa_ameth.c +++ b/crypto/openssl/crypto/dsa/dsa_ameth.c @@ -64,7 +64,7 @@ #ifndef OPENSSL_NO_CMS #include #endif -#include "asn1_locl.h" +#include "../asn1/asn1_locl.h" static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) { diff --git a/crypto/openssl/crypto/dsa/dsa_pmeth.c b/crypto/openssl/crypto/dsa/dsa_pmeth.c index 4ce91e20c6..270d777c99 100644 --- a/crypto/openssl/crypto/dsa/dsa_pmeth.c +++ b/crypto/openssl/crypto/dsa/dsa_pmeth.c @@ -61,7 +61,7 @@ #include #include #include -#include "evp_locl.h" +#include "../evp/evp_locl.h" #include "dsa_locl.h" /* DSA pkey context structure */ diff --git a/crypto/openssl/crypto/ec/ec_ameth.c b/crypto/openssl/crypto/ec/ec_ameth.c index c00f7d746c..3ad3f1a7db 100644 --- a/crypto/openssl/crypto/ec/ec_ameth.c +++ b/crypto/openssl/crypto/ec/ec_ameth.c @@ -63,7 +63,7 @@ #ifndef OPENSSL_NO_CMS #include #endif -#include "asn1_locl.h" +#include "../asn1/asn1_locl.h" static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) { diff --git a/crypto/openssl/crypto/ec/ec_pmeth.c b/crypto/openssl/crypto/ec/ec_pmeth.c index f433076ca1..add8d8b151 100644 --- a/crypto/openssl/crypto/ec/ec_pmeth.c +++ b/crypto/openssl/crypto/ec/ec_pmeth.c @@ -62,7 +62,7 @@ #include #include #include -#include "evp_locl.h" +#include "../evp/evp_locl.h" /* EC pkey context structure */ diff --git a/crypto/openssl/crypto/engine/tb_asnmth.c b/crypto/openssl/crypto/engine/tb_asnmth.c index 75090339f7..1e9f229132 100644 --- a/crypto/openssl/crypto/engine/tb_asnmth.c +++ b/crypto/openssl/crypto/engine/tb_asnmth.c @@ -53,7 +53,7 @@ */ #include "eng_int.h" -#include "asn1_locl.h" +#include "../asn1/asn1_locl.h" #include /* If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the diff --git a/crypto/openssl/crypto/evp/evp_pkey.c b/crypto/openssl/crypto/evp/evp_pkey.c index ceebf69284..7466144ef9 100644 --- a/crypto/openssl/crypto/evp/evp_pkey.c +++ b/crypto/openssl/crypto/evp/evp_pkey.c @@ -61,7 +61,7 @@ #include "cryptlib.h" #include #include -#include "asn1_locl.h" +#include "../asn1/asn1_locl.h" /* Extract a private key from a PKCS8 structure */ diff --git a/crypto/openssl/crypto/evp/p_lib.c b/crypto/openssl/crypto/evp/p_lib.c index 1916c61699..51654b0dfd 100644 --- a/crypto/openssl/crypto/evp/p_lib.c +++ b/crypto/openssl/crypto/evp/p_lib.c @@ -78,7 +78,7 @@ #include #endif -#include "asn1_locl.h" +#include "../asn1/asn1_locl.h" static void EVP_PKEY_free_it(EVP_PKEY *x); diff --git a/crypto/openssl/crypto/evp/pmeth_lib.c b/crypto/openssl/crypto/evp/pmeth_lib.c index b2d8de3a8d..19b4cc360e 100644 --- a/crypto/openssl/crypto/evp/pmeth_lib.c +++ b/crypto/openssl/crypto/evp/pmeth_lib.c @@ -64,7 +64,7 @@ #ifndef OPENSSL_NO_ENGINE #include #endif -#include "asn1_locl.h" +#include "../asn1/asn1_locl.h" #include "evp_locl.h" typedef int sk_cmp_fn_type(const char * const *a, const char * const *b); diff --git a/crypto/openssl/crypto/hmac/hm_ameth.c b/crypto/openssl/crypto/hmac/hm_ameth.c index 6d8a89149e..cdf55c5c6a 100644 --- a/crypto/openssl/crypto/hmac/hm_ameth.c +++ b/crypto/openssl/crypto/hmac/hm_ameth.c @@ -58,7 +58,7 @@ #include #include "cryptlib.h" #include -#include "asn1_locl.h" +#include "../asn1/asn1_locl.h" #define HMAC_TEST_PRIVATE_KEY_FORMAT diff --git a/crypto/openssl/crypto/hmac/hm_pmeth.c b/crypto/openssl/crypto/hmac/hm_pmeth.c index 985921ca1a..ccbbba227d 100644 --- a/crypto/openssl/crypto/hmac/hm_pmeth.c +++ b/crypto/openssl/crypto/hmac/hm_pmeth.c @@ -61,7 +61,7 @@ #include #include #include -#include "evp_locl.h" +#include "../evp/evp_locl.h" /* HMAC pkey context structure */ diff --git a/crypto/openssl/crypto/pem/pem_lib.c b/crypto/openssl/crypto/pem/pem_lib.c index 42e4861bc1..48226b5526 100644 --- a/crypto/openssl/crypto/pem/pem_lib.c +++ b/crypto/openssl/crypto/pem/pem_lib.c @@ -66,7 +66,7 @@ #include #include #include -#include "asn1_locl.h" +#include "../asn1/asn1_locl.h" #ifndef OPENSSL_NO_DES #include #endif diff --git a/crypto/openssl/crypto/pem/pem_pkey.c b/crypto/openssl/crypto/pem/pem_pkey.c index 8ecf24903b..4576c599cc 100644 --- a/crypto/openssl/crypto/pem/pem_pkey.c +++ b/crypto/openssl/crypto/pem/pem_pkey.c @@ -68,7 +68,7 @@ #ifndef OPENSSL_NO_ENGINE #include #endif -#include "asn1_locl.h" +#include "../asn1/asn1_locl.h" int pem_check_suffix(const char *pem_str, const char *suffix); diff --git a/crypto/openssl/crypto/pkcs7/pk7_lib.c b/crypto/openssl/crypto/pkcs7/pk7_lib.c index 3ca0952792..ecee93023b 100644 --- a/crypto/openssl/crypto/pkcs7/pk7_lib.c +++ b/crypto/openssl/crypto/pkcs7/pk7_lib.c @@ -60,7 +60,7 @@ #include "cryptlib.h" #include #include -#include "asn1_locl.h" +#include "../asn1/asn1_locl.h" long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) { diff --git a/crypto/openssl/crypto/rsa/rsa_ameth.c b/crypto/openssl/crypto/rsa/rsa_ameth.c index 8c3209885e..c46a9edb87 100644 --- a/crypto/openssl/crypto/rsa/rsa_ameth.c +++ b/crypto/openssl/crypto/rsa/rsa_ameth.c @@ -65,7 +65,7 @@ #ifndef OPENSSL_NO_CMS #include #endif -#include "asn1_locl.h" +#include "../asn1/asn1_locl.h" static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { diff --git a/crypto/openssl/crypto/rsa/rsa_pmeth.c b/crypto/openssl/crypto/rsa/rsa_pmeth.c index c6892ecd09..66d57a861f 100644 --- a/crypto/openssl/crypto/rsa/rsa_pmeth.c +++ b/crypto/openssl/crypto/rsa/rsa_pmeth.c @@ -63,7 +63,7 @@ #include #include #include -#include "evp_locl.h" +#include "../evp/evp_locl.h" #include "rsa_locl.h" /* RSA pkey context structure */ diff --git a/lib/libfetch/common.h b/lib/libfetch/common.h index 21032a786c..1ad418e1c1 100644 --- a/lib/libfetch/common.h +++ b/lib/libfetch/common.h @@ -57,7 +57,7 @@ struct fetchconn { SSL *ssl; /* SSL handle */ SSL_CTX *ssl_ctx; /* SSL context */ X509 *ssl_cert; /* server certificate */ - SSL_METHOD *ssl_meth; /* SSL method */ + const SSL_METHOD *ssl_meth; /* SSL method */ #endif int ref; /* reference count */ }; diff --git a/libexec/dma/crypto.c b/libexec/dma/crypto.c index 2cb31fd620..13ab18d110 100644 --- a/libexec/dma/crypto.c +++ b/libexec/dma/crypto.c @@ -80,7 +80,7 @@ int smtp_init_crypto(int fd, int feature) { SSL_CTX *ctx = NULL; - SSL_METHOD *meth = NULL; + const SSL_METHOD *meth = NULL; X509 *cert; int error; diff --git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefile index 1754ff66e6..9317ca0587 100644 --- a/secure/lib/libcrypto/Makefile +++ b/secure/lib/libcrypto/Makefile @@ -13,11 +13,9 @@ NOLINT= true .include "Makefile.inc" # base sources -SRCS= cpt_err.c cryptlib.c cversion.c dyn_lck.c ebcdic.c ex_data.c \ - fips_err.c mem.c mem_clr.c \ - mem_dbg.c o_dir.c o_init.c o_time.c tmdiff.c uid.c -INCS= ../e_os.h ../e_os2.h crypto.h ebcdic.h fips_err.h \ - opensslv.h ossl_typ.h symhacks.h tmdiff.h +SRCS= cpt_err.c cryptlib.c cversion.c ebcdic.c ex_data.c \ + mem.c mem_clr.c mem_dbg.c o_dir.c o_time.c uid.c +INCS= ../e_os.h ../e_os2.h crypto.h ebcdic.h opensslv.h ossl_typ.h symhacks.h # aes SRCS+= aes_cbc.c aes_cfb.c aes_core.c aes_ctr.c aes_ecb.c aes_ige.c \ @@ -26,18 +24,18 @@ INCS+= aes.h aes_locl.h # asn1 SRCS+= a_bitstr.c a_bool.c a_bytes.c a_d2i_fp.c a_digest.c \ - a_dup.c a_enum.c a_gentm.c a_hdr.c a_i2d_fp.c a_int.c \ - a_mbstr.c a_meth.c a_object.c a_octet.c a_print.c \ + a_dup.c a_enum.c a_gentm.c a_i2d_fp.c a_int.c \ + a_mbstr.c a_object.c a_octet.c a_print.c \ a_set.c a_sign.c a_strex.c a_strnid.c a_time.c a_type.c \ - a_utctm.c a_utf8.c a_verify.c asn1_err.c asn1_lib.c \ + a_utctm.c a_utf8.c a_verify.c ameth_lib.c asn1_err.c asn1_lib.c \ asn1_gen.c asn1_par.c asn_mime.c \ - asn_moid.c asn_pack.c d2i_pr.c d2i_pu.c \ + asn_moid.c asn_pack.c bio_asn1.c bio_ndef.c d2i_pr.c d2i_pu.c \ evp_asn1.c f_enum.c f_int.c f_string.c i2d_pr.c i2d_pu.c \ n_pkey.c nsseq.c p5_pbe.c p5_pbev2.c p8_pkey.c t_bitst.c \ t_crl.c t_pkey.c t_req.c t_spki.c t_x509.c t_x509a.c \ - tasn_dec.c tasn_enc.c tasn_fre.c tasn_new.c tasn_typ.c \ + tasn_dec.c tasn_enc.c tasn_fre.c tasn_new.c tasn_prn.c tasn_typ.c \ tasn_utl.c x_algor.c x_attrib.c x_bignum.c x_crl.c \ - x_exten.c x_info.c x_long.c x_name.c x_pkey.c x_pubkey.c \ + x_exten.c x_info.c x_long.c x_name.c x_nx509.c x_pkey.c x_pubkey.c \ x_req.c x_sig.c x_spki.c x_val.c x_x509.c x_x509a.c INCS+= asn1.h asn1_mac.h asn1t.h @@ -56,19 +54,18 @@ INCS+= bio.h SRCS+= bn_add.c bn_asm.c bn_blind.c bn_const.c bn_ctx.c bn_depr.c \ bn_div.c bn_err.c bn_exp.c \ bn_exp2.c bn_gcd.c bn_gf2m.c bn_kron.c bn_lib.c bn_mod.c bn_mont.c \ - bn_mpi.c bn_mul.c bn_nist.c bn_opt.c \ + bn_mpi.c bn_mul.c bn_nist.c \ bn_prime.c bn_print.c bn_rand.c bn_recp.c \ - bn_shift.c bn_sqr.c bn_sqrt.c bn_word.c bn_x931p.c + bn_shift.c bn_sqr.c bn_sqrt.c bn_word.c INCS+= bn.h # buffer -SRCS+= buf_err.c buf_str.c buffer.c +SRCS+= buf_err.c buffer.c INCS+= buffer.h # camellia -# still disabled in 0.9.8 -#SRCS+= camellia.c cmll_misc.c cmll_ecb.c cmll_cbc.c cmll_ofb.c \ -# cmll_cfb.c cmll_ctr.c +SRCS+= camellia.c cmll_cbc.c cmll_cfb.c \ + cmll_ctr.c cmll_ecb.c cmll_misc.c cmll_ofb.c INCS+= camellia.h # cast @@ -76,8 +73,9 @@ SRCS+= c_cfb64.c c_ecb.c c_enc.c c_ofb64.c c_skey.c INCS+= cast.h # cms -#SRCS+= cms_att.c cms_att.c cms_cd.c cms_dd.c cms_enc.c cms_env.c cms_err.c \ -# cms_ess.c cms_io.c cms_lib.c cms_sd.c cms_smime.c +SRCS+= cms_asn1.c cms_att.c cms_cd.c cms_dd.c cms_enc.c cms_env.c cms_err.c \ + cms_ess.c cms_io.c cms_lib.c cms_sd.c cms_smime.c +INCS+= cms.h # comp SRCS+= c_rle.c c_zlib.c comp_err.c comp_lib.c @@ -89,7 +87,7 @@ INCS+= conf.h conf_api.h # des SRCS+= cbc3_enc.c cbc_cksm.c cbc_enc.c cfb64ede.c cfb64enc.c cfb_enc.c \ - des_enc.c des_lib.c des_old.c des_old2.c \ + des_enc.c des_old.c des_old2.c \ ecb3_enc.c ecb_enc.c ede_cbcm_enc.c \ enc_read.c enc_writ.c fcrypt.c fcrypt_b.c ofb64ede.c ofb64enc.c \ ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read2pwd.c \ @@ -97,12 +95,14 @@ SRCS+= cbc3_enc.c cbc_cksm.c cbc_enc.c cfb64ede.c cfb64enc.c cfb_enc.c \ INCS+= des.h des_old.h # dh -SRCS+= dh_asn1.c dh_check.c dh_depr.c dh_err.c dh_gen.c dh_key.c dh_lib.c +SRCS+= dh_ameth.c dh_asn1.c dh_check.c dh_depr.c \ + dh_err.c dh_gen.c dh_key.c dh_lib.c dh_pmeth.c dh_prn.c INCS+= dh.h # dsa -SRCS+= dsa_asn1.c dsa_depr.c dsa_err.c dsa_gen.c dsa_key.c dsa_lib.c \ - dsa_ossl.c dsa_sign.c dsa_utl.c dsa_vrf.c +SRCS+= dsa_ameth.c dsa_asn1.c dsa_depr.c dsa_err.c \ + dsa_gen.c dsa_key.c dsa_lib.c \ + dsa_ossl.c dsa_pmeth.c dsa_prn.c dsa_sign.c dsa_vrf.c INCS+= dsa.h # dso @@ -110,8 +110,10 @@ SRCS+= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c dso_openssl.c INCS+= dso.h # ec -SRCS+= ec_asn1.c ec_check.c ec_curve.c ec_cvt.c ec_err.c ec_key.c ec_lib.c \ - ec_mult.c ec_print.c ec2_smpl.c ec2_mult.c ecp_mont.c ecp_nist.c \ +SRCS+= ec_ameth.c ec_asn1.c ec_check.c ec_curve.c \ + ec_cvt.c ec_err.c ec_key.c ec_lib.c \ + ec_mult.c ec_pmeth.c ec_print.c ec2_smpl.c ec2_mult.c \ + eck_prn.c ecp_mont.c ecp_nist.c \ ecp_smpl.c INCS+= ec.h @@ -125,35 +127,42 @@ INCS+= ecdsa.h # engine SRCS+= eng_all.c eng_cnf.c eng_cryptodev.c eng_ctrl.c eng_dyn.c eng_err.c \ - eng_fat.c eng_init.c eng_lib.c eng_list.c eng_openssl.c eng_padlock.c \ - eng_pkey.c eng_table.c tb_cipher.c tb_dh.c tb_ecdh.c tb_ecdsa.c \ - tb_digest.c tb_dsa.c tb_rand.c tb_rsa.c tb_store.c + eng_fat.c eng_init.c eng_lib.c eng_list.c eng_openssl.c \ + eng_pkey.c eng_table.c tb_asnmth.c tb_cipher.c tb_dh.c \ + tb_digest.c tb_dsa.c tb_ecdh.c tb_ecdsa.c \ + tb_pkmeth.c tb_rand.c tb_rsa.c tb_store.c INCS+= eng_int.h engine.h # engines CFLAGS+=-DOPENSSL_NO_DYNAMIC_ENGINE # needs more hacking -SRCS+= e_4758cca.c e_aep.c e_atalla.c e_chil.c e_cswift.c e_gmp.c \ - e_nuron.c e_sureware.c e_ubsec.c +SRCS+= e_4758cca.c e_aep.c e_atalla.c e_capi.c e_chil.c e_cswift.c e_gmp.c \ + e_nuron.c e_padlock.c e_sureware.c e_ubsec.c + +# engines/ccgost +SRCS+= e_gost_err.c gost2001.c gost2001_keyx.c gost89.c gost94_keyx.c \ + gost_ameth.c gost_asn1.c gost_crypt.c gost_ctl.c gost_eng.c \ + gost_keywrap.c gost_md.c gost_params.c gost_pmeth.c gost_sign.c \ + gosthash.c # err -SRCS+= err.c err_all.c err_bio.c err_def.c err_prn.c err_str.c +SRCS+= err.c err_all.c err_prn.c INCS+= err.h # evp SRCS+= bio_b64.c bio_enc.c bio_md.c bio_ok.c c_all.c c_allc.c c_alld.c \ - dig_eng.c \ digest.c e_aes.c e_bf.c e_camellia.c e_cast.c e_des.c e_des3.c \ - e_idea.c e_null.c e_rc2.c e_rc4.c e_rc5.c e_xcbc_d.c \ - enc_min.c encode.c \ - evp_acnf.c evp_cnf.c evp_enc.c evp_err.c evp_key.c evp_lib.c evp_pbe.c \ + e_idea.c e_null.c e_rc2.c e_rc4.c e_rc5.c e_seed.c e_xcbc_d.c \ + encode.c \ + evp_acnf.c evp_enc.c evp_err.c evp_key.c evp_lib.c evp_pbe.c \ evp_pkey.c m_dss.c m_dss1.c m_ecdsa.c m_md2.c m_md4.c m_md5.c \ - m_mdc2.c m_null.c m_ripemd.c m_sha.c m_sha1.c names.c openbsd_hw.c \ + m_mdc2.c m_null.c m_ripemd.c m_sha.c m_sha1.c \ + m_sigver.c m_wp.c names.c openbsd_hw.c \ p5_crpt.c p5_crpt2.c p_dec.c p_enc.c p_lib.c p_open.c p_seal.c \ - p_sign.c p_verify.c + p_sign.c p_verify.c pmeth_fn.c pmeth_gn.c pmeth_lib.c INCS+= evp.h # hmac -SRCS+= hmac.c +SRCS+= hm_ameth.c hm_pmeth.c hmac.c INCS+= hmac.h # idea @@ -172,8 +181,8 @@ SRCS+= lh_stats.c lhash.c INCS+= lhash.h # md2 -SRCS+= md2_dgst.c md2_one.c -INCS+= md2.h +#SRCS+= md2_dgst.c md2_one.c +#INCS+= md2.h # md4 SRCS+= md4_dgst.c md4_one.c @@ -184,12 +193,15 @@ SRCS+= md5_dgst.c md5_one.c INCS+= md5.h # mdc2 -# ... is patented, so don't compile by default. -#SRCS+= mdc2_one.c mdc2dgst.c +SRCS+= mdc2_one.c mdc2dgst.c INCS+= mdc2.h +# modes +SRCS+= cbc128.c cfb128.c ctr128.c cts128.c ofb128.c +INCS+= modes.h + # objects -SRCS+= o_names.c obj_dat.c obj_err.c obj_lib.c +SRCS+= o_names.c obj_dat.c obj_err.c obj_lib.c obj_xref.c INCS+= objects.h obj_mac.h # ocsp @@ -199,7 +211,7 @@ INCS+= ocsp.h # pem SRCS+= pem_all.c pem_err.c pem_info.c pem_lib.c pem_oth.c pem_pk8.c \ - pem_pkey.c pem_seal.c pem_sign.c pem_x509.c pem_xaux.c + pem_pkey.c pem_seal.c pem_sign.c pem_x509.c pem_xaux.c pvkfmt.c INCS+= pem.h pem2.h # pkcs12 @@ -209,16 +221,16 @@ SRCS+= p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c \ INCS+= pkcs12.h # pkcs7 -SRCS+= example.c pk7_asn1.c pk7_attr.c pk7_dgst.c pk7_doit.c \ +SRCS+= bio_pk7.c example.c pk7_asn1.c pk7_attr.c pk7_dgst.c pk7_doit.c \ pk7_lib.c pk7_mime.c pk7_smime.c pkcs7err.c INCS+= pkcs7.h # pqueue SRCS+= pqueue.c -INCS+= pqueue.h pq_compat.h +INCS+= pqueue.h # rand -SRCS+= md_rand.c rand_egd.c rand_eng.c \ +SRCS+= md_rand.c rand_egd.c \ rand_err.c rand_lib.c rand_nw.c rand_unix.c \ randfile.c INCS+= rand.h @@ -228,25 +240,30 @@ SRCS+= rc2_cbc.c rc2_ecb.c rc2_skey.c rc2cfb64.c rc2ofb64.c INCS+= rc2.h # rc4 -SRCS+= rc4_enc.c rc4_fblk.c rc4_skey.c +SRCS+= rc4_enc.c rc4_skey.c INCS+= rc4.h # rc5 # .. is patented, so don't compile by default #SRCS+= rc5_ecb.c rc5_enc.c rc5_skey.c rc5cfb64.c rc5ofb64.c -INCS+= rc5.h +#INCS+= rc5.h # ripemd SRCS+= rmd_dgst.c rmd_one.c INCS+= ripemd.h # rsa -SRCS+= rsa_asn1.c rsa_chk.c rsa_depr.c rsa_eay.c \ - rsa_eng.c rsa_err.c rsa_gen.c \ - rsa_lib.c rsa_none.c rsa_null.c rsa_oaep.c rsa_pk1.c rsa_pss.c \ - rsa_saos.c rsa_sign.c rsa_ssl.c rsa_x931.c rsa_x931g.c +SRCS+= rsa_ameth.c rsa_asn1.c rsa_chk.c rsa_depr.c rsa_eay.c \ + rsa_err.c rsa_gen.c \ + rsa_lib.c rsa_none.c rsa_null.c rsa_oaep.c \ + rsa_pk1.c rsa_pmeth.c rsa_prn.c rsa_pss.c \ + rsa_saos.c rsa_sign.c rsa_ssl.c rsa_x931.c INCS+= rsa.h +# seed +SRCS+= seed.c seed_cbc.c seed_cfb.c seed_ecb.c seed_ofb.c +INCS+= seed.h + # sha SRCS+= sha1_one.c sha1dgst.c sha256.c sha512.c sha_dgst.c sha_one.c INCS+= sha.h @@ -256,8 +273,14 @@ SRCS+= stack.c INCS+= stack.h safestack.h # store -SRCS+= str_err.c str_lib.c str_meth.c str_mem.c -INCS+= store.h +#SRCS+= str_err.c str_lib.c str_meth.c str_mem.c +#INCS+= store.h + +# ts +SRCS+= ts_asn1.c ts_conf.c ts_err.c ts_lib.c \ + ts_req_print.c ts_req_utils.c ts_rsp_print.c ts_rsp_sign.c \ + ts_rsp_utils.c ts_rsp_verify.c ts_verify_ctx.c +INCS+= ts.h # txt_db SRCS+= txt_db.c @@ -267,6 +290,10 @@ INCS+= txt_db.h SRCS+= ui_compat.c ui_err.c ui_lib.c ui_openssl.c ui_util.c INCS+= ui.h ui_compat.h ui_locl.h +# whrlpool +SRCS+= wp_block.c wp_dgst.c +INCS+= whrlpool.h + # x509 SRCS+= by_dir.c by_file.c x509_att.c x509_cmp.c x509_d2.c \ x509_def.c x509_err.c x509_ext.c x509_lu.c x509_obj.c \ @@ -317,6 +344,7 @@ opensslconf.h: opensslconf-${MACHINE_ARCH}.h ${LCRYPTO_SRC}/crypto/buffer \ ${LCRYPTO_SRC}/crypto/camellia \ ${LCRYPTO_SRC}/crypto/cast \ + ${LCRYPTO_SRC}/crypto/cms \ ${LCRYPTO_SRC}/crypto/comp \ ${LCRYPTO_SRC}/crypto/conf \ ${LCRYPTO_SRC}/crypto/des \ @@ -331,12 +359,11 @@ opensslconf.h: opensslconf-${MACHINE_ARCH}.h ${LCRYPTO_SRC}/crypto/evp \ ${LCRYPTO_SRC}/crypto/hmac \ ${_ideapath} \ - ${LCRYPTO_SRC}/crypto/krb5 \ ${LCRYPTO_SRC}/crypto/lhash \ - ${LCRYPTO_SRC}/crypto/md2 \ ${LCRYPTO_SRC}/crypto/md4 \ ${LCRYPTO_SRC}/crypto/md5 \ ${LCRYPTO_SRC}/crypto/mdc2 \ + ${LCRYPTO_SRC}/crypto/modes \ ${LCRYPTO_SRC}/crypto/objects \ ${LCRYPTO_SRC}/crypto/ocsp \ ${LCRYPTO_SRC}/crypto/pem \ @@ -346,17 +373,19 @@ opensslconf.h: opensslconf-${MACHINE_ARCH}.h ${LCRYPTO_SRC}/crypto/rand \ ${LCRYPTO_SRC}/crypto/rc2 \ ${LCRYPTO_SRC}/crypto/rc4 \ - ${LCRYPTO_SRC}/crypto/rc5 \ ${LCRYPTO_SRC}/crypto/ripemd \ ${LCRYPTO_SRC}/crypto/rsa \ + ${LCRYPTO_SRC}/crypto/seed \ ${LCRYPTO_SRC}/crypto/sha \ ${LCRYPTO_SRC}/crypto/stack \ - ${LCRYPTO_SRC}/crypto/store \ ${LCRYPTO_SRC}/crypto/threads \ + ${LCRYPTO_SRC}/crypto/ts \ ${LCRYPTO_SRC}/crypto/txt_db \ ${LCRYPTO_SRC}/crypto/ui \ + ${LCRYPTO_SRC}/crypto/whrlpool \ ${LCRYPTO_SRC}/crypto/x509 \ ${LCRYPTO_SRC}/crypto/x509v3 \ ${LCRYPTO_SRC}/engines \ + ${LCRYPTO_SRC}/engines/ccgost \ ${LCRYPTO_SRC} \ ${.CURDIR}/man diff --git a/secure/lib/libcrypto/Makefile.inc b/secure/lib/libcrypto/Makefile.inc index 1ac77067d3..6bd0f0b3c8 100644 --- a/secure/lib/libcrypto/Makefile.inc +++ b/secure/lib/libcrypto/Makefile.inc @@ -1,8 +1,8 @@ # $FreeBSD: src/secure/lib/libcrypto/Makefile.inc,v 1.7.2.11 2003/02/20 15:07:32 nectar Exp $ # $DragonFly: src/secure/lib/libcrypto/Makefile.inc,v 1.18 2008/09/27 21:04:45 pavalos Exp $ -OSSLVERSION= 0.9.8m -OSSLDATE= 2010-02-25 +OSSLVERSION= 1.0.0a +OSSLDATE= 2010-06-01 LCRYPTO_SRC= ${.CURDIR}/../../../crypto/openssl LCRYPTO_DOC= ${LCRYPTO_SRC}/doc diff --git a/secure/lib/libcrypto/Makefile.man b/secure/lib/libcrypto/Makefile.man index ed20ed5918..8d388061e7 100644 --- a/secure/lib/libcrypto/Makefile.man +++ b/secure/lib/libcrypto/Makefile.man @@ -62,6 +62,7 @@ MLINKS+= BIO_new.3 BIO_set.3 MLINKS+= BIO_new.3 BIO_free.3 MLINKS+= BIO_new.3 BIO_vfree.3 MLINKS+= BIO_new.3 BIO_free_all.3 +MAN+= BIO_new_CMS.3 MAN+= BIO_push.3 MLINKS+= BIO_push.3 BIO_pop.3 MAN+= BIO_read.3 @@ -230,6 +231,44 @@ MLINKS+= BN_zero.3 BN_one.3 MLINKS+= BN_zero.3 BN_value_one.3 MLINKS+= BN_zero.3 BN_set_word.3 MLINKS+= BN_zero.3 BN_get_word.3 +MAN+= CMS_add0_cert.3 +MLINKS+= CMS_add0_cert.3 CMS_add1_cert.3 +MLINKS+= CMS_add0_cert.3 CMS_get1_certs.3 +MLINKS+= CMS_add0_cert.3 CMS_add0_crl.3 +MLINKS+= CMS_add0_cert.3 CMS_get1_crls.3 +MAN+= CMS_add1_recipient_cert.3 +MLINKS+= CMS_add1_recipient_cert.3 CMS_add0_recipient_key.3 +MAN+= CMS_compress.3 +MAN+= CMS_decrypt.3 +MAN+= CMS_encrypt.3 +MAN+= CMS_final.3 +MAN+= CMS_get0_RecipientInfos.3 +MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_type.3 +MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_ktri_get0_signer_id.3 +MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_ktri_cert_cmp.3 +MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_set0_pkey.3 +MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_kekri_get0_id.3 +MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_kekri_id_cmp.3 +MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_set0_key.3 +MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_decrypt.3 +MAN+= CMS_get0_SignerInfos.3 +MLINKS+= CMS_get0_SignerInfos.3 CMS_SignerInfo_get0_signer_id.3 +MLINKS+= CMS_get0_SignerInfos.3 CMS_SignerInfo_cert_cmp.3 +MLINKS+= CMS_get0_SignerInfos.3 CMS_set1_signer_certs.3 +MAN+= CMS_get0_type.3 +MLINKS+= CMS_get0_type.3 CMS_set1_eContentType.3 +MLINKS+= CMS_get0_type.3 CMS_get0_eContentType.3 +MAN+= CMS_get1_ReceiptRequest.3 +MLINKS+= CMS_get1_ReceiptRequest.3 CMS_ReceiptRequest_create0.3 +MLINKS+= CMS_get1_ReceiptRequest.3 CMS_add1_ReceiptRequest.3 +MLINKS+= CMS_get1_ReceiptRequest.3 CMS_ReceiptRequest_get0_values.3 +MAN+= CMS_sign.3 +MAN+= CMS_sign_add1_signer.3 +MLINKS+= CMS_sign_add1_signer.3 CMS_SignerInfo_sign.3 +MAN+= CMS_sign_receipt.3 +MAN+= CMS_uncompress.3 +MAN+= CMS_verify.3 +MAN+= CMS_verify_receipt.3 MAN+= CONF_modules_free.3 MLINKS+= CONF_modules_free.3 CONF_modules_finish.3 MLINKS+= CONF_modules_free.3 CONF_modules_unload.3 @@ -336,6 +375,12 @@ MLINKS+= EVP_DigestInit.3 EVP_ripemd160.3 MLINKS+= EVP_DigestInit.3 EVP_get_digestbyname.3 MLINKS+= EVP_DigestInit.3 EVP_get_digestbynid.3 MLINKS+= EVP_DigestInit.3 EVP_get_digestbyobj.3 +MAN+= EVP_DigestSignInit.3 +MLINKS+= EVP_DigestSignInit.3 EVP_DigestSignUpdate.3 +MLINKS+= EVP_DigestSignInit.3 EVP_DigestSignFinal.3 +MAN+= EVP_DigestVerifyInit.3 +MLINKS+= EVP_DigestVerifyInit.3 EVP_DigestVerifyUpdate.3 +MLINKS+= EVP_DigestVerifyInit.3 EVP_DigestVerifyFinal.3 MAN+= EVP_EncryptInit.3 MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_init.3 MLINKS+= EVP_EncryptInit.3 EVP_EncryptInit_ex.3 @@ -381,8 +426,40 @@ MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_set_padding.3 MAN+= EVP_OpenInit.3 MLINKS+= EVP_OpenInit.3 EVP_OpenUpdate.3 MLINKS+= EVP_OpenInit.3 EVP_OpenFinal.3 +MAN+= EVP_PKEY_CTX_ctrl.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_ctrl.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_ctrl_str.3 +MAN+= EVP_PKEY_CTX_new.3 +MLINKS+= EVP_PKEY_CTX_new.3 EVP_PKEY_CTX_new_id.3 +MLINKS+= EVP_PKEY_CTX_new.3 EVP_PKEY_CTX_dup.3 +MLINKS+= EVP_PKEY_CTX_new.3 EVP_PKEY_CTX_free.3 +MAN+= EVP_PKEY_cmp.3 +MLINKS+= EVP_PKEY_cmp.3 EVP_PKEY_copy_parameters.3 +MLINKS+= EVP_PKEY_cmp.3 EVP_PKEY_missing_parameters.3 +MLINKS+= EVP_PKEY_cmp.3 EVP_PKEY_cmp_parameters.3 +MAN+= EVP_PKEY_decrypt.3 +MLINKS+= EVP_PKEY_decrypt.3 EVP_PKEY_decrypt_init.3 +MAN+= EVP_PKEY_derive.3 +MLINKS+= EVP_PKEY_derive.3 EVP_PKEY_derive_init.3 +MLINKS+= EVP_PKEY_derive.3 EVP_PKEY_derive_set_peer.3 +MAN+= EVP_PKEY_encrypt.3 +MLINKS+= EVP_PKEY_encrypt.3 EVP_PKEY_encrypt_init.3 +MAN+= EVP_PKEY_get_default_digest.3 +MLINKS+= EVP_PKEY_get_default_digest.3 EVP_PKEY_get_default_digest_nid.3 +MAN+= EVP_PKEY_keygen.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_keygen_init.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_paramgen_init.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_paramgen.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_CTX_set_cb.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_CTX_get_cb.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_CTX_get_keygen_info.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEVP_PKEY_CTX_set_app_data.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_CTX_get_app_data.3 MAN+= EVP_PKEY_new.3 MLINKS+= EVP_PKEY_new.3 EVP_PKEY_free.3 +MAN+= EVP_PKEY_print_private.3 +MLINKS+= EVP_PKEY_print_private.3 EVP_PKEY_print_public.3 +MLINKS+= EVP_PKEY_print_private.3 EVP_PKEY_print_params.3 MAN+= EVP_PKEY_set1_RSA.3 MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_set1_DSA.3 MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_set1_DH.3 @@ -396,6 +473,12 @@ MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_DSA.3 MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_DH.3 MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_EC_KEY.3 MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_type.3 +MAN+= EVP_PKEY_sign.3 +MLINKS+= EVP_PKEY_sign.3 EVP_PKEY_sign_init.3 +MAN+= EVP_PKEY_verify.3 +MLINKS+= EVP_PKEY_verify.3 EVP_PKEY_verify_init.3 +MAN+= EVP_PKEY_verifyrecover.3 +MLINKS+= EVP_PKEY_verifyrecover.3 EVP_PKEY_verifyrecover_init.3 MAN+= EVP_SealInit.3 MLINKS+= EVP_SealInit.3 EVP_SealUpdate.3 MLINKS+= EVP_SealInit.3 EVP_SealFinal.3 @@ -429,11 +512,14 @@ MAN+= OPENSSL_load_builtin_modules.3 MAN+= OpenSSL_add_all_algorithms.3 MLINKS+= OpenSSL_add_all_algorithms.3 OpenSSL_add_all_ciphers.3 MLINKS+= OpenSSL_add_all_algorithms.3 OpenSSL_add_all_digests.3 +MAN+= PEM_write_bio_CMS_stream.3 +MAN+= PEM_write_bio_PKCS7_stream.3 MAN+= PKCS12_create.3 MAN+= PKCS12_parse.3 MAN+= PKCS7_decrypt.3 MAN+= PKCS7_encrypt.3 MAN+= PKCS7_sign.3 +MAN+= PKCS7_sign_add_signer.3 MAN+= PKCS7_verify.3 MAN+= RAND_add.3 MLINKS+= RAND_add.3 RAND_seed.3 @@ -494,7 +580,9 @@ MLINKS+= RSA_sign.3 RSA_verify.3 MAN+= RSA_sign_ASN1_OCTET_STRING.3 MLINKS+= RSA_sign_ASN1_OCTET_STRING.3 RSA_verify_ASN1_OCTET_STRING.3 MAN+= RSA_size.3 +MAN+= SMIME_read_CMS.3 MAN+= SMIME_read_PKCS7.3 +MAN+= SMIME_write_CMS.3 MAN+= SMIME_write_PKCS7.3 MAN+= X509_NAME_ENTRY_get_object.3 MLINKS+= X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_get_data.3 @@ -518,8 +606,42 @@ MAN+= X509_NAME_print_ex.3 MLINKS+= X509_NAME_print_ex.3 X509_NAME_print_ex_fp.3 MLINKS+= X509_NAME_print_ex.3 X509_NAME_print.3 MLINKS+= X509_NAME_print_ex.3 X509_NAME_oneline.3 +MAN+= X509_STORE_CTX_get_error.3 +MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_set_error.3 +MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_get_error_depth.3 +MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_get_current_cert.3 +MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_get1_chain.3 +MLINKS+= X509_STORE_CTX_get_error.3 X509_verify_cert_error_string.3 +MAN+= X509_STORE_CTX_get_ex_new_index.3 +MLINKS+= X509_STORE_CTX_get_ex_new_index.3 X509_STORE_CTX_set_ex_data.3 +MLINKS+= X509_STORE_CTX_get_ex_new_index.3 X509_STORE_CTX_get_ex_data.3 +MAN+= X509_STORE_CTX_new.3 +MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_cleanup.3 +MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_free.3 +MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_init.3 +MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_trusted_stack.3 +MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set_cert.3 +MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set_chain.3 +MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set0_crls.3 +MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_get0_param.3 +MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set0_param.3 +MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set_default.3 +MAN+= X509_STORE_CTX_set_verify_cb.3 +MAN+= X509_STORE_set_verify_cb_func.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_verify_cb.3 +MAN+= X509_VERIFY_PARAM_set_flags.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_clear_flags.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_get_flags.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set_purpose.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set_trust.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set_depth.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_get_depth.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set_time.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_add0_policy.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set1_policies.3 MAN+= X509_new.3 MLINKS+= X509_new.3 X509_free.3 +MAN+= X509_verify_cert.3 MAN+= bio.3 MAN+= blowfish.3 MLINKS+= blowfish.3 BF_set_key.3 @@ -664,6 +786,8 @@ MLINKS+= hmac.3 HMAC_Init.3 MLINKS+= hmac.3 HMAC_Update.3 MLINKS+= hmac.3 HMAC_Final.3 MLINKS+= hmac.3 HMAC_cleanup.3 +MAN+= i2d_CMS_bio_stream.3 +MAN+= i2d_PKCS7_bio_stream.3 MAN+= lh_stats.3 MLINKS+= lh_stats.3 lh_node_stats.3 MLINKS+= lh_stats.3 lh_node_usage_stats.3 @@ -699,6 +823,72 @@ MLINKS+= mdc2.3 MDC2_Update.3 MLINKS+= mdc2.3 MDC2_Final.3 MAN+= pem.3 MLINKS+= pem.3 PEM.3 +MLINKS+= pem.3 PEM_read_bio_PrivateKey.3 +MLINKS+= pem.3 PEM_read_PrivateKey.3 +MLINKS+= pem.3 PEM_write_bio_PrivateKey.3 +MLINKS+= pem.3 PEM_write_PrivateKey.3 +MLINKS+= pem.3 PEM_write_bio_PKCS8PrivateKey.3 +MLINKS+= pem.3 PEM_write_PKCS8PrivateKey.3 +MLINKS+= pem.3 PEM_write_bio_PKCS8PrivateKey_nid.3 +MLINKS+= pem.3 PEM_write_PKCS8PrivateKey_nid.3 +MLINKS+= pem.3 PEM_read_bio_PUBKEY.3 +MLINKS+= pem.3 PEM_read_PUBKEY.3 +MLINKS+= pem.3 PEM_write_bio_PUBKEY.3 +MLINKS+= pem.3 PEM_write_PUBKEY.3 +MLINKS+= pem.3 PEM_read_bio_RSAPrivateKey.3 +MLINKS+= pem.3 PEM_read_RSAPrivateKey.3 +MLINKS+= pem.3 PEM_write_bio_RSAPrivateKey.3 +MLINKS+= pem.3 PEM_write_RSAPrivateKey.3 +MLINKS+= pem.3 PEM_read_bio_RSAPublicKey.3 +MLINKS+= pem.3 PEM_read_RSAPublicKey.3 +MLINKS+= pem.3 PEM_write_bio_RSAPublicKey.3 +MLINKS+= pem.3 PEM_write_RSAPublicKey.3 +MLINKS+= pem.3 PEM_read_bio_RSA_PUBKEY.3 +MLINKS+= pem.3 PEM_read_RSA_PUBKEY.3 +MLINKS+= pem.3 PEM_write_bio_RSA_PUBKEY.3 +MLINKS+= pem.3 PEM_write_RSA_PUBKEY.3 +MLINKS+= pem.3 PEM_read_bio_DSAPrivateKey.3 +MLINKS+= pem.3 PEM_read_DSAPrivateKey.3 +MLINKS+= pem.3 PEM_write_bio_DSAPrivateKey.3 +MLINKS+= pem.3 PEM_write_DSAPrivateKey.3 +MLINKS+= pem.3 PEM_read_bio_DSA_PUBKEY.3 +MLINKS+= pem.3 PEM_read_DSA_PUBKEY.3 +MLINKS+= pem.3 PEM_write_bio_DSA_PUBKEY.3 +MLINKS+= pem.3 PEM_write_DSA_PUBKEY.3 +MLINKS+= pem.3 PEM_read_bio_DSAparams.3 +MLINKS+= pem.3 PEM_read_DSAparams.3 +MLINKS+= pem.3 PEM_write_bio_DSAparams.3 +MLINKS+= pem.3 PEM_write_DSAparams.3 +MLINKS+= pem.3 PEM_read_bio_DHparams.3 +MLINKS+= pem.3 PEM_read_DHparams.3 +MLINKS+= pem.3 PEM_write_bio_DHparams.3 +MLINKS+= pem.3 PEM_write_DHparams.3 +MLINKS+= pem.3 PEM_read_bio_X509.3 +MLINKS+= pem.3 PEM_read_X509.3 +MLINKS+= pem.3 PEM_write_bio_X509.3 +MLINKS+= pem.3 PEM_write_X509.3 +MLINKS+= pem.3 PEM_read_bio_X509_AUX.3 +MLINKS+= pem.3 PEM_read_X509_AUX.3 +MLINKS+= pem.3 PEM_write_bio_X509_AUX.3 +MLINKS+= pem.3 PEM_write_X509_AUX.3 +MLINKS+= pem.3 PEM_read_bio_X509_REQ.3 +MLINKS+= pem.3 PEM_read_X509_REQ.3 +MLINKS+= pem.3 PEM_write_bio_X509_REQ.3 +MLINKS+= pem.3 PEM_write_X509_REQ.3 +MLINKS+= pem.3 PEM_write_bio_X509_REQ_NEW.3 +MLINKS+= pem.3 PEM_write_X509_REQ_NEW.3 +MLINKS+= pem.3 PEM_read_bio_X509_CRL.3 +MLINKS+= pem.3 PEM_read_X509_CRL.3 +MLINKS+= pem.3 PEM_write_bio_X509_CRL.3 +MLINKS+= pem.3 PEM_write_X509_CRL.3 +MLINKS+= pem.3 PEM_read_bio_PKCS7.3 +MLINKS+= pem.3 PEM_read_PKCS7.3 +MLINKS+= pem.3 PEM_write_bio_PKCS7.3 +MLINKS+= pem.3 PEM_write_PKCS7.3 +MLINKS+= pem.3 PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3 +MLINKS+= pem.3 PEM_read_NETSCAPE_CERT_SEQUENCE.3 +MLINKS+= pem.3 PEM_write_bio_NETSCAPE_CERT_SEQUENCE.3 +MLINKS+= pem.3 PEM_write_NETSCAPE_CERT_SEQUENCE.3 MAN+= rand.3 MAN+= rc4.3 MLINKS+= rc4.3 RC4_set_key.3 @@ -715,8 +905,13 @@ MLINKS+= sha.3 SHA1_Init.3 MLINKS+= sha.3 SHA1_Update.3 MLINKS+= sha.3 SHA1_Final.3 MAN+= threads.3 +MLINKS+= threads.3 CRYPTO_THREADID_set_callback.3 +MLINKS+= threads.3 CRYPTO_THREADID_get_callback.3 +MLINKS+= threads.3 CRYPTO_THREADID_current.3 +MLINKS+= threads.3 CRYPTO_THREADID_cmp.3 +MLINKS+= threads.3 CRYPTO_THREADID_cpy.3 +MLINKS+= threads.3 CRYPTO_THREADID_hash.3 MLINKS+= threads.3 CRYPTO_set_locking_callback.3 -MLINKS+= threads.3 CRYPTO_set_id_callback.3 MLINKS+= threads.3 CRYPTO_num_locks.3 MLINKS+= threads.3 CRYPTO_set_dynlock_create_callback.3 MLINKS+= threads.3 CRYPTO_set_dynlock_lock_callback.3 diff --git a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 index ec52cd10f7..c34309dd6c 100644 --- a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 +++ b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_OBJECT_new 3" -.TH ASN1_OBJECT_new 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH ASN1_OBJECT_new 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -141,7 +133,9 @@ ASN1_OBJECT_new, ASN1_OBJECT_free, \- object allocation functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 2 +.Vb 1 +\& #include +\& \& ASN1_OBJECT *ASN1_OBJECT_new(void); \& void ASN1_OBJECT_free(ASN1_OBJECT *a); .Ve diff --git a/secure/lib/libcrypto/man/ASN1_STRING_length.3 b/secure/lib/libcrypto/man/ASN1_STRING_length.3 index 246358a689..39fcb0e865 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_length.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_length.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_length 3" -.TH ASN1_STRING_length 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH ASN1_STRING_length 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -143,7 +135,9 @@ ASN1_STRING_length_set, ASN1_STRING_type, ASN1_STRING_data \- ASN1_STRING utility functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 2 +.Vb 1 +\& #include +\& \& int ASN1_STRING_length(ASN1_STRING *x); \& unsigned char * ASN1_STRING_data(ASN1_STRING *x); \& diff --git a/secure/lib/libcrypto/man/ASN1_STRING_new.3 b/secure/lib/libcrypto/man/ASN1_STRING_new.3 index 0b9eec5e7c..481ee5472f 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_new.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_new.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_new 3" -.TH ASN1_STRING_new 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH ASN1_STRING_new 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -142,7 +134,9 @@ ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free \- ASN1_STRING allocation functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 3 +.Vb 1 +\& #include +\& \& ASN1_STRING * ASN1_STRING_new(void); \& ASN1_STRING * ASN1_STRING_type_new(int type); \& void ASN1_STRING_free(ASN1_STRING *a); diff --git a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 index e16213cdff..515084482a 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_print_ex 3" -.TH ASN1_STRING_print_ex 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH ASN1_STRING_print_ex 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASN1_generate_nconf.3 b/secure/lib/libcrypto/man/ASN1_generate_nconf.3 index fff61f07bd..0a21284d4d 100644 --- a/secure/lib/libcrypto/man/ASN1_generate_nconf.3 +++ b/secure/lib/libcrypto/man/ASN1_generate_nconf.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_generate_nconf 3" -.TH ASN1_generate_nconf 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH ASN1_generate_nconf 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -141,7 +133,9 @@ ASN1_generate_nconf, ASN1_generate_v3 \- ASN1 generation functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 2 +.Vb 1 +\& #include +\& \& ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf); \& ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf); .Ve @@ -168,7 +162,7 @@ is: That is zero or more comma separated modifiers followed by a type followed by an optional colon and a value. The formats of \fBtype\fR, \&\fBvalue\fR and \fBmodifier\fR are explained below. -.Sh "\s-1SUPPORTED\s0 \s-1TYPES\s0" +.SS "\s-1SUPPORTED\s0 \s-1TYPES\s0" .IX Subsection "SUPPORTED TYPES" The supported types are listed below. Unless otherwise specified only the \fB\s-1ASCII\s0\fR format is permissible. @@ -216,8 +210,8 @@ can be used to specify the format of \fBvalue\fR. .Sp If the format is anything other than \fB\s-1BITLIST\s0\fR the number of unused bits is set to zero. -.IP "\fB\s-1UNIVERSALSTRING\s0\fR, \fB\s-1UNIV\s0\fR, \fB\s-1IA5\s0\fR, \fB\s-1IA5STRING\s0\fR, \fB\s-1UTF8\s0\fR, \fBUTF8String\fR, \fB\s-1BMP\s0\fR, \fB\s-1BMPSTRING\s0\fR, \fB\s-1VISIBLESTRING\s0\fR, \fB\s-1VISIBLE\s0\fR, \fB\s-1PRINTABLESTRING\s0\fR, \fB\s-1PRINTABLE\s0\fR, \fBT61\fR, \fBT61STRING\fR, \fB\s-1TELETEXSTRING\s0\fR, \fBGeneralString\fR" 2 -.IX Item "UNIVERSALSTRING, UNIV, IA5, IA5STRING, UTF8, UTF8String, BMP, BMPSTRING, VISIBLESTRING, VISIBLE, PRINTABLESTRING, PRINTABLE, T61, T61STRING, TELETEXSTRING, GeneralString" +.IP "\fB\s-1UNIVERSALSTRING\s0\fR, \fB\s-1UNIV\s0\fR, \fB\s-1IA5\s0\fR, \fB\s-1IA5STRING\s0\fR, \fB\s-1UTF8\s0\fR, \fBUTF8String\fR, \fB\s-1BMP\s0\fR, \fB\s-1BMPSTRING\s0\fR, \fB\s-1VISIBLESTRING\s0\fR, \fB\s-1VISIBLE\s0\fR, \fB\s-1PRINTABLESTRING\s0\fR, \fB\s-1PRINTABLE\s0\fR, \fBT61\fR, \fBT61STRING\fR, \fB\s-1TELETEXSTRING\s0\fR, \fBGeneralString\fR, \fB\s-1NUMERICSTRING\s0\fR, \fB\s-1NUMERIC\s0\fR" 2 +.IX Item "UNIVERSALSTRING, UNIV, IA5, IA5STRING, UTF8, UTF8String, BMP, BMPSTRING, VISIBLESTRING, VISIBLE, PRINTABLESTRING, PRINTABLE, T61, T61STRING, TELETEXSTRING, GeneralString, NUMERICSTRING, NUMERIC" These encode the corresponding string types. \fBvalue\fR represents the contents of this structure. The format can be \fB\s-1ASCII\s0\fR or \fB\s-1UTF8\s0\fR. .IP "\fB\s-1SEQUENCE\s0\fR, \fB\s-1SEQ\s0\fR, \fB\s-1SET\s0\fR" 2 @@ -227,7 +221,7 @@ should be a section name which will contain the contents. The field names in the section are ignored and the values are in the generated string format. If \fBvalue\fR is absent then an empty \s-1SEQUENCE\s0 will be encoded. -.Sh "\s-1MODIFIERS\s0" +.SS "\s-1MODIFIERS\s0" .IX Subsection "MODIFIERS" Modifiers affect the following structure, they can be used to add \s-1EXPLICIT\s0 or \s-1IMPLICIT\s0 tagging, add wrappers or to change @@ -284,7 +278,7 @@ An IA5String explicitly tagged using \s-1APPLICATION\s0 tagging: A \s-1BITSTRING\s0 with bits 1 and 5 set and all others zero: .PP .Vb 1 -\& FORMAT=BITLIST,BITSTRING:1,5 +\& FORMAT:BITLIST,BITSTRING:1,5 .Ve .PP A more complex example using a config file to produce a diff --git a/secure/lib/libcrypto/man/BIO_ctrl.3 b/secure/lib/libcrypto/man/BIO_ctrl.3 index 7c191ef7a1..efc478e5e0 100644 --- a/secure/lib/libcrypto/man/BIO_ctrl.3 +++ b/secure/lib/libcrypto/man/BIO_ctrl.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_ctrl 3" -.TH BIO_ctrl 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BIO_ctrl 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_base64.3 b/secure/lib/libcrypto/man/BIO_f_base64.3 index 2088dd8f8b..12e6b55712 100644 --- a/secure/lib/libcrypto/man/BIO_f_base64.3 +++ b/secure/lib/libcrypto/man/BIO_f_base64.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_base64 3" -.TH BIO_f_base64 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BIO_f_base64 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_buffer.3 b/secure/lib/libcrypto/man/BIO_f_buffer.3 index 6d6e725ce2..bc7e2d01b0 100644 --- a/secure/lib/libcrypto/man/BIO_f_buffer.3 +++ b/secure/lib/libcrypto/man/BIO_f_buffer.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_buffer 3" -.TH BIO_f_buffer 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BIO_f_buffer 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -167,7 +159,7 @@ Calling \fIBIO_reset()\fR on a buffering \s-1BIO\s0 clears any buffered data. .PP \&\fIBIO_set_read_buffer_size()\fR, \fIBIO_set_write_buffer_size()\fR and \fIBIO_set_buffer_size()\fR set the read, write or both read and write buffer sizes to \fBsize\fR. The initial -buffer size is \s-1DEFAULT_BUFFER_SIZE\s0, currently 1024. Any attempt to reduce the +buffer size is \s-1DEFAULT_BUFFER_SIZE\s0, currently 4096. Any attempt to reduce the buffer size below \s-1DEFAULT_BUFFER_SIZE\s0 is ignored. Any buffered data is cleared when the buffer is resized. .PP @@ -199,4 +191,9 @@ return 1 if the buffer was successfully resized or 0 for failure. there was an error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1TBA\s0 +\&\s-1\fIBIO\s0\fR\|(3), +\&\fIBIO_reset\fR\|(3), +\&\fIBIO_flush\fR\|(3), +\&\fIBIO_pop\fR\|(3), +\&\fIBIO_ctrl\fR\|(3), +\&\fIBIO_int_ctrl\fR\|(3) diff --git a/secure/lib/libcrypto/man/BIO_f_cipher.3 b/secure/lib/libcrypto/man/BIO_f_cipher.3 index 82a3db038b..64a0a8f2a9 100644 --- a/secure/lib/libcrypto/man/BIO_f_cipher.3 +++ b/secure/lib/libcrypto/man/BIO_f_cipher.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_cipher 3" -.TH BIO_f_cipher 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BIO_f_cipher 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_md.3 b/secure/lib/libcrypto/man/BIO_f_md.3 index 096ea24418..e085ed2ee9 100644 --- a/secure/lib/libcrypto/man/BIO_f_md.3 +++ b/secure/lib/libcrypto/man/BIO_f_md.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_md 3" -.TH BIO_f_md 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BIO_f_md 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -192,6 +184,12 @@ data is passed through it. If an application needs to call \fIBIO_gets()\fR or \fIBIO_puts()\fR through a chain containing digest BIOs then this can be done by prepending a buffering \s-1BIO\s0. +.PP +Before OpenSSL 1.0.0 the call to \fIBIO_get_md_ctx()\fR would only work if the \s-1BIO\s0 +had been initialized for example by calling \fIBIO_set_md()\fR ). In OpenSSL +1.0.0 and later the context is always returned and the \s-1BIO\s0 is state is set +to initialized. This allows applications to initialize the context externally +if the standard calls such as \fIBIO_set_md()\fR are not sufficiently flexible. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fIBIO_f_md()\fR returns the digest \s-1BIO\s0 method. diff --git a/secure/lib/libcrypto/man/BIO_f_null.3 b/secure/lib/libcrypto/man/BIO_f_null.3 index eaa65799ce..387e09a692 100644 --- a/secure/lib/libcrypto/man/BIO_f_null.3 +++ b/secure/lib/libcrypto/man/BIO_f_null.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_null 3" -.TH BIO_f_null 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BIO_f_null 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_ssl.3 b/secure/lib/libcrypto/man/BIO_f_ssl.3 index 6906bd490e..7a0f81f740 100644 --- a/secure/lib/libcrypto/man/BIO_f_ssl.3 +++ b/secure/lib/libcrypto/man/BIO_f_ssl.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_ssl 3" -.TH BIO_f_ssl 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BIO_f_ssl 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -444,6 +436,14 @@ a client and also echoes the request to standard output. \& \& BIO_free_all(sbio); .Ve +.SH "BUGS" +.IX Header "BUGS" +In OpenSSL versions before 1.0.0 the \fIBIO_pop()\fR call was handled incorrectly, +the I/O \s-1BIO\s0 reference count was incorrectly incremented (instead of +decremented) and dissociated with the \s-1SSL\s0 \s-1BIO\s0 even if the \s-1SSL\s0 \s-1BIO\s0 was not +explicitly being popped (e.g. a pop higher up the chain). Applications which +included workarounds for this bug (e.g. freeing BIOs more than once) should +be modified to handle this fix or they may free up an already freed \s-1BIO\s0. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_find_type.3 b/secure/lib/libcrypto/man/BIO_find_type.3 index 82e212ad0a..bad0969cdf 100644 --- a/secure/lib/libcrypto/man/BIO_find_type.3 +++ b/secure/lib/libcrypto/man/BIO_find_type.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_find_type 3" -.TH BIO_find_type 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BIO_find_type 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_new.3 b/secure/lib/libcrypto/man/BIO_new.3 index 8526d1407b..2ed35a4a69 100644 --- a/secure/lib/libcrypto/man/BIO_new.3 +++ b/secure/lib/libcrypto/man/BIO_new.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_new 3" -.TH BIO_new 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BIO_new 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_print_errors.3 b/secure/lib/libcrypto/man/BIO_new_CMS.3 similarity index 62% copy from secure/lib/libcrypto/man/ERR_print_errors.3 copy to secure/lib/libcrypto/man/BIO_new_CMS.3 index 2570dc28d0..e1503851c5 100644 --- a/secure/lib/libcrypto/man/ERR_print_errors.3 +++ b/secure/lib/libcrypto/man/BIO_new_CMS.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,53 +123,67 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ERR_print_errors 3" -.TH ERR_print_errors 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "BIO_new_CMS 3" +.TH BIO_new_CMS 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ERR_print_errors, ERR_print_errors_fp \- print error messages +.Vb 1 +\& BIO_new_CMS \- CMS streaming filter BIO +.Ve .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& #include +\& #include \& -\& void ERR_print_errors(BIO *bp); -\& void ERR_print_errors_fp(FILE *fp); +\& BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIERR_print_errors()\fR is a convenience function that prints the error -strings for all errors that OpenSSL has recorded to \fBbp\fR, thus -emptying the error queue. +\&\fIBIO_new_CMS()\fR returns a streaming filter \s-1BIO\s0 chain based on \fBcms\fR. The output +of the filter is written to \fBout\fR. Any data written to the chain is +automatically translated to a \s-1BER\s0 format \s-1CMS\s0 structure of the appropriate type. +.SH "NOTES" +.IX Header "NOTES" +The chain returned by this function behaves like a standard filter \s-1BIO\s0. It +supports non blocking I/O. Content is processed and streamed on the fly and not +all held in memory at once: so it is possible to encode very large structures. +After all content has been written through the chain \fIBIO_flush()\fR must be called +to finalise the structure. .PP -\&\fIERR_print_errors_fp()\fR is the same, except that the output goes to a -\&\fB\s-1FILE\s0\fR. +The \fB\s-1CMS_STREAM\s0\fR flag must be included in the corresponding \fBflags\fR +parameter of the \fBcms\fR creation function. .PP -The error strings will have the following format: +If an application wishes to write additional data to \fBout\fR BIOs should be +removed from the chain using \fIBIO_pop()\fR and freed with \fIBIO_free()\fR until \fBout\fR +is reached. If no additional data needs to be written \fIBIO_free_all()\fR can be +called to free up the whole chain. .PP -.Vb 1 -\& [pid]:error:[error code]:[library name]:[function name]:[reason string]:[file name]:[line]:[optional text message] -.Ve +Any content written through the filter is used verbatim: no canonical +translation is performed. .PP -\&\fIerror code\fR is an 8 digit hexadecimal number. \fIlibrary name\fR, -\&\fIfunction name\fR and \fIreason string\fR are \s-1ASCII\s0 text, as is \fIoptional -text message\fR if one was set for the respective error code. +It is possible to chain multiple BIOs to, for example, create a triple wrapped +signed, enveloped, signed structure. In this case it is the applications +responsibility to set the inner content type of any outer CMS_ContentInfo +structures. .PP -If there is no text string registered for the given error code, -the error string will contain the numeric code. +Large numbers of small writes through the chain should be avoided as this will +produce an output consisting of lots of \s-1OCTET\s0 \s-1STRING\s0 structures. Prepending +a \fIBIO_f_buffer()\fR buffering \s-1BIO\s0 will prevent this. +.SH "BUGS" +.IX Header "BUGS" +There is currently no corresponding inverse \s-1BIO:\s0 i.e. one which can decode +a \s-1CMS\s0 structure on the fly. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIERR_print_errors()\fR and \fIERR_print_errors_fp()\fR return no values. +\&\fIBIO_new_CMS()\fR returns a \s-1BIO\s0 chain when successful or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fIERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIerr\fR\|(3), \fIERR_error_string\fR\|(3), -\&\fIERR_get_error\fR\|(3), -\&\fIERR_load_crypto_strings\fR\|(3), -\&\fISSL_load_error_strings\fR\|(3) +\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), +\&\fICMS_encrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIERR_print_errors()\fR and \fIERR_print_errors_fp()\fR -are available in all versions of SSLeay and OpenSSL. +\&\fIBIO_new_CMS()\fR was added to OpenSSL 1.0.0 diff --git a/secure/lib/libcrypto/man/BIO_push.3 b/secure/lib/libcrypto/man/BIO_push.3 index 228ea7c2b2..ee10b70b79 100644 --- a/secure/lib/libcrypto/man/BIO_push.3 +++ b/secure/lib/libcrypto/man/BIO_push.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_push 3" -.TH BIO_push 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BIO_push 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_read.3 b/secure/lib/libcrypto/man/BIO_read.3 index 3c518e7f04..bd75fd4d97 100644 --- a/secure/lib/libcrypto/man/BIO_read.3 +++ b/secure/lib/libcrypto/man/BIO_read.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_read 3" -.TH BIO_read 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BIO_read 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_accept.3 b/secure/lib/libcrypto/man/BIO_s_accept.3 index 04a7748c84..40385431ea 100644 --- a/secure/lib/libcrypto/man/BIO_s_accept.3 +++ b/secure/lib/libcrypto/man/BIO_s_accept.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_accept 3" -.TH BIO_s_accept 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BIO_s_accept 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_bio.3 b/secure/lib/libcrypto/man/BIO_s_bio.3 index 3da9dffff9..431ff82198 100644 --- a/secure/lib/libcrypto/man/BIO_s_bio.3 +++ b/secure/lib/libcrypto/man/BIO_s_bio.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_bio 3" -.TH BIO_s_bio 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BIO_s_bio 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_connect.3 b/secure/lib/libcrypto/man/BIO_s_connect.3 index f17c7026cf..e76ad3dbfc 100644 --- a/secure/lib/libcrypto/man/BIO_s_connect.3 +++ b/secure/lib/libcrypto/man/BIO_s_connect.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_connect 3" -.TH BIO_s_connect 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BIO_s_connect 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_fd.3 b/secure/lib/libcrypto/man/BIO_s_fd.3 index c8aa8c1343..236607f535 100644 --- a/secure/lib/libcrypto/man/BIO_s_fd.3 +++ b/secure/lib/libcrypto/man/BIO_s_fd.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_fd 3" -.TH BIO_s_fd 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BIO_s_fd 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_file.3 b/secure/lib/libcrypto/man/BIO_s_file.3 index 27997e7f1a..a22a46291d 100644 --- a/secure/lib/libcrypto/man/BIO_s_file.3 +++ b/secure/lib/libcrypto/man/BIO_s_file.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_file 3" -.TH BIO_s_file 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BIO_s_file 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -210,6 +202,10 @@ normally be closed so the \s-1BIO_NOCLOSE\s0 flag should be set. .PP Because the file \s-1BIO\s0 calls the underlying stdio functions any quirks in stdio behaviour will be mirrored by the corresponding \s-1BIO\s0. +.PP +On Windows BIO_new_files reserves for the filename argument to be +\&\s-1UTF\-8\s0 encoded. In other words if you have to make it work in multi\- +lingual environment, encode file names in \s-1UTF\-8\s0. .SH "EXAMPLES" .IX Header "EXAMPLES" File \s-1BIO\s0 \*(L"hello world\*(R": diff --git a/secure/lib/libcrypto/man/BIO_s_mem.3 b/secure/lib/libcrypto/man/BIO_s_mem.3 index 1d4917dc1b..90c2d337f2 100644 --- a/secure/lib/libcrypto/man/BIO_s_mem.3 +++ b/secure/lib/libcrypto/man/BIO_s_mem.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_mem 3" -.TH BIO_s_mem 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BIO_s_mem 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -209,7 +201,7 @@ Writes to memory BIOs will always succeed if memory is available: that is their size can grow indefinitely. .PP Every read from a read write memory \s-1BIO\s0 will remove the data just read with -an internal copy operation, if a \s-1BIO\s0 contains a lots of data and it is +an internal copy operation, if a \s-1BIO\s0 contains a lot of data and it is read in small chunks the operation can be very slow. The use of a read only memory \s-1BIO\s0 avoids this problem. If the \s-1BIO\s0 must be read write then adding a buffering \s-1BIO\s0 to the chain will speed up the process. diff --git a/secure/lib/libcrypto/man/BIO_s_null.3 b/secure/lib/libcrypto/man/BIO_s_null.3 index e8ac4047ff..33df30290d 100644 --- a/secure/lib/libcrypto/man/BIO_s_null.3 +++ b/secure/lib/libcrypto/man/BIO_s_null.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_null 3" -.TH BIO_s_null 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BIO_s_null 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_socket.3 b/secure/lib/libcrypto/man/BIO_s_socket.3 index 21745b2883..bac9dd0c87 100644 --- a/secure/lib/libcrypto/man/BIO_s_socket.3 +++ b/secure/lib/libcrypto/man/BIO_s_socket.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_socket 3" -.TH BIO_s_socket 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BIO_s_socket 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_set_callback.3 b/secure/lib/libcrypto/man/BIO_set_callback.3 index 69234fb136..5d25b24f7a 100644 --- a/secure/lib/libcrypto/man/BIO_set_callback.3 +++ b/secure/lib/libcrypto/man/BIO_set_callback.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_set_callback 3" -.TH BIO_set_callback 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BIO_set_callback 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_should_retry.3 b/secure/lib/libcrypto/man/BIO_should_retry.3 index fca1738275..39f984626b 100644 --- a/secure/lib/libcrypto/man/BIO_should_retry.3 +++ b/secure/lib/libcrypto/man/BIO_should_retry.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_should_retry 3" -.TH BIO_should_retry 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BIO_should_retry 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -181,7 +173,7 @@ needs to read data. \&\fIBIO_should_io_special()\fR is true if some \*(L"special\*(R" condition, that is a reason other than reading or writing is the cause of the condition. .PP -\&\fIBIO_get_retry_reason()\fR returns a mask of the cause of a retry condition +\&\fIBIO_retry_type()\fR returns a mask of the cause of a retry condition consisting of the values \fB\s-1BIO_FLAGS_READ\s0\fR, \fB\s-1BIO_FLAGS_WRITE\s0\fR, \&\fB\s-1BIO_FLAGS_IO_SPECIAL\s0\fR though current \s-1BIO\s0 types will only set one of these. diff --git a/secure/lib/libcrypto/man/BN_BLINDING_new.3 b/secure/lib/libcrypto/man/BN_BLINDING_new.3 index 29ff15773a..90c098e485 100644 --- a/secure/lib/libcrypto/man/BN_BLINDING_new.3 +++ b/secure/lib/libcrypto/man/BN_BLINDING_new.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_BLINDING_new 3" -.TH BN_BLINDING_new 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BN_BLINDING_new 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -158,8 +150,11 @@ functions. \& BN_CTX *ctx); \& int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, \& BN_CTX *ctx); +\& #ifndef OPENSSL_NO_DEPRECATED \& unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); \& void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); +\& #endif +\& CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *); \& unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); \& void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); \& BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, @@ -190,11 +185,11 @@ the inverse blinding. functions for \fIBN_BLINDING_convert_ex()\fR and \fIBN_BLINDING_invert_ex()\fR with \fBr\fR set to \s-1NULL\s0. .PP -\&\fIBN_BLINDING_set_thread_id()\fR and \fIBN_BLINDING_get_thread_id()\fR -set and get the \*(L"thread id\*(R" value of the \fB\s-1BN_BLINDING\s0\fR structure, -a field provided to users of \fB\s-1BN_BLINDING\s0\fR structure to help them -provide proper locking if needed for multi-threaded use. The -\&\*(L"thread id\*(R" of a newly allocated \fB\s-1BN_BLINDING\s0\fR structure is zero. +\&\fIBN_BLINDING_thread_id()\fR provides access to the \fB\s-1CRYPTO_THREADID\s0\fR +object within the \fB\s-1BN_BLINDING\s0\fR structure. This is to help users +provide proper locking if needed for multi-threaded use. The \*(L"thread +id\*(R" object of a newly allocated \fB\s-1BN_BLINDING\s0\fR structure is +initialised to the thread id in which \fIBN_BLINDING_new()\fR was called. .PP \&\fIBN_BLINDING_get_flags()\fR returns the \s-1BN_BLINDING\s0 flags. Currently there are two supported flags: \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR and @@ -218,8 +213,8 @@ or \s-1NULL\s0 in case of an error. \&\fIBN_BLINDING_convert_ex()\fR and \fIBN_BLINDING_invert_ex()\fR return 1 on success and 0 if an error occured. .PP -\&\fIBN_BLINDING_get_thread_id()\fR returns the thread id (a \fBunsigned long\fR -value) or 0 if not set. +\&\fIBN_BLINDING_thread_id()\fR returns a pointer to the thread id object +within a \fB\s-1BN_BLINDING\s0\fR object. .PP \&\fIBN_BLINDING_get_flags()\fR returns the currently set \fB\s-1BN_BLINDING\s0\fR flags (a \fBunsigned long\fR value). @@ -231,6 +226,9 @@ parameters or \s-1NULL\s0 on error. \&\fIbn\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" +BN_BLINDING_thread_id was first introduced in OpenSSL 1.0.0, and it +deprecates BN_BLINDING_set_thread_id and BN_BLINDING_get_thread_id. +.PP BN_BLINDING_convert_ex, BN_BLINDIND_invert_ex, BN_BLINDING_get_thread_id, BN_BLINDING_set_thread_id, BN_BLINDING_set_flags, BN_BLINDING_get_flags and BN_BLINDING_create_param were first introduced in OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/BN_CTX_new.3 b/secure/lib/libcrypto/man/BN_CTX_new.3 index d88f3e0376..5b20f5bfed 100644 --- a/secure/lib/libcrypto/man/BN_CTX_new.3 +++ b/secure/lib/libcrypto/man/BN_CTX_new.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_CTX_new 3" -.TH BN_CTX_new 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BN_CTX_new 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_CTX_start.3 b/secure/lib/libcrypto/man/BN_CTX_start.3 index a8ec27747c..d90df7bc34 100644 --- a/secure/lib/libcrypto/man/BN_CTX_start.3 +++ b/secure/lib/libcrypto/man/BN_CTX_start.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_CTX_start 3" -.TH BN_CTX_start 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BN_CTX_start 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_add.3 b/secure/lib/libcrypto/man/BN_add.3 index 7c6d984781..2273514ae4 100644 --- a/secure/lib/libcrypto/man/BN_add.3 +++ b/secure/lib/libcrypto/man/BN_add.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_add 3" -.TH BN_add 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BN_add 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_add_word.3 b/secure/lib/libcrypto/man/BN_add_word.3 index 6c56632e34..01323a5985 100644 --- a/secure/lib/libcrypto/man/BN_add_word.3 +++ b/secure/lib/libcrypto/man/BN_add_word.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_add_word 3" -.TH BN_add_word 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BN_add_word 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_bn2bin.3 b/secure/lib/libcrypto/man/BN_bn2bin.3 index 3f2fb0d33f..4eca0748ef 100644 --- a/secure/lib/libcrypto/man/BN_bn2bin.3 +++ b/secure/lib/libcrypto/man/BN_bn2bin.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_bn2bin 3" -.TH BN_bn2bin 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BN_bn2bin 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_cmp.3 b/secure/lib/libcrypto/man/BN_cmp.3 index 7ca87cf4e8..8f835be79e 100644 --- a/secure/lib/libcrypto/man/BN_cmp.3 +++ b/secure/lib/libcrypto/man/BN_cmp.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_cmp 3" -.TH BN_cmp 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BN_cmp 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_copy.3 b/secure/lib/libcrypto/man/BN_copy.3 index 91a29385ec..dd16716220 100644 --- a/secure/lib/libcrypto/man/BN_copy.3 +++ b/secure/lib/libcrypto/man/BN_copy.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_copy 3" -.TH BN_copy 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BN_copy 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_generate_prime.3 b/secure/lib/libcrypto/man/BN_generate_prime.3 index fc9b8f3e2a..7c5d7e6204 100644 --- a/secure/lib/libcrypto/man/BN_generate_prime.3 +++ b/secure/lib/libcrypto/man/BN_generate_prime.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_generate_prime 3" -.TH BN_generate_prime 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BN_generate_prime 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_mod_inverse.3 b/secure/lib/libcrypto/man/BN_mod_inverse.3 index 65ca90a318..21071b3695 100644 --- a/secure/lib/libcrypto/man/BN_mod_inverse.3 +++ b/secure/lib/libcrypto/man/BN_mod_inverse.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_mod_inverse 3" -.TH BN_mod_inverse 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BN_mod_inverse 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 index 0a66385d63..f9ed354e30 100644 --- a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 +++ b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_mod_mul_montgomery 3" -.TH BN_mod_mul_montgomery 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BN_mod_mul_montgomery 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 index 97eeec61a4..29cdd131e0 100644 --- a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 +++ b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_mod_mul_reciprocal 3" -.TH BN_mod_mul_reciprocal 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BN_mod_mul_reciprocal 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_new.3 b/secure/lib/libcrypto/man/BN_new.3 index 4685a8c190..fd0713f6ba 100644 --- a/secure/lib/libcrypto/man/BN_new.3 +++ b/secure/lib/libcrypto/man/BN_new.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_new 3" -.TH BN_new 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BN_new 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_num_bytes.3 b/secure/lib/libcrypto/man/BN_num_bytes.3 index fd809a5b29..24dbe59a53 100644 --- a/secure/lib/libcrypto/man/BN_num_bytes.3 +++ b/secure/lib/libcrypto/man/BN_num_bytes.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_num_bytes 3" -.TH BN_num_bytes 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BN_num_bytes 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_rand.3 b/secure/lib/libcrypto/man/BN_rand.3 index 71d1471589..3ef8cc0c83 100644 --- a/secure/lib/libcrypto/man/BN_rand.3 +++ b/secure/lib/libcrypto/man/BN_rand.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_rand 3" -.TH BN_rand 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BN_rand 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_set_bit.3 b/secure/lib/libcrypto/man/BN_set_bit.3 index b949983ae2..63e2f9cab5 100644 --- a/secure/lib/libcrypto/man/BN_set_bit.3 +++ b/secure/lib/libcrypto/man/BN_set_bit.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_set_bit 3" -.TH BN_set_bit 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BN_set_bit 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_swap.3 b/secure/lib/libcrypto/man/BN_swap.3 index 954862c39d..8383181688 100644 --- a/secure/lib/libcrypto/man/BN_swap.3 +++ b/secure/lib/libcrypto/man/BN_swap.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_swap 3" -.TH BN_swap 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BN_swap 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_zero.3 b/secure/lib/libcrypto/man/BN_zero.3 index 3218c1e445..a2819ee493 100644 --- a/secure/lib/libcrypto/man/BN_zero.3 +++ b/secure/lib/libcrypto/man/BN_zero.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_zero 3" -.TH BN_zero 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH BN_zero 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_print_errors.3 b/secure/lib/libcrypto/man/CMS_add0_cert.3 similarity index 63% copy from secure/lib/libcrypto/man/ERR_print_errors.3 copy to secure/lib/libcrypto/man/CMS_add0_cert.3 index 2570dc28d0..fee946d610 100644 --- a/secure/lib/libcrypto/man/ERR_print_errors.3 +++ b/secure/lib/libcrypto/man/CMS_add0_cert.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,53 +123,67 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ERR_print_errors 3" -.TH ERR_print_errors 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "CMS_add0_cert 3" +.TH CMS_add0_cert 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ERR_print_errors, ERR_print_errors_fp \- print error messages +.Vb 1 +\& CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_get1_crls, \- CMS certificate and CRL utility functions +.Ve .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& #include +\& #include \& -\& void ERR_print_errors(BIO *bp); -\& void ERR_print_errors_fp(FILE *fp); +\& int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert); +\& int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert); +\& STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); +\& +\& int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); +\& int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); +\& STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIERR_print_errors()\fR is a convenience function that prints the error -strings for all errors that OpenSSL has recorded to \fBbp\fR, thus -emptying the error queue. +\&\fICMS_add0_cert()\fR and \fICMS_add1_cert()\fR add certificate \fBcert\fR to \fBcms\fR. +must be of type signed data or enveloped data. .PP -\&\fIERR_print_errors_fp()\fR is the same, except that the output goes to a -\&\fB\s-1FILE\s0\fR. +\&\fICMS_get1_certs()\fR returns all certificates in \fBcms\fR. .PP -The error strings will have the following format: +\&\fICMS_add0_crl()\fR and \fICMS_add1_crl()\fR add \s-1CRL\s0 \fBcrl\fR to \fBcms\fR. \fICMS_get1_crls()\fR +returns any CRLs in \fBcms\fR. +.SH "NOTES" +.IX Header "NOTES" +The CMS_ContentInfo structure \fBcms\fR must be of type signed data or enveloped +data or an error will be returned. .PP -.Vb 1 -\& [pid]:error:[error code]:[library name]:[function name]:[reason string]:[file name]:[line]:[optional text message] -.Ve +For signed data certificates and CRLs are added to the \fBcertificates\fR and +\&\fBcrls\fR fields of SignedData structure. For enveloped data they are added to +\&\fBOriginatorInfo\fR. .PP -\&\fIerror code\fR is an 8 digit hexadecimal number. \fIlibrary name\fR, -\&\fIfunction name\fR and \fIreason string\fR are \s-1ASCII\s0 text, as is \fIoptional -text message\fR if one was set for the respective error code. +As the \fB0\fR implies \fICMS_add0_cert()\fR adds \fBcert\fR internally to \fBcms\fR and it +must not be freed up after the call as opposed to \fICMS_add1_cert()\fR where \fBcert\fR +must be freed up. .PP -If there is no text string registered for the given error code, -the error string will contain the numeric code. +The same certificate or \s-1CRL\s0 must not be added to the same cms structure more +than once. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIERR_print_errors()\fR and \fIERR_print_errors_fp()\fR return no values. +\&\fICMS_add0_cert()\fR, \fICMS_add1_cert()\fR and \fICMS_add0_crl()\fR and \fICMS_add1_crl()\fR return +1 for success and 0 for failure. +.PP +\&\fICMS_get1_certs()\fR and \fICMS_get1_crls()\fR return the \s-1STACK\s0 of certificates or CRLs +or \s-1NULL\s0 if there are none or an error occurs. The only error which will occur +in practice is if the \fBcms\fR type is invalid. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIerr\fR\|(3), \fIERR_error_string\fR\|(3), \&\fIERR_get_error\fR\|(3), -\&\fIERR_load_crypto_strings\fR\|(3), -\&\fISSL_load_error_strings\fR\|(3) +\&\fICMS_sign\fR\|(3), +\&\fICMS_encrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIERR_print_errors()\fR and \fIERR_print_errors_fp()\fR -are available in all versions of SSLeay and OpenSSL. +\&\fICMS_add0_cert()\fR, \fICMS_add1_cert()\fR, \fICMS_get1_certs()\fR, \fICMS_add0_crl()\fR +and \fICMS_get1_crls()\fR were all first added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/RAND_load_file.3 b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 similarity index 60% copy from secure/lib/libcrypto/man/RAND_load_file.3 copy to secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 index 9ce94fe032..dd59192e9b 100644 --- a/secure/lib/libcrypto/man/RAND_load_file.3 +++ b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,54 +123,64 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "RAND_load_file 3" -.TH RAND_load_file 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "CMS_add1_recipient_cert 3" +.TH CMS_add1_recipient_cert 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -RAND_load_file, RAND_write_file, RAND_file_name \- PRNG seed file +.Vb 1 +\& CMS_add1_recipient_cert, CMS_add0_recipient_key \- add recipients to a CMS enveloped data structure +.Ve .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& #include +\& #include \& -\& const char *RAND_file_name(char *buf, size_t num); +\& CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip, unsigned int flags); \& -\& int RAND_load_file(const char *filename, long max_bytes); -\& -\& int RAND_write_file(const char *filename); +\& CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, unsigned char *key, size_t keylen, unsigned char *id, size_t idlen, ASN1_GENERALIZEDTIME *date, ASN1_OBJECT *otherTypeId, ASN1_TYPE *otherType); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRAND_file_name()\fR generates a default path for the random seed -file. \fBbuf\fR points to a buffer of size \fBnum\fR in which to store the -filename. The seed file is \f(CW$RANDFILE\fR if that environment variable is -set, \f(CW$HOME\fR/.rnd otherwise. If \f(CW$HOME\fR is not set either, or \fBnum\fR is -too small for the path name, an error occurs. +\&\fICMS_add1_recipient_cert()\fR adds recipient \fBrecip\fR to CMS_ContentInfo enveloped +data structure \fBcms\fR as a KeyTransRecipientInfo structure. .PP -\&\fIRAND_load_file()\fR reads a number of bytes from file \fBfilename\fR and -adds them to the \s-1PRNG\s0. If \fBmax_bytes\fR is non-negative, -up to to \fBmax_bytes\fR are read; starting with OpenSSL 0.9.5, -if \fBmax_bytes\fR is \-1, the complete file is read. +\&\fICMS_add0_recipient_key()\fR adds symmetric key \fBkey\fR of length \fBkeylen\fR using +wrapping algorithm \fBnid\fR, identifier \fBid\fR of length \fBidlen\fR and optional +values \fBdate\fR, \fBotherTypeId\fR and \fBotherType\fR to CMS_ContentInfo enveloped +data structure \fBcms\fR as a KEKRecipientInfo structure. .PP -\&\fIRAND_write_file()\fR writes a number of random bytes (currently 1024) to -file \fBfilename\fR which can be used to initialize the \s-1PRNG\s0 by calling -\&\fIRAND_load_file()\fR in a later session. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fIRAND_load_file()\fR returns the number of bytes read. +The CMS_ContentInfo structure should be obtained from an initial call to +\&\fICMS_encrypt()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of this function is to provide finer control over a \s-1CMS\s0 +enveloped data structure where the simpler \fICMS_encrypt()\fR function defaults are +not appropriate. For example if one or more KEKRecipientInfo structures +need to be added. New attributes can also be added using the returned +CMS_RecipientInfo structure and the \s-1CMS\s0 attribute utility functions. .PP -\&\fIRAND_write_file()\fR returns the number of bytes written, and \-1 if the -bytes written were generated without appropriate seed. +OpenSSL will by default identify recipient certificates using issuer name +and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +identifier value instead. An error occurs if all recipient certificates do not +have a subject key identifier extension. .PP -\&\fIRAND_file_name()\fR returns a pointer to \fBbuf\fR on success, and \s-1NULL\s0 on -error. +Currently only \s-1AES\s0 based key wrapping algorithms are supported for \fBnid\fR, +specifically: NID_id_aes128_wrap, NID_id_aes192_wrap and NID_id_aes256_wrap. +If \fBnid\fR is set to \fBNID_undef\fR then an \s-1AES\s0 wrap algorithm will be used +consistent with \fBkeylen\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_add1_recipient_cert()\fR and \fICMS_add0_recipient_key()\fR return an internal +pointer to the CMS_RecipientInfo structure just added or \s-1NULL\s0 if an error +occurs. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIrand\fR\|(3), \fIRAND_add\fR\|(3), \fIRAND_cleanup\fR\|(3) +\&\fIERR_get_error\fR\|(3), \fICMS_decrypt\fR\|(3), +\&\fICMS_final\fR\|(3), .SH "HISTORY" .IX Header "HISTORY" -\&\fIRAND_load_file()\fR, \fIRAND_write_file()\fR and \fIRAND_file_name()\fR are available in -all versions of SSLeay and OpenSSL. +\&\fICMS_add1_recipient_cert()\fR and \fICMS_add0_recipient_key()\fR were added to OpenSSL +0.9.8 diff --git a/secure/lib/libcrypto/man/PKCS7_encrypt.3 b/secure/lib/libcrypto/man/CMS_compress.3 similarity index 59% copy from secure/lib/libcrypto/man/PKCS7_encrypt.3 copy to secure/lib/libcrypto/man/CMS_compress.3 index 1415fa57c3..58c5a126c8 100644 --- a/secure/lib/libcrypto/man/PKCS7_encrypt.3 +++ b/secure/lib/libcrypto/man/CMS_compress.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,62 +123,72 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "PKCS7_encrypt 3" -.TH PKCS7_encrypt 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "CMS_compress 3" +.TH CMS_compress 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -PKCS7_encrypt \- create a PKCS#7 envelopedData structure +CMS_compress \- create a CMS CompressedData structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" -\&\s-1PKCS7\s0 *PKCS7_encrypt(\s-1STACK_OF\s0(X509) *certs, \s-1BIO\s0 *in, const \s-1EVP_CIPHER\s0 *cipher, int flags); +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIPKCS7_encrypt()\fR creates and returns a PKCS#7 envelopedData structure. \fBcerts\fR -is a list of recipient certificates. \fBin\fR is the content to be encrypted. -\&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags. +\&\fICMS_compress()\fR creates and returns a \s-1CMS\s0 CompressedData structure. \fBcomp_nid\fR +is the compression algorithm to use or \fBNID_undef\fR to use the default +algorithm (zlib compression). \fBin\fR is the content to be compressed. +\&\fBflags\fR is an optional set of flags. .SH "NOTES" .IX Header "NOTES" -Only \s-1RSA\s0 keys are supported in PKCS#7 and envelopedData so the recipient certificates -supplied to this function must all contain \s-1RSA\s0 public keys, though they do not have to -be signed using the \s-1RSA\s0 algorithm. +The only currently supported compression algorithm is zlib using the \s-1NID\s0 +NID_zlib_compression. .PP -\&\fIEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use because -most clients will support it. +If zlib support is not compiled into OpenSSL then \fICMS_compress()\fR will return +an error. .PP -Some old \*(L"export grade\*(R" clients may only support weak encryption using 40 or 64 bit -\&\s-1RC2\s0. These can be used by passing \fIEVP_rc2_40_cbc()\fR and \fIEVP_rc2_64_cbc()\fR respectively. +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are +prepended to the data. .PP -The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of its -parameters. +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. If \fB\s-1CMS_BINARY\s0\fR is set then +\&\fB\s-1CMS_TEXT\s0\fR is ignored. .PP -Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME -envelopedData containing an S/MIME signed message. This can be readily produced -by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to -\&\fIPKCS7_encrypt()\fR. +If the \fB\s-1CMS_STREAM\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is +returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR. .PP -The following flags can be passed in the \fBflags\fR parameter. +The compressed data is included in the CMS_ContentInfo structure, unless +\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in +practice and is not supported by \fISMIME_write_CMS()\fR. +.SH "NOTES" +.IX Header "NOTES" +If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is +\&\fBnot\fR complete and outputting its contents via a function that does not +properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable +results. .PP -If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended -to the data. +Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR, +\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fIBIO_new_CMS()\fR. .PP -Normally the supplied content is translated into \s-1MIME\s0 canonical format (as required -by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation occurs. This -option should be used if the supplied data is in binary format otherwise the translation -will corrupt it. If \fB\s-1PKCS7_BINARY\s0\fR is set then \fB\s-1PKCS7_TEXT\s0\fR is ignored. +Additional compression parameters such as the zlib compression level cannot +currently be set. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPKCS7_encrypt()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred. -The error can be obtained from \fIERR_get_error\fR\|(3). -.SH "BUGS" -.IX Header "BUGS" -The lack of single pass processing and need to hold all data in memory as -mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR. +\&\fICMS_compress()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fIERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIPKCS7_decrypt\fR\|(3) +\&\fIERR_get_error\fR\|(3), \fICMS_uncompress\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIPKCS7_decrypt()\fR was added to OpenSSL 0.9.5 +\&\fICMS_compress()\fR was added to OpenSSL 0.9.8 +The \fB\s-1CMS_STREAM\s0\fR flag was first supported in OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/PKCS7_decrypt.3 b/secure/lib/libcrypto/man/CMS_decrypt.3 similarity index 70% copy from secure/lib/libcrypto/man/PKCS7_decrypt.3 copy to secure/lib/libcrypto/man/CMS_decrypt.3 index 43527eec9a..34e39686c1 100644 --- a/secure/lib/libcrypto/man/PKCS7_decrypt.3 +++ b/secure/lib/libcrypto/man/CMS_decrypt.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,50 +123,66 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "PKCS7_decrypt 3" -.TH PKCS7_decrypt 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "CMS_decrypt 3" +.TH CMS_decrypt 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -PKCS7_decrypt \- decrypt content from a PKCS#7 envelopedData structure +.Vb 1 +\& CMS_decrypt \- decrypt content from a CMS envelopedData structure +.Ve .SH "SYNOPSIS" .IX Header "SYNOPSIS" -int PKCS7_decrypt(\s-1PKCS7\s0 *p7, \s-1EVP_PKEY\s0 *pkey, X509 *cert, \s-1BIO\s0 *data, int flags); +.Vb 1 +\& #include +\& +\& int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, BIO *dcont, BIO *out, unsigned int flags); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIPKCS7_decrypt()\fR extracts and decrypts the content from a PKCS#7 envelopedData +\&\fICMS_decrypt()\fR extracts and decrypts the content from a \s-1CMS\s0 EnvelopedData structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the -recipients certificate, \fBdata\fR is a \s-1BIO\s0 to write the content to and +recipient's certificate, \fBout\fR is a \s-1BIO\s0 to write the content to and \&\fBflags\fR is an optional set of flags. +.PP +The \fBdcont\fR parameter is used in the rare case where the encrypted content +is detached. It will normally be set to \s-1NULL\s0. .SH "NOTES" .IX Header "NOTES" \&\fIOpenSSL_add_all_algorithms()\fR (or equivalent) should be called before using this function or errors about unknown algorithms will occur. .PP -Although the recipients certificate is not needed to decrypt the data it is needed -to locate the appropriate (of possible several) recipients in the PKCS#7 structure. +Although the recipients certificate is not needed to decrypt the data it is +needed to locate the appropriate (of possible several) recipients in the \s-1CMS\s0 +structure. If \fBcert\fR is set to \s-1NULL\s0 all possible recipients are tried. +.PP +It is possible to determine the correct recipient key by other means (for +example looking them up in a database) and setting them in the \s-1CMS\s0 structure +in advance using the \s-1CMS\s0 utility functions such as \fICMS_set1_pkey()\fR. In this +case both \fBcert\fR and \fBpkey\fR should be set to \s-1NULL\s0. +.PP +To process KEKRecipientInfo types \fICMS_set1_key()\fR or \fICMS_RecipientInfo_set0_key()\fR +and \fICMS_ReceipientInfo_decrypt()\fR should be called before \fICMS_decrypt()\fR and +\&\fBcert\fR and \fBpkey\fR set to \s-1NULL\s0. .PP The following flags can be passed in the \fBflags\fR parameter. .PP -If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted from the content. If the content is not of type \fBtext/plain\fR then an error is returned. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPKCS7_decrypt()\fR returns either 1 for success or 0 for failure. +\&\fICMS_decrypt()\fR returns either 1 for success or 0 for failure. The error can be obtained from \fIERR_get_error\fR\|(3) .SH "BUGS" .IX Header "BUGS" -\&\fIPKCS7_decrypt()\fR must be passed the correct recipient key and certificate. It would -be better if it could look up the correct key and certificate from a database. -.PP -The lack of single pass processing and need to hold all data in memory as -mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR. +The lack of single pass processing and the need to hold all data in memory as +mentioned in \fICMS_verify()\fR also applies to \fICMS_decrypt()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIPKCS7_encrypt\fR\|(3) +\&\fIERR_get_error\fR\|(3), \fICMS_encrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIPKCS7_decrypt()\fR was added to OpenSSL 0.9.5 +\&\fICMS_decrypt()\fR was added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/PKCS7_encrypt.3 b/secure/lib/libcrypto/man/CMS_encrypt.3 similarity index 57% copy from secure/lib/libcrypto/man/PKCS7_encrypt.3 copy to secure/lib/libcrypto/man/CMS_encrypt.3 index 1415fa57c3..e2a2c6ce21 100644 --- a/secure/lib/libcrypto/man/PKCS7_encrypt.3 +++ b/secure/lib/libcrypto/man/CMS_encrypt.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,62 +123,97 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "PKCS7_encrypt 3" -.TH PKCS7_encrypt 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "CMS_encrypt 3" +.TH CMS_encrypt 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -PKCS7_encrypt \- create a PKCS#7 envelopedData structure +.Vb 1 +\& CMS_encrypt \- create a CMS envelopedData structure +.Ve .SH "SYNOPSIS" .IX Header "SYNOPSIS" -\&\s-1PKCS7\s0 *PKCS7_encrypt(\s-1STACK_OF\s0(X509) *certs, \s-1BIO\s0 *in, const \s-1EVP_CIPHER\s0 *cipher, int flags); +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, unsigned int flags); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIPKCS7_encrypt()\fR creates and returns a PKCS#7 envelopedData structure. \fBcerts\fR +\&\fICMS_encrypt()\fR creates and returns a \s-1CMS\s0 EnvelopedData structure. \fBcerts\fR is a list of recipient certificates. \fBin\fR is the content to be encrypted. \&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags. .SH "NOTES" .IX Header "NOTES" -Only \s-1RSA\s0 keys are supported in PKCS#7 and envelopedData so the recipient certificates -supplied to this function must all contain \s-1RSA\s0 public keys, though they do not have to -be signed using the \s-1RSA\s0 algorithm. -.PP -\&\fIEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use because -most clients will support it. +Only certificates carrying \s-1RSA\s0 keys are supported so the recipient certificates +supplied to this function must all contain \s-1RSA\s0 public keys, though they do not +have to be signed using the \s-1RSA\s0 algorithm. .PP -Some old \*(L"export grade\*(R" clients may only support weak encryption using 40 or 64 bit -\&\s-1RC2\s0. These can be used by passing \fIEVP_rc2_40_cbc()\fR and \fIEVP_rc2_64_cbc()\fR respectively. +\&\fIEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use +because most clients will support it. .PP -The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of its -parameters. +The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of +its parameters. .PP -Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME +Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME envelopedData containing an S/MIME signed message. This can be readily produced by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to -\&\fIPKCS7_encrypt()\fR. +\&\fICMS_encrypt()\fR. .PP The following flags can be passed in the \fBflags\fR parameter. .PP -If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended -to the data. +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are +prepended to the data. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. If \fB\s-1CMS_BINARY\s0\fR is set then +\&\fB\s-1CMS_TEXT\s0\fR is ignored. +.PP +OpenSSL will by default identify recipient certificates using issuer name +and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +identifier value instead. An error occurs if all recipient certificates do not +have a subject key identifier extension. +.PP +If the \fB\s-1CMS_STREAM\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is +returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR. +.PP +If the \fB\s-1CMS_PARTIAL\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is +returned to which additional recipients and attributes can be added before +finalization. +.PP +The data being encrypted is included in the CMS_ContentInfo structure, unless +\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in +practice and is not supported by \fISMIME_write_CMS()\fR. +.SH "NOTES" +.IX Header "NOTES" +If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is +\&\fBnot\fR complete and outputting its contents via a function that does not +properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable +results. +.PP +Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR, +\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fIBIO_new_CMS()\fR. +.PP +The recipients specified in \fBcerts\fR use a \s-1CMS\s0 KeyTransRecipientInfo info +structure. KEKRecipientInfo is also supported using the flag \fB\s-1CMS_PARTIAL\s0\fR +and \fICMS_add0_recipient_key()\fR. .PP -Normally the supplied content is translated into \s-1MIME\s0 canonical format (as required -by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation occurs. This -option should be used if the supplied data is in binary format otherwise the translation -will corrupt it. If \fB\s-1PKCS7_BINARY\s0\fR is set then \fB\s-1PKCS7_TEXT\s0\fR is ignored. +The parameter \fBcerts\fR may be \s-1NULL\s0 if \fB\s-1CMS_PARTIAL\s0\fR is set and recipients +added later using \fICMS_add1_recipient_cert()\fR or \fICMS_add0_recipient_key()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPKCS7_encrypt()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred. -The error can be obtained from \fIERR_get_error\fR\|(3). -.SH "BUGS" -.IX Header "BUGS" -The lack of single pass processing and need to hold all data in memory as -mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR. +\&\fICMS_encrypt()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fIERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIPKCS7_decrypt\fR\|(3) +\&\fIERR_get_error\fR\|(3), \fICMS_decrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIPKCS7_decrypt()\fR was added to OpenSSL 0.9.5 +\&\fICMS_decrypt()\fR was added to OpenSSL 0.9.8 +The \fB\s-1CMS_STREAM\s0\fR flag was first supported in OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/ASN1_STRING_new.3 b/secure/lib/libcrypto/man/CMS_final.3 similarity index 76% copy from secure/lib/libcrypto/man/ASN1_STRING_new.3 copy to secure/lib/libcrypto/man/CMS_final.3 index 0b9eec5e7c..0d6c60a17c 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_new.3 +++ b/secure/lib/libcrypto/man/CMS_final.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,44 +123,43 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ASN1_STRING_new 3" -.TH ASN1_STRING_new 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "CMS_final 3" +.TH CMS_final 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free \- -ASN1_STRING allocation functions +.Vb 1 +\& CMS_final \- finalise a CMS_ContentInfo structure +.Ve .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 3 -\& ASN1_STRING * ASN1_STRING_new(void); -\& ASN1_STRING * ASN1_STRING_type_new(int type); -\& void ASN1_STRING_free(ASN1_STRING *a); +.Vb 1 +\& #include +\& +\& int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIASN1_STRING_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure. Its type -is undefined. -.PP -\&\fIASN1_STRING_type_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure of -type \fBtype\fR. -.PP -\&\fIASN1_STRING_free()\fR frees up \fBa\fR. +\&\fICMS_final()\fR finalises the structure \fBcms\fR. It's purpose is to perform any +operations necessary on \fBcms\fR (digest computation for example) and set the +appropriate fields. The parameter \fBdata\fR contains the content to be +processed. The \fBdcont\fR parameter contains a \s-1BIO\s0 to write content to after +processing: this is only used with detached data and will usually be set to +\&\s-1NULL\s0. .SH "NOTES" .IX Header "NOTES" -Other string types call the \fB\s-1ASN1_STRING\s0\fR functions. For example -\&\fIASN1_OCTET_STRING_new()\fR calls ASN1_STRING_type(V_ASN1_OCTET_STRING). +This function will normally be called when the \fB\s-1CMS_PARTIAL\s0\fR flag is used. It +should only be used when streaming is not performed because the streaming +I/O functions perform finalisation operations internally. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIASN1_STRING_new()\fR and \fIASN1_STRING_type_new()\fR return a valid -\&\s-1ASN1_STRING\s0 structure or \fB\s-1NULL\s0\fR if an error occurred. -.PP -\&\fIASN1_STRING_free()\fR does not return a value. +\&\fICMS_final()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3) +\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), +\&\fICMS_encrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\s-1TBA\s0 +\&\fICMS_final()\fR was added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 new file mode 100644 index 0000000000..941f08dc68 --- /dev/null +++ b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 @@ -0,0 +1,230 @@ +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_get0_RecipientInfos 3" +.TH CMS_get0_RecipientInfos 3 "2010-06-01" "1.0.0a" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +.Vb 1 +\& CMS_get0_RecipientInfos, CMS_RecipientInfo_type, CMS_RecipientInfo_ktri_get0_signer_id,CMS_RecipientInfo_ktri_cert_cmp, CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id, CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key, CMS_RecipientInfo_decrypt \- CMS envelopedData RecipientInfo routines +.Ve +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); +\& int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); +\& +\& int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno); +\& int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); +\& int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); +\& +\& int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg, ASN1_OCTET_STRING **pid, ASN1_GENERALIZEDTIME **pdate, ASN1_OBJECT **potherid, ASN1_TYPE **pothertype); +\& int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, const unsigned char *id, size_t idlen); +\& int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, unsigned char *key, size_t keylen); +\& +\& int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fICMS_get0_RecipientInfos()\fR returns all the CMS_RecipientInfo +structures associated with a \s-1CMS\s0 EnvelopedData structure. +.PP +\&\fICMS_RecipientInfo_type()\fR returns the type of CMS_RecipientInfo structure \fBri\fR. +It will currently return \s-1CMS_RECIPINFO_TRANS\s0, \s-1CMS_RECIPINFO_AGREE\s0, +\&\s-1CMS_RECIPINFO_KEK\s0, \s-1CMS_RECIPINFO_PASS\s0, or \s-1CMS_RECIPINFO_OTHER\s0. +.PP +\&\fICMS_RecipientInfo_ktri_get0_signer_id()\fR retrieves the certificate recipient +identifier associated with a specific CMS_RecipientInfo structure \fBri\fR, which +must be of type \s-1CMS_RECIPINFO_TRANS\s0. Either the keyidentifier will be set in +\&\fBkeyid\fR or \fBboth\fR issuer name and serial number in \fBissuer\fR and \fBsno\fR. +.PP +\&\fICMS_RecipientInfo_ktri_cert_cmp()\fR compares the certificate \fBcert\fR against the +CMS_RecipientInfo structure \fBri\fR, which must be of type \s-1CMS_RECIPINFO_TRANS\s0. +It returns zero if the comparison is successful and non zero if not. +.PP +\&\fICMS_RecipientInfo_set0_pkey()\fR associates the private key \fBpkey\fR with +the CMS_RecipientInfo structure \fBri\fR, which must be of type +\&\s-1CMS_RECIPINFO_TRANS\s0. +.PP +\&\fICMS_RecipientInfo_kekri_get0_id()\fR retrieves the key information from the +CMS_RecipientInfo structure \fBri\fR which must be of type \s-1CMS_RECIPINFO_KEK\s0. Any +of the remaining parameters can be \s-1NULL\s0 if the application is not interested in +the value of a field. Where a field is optional and absent \s-1NULL\s0 will be written +to the corresponding parameter. The keyEncryptionAlgorithm field is written to +\&\fBpalg\fR, the \fBkeyIdentifier\fR field is written to \fBpid\fR, the \fBdate\fR field if +present is written to \fBpdate\fR, if the \fBother\fR field is present the components +\&\fBkeyAttrId\fR and \fBkeyAttr\fR are written to parameters \fBpotherid\fR and +\&\fBpothertype\fR. +.PP +\&\fICMS_RecipientInfo_kekri_id_cmp()\fR compares the \s-1ID\s0 in the \fBid\fR and \fBidlen\fR +parameters against the \fBkeyIdentifier\fR CMS_RecipientInfo structure \fBri\fR, +which must be of type \s-1CMS_RECIPINFO_KEK\s0. It returns zero if the comparison is +successful and non zero if not. +.PP +\&\fICMS_RecipientInfo_set0_key()\fR associates the symmetric key \fBkey\fR of length +\&\fBkeylen\fR with the CMS_RecipientInfo structure \fBri\fR, which must be of type +\&\s-1CMS_RECIPINFO_KEK\s0. +.PP +\&\fICMS_RecipientInfo_decrypt()\fR attempts to decrypt CMS_RecipientInfo structure +\&\fBri\fR in structure \fBcms\fR. A key must have been associated with the structure +first. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of these functions is to enable an application to lookup +recipient keys using any appropriate technique when the simpler method +of \fICMS_decrypt()\fR is not appropriate. +.PP +In typical usage and application will retrieve all CMS_RecipientInfo structures +using \fICMS_get0_RecipientInfos()\fR and check the type of each using +\&\fICMS_RecpientInfo_type()\fR. Depending on the type the CMS_RecipientInfo structure +can be ignored or its key identifier data retrieved using an appropriate +function. Then if the corresponding secret or private key can be obtained by +any appropriate means it can then associated with the structure and +\&\fICMS_RecpientInfo_decrypt()\fR called. If successful \fICMS_decrypt()\fR can be called +with a \s-1NULL\s0 key to decrypt the enveloped content. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_get0_RecipientInfos()\fR returns all CMS_RecipientInfo structures, or \s-1NULL\s0 if +an error occurs. +.PP +\&\fICMS_RecipientInfo_ktri_get0_signer_id()\fR, \fICMS_RecipientInfo_set0_pkey()\fR, +\&\fICMS_RecipientInfo_kekri_get0_id()\fR, \fICMS_RecipientInfo_set0_key()\fR and +\&\fICMS_RecipientInfo_decrypt()\fR return 1 for success or 0 if an error occurs. +.PP +\&\fICMS_RecipientInfo_ktri_cert_cmp()\fR and \fICMS_RecipientInfo_kekri_cmp()\fR return 0 +for a successful comparison and non zero otherwise. +.PP +Any error can be obtained from \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_decrypt\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were first was added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/EVP_BytesToKey.3 b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 similarity index 57% copy from secure/lib/libcrypto/man/EVP_BytesToKey.3 copy to secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 index e345c20e85..dd0d1a96c9 100644 --- a/secure/lib/libcrypto/man/EVP_BytesToKey.3 +++ b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,69 +123,77 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_BytesToKey 3" -.TH EVP_BytesToKey 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "CMS_get0_SignerInfos 3" +.TH CMS_get0_SignerInfos 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_BytesToKey \- password based encryption routine +.Vb 1 +\& CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, CMS_SignerInfo_cert_cmp, CMS_set1_signer_certs \- CMS signedData signer functions. +.Ve .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& #include +\& #include +\& +\& STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); \& -\& int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md, -\& const unsigned char *salt, -\& const unsigned char *data, int datal, int count, -\& unsigned char *key,unsigned char *iv); +\& int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno); +\& int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); +\& void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIEVP_BytesToKey()\fR derives a key and \s-1IV\s0 from various parameters. \fBtype\fR is -the cipher to derive the key and \s-1IV\s0 for. \fBmd\fR is the message digest to use. -The \fBsalt\fR paramter is used as a salt in the derivation: it should point to -an 8 byte buffer or \s-1NULL\s0 if no salt is used. \fBdata\fR is a buffer containing -\&\fBdatal\fR bytes which is used to derive the keying data. \fBcount\fR is the -iteration count to use. The derived key and \s-1IV\s0 will be written to \fBkey\fR -and \fBiv\fR respectively. -.SH "NOTES" -.IX Header "NOTES" -A typical application of this function is to derive keying material for an -encryption algorithm from a password in the \fBdata\fR parameter. +The function \fICMS_get0_SignerInfos()\fR returns all the CMS_SignerInfo structures +associated with a \s-1CMS\s0 signedData structure. .PP -Increasing the \fBcount\fR parameter slows down the algorithm which makes it -harder for an attacker to peform a brute force attack using a large number -of candidate passwords. +\&\fICMS_SignerInfo_get0_signer_id()\fR retrieves the certificate signer identifier +associated with a specific CMS_SignerInfo structure \fBsi\fR. Either the +keyidentifier will be set in \fBkeyid\fR or \fBboth\fR issuer name and serial number +in \fBissuer\fR and \fBsno\fR. .PP -If the total key and \s-1IV\s0 length is less than the digest length and -\&\fB\s-1MD5\s0\fR is used then the derivation algorithm is compatible with PKCS#5 v1.5 -otherwise a non standard extension is used to derive the extra data. +\&\fICMS_SignerInfo_cert_cmp()\fR compares the certificate \fBcert\fR against the signer +identifier \fBsi\fR. It returns zero if the comparison is successful and non zero +if not. .PP -Newer applications should use more standard algorithms such as PKCS#5 -v2.0 for key derivation. -.SH "KEY DERIVATION ALGORITHM" -.IX Header "KEY DERIVATION ALGORITHM" -The key and \s-1IV\s0 is derived by concatenating D_1, D_2, etc until -enough data is available for the key and \s-1IV\s0. D_i is defined as: +\&\fICMS_SignerInfo_set1_signer_cert()\fR sets the signers certificate of \fBsi\fR to +\&\fBsigner\fR. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of these functions is to enable an application to lookup +signers certificates using any appropriate technique when the simpler method +of \fICMS_verify()\fR is not appropriate. .PP -.Vb 1 -\& D_i = HASH^count(D_(i\-1) || data || salt) -.Ve +In typical usage and application will retrieve all CMS_SignerInfo structures +using \fICMS_get0_SignerInfo()\fR and retrieve the identifier information using +\&\s-1CMS\s0. It will then obtain the signer certificate by some unspecified means +(or return and error if it cannot be found) and set it using +\&\fICMS_SignerInfo_set1_signer_cert()\fR. .PP -where || denotes concatentaion, D_0 is empty, \s-1HASH\s0 is the digest -algorithm in use, HASH^1(data) is simply \s-1HASH\s0(data), HASH^2(data) -is \s-1HASH\s0(\s-1HASH\s0(data)) and so on. +Once all signer certificates have been set \fICMS_verify()\fR can be used. .PP -The initial bytes are used for the key and the subsequent bytes for -the \s-1IV\s0. +Although \fICMS_get0_SignerInfos()\fR can return \s-1NULL\s0 is an error occur \fBor\fR if +there are no signers this is not a problem in practice because the only +error which can occur is if the \fBcms\fR structure is not of type signedData +due to application error. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_BytesToKey()\fR returns the size of the derived key in bytes. +\&\fICMS_get0_SignerInfos()\fR returns all CMS_SignerInfo structures, or \s-1NULL\s0 there +are no signers or an error occurs. +.PP +\&\fICMS_SignerInfo_get0_signer_id()\fR returns 1 for success and 0 for failure. +.PP +\&\fICMS_SignerInfo_cert_cmp()\fR returns 0 for a successful comparison and non +zero otherwise. +.PP +\&\fICMS_SignerInfo_set1_signer_cert()\fR does not return a value. +.PP +Any error can be obtained from \fIERR_get_error\fR\|(3) .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(3), \fIrand\fR\|(3), -\&\fIEVP_EncryptInit\fR\|(3) +\&\fIERR_get_error\fR\|(3), \fICMS_verify\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" +These functions were first was added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/ASN1_STRING_new.3 b/secure/lib/libcrypto/man/CMS_get0_type.3 similarity index 64% copy from secure/lib/libcrypto/man/ASN1_STRING_new.3 copy to secure/lib/libcrypto/man/CMS_get0_type.3 index 0b9eec5e7c..0d39efaaed 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_new.3 +++ b/secure/lib/libcrypto/man/CMS_get0_type.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,44 +123,66 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ASN1_STRING_new 3" -.TH ASN1_STRING_new 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "CMS_get0_type 3" +.TH CMS_get0_type 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free \- -ASN1_STRING allocation functions +.Vb 1 +\& CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType \- get and set CMS content types +.Ve .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 3 -\& ASN1_STRING * ASN1_STRING_new(void); -\& ASN1_STRING * ASN1_STRING_type_new(int type); -\& void ASN1_STRING_free(ASN1_STRING *a); +.Vb 1 +\& #include +\& +\& const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms); +\& int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); +\& const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIASN1_STRING_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure. Its type -is undefined. +\&\fICMS_get0_type()\fR returns the content type of a CMS_ContentInfo structure as +and \s-1ASN1_OBJECT\s0 pointer. An application can then decide how to process the +CMS_ContentInfo structure based on this value. .PP -\&\fIASN1_STRING_type_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure of -type \fBtype\fR. +\&\fICMS_set1_eContentType()\fR sets the embedded content type of a CMS_ContentInfo +structure. It should be called with \s-1CMS\s0 functions with the \fB\s-1CMS_PARTIAL\s0\fR +flag and \fBbefore\fR the structure is finalised, otherwise the results are +undefined. .PP -\&\fIASN1_STRING_free()\fR frees up \fBa\fR. +\&\s-1ASN1_OBJECT\s0 *\fICMS_get0_eContentType()\fR returns a pointer to the embedded +content type. .SH "NOTES" .IX Header "NOTES" -Other string types call the \fB\s-1ASN1_STRING\s0\fR functions. For example -\&\fIASN1_OCTET_STRING_new()\fR calls ASN1_STRING_type(V_ASN1_OCTET_STRING). +As the \fB0\fR implies \fICMS_get0_type()\fR and \fICMS_get0_eContentType()\fR return internal +pointers which should \fBnot\fR be freed up. \fICMS_set1_eContentType()\fR copies the +supplied \s-1OID\s0 and it \fBshould\fR be freed up after use. +.PP +The \fB\s-1ASN1_OBJECT\s0\fR values returned can be converted to an integer \fB\s-1NID\s0\fR value +using \fIOBJ_obj2nid()\fR. For the currently supported content types the following +values are returned: +.PP +.Vb 6 +\& NID_pkcs7_data +\& NID_pkcs7_signed +\& NID_pkcs7_digest +\& NID_id_smime_ct_compressedData: +\& NID_pkcs7_encrypted +\& NID_pkcs7_enveloped +.Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIASN1_STRING_new()\fR and \fIASN1_STRING_type_new()\fR return a valid -\&\s-1ASN1_STRING\s0 structure or \fB\s-1NULL\s0\fR if an error occurred. +\&\fICMS_get0_type()\fR and \fICMS_get0_eContentType()\fR return and \s-1ASN1_OBJECT\s0 structure. .PP -\&\fIASN1_STRING_free()\fR does not return a value. +\&\fICMS_set1_eContentType()\fR returns 1 for success or 0 if an error occurred. The +error can be obtained from \fIERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIERR_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\s-1TBA\s0 +\&\fICMS_get0_type()\fR, \fICMS_set1_eContentType()\fR and \fICMS_get0_eContentType()\fR were all +first added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/EVP_BytesToKey.3 b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 similarity index 56% copy from secure/lib/libcrypto/man/EVP_BytesToKey.3 copy to secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 index e345c20e85..12a52660ee 100644 --- a/secure/lib/libcrypto/man/EVP_BytesToKey.3 +++ b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,69 +123,71 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_BytesToKey 3" -.TH EVP_BytesToKey 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "CMS_get1_ReceiptRequest 3" +.TH CMS_get1_ReceiptRequest 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_BytesToKey \- password based encryption routine +.Vb 1 +\& CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values \- CMS signed receipt request functions. +.Ve .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& #include +\& #include \& -\& int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md, -\& const unsigned char *salt, -\& const unsigned char *data, int datal, int count, -\& unsigned char *key,unsigned char *iv); +\& CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, int allorfirst, STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo); +\& int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); +\& int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); +\& void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid, int *pallorfirst, STACK_OF(GENERAL_NAMES) **plist, STACK_OF(GENERAL_NAMES) **prto); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIEVP_BytesToKey()\fR derives a key and \s-1IV\s0 from various parameters. \fBtype\fR is -the cipher to derive the key and \s-1IV\s0 for. \fBmd\fR is the message digest to use. -The \fBsalt\fR paramter is used as a salt in the derivation: it should point to -an 8 byte buffer or \s-1NULL\s0 if no salt is used. \fBdata\fR is a buffer containing -\&\fBdatal\fR bytes which is used to derive the keying data. \fBcount\fR is the -iteration count to use. The derived key and \s-1IV\s0 will be written to \fBkey\fR -and \fBiv\fR respectively. -.SH "NOTES" -.IX Header "NOTES" -A typical application of this function is to derive keying material for an -encryption algorithm from a password in the \fBdata\fR parameter. -.PP -Increasing the \fBcount\fR parameter slows down the algorithm which makes it -harder for an attacker to peform a brute force attack using a large number -of candidate passwords. +\&\fICMS_ReceiptRequest_create0()\fR creates a signed receipt request structure. The +\&\fBsignedContentIdentifier\fR field is set using \fBid\fR and \fBidlen\fR, or it is set +to 32 bytes of pseudo random data if \fBid\fR is \s-1NULL\s0. If \fBreceiptList\fR is \s-1NULL\s0 +the allOrFirstTier option in \fBreceiptsFrom\fR is used and set to the value of +the \fBallorfirst\fR parameter. If \fBreceiptList\fR is not \s-1NULL\s0 the \fBreceiptList\fR +option in \fBreceiptsFrom\fR is used. The \fBreceiptsTo\fR parameter specifies the +\&\fBreceiptsTo\fR field value. .PP -If the total key and \s-1IV\s0 length is less than the digest length and -\&\fB\s-1MD5\s0\fR is used then the derivation algorithm is compatible with PKCS#5 v1.5 -otherwise a non standard extension is used to derive the extra data. +The \fICMS_add1_ReceiptRequest()\fR function adds a signed receipt request \fBrr\fR +to SignerInfo structure \fBsi\fR. .PP -Newer applications should use more standard algorithms such as PKCS#5 -v2.0 for key derivation. -.SH "KEY DERIVATION ALGORITHM" -.IX Header "KEY DERIVATION ALGORITHM" -The key and \s-1IV\s0 is derived by concatenating D_1, D_2, etc until -enough data is available for the key and \s-1IV\s0. D_i is defined as: +int \fICMS_get1_ReceiptRequest()\fR looks for a signed receipt request in \fBsi\fR, if +any is found it is decoded and written to \fBprr\fR. .PP -.Vb 1 -\& D_i = HASH^count(D_(i\-1) || data || salt) -.Ve -.PP -where || denotes concatentaion, D_0 is empty, \s-1HASH\s0 is the digest -algorithm in use, HASH^1(data) is simply \s-1HASH\s0(data), HASH^2(data) -is \s-1HASH\s0(\s-1HASH\s0(data)) and so on. +\&\fICMS_ReceiptRequest_get0_values()\fR retrieves the values of a receipt request. +The signedContentIdentifier is copied to \fBpcid\fR. If the \fBallOrFirstTier\fR +option of \fBreceiptsFrom\fR is used its value is copied to \fBpallorfirst\fR +otherwise the \fBreceiptList\fR field is copied to \fBplist\fR. The \fBreceiptsTo\fR +parameter is copied to \fBprto\fR. +.SH "NOTES" +.IX Header "NOTES" +For more details of the meaning of the fields see \s-1RFC2634\s0. .PP -The initial bytes are used for the key and the subsequent bytes for -the \s-1IV\s0. +The contents of a signed receipt should only be considered meaningful if the +corresponding CMS_ContentInfo structure can be successfully verified using +\&\fICMS_verify()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_BytesToKey()\fR returns the size of the derived key in bytes. +\&\fICMS_ReceiptRequest_create0()\fR returns a signed receipt request structure or +\&\s-1NULL\s0 if an error occurred. +.PP +\&\fICMS_add1_ReceiptRequest()\fR returns 1 for success or 0 is an error occurred. +.PP +\&\fICMS_get1_ReceiptRequest()\fR returns 1 is a signed receipt request is found and +decoded. It returns 0 if a signed receipt request is not present and \-1 if +it is present but malformed. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(3), \fIrand\fR\|(3), -\&\fIEVP_EncryptInit\fR\|(3) +\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), +\&\fICMS_sign_receipt\fR\|(3), \fICMS_verify\fR\|(3) +\&\fICMS_verify_receipt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" +\&\fICMS_ReceiptRequest_create0()\fR, \fICMS_add1_ReceiptRequest()\fR, +\&\fICMS_get1_ReceiptRequest()\fR and \fICMS_ReceiptRequest_get0_values()\fR were added to +OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/CMS_sign.3 b/secure/lib/libcrypto/man/CMS_sign.3 new file mode 100644 index 0000000000..fe61521493 --- /dev/null +++ b/secure/lib/libcrypto/man/CMS_sign.3 @@ -0,0 +1,244 @@ +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_sign 3" +.TH CMS_sign 3 "2010-06-01" "1.0.0a" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +.Vb 1 +\& CMS_sign \- create a CMS SignedData structure +.Ve +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_sign()\fR creates and returns a \s-1CMS\s0 SignedData structure. \fBsigncert\fR is +the certificate to sign with, \fBpkey\fR is the corresponding private key. +\&\fBcerts\fR is an optional additional set of certificates to include in the \s-1CMS\s0 +structure (for example any intermediate CAs in the chain). Any or all of +these parameters can be \fB\s-1NULL\s0\fR, see \fB\s-1NOTES\s0\fR below. +.PP +The data to be signed is read from \s-1BIO\s0 \fBdata\fR. +.PP +\&\fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter. +.PP +Many S/MIME clients expect the signed content to include valid \s-1MIME\s0 headers. If +the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended +to the data. +.PP +If \fB\s-1CMS_NOCERTS\s0\fR is set the signer's certificate will not be included in the +CMS_ContentInfo structure, the signer's certificate must still be supplied in +the \fBsigncert\fR parameter though. This can reduce the size of the signature if +the signers certificate can be obtained by other means: for example a +previously signed message. +.PP +The data being signed is included in the CMS_ContentInfo structure, unless +\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is used for +CMS_ContentInfo detached signatures which are used in S/MIME plaintext signed +messages for example. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. +.PP +The SignedData structure includes several \s-1CMS\s0 signedAttributes including the +signing time, the \s-1CMS\s0 content type and the supported list of ciphers in an +SMIMECapabilities attribute. If \fB\s-1CMS_NOATTR\s0\fR is set then no signedAttributes +will be used. If \fB\s-1CMS_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are +omitted. +.PP +If present the SMIMECapabilities attribute indicates support for the following +algorithms in preference order: 256 bit \s-1AES\s0, Gost R3411\-94, Gost 28147\-89, 192 +bit \s-1AES\s0, 128 bit \s-1AES\s0, triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. +If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST\s0 \s-1ENGINE\s0 is +not loaded. +.PP +OpenSSL will by default identify signing certificates using issuer name +and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +identifier value instead. An error occurs if the signing certificate does not +have a subject key identifier extension. +.PP +If the flags \fB\s-1CMS_STREAM\s0\fR is set then the returned \fBCMS_ContentInfo\fR +structure is just initialized ready to perform the signing operation. The +signing is however \fBnot\fR performed and the data to be signed is not read from +the \fBdata\fR parameter. Signing is deferred until after the data has been +written. In this way data can be signed in a single pass. +.PP +If the \fB\s-1CMS_PARTIAL\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is +output to which additional signers and capabilities can be added before +finalization. +.PP +If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is +\&\fBnot\fR complete and outputting its contents via a function that does not +properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable +results. +.PP +Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR, +\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fIBIO_new_CMS()\fR. +.PP +If a signer is specified it will use the default digest for the signing +algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys. +.PP +If \fBsigncert\fR and \fBpkey\fR are \s-1NULL\s0 then a certificates only \s-1CMS\s0 structure is +output. +.PP +The function \fICMS_sign()\fR is a basic \s-1CMS\s0 signing function whose output will be +suitable for many purposes. For finer control of the output format the +\&\fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be \fB\s-1NULL\s0\fR and the +\&\fB\s-1CMS_PARTIAL\s0\fR flag set. Then one or more signers can be added using the +function \fICMS_sign_add1_signer()\fR, non default digests can be used and custom +attributes added. \fB\f(BICMS_final()\fB\fR must then be called to finalize the +structure if streaming is not enabled. +.SH "BUGS" +.IX Header "BUGS" +Some attributes such as counter signatures are not supported. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_sign()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_verify\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fICMS_sign()\fR was added to OpenSSL 0.9.8 +.PP +The \fB\s-1CMS_STREAM\s0\fR flag is only supported for detached data in OpenSSL 0.9.8, +it is supported for embedded data in OpenSSL 1.0.0 and later. diff --git a/secure/lib/libcrypto/man/CMS_sign_add1_signer.3 b/secure/lib/libcrypto/man/CMS_sign_add1_signer.3 new file mode 100644 index 0000000000..1cc266c20b --- /dev/null +++ b/secure/lib/libcrypto/man/CMS_sign_add1_signer.3 @@ -0,0 +1,224 @@ +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_sign_add1_signer 3" +.TH CMS_sign_add1_signer 3 "2010-06-01" "1.0.0a" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +.Vb 1 +\& CMS_sign_add1_signer, CMS_SignerInfo_sign \- add a signer to a CMS_ContentInfo signed data structure. +.Ve +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_SignerInfo *CMS_sign_add1_signer(CMS_ContentInfo *cms, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, unsigned int flags); +\& +\& int CMS_SignerInfo_sign(CMS_SignerInfo *si); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_sign_add1_signer()\fR adds a signer with certificate \fBsigncert\fR and private +key \fBpkey\fR using message digest \fBmd\fR to CMS_ContentInfo SignedData +structure \fBcms\fR. +.PP +The CMS_ContentInfo structure should be obtained from an initial call to +\&\fICMS_sign()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set or in the case or re-signing a +valid CMS_ContentInfo SignedData structure. +.PP +If the \fBmd\fR parameter is \fB\s-1NULL\s0\fR then the default digest for the public +key algorithm will be used. +.PP +Unless the \fB\s-1CMS_REUSE_DIGEST\s0\fR flag is set the returned CMS_ContentInfo +structure is not complete and must be finalized either by streaming (if +applicable) or a call to \fICMS_final()\fR. +.PP +The \fICMS_SignerInfo_sign()\fR function will explicitly sign a CMS_SignerInfo +structure, its main use is when \fB\s-1CMS_REUSE_DIGEST\s0\fR and \fB\s-1CMS_PARTIAL\s0\fR flags +are both set. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of \fICMS_sign_add1_signer()\fR is to provide finer control +over a \s-1CMS\s0 signed data structure where the simpler \fICMS_sign()\fR function defaults +are not appropriate. For example if multiple signers or non default digest +algorithms are needed. New attributes can also be added using the returned +CMS_SignerInfo structure and the \s-1CMS\s0 attribute utility functions or the +\&\s-1CMS\s0 signed receipt request functions. +.PP +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter. +.PP +If \fB\s-1CMS_REUSE_DIGEST\s0\fR is set then an attempt is made to copy the content +digest value from the CMS_ContentInfo structure: to add a signer to an existing +structure. An error occurs if a matching digest value cannot be found to copy. +The returned CMS_ContentInfo structure will be valid and finalized when this +flag is set. +.PP +If \fB\s-1CMS_PARTIAL\s0\fR is set in addition to \fB\s-1CMS_REUSE_DIGEST\s0\fR then the +CMS_SignerInfo structure will not be finalized so additional attributes +can be added. In this case an explicit call to \fICMS_SignerInfo_sign()\fR is +needed to finalize it. +.PP +If \fB\s-1CMS_NOCERTS\s0\fR is set the signer's certificate will not be included in the +CMS_ContentInfo structure, the signer's certificate must still be supplied in +the \fBsigncert\fR parameter though. This can reduce the size of the signature if +the signers certificate can be obtained by other means: for example a +previously signed message. +.PP +The SignedData structure includes several \s-1CMS\s0 signedAttributes including the +signing time, the \s-1CMS\s0 content type and the supported list of ciphers in an +SMIMECapabilities attribute. If \fB\s-1CMS_NOATTR\s0\fR is set then no signedAttributes +will be used. If \fB\s-1CMS_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are +omitted. +.PP +OpenSSL will by default identify signing certificates using issuer name +and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +identifier value instead. An error occurs if the signing certificate does not +have a subject key identifier extension. +.PP +If present the SMIMECapabilities attribute indicates support for the following +algorithms in preference order: 256 bit \s-1AES\s0, Gost R3411\-94, Gost 28147\-89, 192 +bit \s-1AES\s0, 128 bit \s-1AES\s0, triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. +If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST\s0 \s-1ENGINE\s0 is +not loaded. +.PP +\&\fICMS_sign_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo +structure just added, this can be used to set additional attributes +before it is finalized. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_sign1_add_signers()\fR returns an internal pointer to the CMS_SignerInfo +structure just added or \s-1NULL\s0 if an error occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), +\&\fICMS_final\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +\&\fICMS_sign_add1_signer()\fR was added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/CMS_sign_receipt.3 similarity index 71% copy from secure/lib/libcrypto/man/EVP_PKEY_new.3 copy to secure/lib/libcrypto/man/CMS_sign_receipt.3 index 32afc42fe4..c7f87ef2c7 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_new.3 +++ b/secure/lib/libcrypto/man/CMS_sign_receipt.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,46 +123,47 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_new 3" -.TH EVP_PKEY_new 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "CMS_sign_receipt 3" +.TH CMS_sign_receipt 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_new, EVP_PKEY_free \- private key allocation functions. +.Vb 1 +\& CMS_sign_receipt \- create a CMS signed receipt +.Ve .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& #include +\& #include \& -\& EVP_PKEY *EVP_PKEY_new(void); -\& void EVP_PKEY_free(EVP_PKEY *key); +\& CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, unsigned int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIEVP_PKEY_new()\fR function allocates an empty \fB\s-1EVP_PKEY\s0\fR -structure which is used by OpenSSL to store private keys. +\&\fICMS_sign_receipt()\fR creates and returns a \s-1CMS\s0 signed receipt structure. \fBsi\fR is +the \fBCMS_SignerInfo\fR structure containing the signed receipt request. +\&\fBsigncert\fR is the certificate to sign with, \fBpkey\fR is the corresponding +private key. \fBcerts\fR is an optional additional set of certificates to include +in the \s-1CMS\s0 structure (for example any intermediate CAs in the chain). .PP -\&\fIEVP_PKEY_free()\fR frees up the private key \fBkey\fR. +\&\fBflags\fR is an optional set of flags. .SH "NOTES" .IX Header "NOTES" -The \fB\s-1EVP_PKEY\s0\fR structure is used by various OpenSSL functions -which require a general private key without reference to any -particular algorithm. -.PP -The structure returned by \fIEVP_PKEY_new()\fR is empty. To add a -private key to this empty structure the functions described in -\&\fIEVP_PKEY_set1_RSA\fR\|(3) should be used. +This functions behaves in a similar way to \fICMS_sign()\fR except the flag values +\&\fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_BINARY\s0\fR, \fB\s-1CMS_NOATTR\s0\fR, \fB\s-1CMS_TEXT\s0\fR and \fB\s-1CMS_STREAM\s0\fR +are not supported since they do not make sense in the context of signed +receipts. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_new()\fR returns either the newly allocated \fB\s-1EVP_PKEY\s0\fR -structure of \fB\s-1NULL\s0\fR if an error occurred. -.PP -\&\fIEVP_PKEY_free()\fR does not return a value. +\&\fICMS_sign_receipt()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if +an error occurred. The error can be obtained from \fIERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_set1_RSA\fR\|(3) +\&\fIERR_get_error\fR\|(3), +\&\fICMS_verify_receipt\fR\|(3), +\&\fICMS_sign\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\s-1TBA\s0 +\&\fICMS_sign_receipt()\fR was added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/PKCS7_decrypt.3 b/secure/lib/libcrypto/man/CMS_uncompress.3 similarity index 71% copy from secure/lib/libcrypto/man/PKCS7_decrypt.3 copy to secure/lib/libcrypto/man/CMS_uncompress.3 index 43527eec9a..e7cadd8924 100644 --- a/secure/lib/libcrypto/man/PKCS7_decrypt.3 +++ b/secure/lib/libcrypto/man/CMS_uncompress.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,50 +123,55 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "PKCS7_decrypt 3" -.TH PKCS7_decrypt 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "CMS_uncompress 3" +.TH CMS_uncompress 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -PKCS7_decrypt \- decrypt content from a PKCS#7 envelopedData structure +.Vb 1 +\& CMS_uncompress \- uncompress a CMS CompressedData structure +.Ve .SH "SYNOPSIS" .IX Header "SYNOPSIS" -int PKCS7_decrypt(\s-1PKCS7\s0 *p7, \s-1EVP_PKEY\s0 *pkey, X509 *cert, \s-1BIO\s0 *data, int flags); +.Vb 1 +\& #include +\& +\& int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIPKCS7_decrypt()\fR extracts and decrypts the content from a PKCS#7 envelopedData -structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the -recipients certificate, \fBdata\fR is a \s-1BIO\s0 to write the content to and +\&\fICMS_uncompress()\fR extracts and uncompresses the content from a \s-1CMS\s0 +CompressedData structure \fBcms\fR. \fBdata\fR is a \s-1BIO\s0 to write the content to and \&\fBflags\fR is an optional set of flags. +.PP +The \fBdcont\fR parameter is used in the rare case where the compressed content +is detached. It will normally be set to \s-1NULL\s0. .SH "NOTES" .IX Header "NOTES" -\&\fIOpenSSL_add_all_algorithms()\fR (or equivalent) should be called before using this -function or errors about unknown algorithms will occur. +The only currently supported compression algorithm is zlib: if the structure +indicates the use of any other algorithm an error is returned. .PP -Although the recipients certificate is not needed to decrypt the data it is needed -to locate the appropriate (of possible several) recipients in the PKCS#7 structure. +If zlib support is not compiled into OpenSSL then \fICMS_uncompress()\fR will always +return an error. .PP The following flags can be passed in the \fBflags\fR parameter. .PP -If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted from the content. If the content is not of type \fBtext/plain\fR then an error is returned. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPKCS7_decrypt()\fR returns either 1 for success or 0 for failure. -The error can be obtained from \fIERR_get_error\fR\|(3) +\&\fICMS_uncompress()\fR returns either 1 for success or 0 for failure. The error can +be obtained from \fIERR_get_error\fR\|(3) .SH "BUGS" .IX Header "BUGS" -\&\fIPKCS7_decrypt()\fR must be passed the correct recipient key and certificate. It would -be better if it could look up the correct key and certificate from a database. -.PP -The lack of single pass processing and need to hold all data in memory as -mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR. +The lack of single pass processing and the need to hold all data in memory as +mentioned in \fICMS_verify()\fR also applies to \fICMS_decompress()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIPKCS7_encrypt\fR\|(3) +\&\fIERR_get_error\fR\|(3), \fICMS_compress\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIPKCS7_decrypt()\fR was added to OpenSSL 0.9.5 +\&\fICMS_uncompress()\fR was added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/PKCS7_verify.3 b/secure/lib/libcrypto/man/CMS_verify.3 similarity index 59% copy from secure/lib/libcrypto/man/PKCS7_verify.3 copy to secure/lib/libcrypto/man/CMS_verify.3 index 3504f809aa..89c07171db 100644 --- a/secure/lib/libcrypto/man/PKCS7_verify.3 +++ b/secure/lib/libcrypto/man/CMS_verify.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,112 +123,126 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "PKCS7_verify 3" -.TH PKCS7_verify 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "CMS_verify 3" +.TH CMS_verify 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -PKCS7_verify \- verify a PKCS#7 signedData structure +.Vb 1 +\& CMS_verify \- verify a CMS SignedData structure +.Ve .SH "SYNOPSIS" .IX Header "SYNOPSIS" -int PKCS7_verify(\s-1PKCS7\s0 *p7, \s-1STACK_OF\s0(X509) *certs, X509_STORE *store, \s-1BIO\s0 *indata, \s-1BIO\s0 *out, int flags); -.PP -\&\s-1STACK_OF\s0(X509) *PKCS7_get0_signers(\s-1PKCS7\s0 *p7, \s-1STACK_OF\s0(X509) *certs, int flags); +.Vb 1 +\& #include +\& +\& int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, unsigned int flags); +\& +\& STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIPKCS7_verify()\fR verifies a PKCS#7 signedData structure. \fBp7\fR is the \s-1PKCS7\s0 +\&\fICMS_verify()\fR verifies a \s-1CMS\s0 SignedData structure. \fBcms\fR is the CMS_ContentInfo structure to verify. \fBcerts\fR is a set of certificates in which to search for -the signer's certificate. \fBstore\fR is a trusted certficate store (used for -chain verification). \fBindata\fR is the signed data if the content is not -present in \fBp7\fR (that is it is detached). The content is written to \fBout\fR -if it is not \s-1NULL\s0. +the signing certificate(s). \fBstore\fR is a trusted certificate store used for +chain verification. \fBindata\fR is the detached content if the content is not +present in \fBcms\fR. The content is written to \fBout\fR if it is not \s-1NULL\s0. .PP \&\fBflags\fR is an optional set of flags, which can be used to modify the verify operation. .PP -\&\fIPKCS7_get0_signers()\fR retrieves the signer's certificates from \fBp7\fR, it does -\&\fBnot\fR check their validity or whether any signatures are valid. The \fBcerts\fR -and \fBflags\fR parameters have the same meanings as in \fIPKCS7_verify()\fR. +\&\fICMS_get0_signers()\fR retrieves the signing certificate(s) from \fBcms\fR, it must +be called after a successful \fICMS_verify()\fR operation. .SH "VERIFY PROCESS" .IX Header "VERIFY PROCESS" Normally the verify process proceeds as follows. .PP -Initially some sanity checks are performed on \fBp7\fR. The type of \fBp7\fR must -be signedData. There must be at least one signature on the data and if +Initially some sanity checks are performed on \fBcms\fR. The type of \fBcms\fR must +be SignedData. There must be at least one signature on the data and if the content is detached \fBindata\fR cannot be \fB\s-1NULL\s0\fR. .PP -An attempt is made to locate all the signer's certificates, first looking in -the \fBcerts\fR parameter (if it is not \fB\s-1NULL\s0\fR) and then looking in any certificates -contained in the \fBp7\fR structure itself. If any signer's certificates cannot be -located the operation fails. +An attempt is made to locate all the signing certificate(s), first looking in +the \fBcerts\fR parameter (if it is not \s-1NULL\s0) and then looking in any +certificates contained in the \fBcms\fR structure itself. If any signing +certificate cannot be located the operation fails. .PP -Each signer's certificate is chain verified using the \fBsmimesign\fR purpose and +Each signing certificate is chain verified using the \fBsmimesign\fR purpose and the supplied trusted certificate store. Any internal certificates in the message -are used as untrusted CAs. If any chain verify fails an error code is returned. +are used as untrusted CAs. If \s-1CRL\s0 checking is enabled in \fBstore\fR any internal +CRLs are used in addition to attempting to look them up in \fBstore\fR. If any +chain verify fails an error code is returned. .PP -Finally the signed content is read (and written to \fBout\fR is it is not \s-1NULL\s0) and -the signature's checked. +Finally the signed content is read (and written to \fBout\fR is it is not \s-1NULL\s0) +and the signature's checked. .PP If all signature's verify correctly then the function is successful. .PP -Any of the following flags (ored together) can be passed in the \fBflags\fR parameter -to change the default verify behaviour. Only the flag \fB\s-1PKCS7_NOINTERN\s0\fR is -meaningful to \fIPKCS7_get0_signers()\fR. +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter to change the default verify behaviour. +.PP +If \fB\s-1CMS_NOINTERN\s0\fR is set the certificates in the message itself are not +searched when locating the signing certificate(s). This means that all the +signing certificates must be in the \fBcerts\fR parameter. .PP -If \fB\s-1PKCS7_NOINTERN\s0\fR is set the certificates in the message itself are not -searched when locating the signer's certificate. This means that all the signers -certificates must be in the \fBcerts\fR parameter. +If \fB\s-1CMS_NOCRL\s0\fR is set and \s-1CRL\s0 checking is enabled in \fBstore\fR then any +CRLs in the message itself are ignored. .PP -If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted from the content. If the content is not of type \fBtext/plain\fR then an error is returned. .PP -If \fB\s-1PKCS7_NOVERIFY\s0\fR is set the signer's certificates are not chain verified. +If \fB\s-1CMS_NO_SIGNER_CERT_VERIFY\s0\fR is set the signing certificates are not +verified. .PP -If \fB\s-1PKCS7_NOCHAIN\s0\fR is set then the certificates contained in the message are -not used as untrusted CAs. This means that the whole verify chain (apart from -the signer's certificate) must be contained in the trusted store. +If \fB\s-1CMS_NO_ATTR_VERIFY\s0\fR is set the signed attributes signature is not +verified. .PP -If \fB\s-1PKCS7_NOSIGS\s0\fR is set then the signatures on the data are not checked. +If \fB\s-1CMS_NO_CONTENT_VERIFY\s0\fR is set then the content digest is not checked. .SH "NOTES" .IX Header "NOTES" -One application of \fB\s-1PKCS7_NOINTERN\s0\fR is to only accept messages signed by +One application of \fB\s-1CMS_NOINTERN\s0\fR is to only accept messages signed by a small number of certificates. The acceptable certificates would be passed in the \fBcerts\fR parameter. In this case if the signer is not one of the certificates supplied in \fBcerts\fR then the verify will fail because the signer cannot be found. .PP +In some cases the standard techniques for looking up and validating +certificates are not appropriate: for example an application may wish to +lookup certificates in a database or perform customised verification. This +can be achieved by setting and verifying the signers certificates manually +using the signed data utility functions. +.PP Care should be taken when modifying the default verify behaviour, for example -setting \fBPKCS7_NOVERIFY|PKCS7_NOSIGS\fR will totally disable all verification -and any signed message will be considered valid. This combination is however +setting \fB\s-1CMS_NO_CONTENT_VERIFY\s0\fR will totally disable all content verification +and any modified content will be considered valid. This combination is however useful if one merely wishes to write the content to \fBout\fR and its validity is not considered important. .PP -Chain verification should arguably be performed using the signing time rather +Chain verification should arguably be performed using the signing time rather than the current time. However since the signing time is supplied by the signer it cannot be trusted without additional evidence (such as a trusted timestamp). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPKCS7_verify()\fR returns 1 for a successful verification and zero or a negative -value if an error occurs. +\&\fICMS_verify()\fR returns 1 for a successful verification and zero if an error +occurred. .PP -\&\fIPKCS7_get0_signers()\fR returns all signers or \fB\s-1NULL\s0\fR if an error occurred. +\&\fICMS_get0_signers()\fR returns all signers or \s-1NULL\s0 if an error occurred. .PP The error can be obtained from \fIERR_get_error\fR\|(3) .SH "BUGS" .IX Header "BUGS" -The trusted certificate store is not searched for the signers certificate, +The trusted certificate store is not searched for the signing certificate, this is primarily due to the inadequacies of the current \fBX509_STORE\fR functionality. .PP -The lack of single pass processing and need to hold all data in memory as -mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR. +The lack of single pass processing means that the signed content must all +be held in memory if it is not detached. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3) +\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIPKCS7_verify()\fR was added to OpenSSL 0.9.5 +\&\fICMS_verify()\fR was added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 b/secure/lib/libcrypto/man/CMS_verify_receipt.3 similarity index 73% copy from secure/lib/libcrypto/man/ASN1_OBJECT_new.3 copy to secure/lib/libcrypto/man/CMS_verify_receipt.3 index ec52cd10f7..4c7630962b 100644 --- a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 +++ b/secure/lib/libcrypto/man/CMS_verify_receipt.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,43 +123,49 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ASN1_OBJECT_new 3" -.TH ASN1_OBJECT_new 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "CMS_verify_receipt 3" +.TH CMS_verify_receipt 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ASN1_OBJECT_new, ASN1_OBJECT_free, \- object allocation functions +.Vb 1 +\& CMS_verify_receipt \- verify a CMS signed receipt +.Ve .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 2 -\& ASN1_OBJECT *ASN1_OBJECT_new(void); -\& void ASN1_OBJECT_free(ASN1_OBJECT *a); +.Vb 1 +\& #include +\& +\& int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, STACK_OF(X509) *certs, X509_STORE *store, unsigned int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \s-1ASN1_OBJECT\s0 allocation routines, allocate and free an -\&\s-1ASN1_OBJECT\s0 structure, which represents an \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0. -.PP -\&\fIASN1_OBJECT_new()\fR allocates and initializes a \s-1ASN1_OBJECT\s0 structure. +\&\fICMS_verify_receipt()\fR verifies a \s-1CMS\s0 signed receipt. \fBrcms\fR is the signed +receipt to verify. \fBocms\fR is the original SignedData structure containing the +receipt request. \fBcerts\fR is a set of certificates in which to search for the +signing certificate. \fBstore\fR is a trusted certificate store (used for chain +verification). .PP -\&\fIASN1_OBJECT_free()\fR frees up the \fB\s-1ASN1_OBJECT\s0\fR structure \fBa\fR. +\&\fBflags\fR is an optional set of flags, which can be used to modify the verify +operation. .SH "NOTES" .IX Header "NOTES" -Although \fIASN1_OBJECT_new()\fR allocates a new \s-1ASN1_OBJECT\s0 structure it -is almost never used in applications. The \s-1ASN1\s0 object utility functions -such as \fIOBJ_nid2obj()\fR are used instead. +This functions behaves in a similar way to \fICMS_verify()\fR except the flag values +\&\fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_BINARY\s0\fR, \fB\s-1CMS_TEXT\s0\fR and \fB\s-1CMS_STREAM\s0\fR are not +supported since they do not make sense in the context of signed receipts. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If the allocation fails, \fIASN1_OBJECT_new()\fR returns \fB\s-1NULL\s0\fR and sets an error -code that can be obtained by \fIERR_get_error\fR\|(3). -Otherwise it returns a pointer to the newly allocated structure. +\&\fICMS_verify_receipt()\fR returns 1 for a successful verification and zero if an +error occurred. .PP -\&\fIASN1_OBJECT_free()\fR returns no value. +The error can be obtained from \fIERR_get_error\fR\|(3) .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fId2i_ASN1_OBJECT\fR\|(3) +\&\fIERR_get_error\fR\|(3), +\&\fICMS_sign_receipt\fR\|(3), +\&\fICMS_verify\fR\|(3), .SH "HISTORY" .IX Header "HISTORY" -\&\fIASN1_OBJECT_new()\fR and \fIASN1_OBJECT_free()\fR are available in all versions of SSLeay and OpenSSL. +\&\fICMS_verify_receipt()\fR was added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/CONF_modules_free.3 b/secure/lib/libcrypto/man/CONF_modules_free.3 index 46c82b65cb..f0feffe93b 100644 --- a/secure/lib/libcrypto/man/CONF_modules_free.3 +++ b/secure/lib/libcrypto/man/CONF_modules_free.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CONF_modules_free 3" -.TH CONF_modules_free 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH CONF_modules_free 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CONF_modules_load_file.3 b/secure/lib/libcrypto/man/CONF_modules_load_file.3 index f5c2a5e2d6..60ef03e5aa 100644 --- a/secure/lib/libcrypto/man/CONF_modules_load_file.3 +++ b/secure/lib/libcrypto/man/CONF_modules_load_file.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CONF_modules_load_file 3" -.TH CONF_modules_load_file 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH CONF_modules_load_file 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 index c17f98d97d..a1e2db159c 100644 --- a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 +++ b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CRYPTO_set_ex_data 3" -.TH CRYPTO_set_ex_data 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH CRYPTO_set_ex_data 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -142,6 +134,8 @@ CRYPTO_set_ex_data, CRYPTO_get_ex_data \- internal application specific data fun .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 +\& #include +\& \& int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg); \& \& void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx); diff --git a/secure/lib/libcrypto/man/DH_generate_key.3 b/secure/lib/libcrypto/man/DH_generate_key.3 index dbc366e8d5..65c191573a 100644 --- a/secure/lib/libcrypto/man/DH_generate_key.3 +++ b/secure/lib/libcrypto/man/DH_generate_key.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DH_generate_key 3" -.TH DH_generate_key 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH DH_generate_key 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_generate_parameters.3 b/secure/lib/libcrypto/man/DH_generate_parameters.3 index 9a97105498..fdee6ed549 100644 --- a/secure/lib/libcrypto/man/DH_generate_parameters.3 +++ b/secure/lib/libcrypto/man/DH_generate_parameters.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DH_generate_parameters 3" -.TH DH_generate_parameters 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH DH_generate_parameters 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_get_ex_new_index.3 b/secure/lib/libcrypto/man/DH_get_ex_new_index.3 index 952c006443..ff03cd5c36 100644 --- a/secure/lib/libcrypto/man/DH_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/DH_get_ex_new_index.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DH_get_ex_new_index 3" -.TH DH_get_ex_new_index 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH DH_get_ex_new_index 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_new.3 b/secure/lib/libcrypto/man/DH_new.3 index 24ece8fcfd..80a5e08234 100644 --- a/secure/lib/libcrypto/man/DH_new.3 +++ b/secure/lib/libcrypto/man/DH_new.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DH_new 3" -.TH DH_new 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH DH_new 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_set_method.3 b/secure/lib/libcrypto/man/DH_set_method.3 index 1cadc44348..e45a1ecad6 100644 --- a/secure/lib/libcrypto/man/DH_set_method.3 +++ b/secure/lib/libcrypto/man/DH_set_method.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DH_set_method 3" -.TH DH_set_method 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH DH_set_method 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_size.3 b/secure/lib/libcrypto/man/DH_size.3 index 861c7bd330..e4e9df19c4 100644 --- a/secure/lib/libcrypto/man/DH_size.3 +++ b/secure/lib/libcrypto/man/DH_size.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DH_size 3" -.TH DH_size 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH DH_size 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_SIG_new.3 b/secure/lib/libcrypto/man/DSA_SIG_new.3 index fcb965d6b8..f3e0559260 100644 --- a/secure/lib/libcrypto/man/DSA_SIG_new.3 +++ b/secure/lib/libcrypto/man/DSA_SIG_new.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_SIG_new 3" -.TH DSA_SIG_new 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH DSA_SIG_new 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_do_sign.3 b/secure/lib/libcrypto/man/DSA_do_sign.3 index 51870da173..5ec0e1d5a7 100644 --- a/secure/lib/libcrypto/man/DSA_do_sign.3 +++ b/secure/lib/libcrypto/man/DSA_do_sign.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_do_sign 3" -.TH DSA_do_sign 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH DSA_do_sign 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_dup_DH.3 b/secure/lib/libcrypto/man/DSA_dup_DH.3 index b4c67f5cf1..bac44eb352 100644 --- a/secure/lib/libcrypto/man/DSA_dup_DH.3 +++ b/secure/lib/libcrypto/man/DSA_dup_DH.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_dup_DH 3" -.TH DSA_dup_DH 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH DSA_dup_DH 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_generate_key.3 b/secure/lib/libcrypto/man/DSA_generate_key.3 index 80e4832a1c..f67676bda4 100644 --- a/secure/lib/libcrypto/man/DSA_generate_key.3 +++ b/secure/lib/libcrypto/man/DSA_generate_key.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_generate_key 3" -.TH DSA_generate_key 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH DSA_generate_key 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_generate_parameters.3 b/secure/lib/libcrypto/man/DSA_generate_parameters.3 index 8bf69a2666..19f1ef33cc 100644 --- a/secure/lib/libcrypto/man/DSA_generate_parameters.3 +++ b/secure/lib/libcrypto/man/DSA_generate_parameters.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_generate_parameters 3" -.TH DSA_generate_parameters 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH DSA_generate_parameters 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 index a49c665a86..d4f6ef2eaa 100644 --- a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_get_ex_new_index 3" -.TH DSA_get_ex_new_index 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH DSA_get_ex_new_index 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -142,7 +134,7 @@ DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data \- add application specif .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& #include +\& #include \& \& int DSA_get_ex_new_index(long argl, void *argp, \& CRYPTO_EX_new *new_func, diff --git a/secure/lib/libcrypto/man/DSA_new.3 b/secure/lib/libcrypto/man/DSA_new.3 index 857c8ad7e9..50592eb95b 100644 --- a/secure/lib/libcrypto/man/DSA_new.3 +++ b/secure/lib/libcrypto/man/DSA_new.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_new 3" -.TH DSA_new 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH DSA_new 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_set_method.3 b/secure/lib/libcrypto/man/DSA_set_method.3 index dad1dee7e1..5e31d3b6c0 100644 --- a/secure/lib/libcrypto/man/DSA_set_method.3 +++ b/secure/lib/libcrypto/man/DSA_set_method.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_set_method 3" -.TH DSA_set_method 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH DSA_set_method 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_sign.3 b/secure/lib/libcrypto/man/DSA_sign.3 index 688efd59ea..3f750bb5c0 100644 --- a/secure/lib/libcrypto/man/DSA_sign.3 +++ b/secure/lib/libcrypto/man/DSA_sign.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_sign 3" -.TH DSA_sign 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH DSA_sign 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_size.3 b/secure/lib/libcrypto/man/DSA_size.3 index 30e3bbf072..744cd63dbc 100644 --- a/secure/lib/libcrypto/man/DSA_size.3 +++ b/secure/lib/libcrypto/man/DSA_size.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_size 3" -.TH DSA_size 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH DSA_size 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_GET_LIB.3 b/secure/lib/libcrypto/man/ERR_GET_LIB.3 index 08da81153c..adb5be13ec 100644 --- a/secure/lib/libcrypto/man/ERR_GET_LIB.3 +++ b/secure/lib/libcrypto/man/ERR_GET_LIB.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_GET_LIB 3" -.TH ERR_GET_LIB 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH ERR_GET_LIB 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_clear_error.3 b/secure/lib/libcrypto/man/ERR_clear_error.3 index 24e49d7ca6..ad6ac04463 100644 --- a/secure/lib/libcrypto/man/ERR_clear_error.3 +++ b/secure/lib/libcrypto/man/ERR_clear_error.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_clear_error 3" -.TH ERR_clear_error 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH ERR_clear_error 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_error_string.3 b/secure/lib/libcrypto/man/ERR_error_string.3 index 6df673349d..42c4e38d62 100644 --- a/secure/lib/libcrypto/man/ERR_error_string.3 +++ b/secure/lib/libcrypto/man/ERR_error_string.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_error_string 3" -.TH ERR_error_string 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH ERR_error_string 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_get_error.3 b/secure/lib/libcrypto/man/ERR_get_error.3 index 1db4e5063e..c3a06e68ef 100644 --- a/secure/lib/libcrypto/man/ERR_get_error.3 +++ b/secure/lib/libcrypto/man/ERR_get_error.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_get_error 3" -.TH ERR_get_error 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH ERR_get_error 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 index b3e0379d4d..6a2b22bff1 100644 --- a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 +++ b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_load_crypto_strings 3" -.TH ERR_load_crypto_strings 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH ERR_load_crypto_strings 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_load_strings.3 b/secure/lib/libcrypto/man/ERR_load_strings.3 index fb41544765..f50203f416 100644 --- a/secure/lib/libcrypto/man/ERR_load_strings.3 +++ b/secure/lib/libcrypto/man/ERR_load_strings.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_load_strings 3" -.TH ERR_load_strings 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH ERR_load_strings 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_print_errors.3 b/secure/lib/libcrypto/man/ERR_print_errors.3 index 2570dc28d0..309ac2fd70 100644 --- a/secure/lib/libcrypto/man/ERR_print_errors.3 +++ b/secure/lib/libcrypto/man/ERR_print_errors.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_print_errors 3" -.TH ERR_print_errors 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH ERR_print_errors 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_put_error.3 b/secure/lib/libcrypto/man/ERR_put_error.3 index 79b813a05d..12c5a68433 100644 --- a/secure/lib/libcrypto/man/ERR_put_error.3 +++ b/secure/lib/libcrypto/man/ERR_put_error.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_put_error 3" -.TH ERR_put_error 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH ERR_put_error 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_remove_state.3 b/secure/lib/libcrypto/man/ERR_remove_state.3 index c70c700557..db56b1e0e1 100644 --- a/secure/lib/libcrypto/man/ERR_remove_state.3 +++ b/secure/lib/libcrypto/man/ERR_remove_state.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_remove_state 3" -.TH ERR_remove_state 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH ERR_remove_state 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_set_mark.3 b/secure/lib/libcrypto/man/ERR_set_mark.3 index fb5206c1ac..918a14927a 100644 --- a/secure/lib/libcrypto/man/ERR_set_mark.3 +++ b/secure/lib/libcrypto/man/ERR_set_mark.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_set_mark 3" -.TH ERR_set_mark 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH ERR_set_mark 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_BytesToKey.3 b/secure/lib/libcrypto/man/EVP_BytesToKey.3 index e345c20e85..e2b212092d 100644 --- a/secure/lib/libcrypto/man/EVP_BytesToKey.3 +++ b/secure/lib/libcrypto/man/EVP_BytesToKey.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_BytesToKey 3" -.TH EVP_BytesToKey 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH EVP_BytesToKey 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_DigestInit.3 b/secure/lib/libcrypto/man/EVP_DigestInit.3 index 679138e818..08889651e6 100644 --- a/secure/lib/libcrypto/man/EVP_DigestInit.3 +++ b/secure/lib/libcrypto/man/EVP_DigestInit.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DigestInit 3" -.TH EVP_DigestInit 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH EVP_DigestInit 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -200,9 +192,9 @@ EVP digest routines .IX Header "DESCRIPTION" The \s-1EVP\s0 digest routines are a high level interface to message digests. .PP -\&\fIEVP_MD_CTX_init()\fR initializes digest contet \fBctx\fR. +\&\fIEVP_MD_CTX_init()\fR initializes digest context \fBctx\fR. .PP -\&\fIEVP_MD_CTX_create()\fR allocates, initializes and returns a digest contet. +\&\fIEVP_MD_CTX_create()\fR allocates, initializes and returns a digest context. .PP \&\fIEVP_DigestInit_ex()\fR sets up digest context \fBctx\fR to use a digest \&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized before calling this @@ -238,7 +230,7 @@ the passed context \fBctx\fR does not have to be initialized, and it always uses the default digest implementation. .PP \&\fIEVP_DigestFinal()\fR is similar to \fIEVP_DigestFinal_ex()\fR except the digest -contet \fBctx\fR is automatically cleaned up. +context \fBctx\fR is automatically cleaned up. .PP \&\fIEVP_MD_CTX_copy()\fR is similar to \fIEVP_MD_CTX_copy_ex()\fR except the destination \&\fBout\fR does not have to be initialized. @@ -268,7 +260,9 @@ return \fB\s-1EVP_MD\s0\fR structures for the \s-1MD2\s0, \s-1MD5\s0, \s-1SHA\s0 algorithms respectively. The associated signature algorithm is \s-1RSA\s0 in each case. .PP \&\fIEVP_dss()\fR and \fIEVP_dss1()\fR return \fB\s-1EVP_MD\s0\fR structures for \s-1SHA\s0 and \s-1SHA1\s0 digest -algorithms but using \s-1DSS\s0 (\s-1DSA\s0) for the signature algorithm. +algorithms but using \s-1DSS\s0 (\s-1DSA\s0) for the signature algorithm. Note: there is +no need to use these pseudo-digests in OpenSSL 1.0.0 and later, they are +however retained for compatibility. .PP \&\fIEVP_md_null()\fR is a \*(L"null\*(R" message digest that does nothing: i.e. the hash it returns is of zero length. @@ -362,11 +356,6 @@ digest name passed on the command line. \& printf("\en"); \& } .Ve -.SH "BUGS" -.IX Header "BUGS" -The link between digests and signing algorithms results in a situation where -\&\fIEVP_sha1()\fR must be used with \s-1RSA\s0 and \fIEVP_dss1()\fR must be used with \s-1DSS\s0 -even though they are identical digests. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIevp\fR\|(3), \fIhmac\fR\|(3), \fImd2\fR\|(3), @@ -384,3 +373,10 @@ and \fIEVP_DigestFinal_ex()\fR were added in OpenSSL 0.9.7. \&\fIEVP_md_null()\fR, \fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha()\fR, \fIEVP_sha1()\fR, \&\fIEVP_dss()\fR, \fIEVP_dss1()\fR, \fIEVP_mdc2()\fR and \fIEVP_ripemd160()\fR were changed to return truely const \s-1EVP_MD\s0 * in OpenSSL 0.9.7. +.PP +The link between digests and signing algorithms was fixed in OpenSSL 1.0 and +later, so now \fIEVP_sha1()\fR can be used with \s-1RSA\s0 and \s-1DSA\s0, there is no need to +use \fIEVP_dss1()\fR any more. +.PP +OpenSSL 1.0 and later does not include the \s-1MD2\s0 digest algorithm in the +default configuration due to its security weaknesses. diff --git a/secure/lib/libcrypto/man/EVP_SignInit.3 b/secure/lib/libcrypto/man/EVP_DigestSignInit.3 similarity index 59% copy from secure/lib/libcrypto/man/EVP_SignInit.3 copy to secure/lib/libcrypto/man/EVP_DigestSignInit.3 index 0dcf738376..fd8851d0ca 100644 --- a/secure/lib/libcrypto/man/EVP_SignInit.3 +++ b/secure/lib/libcrypto/man/EVP_DigestSignInit.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,94 +123,87 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_SignInit 3" -.TH EVP_SignInit 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "EVP_DigestSignInit 3" +.TH EVP_DigestSignInit 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_SignInit, EVP_SignUpdate, EVP_SignFinal \- EVP signing functions +EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal \- EVP signing functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& -\& int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); -\& int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); -\& int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *sig,unsigned int *s, EVP_PKEY *pkey); -\& -\& void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); -\& -\& int EVP_PKEY_size(EVP_PKEY *pkey); +\& int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +\& const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); +\& int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); +\& int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \s-1EVP\s0 signature routines are a high level interface to digital -signatures. +The \s-1EVP\s0 signature routines are a high level interface to digital signatures. .PP -\&\fIEVP_SignInit_ex()\fR sets up signing context \fBctx\fR to use digest -\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized with -\&\fIEVP_MD_CTX_init()\fR before calling this function. +\&\fIEVP_DigestSignInit()\fR sets up signing context \fBctx\fR to use digest \fBtype\fR from +\&\s-1ENGINE\s0 \fBimpl\fR and private key \fBpkey\fR. \fBctx\fR must be initialized with +\&\fIEVP_MD_CTX_init()\fR before calling this function. If \fBpctx\fR is not \s-1NULL\s0 the +\&\s-1EVP_PKEY_CTX\s0 of the signing operation will be written to \fB*pctx\fR: this can +be used to set alternative signing options. .PP -\&\fIEVP_SignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the +\&\fIEVP_DigestSignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the signature context \fBctx\fR. This function can be called several times on the -same \fBctx\fR to include additional data. +same \fBctx\fR to include additional data. This function is currently implemented +usig a macro. .PP -\&\fIEVP_SignFinal()\fR signs the data in \fBctx\fR using the private key \fBpkey\fR and -places the signature in \fBsig\fR. The number of bytes of data written (i.e. the -length of the signature) will be written to the integer at \fBs\fR, at most -EVP_PKEY_size(pkey) bytes will be written. -.PP -\&\fIEVP_SignInit()\fR initializes a signing context \fBctx\fR to use the default -implementation of digest \fBtype\fR. -.PP -\&\fIEVP_PKEY_size()\fR returns the maximum size of a signature in bytes. The actual -signature returned by \fIEVP_SignFinal()\fR may be smaller. +\&\fIEVP_DigestSignFinal()\fR signs the data in \fBctx\fR places the signature in \fBsig\fR. +If \fBsig\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to +the \fBsiglen\fR parameter. If \fBsig\fR is not \fB\s-1NULL\s0\fR then before the call the +\&\fBsiglen\fR parameter should contain the length of the \fBsig\fR buffer, if the +call is successful the signature is written to \fBsig\fR and the amount of data +written to \fBsiglen\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_SignInit_ex()\fR, \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR return 1 -for success and 0 for failure. -.PP -\&\fIEVP_PKEY_size()\fR returns the maximum size of a signature in bytes. +\&\fIEVP_DigestSignInit()\fR \fIEVP_DigestSignUpdate()\fR and \fIEVP_DigestSignaFinal()\fR return +1 for success and 0 or a negative value for failure. In particular a return +value of \-2 indicates the operation is not supported by the public key +algorithm. .PP -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained from \fIERR_get_error\fR\|(3). .SH "NOTES" .IX Header "NOTES" The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in preference to the low level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. .PP -Due to the link between message digests and public key algorithms the correct -digest algorithm must be used with the correct public key type. A list of -algorithms and associated public key algorithms appears in -\&\fIEVP_DigestInit\fR\|(3). +In previous versions of OpenSSL there was a link between message digest types +and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fIEVP_dss1()\fR +needed to be used to sign using \s-1SHA1\s0 and \s-1DSA\s0. This is no longer necessary and +the use of clone digest is now discouraged. .PP -When signing with \s-1DSA\s0 private keys the random number generator must be seeded -or the operation will fail. The random number generator does not need to be -seeded for \s-1RSA\s0 signatures. +For some key types and parameters the random number generator must be seeded +or the operation will fail. .PP -The call to \fIEVP_SignFinal()\fR internally finalizes a copy of the digest context. -This means that calls to \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR can be called -later to digest and sign additional data. +The call to \fIEVP_DigestSignFinal()\fR internally finalizes a copy of the digest +context. This means that calls to \fIEVP_DigestSignUpdate()\fR and +\&\fIEVP_DigestSignFinal()\fR can be called later to digest and sign additional data. .PP Since only a copy of the digest context is ever finalized the context must be cleaned up after use by calling \fIEVP_MD_CTX_cleanup()\fR or a memory leak will occur. -.SH "BUGS" -.IX Header "BUGS" -Older versions of this documentation wrongly stated that calls to -\&\fIEVP_SignUpdate()\fR could not be made after calling \fIEVP_SignFinal()\fR. +.PP +The use of \fIEVP_PKEY_size()\fR with these functions is discouraged because some +signature operations may have a signature length which depends on the +parameters set. As a result \fIEVP_PKEY_size()\fR would have to return a value +which indicates the maximum possible signature for any set of parameters. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_VerifyInit\fR\|(3), +\&\fIEVP_DigestVerifyInit\fR\|(3), \&\fIEVP_DigestInit\fR\|(3), \fIerr\fR\|(3), \&\fIevp\fR\|(3), \fIhmac\fR\|(3), \fImd2\fR\|(3), \&\fImd5\fR\|(3), \fImdc2\fR\|(3), \fIripemd\fR\|(3), \&\fIsha\fR\|(3), \fIdgst\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" -\&\fIEVP_SignInit()\fR, \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR are -available in all versions of SSLeay and OpenSSL. -.PP -\&\fIEVP_SignInit_ex()\fR was added in OpenSSL 0.9.7. +\&\fIEVP_DigestSignInit()\fR, \fIEVP_DigestSignUpdate()\fR and \fIEVP_DigestSignFinal()\fR +were first added to OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/EVP_VerifyInit.3 b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 similarity index 61% copy from secure/lib/libcrypto/man/EVP_VerifyInit.3 copy to secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 index bb042498c6..1ada53846d 100644 --- a/secure/lib/libcrypto/man/EVP_VerifyInit.3 +++ b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,85 +123,82 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_VerifyInit 3" -.TH EVP_VerifyInit 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "EVP_DigestVerifyInit 3" +.TH EVP_DigestVerifyInit 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \- EVP signature verification functions +EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal \- EVP signature verification functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& -\& int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); -\& int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); -\& int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey); -\& -\& int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type); +\& int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +\& const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); +\& int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); +\& int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \s-1EVP\s0 signature verification routines are a high level interface to digital -signatures. +The \s-1EVP\s0 signature routines are a high level interface to digital signatures. .PP -\&\fIEVP_VerifyInit_ex()\fR sets up verification context \fBctx\fR to use digest -\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized by calling -\&\fIEVP_MD_CTX_init()\fR before calling this function. +\&\fIEVP_DigestVerifyInit()\fR sets up verification context \fBctx\fR to use digest +\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR and public key \fBpkey\fR. \fBctx\fR must be initialized +with \fIEVP_MD_CTX_init()\fR before calling this function. If \fBpctx\fR is not \s-1NULL\s0 the +\&\s-1EVP_PKEY_CTX\s0 of the verification operation will be written to \fB*pctx\fR: this +can be used to set alternative verification options. .PP -\&\fIEVP_VerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the +\&\fIEVP_DigestVerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the verification context \fBctx\fR. This function can be called several times on the -same \fBctx\fR to include additional data. +same \fBctx\fR to include additional data. This function is currently implemented +using a macro. .PP -\&\fIEVP_VerifyFinal()\fR verifies the data in \fBctx\fR using the public key \fBpkey\fR -and against the \fBsiglen\fR bytes at \fBsigbuf\fR. -.PP -\&\fIEVP_VerifyInit()\fR initializes verification context \fBctx\fR to use the default -implementation of digest \fBtype\fR. +\&\fIEVP_DigestVerifyFinal()\fR verifies the data in \fBctx\fR against the signature in +\&\fBsig\fR of length \fBsiglen\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_VerifyInit_ex()\fR and \fIEVP_VerifyUpdate()\fR return 1 for success and 0 for -failure. +\&\fIEVP_DigestVerifyInit()\fR and \fIEVP_DigestVerifyUpdate()\fR return 1 for success and 0 +or a negative value for failure. In particular a return value of \-2 indicates +the operation is not supported by the public key algorithm. .PP -\&\fIEVP_VerifyFinal()\fR returns 1 for a correct signature, 0 for failure and \-1 if some -other error occurred. +Unlike other functions the return value 0 from \fIEVP_DigestVerifyFinal()\fR only +indicates that the signature did not not verify successfully (that is tbs did +not match the original data or the signature was of invalid form) it is not an +indication of a more serious error. .PP -The error codes can be obtained by \fIERR_get_error\fR\|(3). +The error codes can be obtained from \fIERR_get_error\fR\|(3). .SH "NOTES" .IX Header "NOTES" The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in preference to the low level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. .PP -Due to the link between message digests and public key algorithms the correct -digest algorithm must be used with the correct public key type. A list of -algorithms and associated public key algorithms appears in -\&\fIEVP_DigestInit\fR\|(3). +In previous versions of OpenSSL there was a link between message digest types +and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fIEVP_dss1()\fR +needed to be used to sign using \s-1SHA1\s0 and \s-1DSA\s0. This is no longer necessary and +the use of clone digest is now discouraged. +.PP +For some key types and parameters the random number generator must be seeded +or the operation will fail. .PP -The call to \fIEVP_VerifyFinal()\fR internally finalizes a copy of the digest context. -This means that calls to \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can be called -later to digest and verify additional data. +The call to \fIEVP_DigestVerifyFinal()\fR internally finalizes a copy of the digest +context. This means that calls to \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can +be called later to digest and verify additional data. .PP Since only a copy of the digest context is ever finalized the context must be cleaned up after use by calling \fIEVP_MD_CTX_cleanup()\fR or a memory leak will occur. -.SH "BUGS" -.IX Header "BUGS" -Older versions of this documentation wrongly stated that calls to -\&\fIEVP_VerifyUpdate()\fR could not be made after calling \fIEVP_VerifyFinal()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(3), -\&\fIEVP_SignInit\fR\|(3), +\&\fIEVP_DigestSignInit\fR\|(3), \&\fIEVP_DigestInit\fR\|(3), \fIerr\fR\|(3), \&\fIevp\fR\|(3), \fIhmac\fR\|(3), \fImd2\fR\|(3), \&\fImd5\fR\|(3), \fImdc2\fR\|(3), \fIripemd\fR\|(3), \&\fIsha\fR\|(3), \fIdgst\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" -\&\fIEVP_VerifyInit()\fR, \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR are -available in all versions of SSLeay and OpenSSL. -.PP -\&\fIEVP_VerifyInit_ex()\fR was added in OpenSSL 0.9.7 +\&\fIEVP_DigestVerifyInit()\fR, \fIEVP_DigestVerifyUpdate()\fR and \fIEVP_DigestVerifyFinal()\fR +were first added to OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/EVP_EncryptInit.3 b/secure/lib/libcrypto/man/EVP_EncryptInit.3 index 45518c8365..62ed02e9fc 100644 --- a/secure/lib/libcrypto/man/EVP_EncryptInit.3 +++ b/secure/lib/libcrypto/man/EVP_EncryptInit.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_EncryptInit 3" -.TH EVP_EncryptInit 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH EVP_EncryptInit 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_OpenInit.3 b/secure/lib/libcrypto/man/EVP_OpenInit.3 index 61e71b49c0..880e4cab86 100644 --- a/secure/lib/libcrypto/man/EVP_OpenInit.3 +++ b/secure/lib/libcrypto/man/EVP_OpenInit.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_OpenInit 3" -.TH EVP_OpenInit 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH EVP_OpenInit 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 new file mode 100644 index 0000000000..6d392ef3b8 --- /dev/null +++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 @@ -0,0 +1,251 @@ +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_ctrl 3" +.TH EVP_PKEY_CTX_ctrl 3 "2010-06-01" "1.0.0a" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_ctrl, EVP_PKEY_ctrl_str \- algorithm specific control operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, +\& int cmd, int p1, void *p2); +\& int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, +\& const char *value); +\& +\& int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); +\& +\& #include +\& +\& int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& +\& int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad); +\& int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_set_rsa_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits); +\& int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); +\& +\& #include +\& int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits); +\& +\& #include +\& int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen); +\& +\& #include +\& int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fIEVP_PKEY_CTX_ctrl()\fR sends a control operation to the context +\&\fBctx\fR. The key type used must match \fBkeytype\fR if it is not \-1. The parameter +\&\fBoptype\fR is a mask indicating which operations the control can be applied to. +The control command is indicated in \fBcmd\fR and any additional arguments in +\&\fBp1\fR and \fBp2\fR. +.PP +Applications will not normally call \fIEVP_PKEY_CTX_ctrl()\fR directly but will +instead call one of the algorithm specific macros below. +.PP +The function \fIEVP_PKEY_ctrl_str()\fR allows an application to send an algorithm +specific control operation to a context \fBctx\fR in string form. This is +intended to be used for options specified on the command line or in text +files. The commands supported are documented in the openssl utility +command line pages for the option \fB\-pkeyopt\fR which is supported by the +\&\fBpkeyutl\fR, \fBgenpkey\fR and \fBreq\fR commands. +.PP +All the remaining \*(L"functions\*(R" are implemented as macros. +.PP +The \fIEVP_PKEY_CTX_set_signature_md()\fR macro sets the message digest type used +in a signature. It can be used with any public key algorithm supporting +signature operations. +.PP +The macro \fIEVP_PKEY_CTX_set_rsa_padding()\fR sets the \s-1RSA\s0 padding mode for \fBctx\fR. +The \fBpad\fR parameter can take the value \s-1RSA_PKCS1_PADDING\s0 for PKCS#1 padding, +\&\s-1RSA_SSLV23_PADDING\s0 for SSLv23 padding, \s-1RSA_NO_PADDING\s0 for no padding, +\&\s-1RSA_PKCS1_OAEP_PADDING\s0 for \s-1OAEP\s0 padding (encrypt and decrypt only), +\&\s-1RSA_X931_PADDING\s0 for X9.31 padding (signature operations only) and +\&\s-1RSA_PKCS1_PSS_PADDING\s0 (sign and verify only). +.PP +Two \s-1RSA\s0 padding modes behave differently if \fIEVP_PKEY_CTX_set_signature_md()\fR +is used. If this macro is called for PKCS#1 padding the plaintext buffer is +an actual digest value and is encapsulated in a DigestInfo structure according +to PKCS#1 when signing and this structure is expected (and stripped off) when +verifying. If this control is not used with \s-1RSA\s0 and PKCS#1 padding then the +supplied data is used directly and not encapsulated. In the case of X9.31 +padding for \s-1RSA\s0 the algorithm identifier byte is added or checked and removed +if this control is called. If it is not called then the first byte of the plaintext buffer is expected to be the algorithm identifier byte. +.PP +The \fIEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro sets the \s-1RSA\s0 \s-1PSS\s0 salt length to +\&\fBlen\fR as its name implies it is only supported for \s-1PSS\s0 padding. Two special +values are supported: \-1 sets the salt length to the digest length. When +signing \-2 sets the salt length to the maximum permissible value. When +verifying \-2 causes the salt length to be automatically determined based on the +\&\fB\s-1PSS\s0\fR block structure. If this macro is not called a salt length value of \-2 +is used by default. +.PP +The \fIEVP_PKEY_CTX_set_rsa_rsa_keygen_bits()\fR macro sets the \s-1RSA\s0 key length for +\&\s-1RSA\s0 key genration to \fBbits\fR. If not specified 1024 bits is used. +.PP +The \fIEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macro sets the public exponent value +for \s-1RSA\s0 key generation to \fBpubexp\fR currently it should be an odd integer. The +\&\fBpubexp\fR pointer is used internally by this function so it should not be +modified or free after the call. If this macro is not called then 65537 is used. +.PP +The macro \fIEVP_PKEY_CTX_set_dsa_paramgen_bits()\fR sets the number of bits used +for \s-1DSA\s0 parameter generation to \fBbits\fR. If not specified 1024 is used. +.PP +The macro \fIEVP_PKEY_CTX_set_dh_paramgen_prime_len()\fR sets the length of the \s-1DH\s0 +prime parameter \fBp\fR for \s-1DH\s0 parameter generation. If this macro is not called +then 1024 is used. +.PP +The \fIEVP_PKEY_CTX_set_dh_paramgen_generator()\fR macro sets \s-1DH\s0 generator to \fBgen\fR +for \s-1DH\s0 parameter generation. If not specified 2 is used. +.PP +The \fIEVP_PKEY_CTX_set_ec_paramgen_curve_nid()\fR sets the \s-1EC\s0 curve for \s-1EC\s0 parameter +generation to \fBnid\fR. For \s-1EC\s0 parameter generation this macro must be called +or an error occurs because there is no default curve. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_CTX_ctrl()\fR and its macros return a positive value for success and 0 +or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), +\&\fIEVP_PKEY_decrypt\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +\&\fIEVP_PKEY_verifyrecover\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +\&\fIEVP_PKEY_keygen\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were first added to OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 similarity index 68% copy from secure/lib/libcrypto/man/EVP_PKEY_new.3 copy to secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 index 32afc42fe4..4d5f19e59f 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_new.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,46 +123,52 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_new 3" -.TH EVP_PKEY_new 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "EVP_PKEY_CTX_new 3" +.TH EVP_PKEY_CTX_new 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_new, EVP_PKEY_free \- private key allocation functions. +EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free \- public key algorithm context functions. .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& -\& EVP_PKEY *EVP_PKEY_new(void); -\& void EVP_PKEY_free(EVP_PKEY *key); +\& EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); +\& EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); +\& EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx); +\& void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIEVP_PKEY_new()\fR function allocates an empty \fB\s-1EVP_PKEY\s0\fR -structure which is used by OpenSSL to store private keys. +The \fIEVP_PKEY_CTX_new()\fR function allocates public key algorithm context using +the algorithm specified in \fBpkey\fR and \s-1ENGINE\s0 \fBe\fR. .PP -\&\fIEVP_PKEY_free()\fR frees up the private key \fBkey\fR. +The \fIEVP_PKEY_CTX_new_id()\fR function allocates public key algorithm context +using the algorithm specified by \fBid\fR and \s-1ENGINE\s0 \fBe\fR. It is normally used +when no \fB\s-1EVP_PKEY\s0\fR structure is associated with the operations, for example +during parameter generation of key genration for some algorithms. +.PP +\&\fIEVP_PKEY_CTX_dup()\fR duplicates the context \fBctx\fR. +.PP +\&\fIEVP_PKEY_CTX_free()\fR frees up the context \fBctx\fR. .SH "NOTES" .IX Header "NOTES" -The \fB\s-1EVP_PKEY\s0\fR structure is used by various OpenSSL functions -which require a general private key without reference to any -particular algorithm. -.PP -The structure returned by \fIEVP_PKEY_new()\fR is empty. To add a -private key to this empty structure the functions described in -\&\fIEVP_PKEY_set1_RSA\fR\|(3) should be used. +The \fB\s-1EVP_PKEY_CTX\s0\fR structure is an opaque public key algorithm context used +by the OpenSSL high level public key \s-1API\s0. Contexts \fB\s-1MUST\s0 \s-1NOT\s0\fR be shared between +threads: that is it is not permissible to use the same context simultaneously +in two threads. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_new()\fR returns either the newly allocated \fB\s-1EVP_PKEY\s0\fR -structure of \fB\s-1NULL\s0\fR if an error occurred. +\&\fIEVP_PKEY_CTX_new()\fR, \fIEVP_PKEY_CTX_new_id()\fR, \fIEVP_PKEY_CTX_dup()\fR returns either +the newly allocated \fB\s-1EVP_PKEY_CTX\s0\fR structure of \fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fIEVP_PKEY_free()\fR does not return a value. +\&\fIEVP_PKEY_CTX_free()\fR does not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_set1_RSA\fR\|(3) +\&\fIEVP_PKEY_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\s-1TBA\s0 +These functions were first added to OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 similarity index 64% copy from secure/lib/libcrypto/man/EVP_PKEY_new.3 copy to secure/lib/libcrypto/man/EVP_PKEY_cmp.3 index 32afc42fe4..4a06cc8c3c 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_new.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,46 +123,62 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_new 3" -.TH EVP_PKEY_new 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "EVP_PKEY_cmp 3" +.TH EVP_PKEY_cmp 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_new, EVP_PKEY_free \- private key allocation functions. +EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters, EVP_PKEY_cmp \- public key parameter and comparison functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& -\& EVP_PKEY *EVP_PKEY_new(void); -\& void EVP_PKEY_free(EVP_PKEY *key); +\& int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); +\& int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); +\& +\& int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); +\& int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIEVP_PKEY_new()\fR function allocates an empty \fB\s-1EVP_PKEY\s0\fR -structure which is used by OpenSSL to store private keys. +The function \fIEVP_PKEY_missing_parameters()\fR returns 1 if the public key +parameters of \fBpkey\fR are missing and 0 if they are present or the algorithm +doesn't use parameters. .PP -\&\fIEVP_PKEY_free()\fR frees up the private key \fBkey\fR. +The function \fIEVP_PKEY_copy_parameters()\fR copies the parameters from key +\&\fBfrom\fR to key \fBto\fR. +.PP +The funcion \fIEVP_PKEY_cmp_parameters()\fR compares the parameters of keys +\&\fBa\fR and \fBb\fR. +.PP +The funcion \fIEVP_PKEY_cmp()\fR compares the public key components and paramters +(if present) of keys \fBa\fR and \fBb\fR. .SH "NOTES" .IX Header "NOTES" -The \fB\s-1EVP_PKEY\s0\fR structure is used by various OpenSSL functions -which require a general private key without reference to any -particular algorithm. +The main purpose of the functions \fIEVP_PKEY_missing_parameters()\fR and +\&\fIEVP_PKEY_copy_parameters()\fR is to handle public keys in certificates where the +parameters are sometimes omitted from a public key if they are inherited from +the \s-1CA\s0 that signed it. .PP -The structure returned by \fIEVP_PKEY_new()\fR is empty. To add a -private key to this empty structure the functions described in -\&\fIEVP_PKEY_set1_RSA\fR\|(3) should be used. +Since OpenSSL private keys contain public key components too the function +\&\fIEVP_PKEY_cmp()\fR can also be used to determine if a private key matches +a public key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_new()\fR returns either the newly allocated \fB\s-1EVP_PKEY\s0\fR -structure of \fB\s-1NULL\s0\fR if an error occurred. +The function \fIEVP_PKEY_missing_parameters()\fR returns 1 if the public key +parameters of \fBpkey\fR are missing and 0 if they are present or the algorithm +doesn't use parameters. +.PP +These functions \fIEVP_PKEY_copy_parameters()\fR returns 1 for success and 0 for +failure. .PP -\&\fIEVP_PKEY_free()\fR does not return a value. +The function \fIEVP_PKEY_cmp_parameters()\fR and \fIEVP_PKEY_cmp()\fR return 1 if the +keys match, 0 if they don't match, \-1 if the key types are different and +\&\-2 if the operation is not supported. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_set1_RSA\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\s-1TBA\s0 +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_keygen\fR\|(3) diff --git a/secure/lib/libcrypto/man/EVP_BytesToKey.3 b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 similarity index 57% copy from secure/lib/libcrypto/man/EVP_BytesToKey.3 copy to secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 index e345c20e85..7201111163 100644 --- a/secure/lib/libcrypto/man/EVP_BytesToKey.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,69 +123,94 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_BytesToKey 3" -.TH EVP_BytesToKey 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "EVP_PKEY_decrypt 3" +.TH EVP_PKEY_decrypt 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_BytesToKey \- password based encryption routine +EVP_PKEY_decrypt_init, EVP_PKEY_decrypt \- decrypt using a public key algorithm .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& -\& int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md, -\& const unsigned char *salt, -\& const unsigned char *data, int datal, int count, -\& unsigned char *key,unsigned char *iv); +\& int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, +\& unsigned char *out, size_t *outlen, +\& const unsigned char *in, size_t inlen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIEVP_BytesToKey()\fR derives a key and \s-1IV\s0 from various parameters. \fBtype\fR is -the cipher to derive the key and \s-1IV\s0 for. \fBmd\fR is the message digest to use. -The \fBsalt\fR paramter is used as a salt in the derivation: it should point to -an 8 byte buffer or \s-1NULL\s0 if no salt is used. \fBdata\fR is a buffer containing -\&\fBdatal\fR bytes which is used to derive the keying data. \fBcount\fR is the -iteration count to use. The derived key and \s-1IV\s0 will be written to \fBkey\fR -and \fBiv\fR respectively. +The \fIEVP_PKEY_decrypt_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for a decryption operation. +.PP +The \fIEVP_PKEY_decrypt()\fR function performs a public key decryption operation +using \fBctx\fR. The data to be decrypted is specified using the \fBin\fR and +\&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output +buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fB\s-1NULL\s0\fR then +before the call the \fBoutlen\fR parameter should contain the length of the +\&\fBout\fR buffer, if the call is successful the decrypted data is written to +\&\fBout\fR and the amount of data written to \fBoutlen\fR. .SH "NOTES" .IX Header "NOTES" -A typical application of this function is to derive keying material for an -encryption algorithm from a password in the \fBdata\fR parameter. -.PP -Increasing the \fBcount\fR parameter slows down the algorithm which makes it -harder for an attacker to peform a brute force attack using a large number -of candidate passwords. -.PP -If the total key and \s-1IV\s0 length is less than the digest length and -\&\fB\s-1MD5\s0\fR is used then the derivation algorithm is compatible with PKCS#5 v1.5 -otherwise a non standard extension is used to derive the extra data. -.PP -Newer applications should use more standard algorithms such as PKCS#5 -v2.0 for key derivation. -.SH "KEY DERIVATION ALGORITHM" -.IX Header "KEY DERIVATION ALGORITHM" -The key and \s-1IV\s0 is derived by concatenating D_1, D_2, etc until -enough data is available for the key and \s-1IV\s0. D_i is defined as: -.PP -.Vb 1 -\& D_i = HASH^count(D_(i\-1) || data || salt) -.Ve +After the call to \fIEVP_PKEY_decrypt_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. .PP -where || denotes concatentaion, D_0 is empty, \s-1HASH\s0 is the digest -algorithm in use, HASH^1(data) is simply \s-1HASH\s0(data), HASH^2(data) -is \s-1HASH\s0(\s-1HASH\s0(data)) and so on. -.PP -The initial bytes are used for the key and the subsequent bytes for -the \s-1IV\s0. +The function \fIEVP_PKEY_decrypt()\fR can be called more than once on the same +context if several operations are performed using the same parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_BytesToKey()\fR returns the size of the derived key in bytes. +\&\fIEVP_PKEY_decrypt_init()\fR and \fIEVP_PKEY_decrypt()\fR return 1 for success and 0 +or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLE" +.IX Header "EXAMPLE" +Decrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys): +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& unsigned char *out, *in; +\& size_t outlen, inlen; +\& EVP_PKEY *key; +\& /* NB: assumes key in, inlen are already set up +\& * and that key is an RSA private key +\& */ +\& ctx = EVP_PKEY_CTX_new(key); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_decrypt_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0) +\& /* Error */ +\& +\& out = OPENSSL_malloc(outlen); +\& +\& if (!out) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0) +\& /* Error */ +\& +\& /* Decrypted data is outlen bytes written to buffer out */ +.Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(3), \fIrand\fR\|(3), -\&\fIEVP_EncryptInit\fR\|(3) +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +\&\fIEVP_PKEY_verifyrecover\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" +These functions were first added to OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/EVP_BytesToKey.3 b/secure/lib/libcrypto/man/EVP_PKEY_derive.3 similarity index 57% copy from secure/lib/libcrypto/man/EVP_BytesToKey.3 copy to secure/lib/libcrypto/man/EVP_PKEY_derive.3 index e345c20e85..42fa6e9afd 100644 --- a/secure/lib/libcrypto/man/EVP_BytesToKey.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_derive.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,69 +123,94 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_BytesToKey 3" -.TH EVP_BytesToKey 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "EVP_PKEY_derive 3" +.TH EVP_PKEY_derive 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_BytesToKey \- password based encryption routine +EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive \- derive public key algorithm shared secret. .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& -\& int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md, -\& const unsigned char *salt, -\& const unsigned char *data, int datal, int count, -\& unsigned char *key,unsigned char *iv); +\& int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); +\& int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIEVP_BytesToKey()\fR derives a key and \s-1IV\s0 from various parameters. \fBtype\fR is -the cipher to derive the key and \s-1IV\s0 for. \fBmd\fR is the message digest to use. -The \fBsalt\fR paramter is used as a salt in the derivation: it should point to -an 8 byte buffer or \s-1NULL\s0 if no salt is used. \fBdata\fR is a buffer containing -\&\fBdatal\fR bytes which is used to derive the keying data. \fBcount\fR is the -iteration count to use. The derived key and \s-1IV\s0 will be written to \fBkey\fR -and \fBiv\fR respectively. -.SH "NOTES" -.IX Header "NOTES" -A typical application of this function is to derive keying material for an -encryption algorithm from a password in the \fBdata\fR parameter. -.PP -Increasing the \fBcount\fR parameter slows down the algorithm which makes it -harder for an attacker to peform a brute force attack using a large number -of candidate passwords. +The \fIEVP_PKEY_derive_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for shared secret derivation. .PP -If the total key and \s-1IV\s0 length is less than the digest length and -\&\fB\s-1MD5\s0\fR is used then the derivation algorithm is compatible with PKCS#5 v1.5 -otherwise a non standard extension is used to derive the extra data. +The \fIEVP_PKEY_derive_set_peer()\fR function sets the peer key: this will normally +be a public key. .PP -Newer applications should use more standard algorithms such as PKCS#5 -v2.0 for key derivation. -.SH "KEY DERIVATION ALGORITHM" -.IX Header "KEY DERIVATION ALGORITHM" -The key and \s-1IV\s0 is derived by concatenating D_1, D_2, etc until -enough data is available for the key and \s-1IV\s0. D_i is defined as: -.PP -.Vb 1 -\& D_i = HASH^count(D_(i\-1) || data || salt) -.Ve -.PP -where || denotes concatentaion, D_0 is empty, \s-1HASH\s0 is the digest -algorithm in use, HASH^1(data) is simply \s-1HASH\s0(data), HASH^2(data) -is \s-1HASH\s0(\s-1HASH\s0(data)) and so on. +The \fIEVP_PKEY_derive()\fR derives a shared secret using \fBctx\fR. +If \fBkey\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to +the \fBkeylen\fR parameter. If \fBkey\fR is not \fB\s-1NULL\s0\fR then before the call the +\&\fBkeylen\fR parameter should contain the length of the \fBkey\fR buffer, if the call +is successful the shared secret is written to \fBkey\fR and the amount of data +written to \fBkeylen\fR. +.SH "NOTES" +.IX Header "NOTES" +After the call to \fIEVP_PKEY_derive_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. .PP -The initial bytes are used for the key and the subsequent bytes for -the \s-1IV\s0. +The function \fIEVP_PKEY_derive()\fR can be called more than once on the same +context if several operations are performed using the same parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_BytesToKey()\fR returns the size of the derived key in bytes. +\&\fIEVP_PKEY_derive_init()\fR and \fIEVP_PKEY_derive()\fR return 1 for success and 0 +or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLE" +.IX Header "EXAMPLE" +Derive shared secret (for example \s-1DH\s0 or \s-1EC\s0 keys): +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& unsigned char *skey; +\& size_t skeylen; +\& EVP_PKEY *pkey, *peerkey; +\& /* NB: assumes pkey, peerkey have been already set up */ +\& +\& ctx = EVP_PKEY_CTX_new(pkey); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_derive_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0) +\& /* Error */ +\& +\& skey = OPENSSL_malloc(skeylen); +\& +\& if (!skey) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0) +\& /* Error */ +\& +\& /* Shared secret is skey bytes written to buffer skey */ +.Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(3), \fIrand\fR\|(3), -\&\fIEVP_EncryptInit\fR\|(3) +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), +\&\fIEVP_PKEY_decrypt\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +\&\fIEVP_PKEY_verifyrecover\fR\|(3), .SH "HISTORY" .IX Header "HISTORY" +These functions were first added to OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 similarity index 57% copy from secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 copy to secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 index 7e53f71185..ae5cd0a3ea 100644 --- a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,66 +123,94 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "OpenSSL_add_all_algorithms 3" -.TH OpenSSL_add_all_algorithms 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "EVP_PKEY_encrypt 3" +.TH EVP_PKEY_encrypt 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests \- -add algorithms to internal table +EVP_PKEY_encrypt_init, EVP_PKEY_encrypt \- encrypt using a public key algorithm .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& -\& void OpenSSL_add_all_algorithms(void); -\& void OpenSSL_add_all_ciphers(void); -\& void OpenSSL_add_all_digests(void); -\& -\& void EVP_cleanup(void); +\& int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, +\& unsigned char *out, size_t *outlen, +\& const unsigned char *in, size_t inlen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -OpenSSL keeps an internal table of digest algorithms and ciphers. It uses -this table to lookup ciphers via functions such as \fIEVP_get_cipher_byname()\fR. -.PP -\&\fIOpenSSL_add_all_digests()\fR adds all digest algorithms to the table. +The \fIEVP_PKEY_encrypt_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for an encryption operation. .PP -\&\fIOpenSSL_add_all_algorithms()\fR adds all algorithms to the table (digests and -ciphers). -.PP -\&\fIOpenSSL_add_all_ciphers()\fR adds all encryption algorithms to the table including -password based encryption algorithms. -.PP -\&\fIEVP_cleanup()\fR removes all ciphers and digests from the table. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -None of the functions return a value. +The \fIEVP_PKEY_encrypt()\fR function performs a public key encryption operation +using \fBctx\fR. The data to be encrypted is specified using the \fBin\fR and +\&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output +buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fB\s-1NULL\s0\fR then +before the call the \fBoutlen\fR parameter should contain the length of the +\&\fBout\fR buffer, if the call is successful the encrypted data is written to +\&\fBout\fR and the amount of data written to \fBoutlen\fR. .SH "NOTES" .IX Header "NOTES" -A typical application will call \fIOpenSSL_add_all_algorithms()\fR initially and -\&\fIEVP_cleanup()\fR before exiting. -.PP -An application does not need to add algorithms to use them explicitly, for example -by \fIEVP_sha1()\fR. It just needs to add them if it (or any of the functions it calls) -needs to lookup algorithms. +After the call to \fIEVP_PKEY_encrypt_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. .PP -The cipher and digest lookup functions are used in many parts of the library. If -the table is not initialized several functions will misbehave and complain they -cannot find algorithms. This includes the \s-1PEM\s0, PKCS#12, \s-1SSL\s0 and S/MIME libraries. -This is a common query in the OpenSSL mailing lists. +The function \fIEVP_PKEY_encrypt()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_encrypt_init()\fR and \fIEVP_PKEY_encrypt()\fR return 1 for success and 0 +or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLE" +.IX Header "EXAMPLE" +Encrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys): .PP -Calling \fIOpenSSL_add_all_algorithms()\fR links in all algorithms: as a result a -statically linked executable can be quite large. If this is important it is possible -to just add the required ciphers and digests. -.SH "BUGS" -.IX Header "BUGS" -Although the functions do not return error codes it is possible for them to fail. -This will only happen as a result of a memory allocation failure so this is not -too much of a problem in practice. +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& unsigned char *out, *in; +\& size_t outlen, inlen; +\& EVP_PKEY *key; +\& /* NB: assumes key in, inlen are already set up +\& * and that key is an RSA public key +\& */ +\& ctx = EVP_PKEY_CTX_new(key); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_encrypt_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0) +\& /* Error */ +\& +\& out = OPENSSL_malloc(outlen); +\& +\& if (!out) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0) +\& /* Error */ +\& +\& /* Encrypted data is outlen bytes written to buffer out */ +.Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(3), \fIEVP_DigestInit\fR\|(3), -\&\fIEVP_EncryptInit\fR\|(3) +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_decrypt\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +\&\fIEVP_PKEY_verifyrecover\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were first added to OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 similarity index 76% copy from secure/lib/libcrypto/man/EVP_PKEY_new.3 copy to secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 index 32afc42fe4..762c8a0ca3 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_new.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,46 +123,41 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_new 3" -.TH EVP_PKEY_new 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "EVP_PKEY_get_default_digest 3" +.TH EVP_PKEY_get_default_digest 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_new, EVP_PKEY_free \- private key allocation functions. +EVP_PKEY_get_default_digest_nid \- get default signature digest .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 1 +.Vb 2 \& #include -\& -\& EVP_PKEY *EVP_PKEY_new(void); -\& void EVP_PKEY_free(EVP_PKEY *key); +\& int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIEVP_PKEY_new()\fR function allocates an empty \fB\s-1EVP_PKEY\s0\fR -structure which is used by OpenSSL to store private keys. -.PP -\&\fIEVP_PKEY_free()\fR frees up the private key \fBkey\fR. +The \fIEVP_PKEY_get_default_digest_nid()\fR function sets \fBpnid\fR to the default +message digest \s-1NID\s0 for the public key signature operations associated with key +\&\fBpkey\fR. .SH "NOTES" .IX Header "NOTES" -The \fB\s-1EVP_PKEY\s0\fR structure is used by various OpenSSL functions -which require a general private key without reference to any -particular algorithm. -.PP -The structure returned by \fIEVP_PKEY_new()\fR is empty. To add a -private key to this empty structure the functions described in -\&\fIEVP_PKEY_set1_RSA\fR\|(3) should be used. +For all current standard OpenSSL public key algorithms \s-1SHA1\s0 is returned. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_new()\fR returns either the newly allocated \fB\s-1EVP_PKEY\s0\fR -structure of \fB\s-1NULL\s0\fR if an error occurred. -.PP -\&\fIEVP_PKEY_free()\fR does not return a value. +The \fIEVP_PKEY_get_default_digest_nid()\fR function returns 1 if the message digest +is advisory (that is other digests can be used) and 2 if it is mandatory (other +digests can not be used). It returns 0 or a negative value for failure. In +particular a return value of \-2 indicates the operation is not supported by the +public key algorithm. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_set1_RSA\fR\|(3) +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +\&\fIEVP_PKEY_verifyrecover\fR\|(3), .SH "HISTORY" .IX Header "HISTORY" -\&\s-1TBA\s0 +This function was first added to OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 new file mode 100644 index 0000000000..ba0c0097ee --- /dev/null +++ b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 @@ -0,0 +1,288 @@ +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_keygen 3" +.TH EVP_PKEY_keygen 3 "2010-06-01" "1.0.0a" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, EVP_PKEY_CTX_get_keygen_info, EVP_PKEVP_PKEY_CTX_set_app_data, EVP_PKEY_CTX_get_app_data \- key and parameter generation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +\& int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +\& +\& typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); +\& +\& void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); +\& EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); +\& +\& int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); +\& +\& void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); +\& void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIEVP_PKEY_keygen_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for a key genration operation. +.PP +The \fIEVP_PKEY_keygen()\fR function performs a key generation operation, the +generated key is written to \fBppkey\fR. +.PP +The functions \fIEVP_PKEY_paramgen_init()\fR and \fIEVP_PKEY_paramgen()\fR are similar +except parameters are generated. +.PP +The function \fIEVP_PKEY_set_cb()\fR sets the key or parameter generation callback +to \fBcb\fR. The function \fIEVP_PKEY_CTX_get_cb()\fR returns the key or parameter +generation callback. +.PP +The function \fIEVP_PKEY_CTX_get_keygen_info()\fR returns parameters associated +with the generation operation. If \fBidx\fR is \-1 the total number of +parameters available is returned. Any non negative value returns the value of +that parameter. \fIEVP_PKEY_CTX_gen_keygen_info()\fR with a non-negative value for +\&\fBidx\fR should only be called within the generation callback. +.PP +If the callback returns 0 then the key genration operation is aborted and an +error occurs. This might occur during a time consuming operation where +a user clicks on a \*(L"cancel\*(R" button. +.PP +The functions \fIEVP_PKEY_CTX_set_app_data()\fR and \fIEVP_PKEY_CTX_get_app_data()\fR set +and retrieve an opaque pointer. This can be used to set some application +defined value which can be retrieved in the callback: for example a handle +which is used to update a \*(L"progress dialog\*(R". +.SH "NOTES" +.IX Header "NOTES" +After the call to \fIEVP_PKEY_keygen_init()\fR or \fIEVP_PKEY_paramgen_init()\fR algorithm +specific control operations can be performed to set any appropriate parameters +for the operation. +.PP +The functions \fIEVP_PKEY_keygen()\fR and \fIEVP_PKEY_paramgen()\fR can be called more than +once on the same context if several operations are performed using the same +parameters. +.PP +The meaning of the parameters passed to the callback will depend on the +algorithm and the specifiic implementation of the algorithm. Some might not +give any useful information at all during key or parameter generation. Others +might not even call the callback. +.PP +The operation performed by key or parameter generation depends on the algorithm +used. In some cases (e.g. \s-1EC\s0 with a supplied named curve) the \*(L"generation\*(R" +option merely sets the appropriate fields in an \s-1EVP_PKEY\s0 structure. +.PP +In OpenSSL an \s-1EVP_PKEY\s0 structure containing a private key also contains the +public key components and parameters (if any). An OpenSSL private key is +equivalent to what some libraries call a \*(L"key pair\*(R". A private key can be used +in functions which require the use of a public key or parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_keygen_init()\fR, \fIEVP_PKEY_paramgen_init()\fR, \fIEVP_PKEY_keygen()\fR and +\&\fIEVP_PKEY_paramgen()\fR return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Generate a 2048 bit \s-1RSA\s0 key: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& EVP_PKEY *pkey = NULL; +\& ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_keygen_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) +\& /* Error */ +\& +\& /* Generate key */ +\& if (EVP_PKEY_keygen(ctx, &pkey) <= 0) +\& /* Error */ +.Ve +.PP +Generate a key from a set of parameters: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& EVP_PKEY *pkey = NULL, *param; +\& /* Assumed param is set up already */ +\& ctx = EVP_PKEY_CTX_new(param); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_keygen_init(ctx) <= 0) +\& /* Error */ +\& +\& /* Generate key */ +\& if (EVP_PKEY_keygen(ctx, &pkey) <= 0) +\& /* Error */ +.Ve +.PP +Example of generation callback for OpenSSL public key implementations: +.PP +.Vb 1 +\& /* Application data is a BIO to output status to */ +\& +\& EVP_PKEY_CTX_set_app_data(ctx, status_bio); +\& +\& static int genpkey_cb(EVP_PKEY_CTX *ctx) +\& { +\& char c=\*(Aq*\*(Aq; +\& BIO *b = EVP_PKEY_CTX_get_app_data(ctx); +\& int p; +\& p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); +\& if (p == 0) c=\*(Aq.\*(Aq; +\& if (p == 1) c=\*(Aq+\*(Aq; +\& if (p == 2) c=\*(Aq*\*(Aq; +\& if (p == 3) c=\*(Aq\en\*(Aq; +\& BIO_write(b,&c,1); +\& (void)BIO_flush(b); +\& return 1; +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), +\&\fIEVP_PKEY_decrypt\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +\&\fIEVP_PKEY_verifyrecover\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were first added to OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_new.3 index 32afc42fe4..1d6b2cf42f 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_new.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_new.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_new 3" -.TH EVP_PKEY_new 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH EVP_PKEY_new 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 similarity index 67% copy from secure/lib/libcrypto/man/EVP_PKEY_new.3 copy to secure/lib/libcrypto/man/EVP_PKEY_print_private.3 index 32afc42fe4..ba3ad5f2f2 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_new.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,46 +123,53 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_new 3" -.TH EVP_PKEY_new 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "EVP_PKEY_print_private 3" +.TH EVP_PKEY_print_private 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_new, EVP_PKEY_free \- private key allocation functions. +EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params \- public key algorithm printing routines. .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& -\& EVP_PKEY *EVP_PKEY_new(void); -\& void EVP_PKEY_free(EVP_PKEY *key); +\& int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, +\& int indent, ASN1_PCTX *pctx); +\& int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, +\& int indent, ASN1_PCTX *pctx); +\& int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, +\& int indent, ASN1_PCTX *pctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIEVP_PKEY_new()\fR function allocates an empty \fB\s-1EVP_PKEY\s0\fR -structure which is used by OpenSSL to store private keys. +The functions \fIEVP_PKEY_print_public()\fR, \fIEVP_PKEY_print_private()\fR and +\&\fIEVP_PKEY_print_params()\fR print out the public, private or parameter components +of key \fBpkey\fR respectively. The key is sent to \s-1BIO\s0 \fBout\fR in human readable +form. The parameter \fBindent\fR indicated how far the printout should be indented. .PP -\&\fIEVP_PKEY_free()\fR frees up the private key \fBkey\fR. +The \fBpctx\fR parameter allows the print output to be finely tuned by using +\&\s-1ASN1\s0 printing options. If \fBpctx\fR is set to \s-1NULL\s0 then default values will +be used. .SH "NOTES" .IX Header "NOTES" -The \fB\s-1EVP_PKEY\s0\fR structure is used by various OpenSSL functions -which require a general private key without reference to any -particular algorithm. +Currently no public key algorithms include any options in the \fBpctx\fR parameter +parameter. .PP -The structure returned by \fIEVP_PKEY_new()\fR is empty. To add a -private key to this empty structure the functions described in -\&\fIEVP_PKEY_set1_RSA\fR\|(3) should be used. +If the key does not include all the components indicated by the function then +only those contained in the key will be printed. For example passing a public +key to \fIEVP_PKEY_print_private()\fR will only print the public components. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_new()\fR returns either the newly allocated \fB\s-1EVP_PKEY\s0\fR -structure of \fB\s-1NULL\s0\fR if an error occurred. -.PP -\&\fIEVP_PKEY_free()\fR does not return a value. +These functions all return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_set1_RSA\fR\|(3) +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_keygen\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\s-1TBA\s0 +These functions were first added to OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 index da7521cf03..8588477efd 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_set1_RSA 3" -.TH EVP_PKEY_set1_RSA 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH EVP_PKEY_set1_RSA 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_do_sign.3 b/secure/lib/libcrypto/man/EVP_PKEY_sign.3 similarity index 56% copy from secure/lib/libcrypto/man/DSA_do_sign.3 copy to secure/lib/libcrypto/man/EVP_PKEY_sign.3 index 51870da173..c8b47a978c 100644 --- a/secure/lib/libcrypto/man/DSA_do_sign.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_sign.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,48 +123,96 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DSA_do_sign 3" -.TH DSA_do_sign 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "EVP_PKEY_sign 3" +.TH EVP_PKEY_sign 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -DSA_do_sign, DSA_do_verify \- raw DSA signature operations +EVP_PKEY_sign_init, EVP_PKEY_sign \- sign using a public key algorithm .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& #include +\& #include \& -\& DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); -\& -\& int DSA_do_verify(const unsigned char *dgst, int dgst_len, -\& DSA_SIG *sig, DSA *dsa); +\& int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, +\& unsigned char *sig, size_t *siglen, +\& const unsigned char *tbs, size_t tbslen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDSA_do_sign()\fR computes a digital signature on the \fBlen\fR byte message -digest \fBdgst\fR using the private key \fBdsa\fR and returns it in a -newly allocated \fB\s-1DSA_SIG\s0\fR structure. +The \fIEVP_PKEY_sign_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for a signing operation. .PP -\&\fIDSA_sign_setup\fR\|(3) may be used to precompute part -of the signing operation in case signature generation is -time-critical. +The \fIEVP_PKEY_sign()\fR function performs a public key signing operation +using \fBctx\fR. The data to be signed is specified using the \fBtbs\fR and +\&\fBtbslen\fR parameters. If \fBsig\fR is \fB\s-1NULL\s0\fR then the maximum size of the output +buffer is written to the \fBsiglen\fR parameter. If \fBsig\fR is not \fB\s-1NULL\s0\fR then +before the call the \fBsiglen\fR parameter should contain the length of the +\&\fBsig\fR buffer, if the call is successful the signature is written to +\&\fBsig\fR and the amount of data written to \fBsiglen\fR. +.SH "NOTES" +.IX Header "NOTES" +After the call to \fIEVP_PKEY_sign_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. .PP -\&\fIDSA_do_verify()\fR verifies that the signature \fBsig\fR matches a given -message digest \fBdgst\fR of size \fBlen\fR. \fBdsa\fR is the signer's public -key. +The function \fIEVP_PKEY_sign()\fR can be called more than once on the same +context if several operations are performed using the same parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIDSA_do_sign()\fR returns the signature, \s-1NULL\s0 on error. \fIDSA_do_verify()\fR -returns 1 for a valid signature, 0 for an incorrect signature and \-1 -on error. The error codes can be obtained by -\&\fIERR_get_error\fR\|(3). +\&\fIEVP_PKEY_sign_init()\fR and \fIEVP_PKEY_sign()\fR return 1 for success and 0 +or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLE" +.IX Header "EXAMPLE" +Sign data using \s-1RSA\s0 with PKCS#1 padding and \s-1SHA256\s0 digest: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& unsigned char *md, *sig; +\& size_t mdlen, siglen; +\& EVP_PKEY *signing_key; +\& /* NB: assumes signing_key, md and mdlen are already set up +\& * and that signing_key is an RSA private key +\& */ +\& ctx = EVP_PKEY_CTX_new(signing_key); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_sign_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0) +\& /* Error */ +\& +\& sig = OPENSSL_malloc(siglen); +\& +\& if (!sig) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0) +\& /* Error */ +\& +\& /* Signature is siglen bytes written to buffer sig */ +.Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3), -\&\fIDSA_SIG_new\fR\|(3), -\&\fIDSA_sign\fR\|(3) +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), +\&\fIEVP_PKEY_decrypt\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +\&\fIEVP_PKEY_verifyrecover\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIDSA_do_sign()\fR and \fIDSA_do_verify()\fR were added in OpenSSL 0.9.3. +These functions were first added to OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/EVP_OpenInit.3 b/secure/lib/libcrypto/man/EVP_PKEY_verify.3 similarity index 57% copy from secure/lib/libcrypto/man/EVP_OpenInit.3 copy to secure/lib/libcrypto/man/EVP_PKEY_verify.3 index 61e71b49c0..106819f29c 100644 --- a/secure/lib/libcrypto/man/EVP_OpenInit.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_verify.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,64 +123,92 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_OpenInit 3" -.TH EVP_OpenInit 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "EVP_PKEY_verify 3" +.TH EVP_PKEY_verify 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal \- EVP envelope decryption +EVP_PKEY_verify_init, EVP_PKEY_verify \- signature verification using a public key algorithm .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& -\& int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek, -\& int ekl,unsigned char *iv,EVP_PKEY *priv); -\& int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, -\& int *outl, unsigned char *in, int inl); -\& int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, -\& int *outl); +\& int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, size_t siglen, +\& const unsigned char *tbs, size_t tbslen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \s-1EVP\s0 envelope routines are a high level interface to envelope -decryption. They decrypt a public key encrypted symmetric key and -then decrypt data using it. +The \fIEVP_PKEY_verify_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for a signature verification operation. .PP -\&\fIEVP_OpenInit()\fR initializes a cipher context \fBctx\fR for decryption -with cipher \fBtype\fR. It decrypts the encrypted symmetric key of length -\&\fBekl\fR bytes passed in the \fBek\fR parameter using the private key \fBpriv\fR. -The \s-1IV\s0 is supplied in the \fBiv\fR parameter. -.PP -\&\fIEVP_OpenUpdate()\fR and \fIEVP_OpenFinal()\fR have exactly the same properties -as the \fIEVP_DecryptUpdate()\fR and \fIEVP_DecryptFinal()\fR routines, as -documented on the \fIEVP_EncryptInit\fR\|(3) manual -page. +The \fIEVP_PKEY_verify()\fR function performs a public key verification operation +using \fBctx\fR. The signature is specified using the \fBsig\fR and +\&\fBsiglen\fR parameters. The verified data (i.e. the data believed originally +signed) is specified using the \fBtbs\fR and \fBtbslen\fR parameters. .SH "NOTES" .IX Header "NOTES" -It is possible to call \fIEVP_OpenInit()\fR twice in the same way as -\&\fIEVP_DecryptInit()\fR. The first call should have \fBpriv\fR set to \s-1NULL\s0 -and (after setting any cipher parameters) it should be called again -with \fBtype\fR set to \s-1NULL\s0. +After the call to \fIEVP_PKEY_verify_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. .PP -If the cipher passed in the \fBtype\fR parameter is a variable length -cipher then the key length will be set to the value of the recovered -key length. If the cipher is a fixed length cipher then the recovered -key length must match the fixed cipher length. +The function \fIEVP_PKEY_verify()\fR can be called more than once on the same +context if several operations are performed using the same parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_OpenInit()\fR returns 0 on error or a non zero integer (actually the -recovered secret key size) if successful. +\&\fIEVP_PKEY_verify_init()\fR and \fIEVP_PKEY_verify()\fR return 1 if the verification was +successful and 0 if it failed. Unlike other functions the return value 0 from +\&\fIEVP_PKEY_verify()\fR only indicates that the signature did not not verify +successfully (that is tbs did not match the original data or the signature was +of invalid form) it is not an indication of a more serious error. .PP -\&\fIEVP_OpenUpdate()\fR returns 1 for success or 0 for failure. +A negative value indicates an error other that signature verification failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "EXAMPLE" +.IX Header "EXAMPLE" +Verify signature using PKCS#1 and \s-1SHA256\s0 digest: .PP -\&\fIEVP_OpenFinal()\fR returns 0 if the decrypt failed or 1 for success. +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& unsigned char *md, *sig; +\& size_t mdlen, siglen; +\& EVP_PKEY *verify_key; +\& /* NB: assumes verify_key, sig, siglen md and mdlen are already set up +\& * and that verify_key is an RSA public key +\& */ +\& ctx = EVP_PKEY_CTX_new(verify_key); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_verify_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) +\& /* Error */ +\& +\& /* Perform operation */ +\& ret = EVP_PKEY_verify(ctx, md, mdlen, sig, siglen); +\& +\& /* ret == 1 indicates success, 0 verify failure and < 0 for some +\& * other error. +\& */ +.Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(3), \fIrand\fR\|(3), -\&\fIEVP_EncryptInit\fR\|(3), -\&\fIEVP_SealInit\fR\|(3) +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), +\&\fIEVP_PKEY_decrypt\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verifyrecover\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" +These functions were first added to OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/BN_num_bytes.3 b/secure/lib/libcrypto/man/EVP_PKEY_verifyrecover.3 similarity index 52% copy from secure/lib/libcrypto/man/BN_num_bytes.3 copy to secure/lib/libcrypto/man/EVP_PKEY_verifyrecover.3 index fd809a5b29..a4a0368113 100644 --- a/secure/lib/libcrypto/man/BN_num_bytes.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_verifyrecover.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,57 +123,104 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BN_num_bytes 3" -.TH BN_num_bytes 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "EVP_PKEY_verifyrecover 3" +.TH EVP_PKEY_verifyrecover 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BN_num_bits, BN_num_bytes, BN_num_bits_word \- get BIGNUM size +EVP_PKEY_verifyrecover_init, EVP_PKEY_verifyrecover \- recover signature using a public key algorithm .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& #include -\& -\& int BN_num_bytes(const BIGNUM *a); -\& -\& int BN_num_bits(const BIGNUM *a); +\& #include \& -\& int BN_num_bits_word(BN_ULONG w); +\& int EVP_PKEY_verifyrecover_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_verifyrecover(EVP_PKEY_CTX *ctx, +\& unsigned char *rout, size_t *routlen, +\& const unsigned char *sig, size_t siglen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_num_bytes()\fR returns the size of a \fB\s-1BIGNUM\s0\fR in bytes. +The \fIEVP_PKEY_verifyrecover_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for a verify recover operation. .PP -\&\fIBN_num_bits_word()\fR returns the number of significant bits in a word. -If we take 0x00000432 as an example, it returns 11, not 16, not 32. -Basically, except for a zero, it returns \fIfloor(log2(w))+1\fR. +The \fIEVP_PKEY_verifyrecover()\fR function recovers signed data +using \fBctx\fR. The signature is specified using the \fBsig\fR and +\&\fBsiglen\fR parameters. If \fBrout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output +buffer is written to the \fBroutlen\fR parameter. If \fBrout\fR is not \fB\s-1NULL\s0\fR then +before the call the \fBroutlen\fR parameter should contain the length of the +\&\fBrout\fR buffer, if the call is successful recovered data is written to +\&\fBrout\fR and the amount of data written to \fBroutlen\fR. +.SH "NOTES" +.IX Header "NOTES" +Normally an application is only interested in whether a signature verification +operation is successful in those cases the \fIEVP_verify()\fR function should be +used. .PP -\&\fIBN_num_bits()\fR returns the number of significant bits in a \fB\s-1BIGNUM\s0\fR, -following the same principle as \fIBN_num_bits_word()\fR. +Sometimes however it is useful to obtain the data originally signed using a +signing operation. Only certain public key algorithms can recover a signature +in this way (for example \s-1RSA\s0 in \s-1PKCS\s0 padding mode). .PP -\&\fIBN_num_bytes()\fR is a macro. +After the call to \fIEVP_PKEY_verifyrecover_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. +.PP +The function \fIEVP_PKEY_verifyrecover()\fR can be called more than once on the same +context if several operations are performed using the same parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The size. -.SH "NOTES" -.IX Header "NOTES" -Some have tried using \fIBN_num_bits()\fR on individual numbers in \s-1RSA\s0 keys, -\&\s-1DH\s0 keys and \s-1DSA\s0 keys, and found that they don't always come up with -the number of bits they expected (something like 512, 1024, 2048, -\&...). This is because generating a number with some specific number -of bits doesn't always set the highest bits, thereby making the number -of \fIsignificant\fR bits a little lower. If you want to know the \*(L"key -size\*(R" of such a key, either use functions like \fIRSA_size()\fR, \fIDH_size()\fR -and \fIDSA_size()\fR, or use \fIBN_num_bytes()\fR and multiply with 8 (although -there's no real guarantee that will match the \*(L"key size\*(R", just a lot -more probability). +\&\fIEVP_PKEY_verifyrecover_init()\fR and \fIEVP_PKEY_verifyrecover()\fR return 1 for success +and 0 or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLE" +.IX Header "EXAMPLE" +Recover digest originally signed using PKCS#1 and \s-1SHA256\s0 digest: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& unsigned char *rout, *sig; +\& size_t routlen, siglen; +\& EVP_PKEY *verify_key; +\& /* NB: assumes verify_key, sig and siglen are already set up +\& * and that verify_key is an RSA public key +\& */ +\& ctx = EVP_PKEY_CTX_new(verify_key); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_verifyrecover_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_verifyrecover(ctx, rout, &routlen, sig, siglen) <= 0) +\& /* Error */ +\& +\& rout = OPENSSL_malloc(routlen); +\& +\& if (!rout) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_verifyrecover(ctx, rout, &routlen, sig, siglen) <= 0) +\& /* Error */ +\& +\& /* Recovered data is routlen bytes written to buffer rout */ +.Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIbn\fR\|(3), \fIDH_size\fR\|(3), \fIDSA_size\fR\|(3), -\&\fIRSA_size\fR\|(3) +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), +\&\fIEVP_PKEY_decrypt\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIBN_num_bytes()\fR, \fIBN_num_bits()\fR and \fIBN_num_bits_word()\fR are available in -all versions of SSLeay and OpenSSL. +These functions were first added to OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/EVP_SealInit.3 b/secure/lib/libcrypto/man/EVP_SealInit.3 index 9e097da535..23c6cbc67d 100644 --- a/secure/lib/libcrypto/man/EVP_SealInit.3 +++ b/secure/lib/libcrypto/man/EVP_SealInit.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SealInit 3" -.TH EVP_SealInit 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH EVP_SealInit 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_SignInit.3 b/secure/lib/libcrypto/man/EVP_SignInit.3 index 0dcf738376..628f653420 100644 --- a/secure/lib/libcrypto/man/EVP_SignInit.3 +++ b/secure/lib/libcrypto/man/EVP_SignInit.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SignInit 3" -.TH EVP_SignInit 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH EVP_SignInit 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -209,6 +201,15 @@ will occur. .IX Header "BUGS" Older versions of this documentation wrongly stated that calls to \&\fIEVP_SignUpdate()\fR could not be made after calling \fIEVP_SignFinal()\fR. +.PP +Since the private key is passed in the call to \fIEVP_SignFinal()\fR any error +relating to the private key (for example an unsuitable key and digest +combination) will not be indicated until after potentially large amounts of +data have been passed through \fIEVP_SignUpdate()\fR. +.PP +It is not possible to change the signing parameters using these function. +.PP +The previous two bugs are fixed in the newer EVP_SignDigest*() function. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIEVP_VerifyInit\fR\|(3), diff --git a/secure/lib/libcrypto/man/EVP_VerifyInit.3 b/secure/lib/libcrypto/man/EVP_VerifyInit.3 index bb042498c6..221a47d11f 100644 --- a/secure/lib/libcrypto/man/EVP_VerifyInit.3 +++ b/secure/lib/libcrypto/man/EVP_VerifyInit.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_VerifyInit 3" -.TH EVP_VerifyInit 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH EVP_VerifyInit 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -199,6 +191,15 @@ will occur. .IX Header "BUGS" Older versions of this documentation wrongly stated that calls to \&\fIEVP_VerifyUpdate()\fR could not be made after calling \fIEVP_VerifyFinal()\fR. +.PP +Since the public key is passed in the call to \fIEVP_SignFinal()\fR any error +relating to the private key (for example an unsuitable key and digest +combination) will not be indicated until after potentially large amounts of +data have been passed through \fIEVP_SignUpdate()\fR. +.PP +It is not possible to change the signing parameters using these function. +.PP +The previous two bugs are fixed in the newer EVP_VerifyDigest*() function. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIevp\fR\|(3), diff --git a/secure/lib/libcrypto/man/OBJ_nid2obj.3 b/secure/lib/libcrypto/man/OBJ_nid2obj.3 index e76c3c8373..e1b098fccc 100644 --- a/secure/lib/libcrypto/man/OBJ_nid2obj.3 +++ b/secure/lib/libcrypto/man/OBJ_nid2obj.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OBJ_nid2obj 3" -.TH OBJ_nid2obj 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH OBJ_nid2obj 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -143,7 +135,9 @@ OBJ_cmp, OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup \- ASN1 obje functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 3 +.Vb 1 +\& #include +\& \& ASN1_OBJECT * OBJ_nid2obj(int n); \& const char * OBJ_nid2ln(int n); \& const char * OBJ_nid2sn(int n); diff --git a/secure/lib/libcrypto/man/OPENSSL_Applink.3 b/secure/lib/libcrypto/man/OPENSSL_Applink.3 index b485998d64..90cf75326a 100644 --- a/secure/lib/libcrypto/man/OPENSSL_Applink.3 +++ b/secure/lib/libcrypto/man/OPENSSL_Applink.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_Applink 3" -.TH OPENSSL_Applink 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH OPENSSL_Applink 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 index 6ba9916362..2dcfafc02f 100644 --- a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 +++ b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_VERSION_NUMBER 3" -.TH OPENSSL_VERSION_NUMBER 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH OPENSSL_VERSION_NUMBER 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_config.3 b/secure/lib/libcrypto/man/OPENSSL_config.3 index 4990fc3c8c..37d263227d 100644 --- a/secure/lib/libcrypto/man/OPENSSL_config.3 +++ b/secure/lib/libcrypto/man/OPENSSL_config.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_config 3" -.TH OPENSSL_config 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH OPENSSL_config 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 index c91f6dc348..61843a48f2 100644 --- a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 +++ b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_ia32cap 3" -.TH OPENSSL_ia32cap 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH OPENSSL_ia32cap 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 index 25dede21ae..8c364e42ce 100644 --- a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 +++ b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_load_builtin_modules 3" -.TH OPENSSL_load_builtin_modules 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH OPENSSL_load_builtin_modules 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 index 7e53f71185..fa6c301be2 100644 --- a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 +++ b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OpenSSL_add_all_algorithms 3" -.TH OpenSSL_add_all_algorithms 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH OpenSSL_add_all_algorithms 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_clear_error.3 b/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 similarity index 77% copy from secure/lib/libcrypto/man/ERR_clear_error.3 copy to secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 index 24e49d7ca6..f1c61c8f10 100644 --- a/secure/lib/libcrypto/man/ERR_clear_error.3 +++ b/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,30 +123,43 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ERR_clear_error 3" -.TH ERR_clear_error 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "PEM_write_bio_CMS_stream 3" +.TH PEM_write_bio_CMS_stream 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ERR_clear_error \- clear the error queue +.Vb 1 +\& PEM_write_bio_CMS_stream \- output CMS_ContentInfo structure in PEM format. +.Ve .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 1 -\& #include +.Vb 2 +\& #include +\& #include \& -\& void ERR_clear_error(void); +\& int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIERR_clear_error()\fR empties the current thread's error queue. +\&\fIPEM_write_bio_CMS_stream()\fR outputs a CMS_ContentInfo structure in \s-1PEM\s0 format. +.PP +It is otherwise identical to the function \fISMIME_write_CMS()\fR. +.SH "NOTES" +.IX Header "NOTES" +This function is effectively a version of the \fIPEM_write_bio_CMS()\fR supporting +streaming. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIERR_clear_error()\fR has no return value. +\&\fIPEM_write_bio_CMS_stream()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIerr\fR\|(3), \fIERR_get_error\fR\|(3) +\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), +\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3) +\&\fICMS_decrypt\fR\|(3), +\&\fISMIME_write_CMS\fR\|(3), +\&\fIi2d_CMS_bio_stream\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIERR_clear_error()\fR is available in all versions of SSLeay and OpenSSL. +\&\fIPEM_write_bio_CMS_stream()\fR was added to OpenSSL 1.0.0 diff --git a/secure/lib/libcrypto/man/X509_new.3 b/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 similarity index 78% copy from secure/lib/libcrypto/man/X509_new.3 copy to secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 index b0c200f9ec..8f92d2fc25 100644 --- a/secure/lib/libcrypto/man/X509_new.3 +++ b/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,38 +123,41 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_new 3" -.TH X509_new 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "PEM_write_bio_PKCS7_stream 3" +.TH PEM_write_bio_PKCS7_stream 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_new, X509_free \- X509 certificate ASN1 allocation functions +PEM_write_bio_PKCS7_stream \- output PKCS7 structure in PEM format. .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 2 -\& X509 *X509_new(void); -\& void X509_free(X509 *a); +\& #include +\& #include +\& +\& int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *data, int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The X509 \s-1ASN1\s0 allocation routines, allocate and free an -X509 structure, which represents an X509 certificate. +\&\fIPEM_write_bio_PKCS7_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1PEM\s0 format. .PP -\&\fIX509_new()\fR allocates and initializes a X509 structure. -.PP -\&\fIX509_free()\fR frees up the \fBX509\fR structure \fBa\fR. +It is otherwise identical to the function \fISMIME_write_PKCS7()\fR. +.SH "NOTES" +.IX Header "NOTES" +This function is effectively a version of the \fIPEM_write_bio_PKCS7()\fR supporting +streaming. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If the allocation fails, \fIX509_new()\fR returns \fB\s-1NULL\s0\fR and sets an error -code that can be obtained by \fIERR_get_error\fR\|(3). -Otherwise it returns a pointer to the newly allocated structure. -.PP -\&\fIX509_free()\fR returns no value. +\&\fIPEM_write_bio_PKCS7_stream()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fId2i_X509\fR\|(3) +\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3), +\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3) +\&\fIPKCS7_decrypt\fR\|(3), +\&\fISMIME_write_PKCS7\fR\|(3), +\&\fIi2d_PKCS7_bio_stream\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIX509_new()\fR and \fIX509_free()\fR are available in all versions of SSLeay and OpenSSL. +\&\fIPEM_write_bio_PKCS7_stream()\fR was added to OpenSSL 1.0.0 diff --git a/secure/lib/libcrypto/man/PKCS12_create.3 b/secure/lib/libcrypto/man/PKCS12_create.3 index 2f604a43df..834ce571f6 100644 --- a/secure/lib/libcrypto/man/PKCS12_create.3 +++ b/secure/lib/libcrypto/man/PKCS12_create.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12_create 3" -.TH PKCS12_create 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH PKCS12_create 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS12_parse.3 b/secure/lib/libcrypto/man/PKCS12_parse.3 index 1d4a60a9cf..a211e8af01 100644 --- a/secure/lib/libcrypto/man/PKCS12_parse.3 +++ b/secure/lib/libcrypto/man/PKCS12_parse.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12_parse 3" -.TH PKCS12_parse 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH PKCS12_parse 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,23 +147,29 @@ If successful the private key will be written to \fB*pkey\fR, the corresponding certificate to \fB*cert\fR and any additional certificates to \fB*ca\fR. .SH "NOTES" .IX Header "NOTES" -The parameters \fBpkey\fR and \fBcert\fR cannot be \fB\s-1NULL\s0\fR. \fBca\fR can be <\s-1NULL\s0> -in which case additional certificates will be discarded. \fB*ca\fR can also -be a valid \s-1STACK\s0 in which case additional certificates are appended to -\&\fB*ca\fR. If \fB*ca\fR is \fB\s-1NULL\s0\fR a new \s-1STACK\s0 will be allocated. +The parameters \fBpkey\fR and \fBcert\fR cannot be \fB\s-1NULL\s0\fR. \fBca\fR can be <\s-1NULL\s0> in +which case additional certificates will be discarded. \fB*ca\fR can also be a +valid \s-1STACK\s0 in which case additional certificates are appended to \fB*ca\fR. If +\&\fB*ca\fR is \fB\s-1NULL\s0\fR a new \s-1STACK\s0 will be allocated. +.PP +The \fBfriendlyName\fR and \fBlocalKeyID\fR attributes (if present) on each +certificate will be stored in the \fBalias\fR and \fBkeyid\fR attributes of the +\&\fBX509\fR structure. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS12_parse()\fR returns 1 for success and zero if an error occurred. .PP -The \fBfriendlyName\fR and \fBlocalKeyID\fR attributes (if present) on each certificate -will be stored in the \fBalias\fR and \fBkeyid\fR attributes of the \fBX509\fR structure. +The error can be obtained from \fIERR_get_error\fR\|(3) .SH "BUGS" .IX Header "BUGS" -Only a single private key and corresponding certificate is returned by this function. -More complex PKCS#12 files with multiple private keys will only return the first -match. +Only a single private key and corresponding certificate is returned by this +function. More complex PKCS#12 files with multiple private keys will only +return the first match. .PP -Only \fBfriendlyName\fR and \fBlocalKeyID\fR attributes are currently stored in certificates. -Other attributes are discarded. +Only \fBfriendlyName\fR and \fBlocalKeyID\fR attributes are currently stored in +certificates. Other attributes are discarded. .PP -Attributes currently cannot be store in the private key \fB\s-1EVP_PKEY\s0\fR structure. +Attributes currently cannot be stored in the private key \fB\s-1EVP_PKEY\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fId2i_PKCS12\fR\|(3) diff --git a/secure/lib/libcrypto/man/PKCS7_decrypt.3 b/secure/lib/libcrypto/man/PKCS7_decrypt.3 index 43527eec9a..021889fd32 100644 --- a/secure/lib/libcrypto/man/PKCS7_decrypt.3 +++ b/secure/lib/libcrypto/man/PKCS7_decrypt.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_decrypt 3" -.TH PKCS7_decrypt 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH PKCS7_decrypt 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -141,7 +133,11 @@ PKCS7_decrypt \- decrypt content from a PKCS#7 envelopedData structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" -int PKCS7_decrypt(\s-1PKCS7\s0 *p7, \s-1EVP_PKEY\s0 *pkey, X509 *cert, \s-1BIO\s0 *data, int flags); +.Vb 1 +\& #include +\& +\& int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fIPKCS7_decrypt()\fR extracts and decrypts the content from a PKCS#7 envelopedData diff --git a/secure/lib/libcrypto/man/PKCS7_encrypt.3 b/secure/lib/libcrypto/man/PKCS7_encrypt.3 index 1415fa57c3..961c299ace 100644 --- a/secure/lib/libcrypto/man/PKCS7_encrypt.3 +++ b/secure/lib/libcrypto/man/PKCS7_encrypt.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_encrypt 3" -.TH PKCS7_encrypt 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH PKCS7_encrypt 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -141,7 +133,11 @@ PKCS7_encrypt \- create a PKCS#7 envelopedData structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" -\&\s-1PKCS7\s0 *PKCS7_encrypt(\s-1STACK_OF\s0(X509) *certs, \s-1BIO\s0 *in, const \s-1EVP_CIPHER\s0 *cipher, int flags); +.Vb 1 +\& #include +\& +\& PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fIPKCS7_encrypt()\fR creates and returns a PKCS#7 envelopedData structure. \fBcerts\fR @@ -149,44 +145,57 @@ is a list of recipient certificates. \fBin\fR is the content to be encrypted. \&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags. .SH "NOTES" .IX Header "NOTES" -Only \s-1RSA\s0 keys are supported in PKCS#7 and envelopedData so the recipient certificates -supplied to this function must all contain \s-1RSA\s0 public keys, though they do not have to -be signed using the \s-1RSA\s0 algorithm. +Only \s-1RSA\s0 keys are supported in PKCS#7 and envelopedData so the recipient +certificates supplied to this function must all contain \s-1RSA\s0 public keys, though +they do not have to be signed using the \s-1RSA\s0 algorithm. .PP -\&\fIEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use because -most clients will support it. +\&\fIEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use +because most clients will support it. .PP -Some old \*(L"export grade\*(R" clients may only support weak encryption using 40 or 64 bit -\&\s-1RC2\s0. These can be used by passing \fIEVP_rc2_40_cbc()\fR and \fIEVP_rc2_64_cbc()\fR respectively. +Some old \*(L"export grade\*(R" clients may only support weak encryption using 40 or 64 +bit \s-1RC2\s0. These can be used by passing \fIEVP_rc2_40_cbc()\fR and \fIEVP_rc2_64_cbc()\fR +respectively. .PP -The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of its -parameters. +The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of +its parameters. .PP -Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME +Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME envelopedData containing an S/MIME signed message. This can be readily produced by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to \&\fIPKCS7_encrypt()\fR. .PP The following flags can be passed in the \fBflags\fR parameter. .PP -If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended -to the data. +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are +prepended to the data. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. If \fB\s-1PKCS7_BINARY\s0\fR is set then +\&\fB\s-1PKCS7_TEXT\s0\fR is ignored. +.PP +If the \fB\s-1PKCS7_STREAM\s0\fR flag is set a partial \fB\s-1PKCS7\s0\fR structure is output +suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR. +.SH "NOTES" +.IX Header "NOTES" +If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR +complete and outputting its contents via a function that does not +properly finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable +results. .PP -Normally the supplied content is translated into \s-1MIME\s0 canonical format (as required -by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation occurs. This -option should be used if the supplied data is in binary format otherwise the translation -will corrupt it. If \fB\s-1PKCS7_BINARY\s0\fR is set then \fB\s-1PKCS7_TEXT\s0\fR is ignored. +Several functions including \fISMIME_write_PKCS7()\fR, \fIi2d_PKCS7_bio_stream()\fR, +\&\fIPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fIBIO_new_PKCS7()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPKCS7_encrypt()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred. +\&\fIPKCS7_encrypt()\fR returns either a \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred. The error can be obtained from \fIERR_get_error\fR\|(3). -.SH "BUGS" -.IX Header "BUGS" -The lack of single pass processing and need to hold all data in memory as -mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIERR_get_error\fR\|(3), \fIPKCS7_decrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIPKCS7_decrypt()\fR was added to OpenSSL 0.9.5 +The \fB\s-1PKCS7_STREAM\s0\fR flag was first supported in OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/PKCS7_sign.3 b/secure/lib/libcrypto/man/PKCS7_sign.3 index eab32b0abd..4a413ea469 100644 --- a/secure/lib/libcrypto/man/PKCS7_sign.3 +++ b/secure/lib/libcrypto/man/PKCS7_sign.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_sign 3" -.TH PKCS7_sign 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH PKCS7_sign 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -141,81 +133,96 @@ PKCS7_sign \- create a PKCS#7 signedData structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" -\&\s-1PKCS7\s0 *PKCS7_sign(X509 *signcert, \s-1EVP_PKEY\s0 *pkey, \s-1STACK_OF\s0(X509) *certs, \s-1BIO\s0 *data, int flags); +.Vb 1 +\& #include +\& +\& PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIPKCS7_sign()\fR creates and returns a PKCS#7 signedData structure. \fBsigncert\fR -is the certificate to sign with, \fBpkey\fR is the corresponsding private key. -\&\fBcerts\fR is an optional additional set of certificates to include in the -PKCS#7 structure (for example any intermediate CAs in the chain). +\&\fIPKCS7_sign()\fR creates and returns a PKCS#7 signedData structure. \fBsigncert\fR is +the certificate to sign with, \fBpkey\fR is the corresponsding private key. +\&\fBcerts\fR is an optional additional set of certificates to include in the PKCS#7 +structure (for example any intermediate CAs in the chain). .PP The data to be signed is read from \s-1BIO\s0 \fBdata\fR. .PP \&\fBflags\fR is an optional set of flags. .SH "NOTES" .IX Header "NOTES" -Any of the following flags (ored together) can be passed in the \fBflags\fR parameter. +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter. .PP Many S/MIME clients expect the signed content to include valid \s-1MIME\s0 headers. If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended to the data. .PP If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the -\&\s-1PKCS7\s0 structure, the signer's certificate must still be supplied in the \fBsigncert\fR -parameter though. This can reduce the size of the signature if the signers certificate -can be obtained by other means: for example a previously signed message. +\&\s-1PKCS7\s0 structure, the signer's certificate must still be supplied in the +\&\fBsigncert\fR parameter though. This can reduce the size of the signature if the +signers certificate can be obtained by other means: for example a previously +signed message. .PP -The data being signed is included in the \s-1PKCS7\s0 structure, unless \fB\s-1PKCS7_DETACHED\s0\fR -is set in which case it is omitted. This is used for \s-1PKCS7\s0 detached signatures -which are used in S/MIME plaintext signed messages for example. +The data being signed is included in the \s-1PKCS7\s0 structure, unless +\&\fB\s-1PKCS7_DETACHED\s0\fR is set in which case it is omitted. This is used for \s-1PKCS7\s0 +detached signatures which are used in S/MIME plaintext signed messages for +example. .PP -Normally the supplied content is translated into \s-1MIME\s0 canonical format (as required -by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation occurs. This -option should be used if the supplied data is in binary format otherwise the translation -will corrupt it. +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. .PP -The signedData structure includes several PKCS#7 autenticatedAttributes including -the signing time, the PKCS#7 content type and the supported list of ciphers in -an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no authenticatedAttributes -will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are -omitted. +The signedData structure includes several PKCS#7 autenticatedAttributes +including the signing time, the PKCS#7 content type and the supported list of +ciphers in an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no +authenticatedAttributes will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just +the SMIMECapabilities are omitted. .PP If present the SMIMECapabilities attribute indicates support for the following -algorithms: triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. If any -of these algorithms is disabled then it will not be included. -.PP -If the flags \fB\s-1PKCS7_PARTSIGN\s0\fR is set then the returned \fB\s-1PKCS7\s0\fR structure -is just initialized ready to perform the signing operation. The signing -is however \fBnot\fR performed and the data to be signed is not read from -the \fBdata\fR parameter. Signing is deferred until after the data has been -written. In this way data can be signed in a single pass. Currently the -flag \fB\s-1PKCS7_DETACHED\s0\fR \fBmust\fR also be set. +algorithms: triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. If any of +these algorithms is disabled then it will not be included. +.PP +If the flags \fB\s-1PKCS7_STREAM\s0\fR is set then the returned \fB\s-1PKCS7\s0\fR structure is +just initialized ready to perform the signing operation. The signing is however +\&\fBnot\fR performed and the data to be signed is not read from the \fBdata\fR +parameter. Signing is deferred until after the data has been written. In this +way data can be signed in a single pass. +.PP +If the \fB\s-1PKCS7_PARTIAL\s0\fR flag is set a partial \fB\s-1PKCS7\s0\fR structure is output to +which additional signers and capabilities can be added before finalization. .SH "NOTES" .IX Header "NOTES" -Currently the flag \fB\s-1PKCS7_PARTSIGN\s0\fR is only supported for detached -data. If this flag is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR -complete and outputting its contents via a function that does not -properly finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable -results. -.PP -At present only the \fISMIME_write_PKCS7()\fR function properly finalizes the -structure. -.SH "BUGS" -.IX Header "BUGS" -\&\fIPKCS7_sign()\fR is somewhat limited. It does not support multiple signers, some -advanced attributes such as counter signatures are not supported. +If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR +complete and outputting its contents via a function that does not properly +finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable results. .PP -The \s-1SHA1\s0 digest algorithm is currently always used. +Several functions including \fISMIME_write_PKCS7()\fR, \fIi2d_PKCS7_bio_stream()\fR, +\&\fIPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fIBIO_new_PKCS7()\fR. .PP -When the signed data is not detached it will be stored in memory within the -\&\fB\s-1PKCS7\s0\fR structure. This effectively limits the size of messages which can be -signed due to memory restraints. There should be a way to sign data without -having to hold it all in memory, this would however require fairly major -revisions of the OpenSSL \s-1ASN1\s0 code. +If a signer is specified it will use the default digest for the signing +algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys. +.PP +In OpenSSL 1.0.0 the \fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be +\&\fB\s-1NULL\s0\fR if the \fB\s-1PKCS7_PARTIAL\s0\fR flag is set. One or more signers can be added +using the function \fB\f(BIPKCS7_sign_add_signer()\fB\fR. \fB\f(BIPKCS7_final()\fB\fR must also be +called to finalize the structure if streaming is not enabled. Alternative +signing digests can also be specified using this method. +.PP +In OpenSSL 1.0.0 if \fBsigncert\fR and \fBpkey\fR are \s-1NULL\s0 then a certificates only +PKCS#7 structure is output. +.PP +In versions of OpenSSL before 1.0.0 the \fBsigncert\fR and \fBpkey\fR parameters must +\&\fB\s-1NOT\s0\fR be \s-1NULL\s0. +.SH "BUGS" +.IX Header "BUGS" +Some advanced attributes such as counter signatures are not supported. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIPKCS7_sign()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred. -The error can be obtained from \fIERR_get_error\fR\|(3). +\&\fIPKCS7_sign()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fIERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIERR_get_error\fR\|(3), \fIPKCS7_verify\fR\|(3) @@ -223,4 +230,6 @@ The error can be obtained from \fIERR_get_error\fR\|(3). .IX Header "HISTORY" \&\fIPKCS7_sign()\fR was added to OpenSSL 0.9.5 .PP -The \fB\s-1PKCS7_PARTSIGN\s0\fR flag was added in OpenSSL 0.9.8 +The \fB\s-1PKCS7_PARTIAL\s0\fR flag was added in OpenSSL 1.0.0 +.PP +The \fB\s-1PKCS7_STREAM\s0\fR flag was added in OpenSSL 1.0.0 diff --git a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 b/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 similarity index 52% copy from secure/lib/libcrypto/man/SMIME_write_PKCS7.3 copy to secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 index 91bd5c9eed..9762ec5595 100644 --- a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 +++ b/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,58 +123,84 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SMIME_write_PKCS7 3" -.TH SMIME_write_PKCS7 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "PKCS7_sign_add_signer 3" +.TH PKCS7_sign_add_signer 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SMIME_write_PKCS7 \- convert PKCS#7 structure to S/MIME format. +PKCS7_sign_add_signer \- add a signer PKCS7 signed data structure. .SH "SYNOPSIS" .IX Header "SYNOPSIS" -int SMIME_write_PKCS7(\s-1BIO\s0 *out, \s-1PKCS7\s0 *p7, \s-1BIO\s0 *data, int flags); +.Vb 1 +\& #include +\& +\& PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, int flags); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISMIME_write_PKCS7()\fR adds the appropriate \s-1MIME\s0 headers to a PKCS#7 -structure to produce an S/MIME message. +\&\fIPKCS7_sign_add_signer()\fR adds a signer with certificate \fBsigncert\fR and private +key \fBpkey\fR using message digest \fBmd\fR to a \s-1PKCS7\s0 signed data structure +\&\fBp7\fR. +.PP +The \s-1PKCS7\s0 structure should be obtained from an initial call to \fIPKCS7_sign()\fR +with the flag \fB\s-1PKCS7_PARTIAL\s0\fR set or in the case or re-signing a valid \s-1PKCS7\s0 +signed data structure. .PP -\&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBp7\fR is the appropriate -\&\fB\s-1PKCS7\s0\fR structure. If cleartext signing (\fBmultipart/signed\fR) is -being used then the signed data must be supplied in the \fBdata\fR -argument. \fBflags\fR is an optional set of flags. +If the \fBmd\fR parameter is \fB\s-1NULL\s0\fR then the default digest for the public +key algorithm will be used. +.PP +Unless the \fB\s-1PKCS7_REUSE_DIGEST\s0\fR flag is set the returned \s-1PKCS7\s0 structure +is not complete and must be finalized either by streaming (if applicable) or +a call to \fIPKCS7_final()\fR. .SH "NOTES" .IX Header "NOTES" -The following flags can be passed in the \fBflags\fR parameter. +The main purpose of this function is to provide finer control over a PKCS#7 +signed data structure where the simpler \fIPKCS7_sign()\fR function defaults are +not appropriate. For example if multiple signers or non default digest +algorithms are needed. +.PP +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter. +.PP +If \fB\s-1PKCS7_REUSE_DIGEST\s0\fR is set then an attempt is made to copy the content +digest value from the \s-1PKCS7\s0 struture: to add a signer to an existing structure. +An error occurs if a matching digest value cannot be found to copy. The +returned \s-1PKCS7\s0 structure will be valid and finalized when this flag is set. +.PP +If \fB\s-1PKCS7_PARTIAL\s0\fR is set in addition to \fB\s-1PKCS7_REUSE_DIGEST\s0\fR then the +\&\fB\s-1PKCS7_SIGNER_INO\s0\fR structure will not be finalized so additional attributes +can be added. In this case an explicit call to \fIPKCS7_SIGNER_INFO_sign()\fR is +needed to finalize it. .PP -If \fB\s-1PKCS7_DETACHED\s0\fR is set then cleartext signing will be used, -this option only makes sense for signedData where \fB\s-1PKCS7_DETACHED\s0\fR -is also set when \fIPKCS7_sign()\fR is also called. +If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the +\&\s-1PKCS7\s0 structure, the signer's certificate must still be supplied in the +\&\fBsigncert\fR parameter though. This can reduce the size of the signature if the +signers certificate can be obtained by other means: for example a previously +signed message. .PP -If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR -are added to the content, this only makes sense if \fB\s-1PKCS7_DETACHED\s0\fR -is also set. +The signedData structure includes several PKCS#7 autenticatedAttributes +including the signing time, the PKCS#7 content type and the supported list of +ciphers in an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no +authenticatedAttributes will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just +the SMIMECapabilities are omitted. .PP -If the \fB\s-1PKCS7_PARTSIGN\s0\fR flag is set the signed data is finalized -and output along with the content. This flag should only be set -if \fB\s-1PKCS7_DETACHED\s0\fR is also set and the previous call to \fIPKCS7_sign()\fR -also set these flags. +If present the SMIMECapabilities attribute indicates support for the following +algorithms: triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. If any of +these algorithms is disabled then it will not be included. .PP -If cleartext signing is being used and \fB\s-1PKCS7_PARTSIGN\s0\fR not set then -the data must be read twice: once to compute the signature in \fIPKCS7_sign()\fR -and once to output the S/MIME message. -.SH "BUGS" -.IX Header "BUGS" -\&\fISMIME_write_PKCS7()\fR always base64 encodes PKCS#7 structures, there -should be an option to disable this. +\&\fIPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0 +structure just added, this can be used to set additional attributes +before it is finalized. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISMIME_write_PKCS7()\fR returns 1 for success or 0 for failure. +\&\fIPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0 +structure just added or \s-1NULL\s0 if an error occurs. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3), -\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3) -\&\fIPKCS7_decrypt\fR\|(3) +\&\fIPKCS7_final\fR\|(3), .SH "HISTORY" .IX Header "HISTORY" -\&\fISMIME_write_PKCS7()\fR was added to OpenSSL 0.9.5 +\&\fIPPKCS7_sign_add_signer()\fR was added to OpenSSL 1.0.0 diff --git a/secure/lib/libcrypto/man/PKCS7_verify.3 b/secure/lib/libcrypto/man/PKCS7_verify.3 index 3504f809aa..ce0f68a6f2 100644 --- a/secure/lib/libcrypto/man/PKCS7_verify.3 +++ b/secure/lib/libcrypto/man/PKCS7_verify.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_verify 3" -.TH PKCS7_verify 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH PKCS7_verify 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -141,9 +133,13 @@ PKCS7_verify \- verify a PKCS#7 signedData structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" -int PKCS7_verify(\s-1PKCS7\s0 *p7, \s-1STACK_OF\s0(X509) *certs, X509_STORE *store, \s-1BIO\s0 *indata, \s-1BIO\s0 *out, int flags); -.PP -\&\s-1STACK_OF\s0(X509) *PKCS7_get0_signers(\s-1PKCS7\s0 *p7, \s-1STACK_OF\s0(X509) *certs, int flags); +.Vb 1 +\& #include +\& +\& int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags); +\& +\& STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fIPKCS7_verify()\fR verifies a PKCS#7 signedData structure. \fBp7\fR is the \s-1PKCS7\s0 diff --git a/secure/lib/libcrypto/man/RAND_add.3 b/secure/lib/libcrypto/man/RAND_add.3 index 2ff732c31a..1b77002fa1 100644 --- a/secure/lib/libcrypto/man/RAND_add.3 +++ b/secure/lib/libcrypto/man/RAND_add.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RAND_add 3" -.TH RAND_add 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH RAND_add 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_bytes.3 b/secure/lib/libcrypto/man/RAND_bytes.3 index 5961fc7dd5..0560a1bdec 100644 --- a/secure/lib/libcrypto/man/RAND_bytes.3 +++ b/secure/lib/libcrypto/man/RAND_bytes.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RAND_bytes 3" -.TH RAND_bytes 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH RAND_bytes 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_cleanup.3 b/secure/lib/libcrypto/man/RAND_cleanup.3 index a486450a66..c47625db70 100644 --- a/secure/lib/libcrypto/man/RAND_cleanup.3 +++ b/secure/lib/libcrypto/man/RAND_cleanup.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RAND_cleanup 3" -.TH RAND_cleanup 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH RAND_cleanup 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_egd.3 b/secure/lib/libcrypto/man/RAND_egd.3 index fe4b89d910..62092d4fd4 100644 --- a/secure/lib/libcrypto/man/RAND_egd.3 +++ b/secure/lib/libcrypto/man/RAND_egd.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RAND_egd 3" -.TH RAND_egd 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH RAND_egd 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_load_file.3 b/secure/lib/libcrypto/man/RAND_load_file.3 index 9ce94fe032..408c4f1e4c 100644 --- a/secure/lib/libcrypto/man/RAND_load_file.3 +++ b/secure/lib/libcrypto/man/RAND_load_file.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RAND_load_file 3" -.TH RAND_load_file 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH RAND_load_file 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_set_rand_method.3 b/secure/lib/libcrypto/man/RAND_set_rand_method.3 index a3f43cebc0..f8584e7da9 100644 --- a/secure/lib/libcrypto/man/RAND_set_rand_method.3 +++ b/secure/lib/libcrypto/man/RAND_set_rand_method.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RAND_set_rand_method 3" -.TH RAND_set_rand_method 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH RAND_set_rand_method 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_blinding_on.3 b/secure/lib/libcrypto/man/RSA_blinding_on.3 index d0523031ba..5f5bca6879 100644 --- a/secure/lib/libcrypto/man/RSA_blinding_on.3 +++ b/secure/lib/libcrypto/man/RSA_blinding_on.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_blinding_on 3" -.TH RSA_blinding_on 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH RSA_blinding_on 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_check_key.3 b/secure/lib/libcrypto/man/RSA_check_key.3 index 8ec3a85123..e5a7425345 100644 --- a/secure/lib/libcrypto/man/RSA_check_key.3 +++ b/secure/lib/libcrypto/man/RSA_check_key.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_check_key 3" -.TH RSA_check_key 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH RSA_check_key 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_generate_key.3 b/secure/lib/libcrypto/man/RSA_generate_key.3 index 93719555c1..0281601bbe 100644 --- a/secure/lib/libcrypto/man/RSA_generate_key.3 +++ b/secure/lib/libcrypto/man/RSA_generate_key.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_generate_key 3" -.TH RSA_generate_key 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH RSA_generate_key 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 index 353c8d58c7..78ba29bf57 100644 --- a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_get_ex_new_index 3" -.TH RSA_get_ex_new_index 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH RSA_get_ex_new_index 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_new.3 b/secure/lib/libcrypto/man/RSA_new.3 index 6a31e7886c..d3321cea52 100644 --- a/secure/lib/libcrypto/man/RSA_new.3 +++ b/secure/lib/libcrypto/man/RSA_new.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_new 3" -.TH RSA_new 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH RSA_new 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 index 68d9a4f973..e3a692b429 100644 --- a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 +++ b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_padding_add_PKCS1_type_1 3" -.TH RSA_padding_add_PKCS1_type_1 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH RSA_padding_add_PKCS1_type_1 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_print.3 b/secure/lib/libcrypto/man/RSA_print.3 index 7250b3dc3e..8d5e0b49bf 100644 --- a/secure/lib/libcrypto/man/RSA_print.3 +++ b/secure/lib/libcrypto/man/RSA_print.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_print 3" -.TH RSA_print 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH RSA_print 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_private_encrypt.3 b/secure/lib/libcrypto/man/RSA_private_encrypt.3 index 95877e1638..c1ed0cffca 100644 --- a/secure/lib/libcrypto/man/RSA_private_encrypt.3 +++ b/secure/lib/libcrypto/man/RSA_private_encrypt.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_private_encrypt 3" -.TH RSA_private_encrypt 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH RSA_private_encrypt 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_public_encrypt.3 b/secure/lib/libcrypto/man/RSA_public_encrypt.3 index 189dfbfe26..77a5e100a4 100644 --- a/secure/lib/libcrypto/man/RSA_public_encrypt.3 +++ b/secure/lib/libcrypto/man/RSA_public_encrypt.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_public_encrypt 3" -.TH RSA_public_encrypt 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH RSA_public_encrypt 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_set_method.3 b/secure/lib/libcrypto/man/RSA_set_method.3 index 45fdecadff..7f0be2bd8c 100644 --- a/secure/lib/libcrypto/man/RSA_set_method.3 +++ b/secure/lib/libcrypto/man/RSA_set_method.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_set_method 3" -.TH RSA_set_method 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH RSA_set_method 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_sign.3 b/secure/lib/libcrypto/man/RSA_sign.3 index f2cbd36f28..9e29113422 100644 --- a/secure/lib/libcrypto/man/RSA_sign.3 +++ b/secure/lib/libcrypto/man/RSA_sign.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_sign 3" -.TH RSA_sign 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH RSA_sign 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 index 9344fce352..4c015a4ac9 100644 --- a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 +++ b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_sign_ASN1_OCTET_STRING 3" -.TH RSA_sign_ASN1_OCTET_STRING 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH RSA_sign_ASN1_OCTET_STRING 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_size.3 b/secure/lib/libcrypto/man/RSA_size.3 index 4afae8a602..4e7d7b286d 100644 --- a/secure/lib/libcrypto/man/RSA_size.3 +++ b/secure/lib/libcrypto/man/RSA_size.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_size 3" -.TH RSA_size 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH RSA_size 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_read_CMS.3 similarity index 67% copy from secure/lib/libcrypto/man/SMIME_read_PKCS7.3 copy to secure/lib/libcrypto/man/SMIME_read_CMS.3 index 6c454af64b..bcbc1af1c7 100644 --- a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 +++ b/secure/lib/libcrypto/man/SMIME_read_CMS.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,70 +123,73 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SMIME_read_PKCS7 3" -.TH SMIME_read_PKCS7 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "SMIME_read_CMS 3" +.TH SMIME_read_CMS 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SMIME_read_PKCS7 \- parse S/MIME message. +.Vb 1 +\& SMIME_read_CMS \- parse S/MIME message. +.Ve .SH "SYNOPSIS" .IX Header "SYNOPSIS" -\&\s-1PKCS7\s0 *SMIME_read_PKCS7(\s-1BIO\s0 *in, \s-1BIO\s0 **bcont); +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *SMIME_read_CMS(BIO *in, BIO **bcont); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISMIME_read_PKCS7()\fR parses a message in S/MIME format. +\&\fISMIME_read_CMS()\fR parses a message in S/MIME format. .PP \&\fBin\fR is a \s-1BIO\s0 to read the message from. .PP -If cleartext signing is used then the content is saved in -a memory bio which is written to \fB*bcont\fR, otherwise -\&\fB*bcont\fR is set to \fB\s-1NULL\s0\fR. +If cleartext signing is used then the content is saved in a memory bio which is +written to \fB*bcont\fR, otherwise \fB*bcont\fR is set to \s-1NULL\s0. .PP -The parsed PKCS#7 structure is returned or \fB\s-1NULL\s0\fR if an +The parsed CMS_ContentInfo structure is returned or \s-1NULL\s0 if an error occurred. .SH "NOTES" .IX Header "NOTES" -If \fB*bcont\fR is not \fB\s-1NULL\s0\fR then the message is clear text -signed. \fB*bcont\fR can then be passed to \fIPKCS7_verify()\fR with -the \fB\s-1PKCS7_DETACHED\s0\fR flag set. +If \fB*bcont\fR is not \s-1NULL\s0 then the message is clear text signed. \fB*bcont\fR can +then be passed to \fICMS_verify()\fR with the \fB\s-1CMS_DETACHED\s0\fR flag set. .PP Otherwise the type of the returned structure can be determined -using \fIPKCS7_type()\fR. +using \fICMS_get0_type()\fR. .PP -To support future functionality if \fBbcont\fR is not \fB\s-1NULL\s0\fR -\&\fB*bcont\fR should be initialized to \fB\s-1NULL\s0\fR. For example: +To support future functionality if \fBbcont\fR is not \s-1NULL\s0 \fB*bcont\fR should be +initialized to \s-1NULL\s0. For example: .PP .Vb 2 \& BIO *cont = NULL; -\& PKCS7 *p7; +\& CMS_ContentInfo *cms; \& -\& p7 = SMIME_read_PKCS7(in, &cont); +\& cms = SMIME_read_CMS(in, &cont); .Ve .SH "BUGS" .IX Header "BUGS" -The \s-1MIME\s0 parser used by \fISMIME_read_PKCS7()\fR is somewhat primitive. -While it will handle most S/MIME messages more complex compound -formats may not work. +The \s-1MIME\s0 parser used by \fISMIME_read_CMS()\fR is somewhat primitive. While it will +handle most S/MIME messages more complex compound formats may not work. .PP -The parser assumes that the \s-1PKCS7\s0 structure is always base64 -encoded and will not handle the case where it is in binary format -or uses quoted printable format. +The parser assumes that the CMS_ContentInfo structure is always base64 encoded +and will not handle the case where it is in binary format or uses quoted +printable format. .PP -The use of a memory \s-1BIO\s0 to hold the signed content limits the size -of message which can be processed due to memory restraints: a -streaming single pass option should be available. +The use of a memory \s-1BIO\s0 to hold the signed content limits the size of message +which can be processed due to memory restraints: a streaming single pass option +should be available. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISMIME_read_PKCS7()\fR returns a valid \fB\s-1PKCS7\s0\fR structure or \fB\s-1NULL\s0\fR -is an error occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +\&\fISMIME_read_CMS()\fR returns a valid \fBCMS_ContentInfo\fR structure or \fB\s-1NULL\s0\fR +if an error occurred. The error can be obtained from \fIERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIPKCS7_type\fR\|(3) -\&\fISMIME_read_PKCS7\fR\|(3), \fIPKCS7_sign\fR\|(3), -\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3) -\&\fIPKCS7_decrypt\fR\|(3) +\&\fIERR_get_error\fR\|(3), \fICMS_type\fR\|(3) +\&\fISMIME_read_CMS\fR\|(3), \fICMS_sign\fR\|(3), +\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3) +\&\fICMS_decrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fISMIME_read_PKCS7()\fR was added to OpenSSL 0.9.5 +\&\fISMIME_read_CMS()\fR was added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 index 6c454af64b..0c80cc3d63 100644 --- a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 +++ b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_read_PKCS7 3" -.TH SMIME_read_PKCS7 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SMIME_read_PKCS7 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -141,7 +133,11 @@ SMIME_read_PKCS7 \- parse S/MIME message. .SH "SYNOPSIS" .IX Header "SYNOPSIS" -\&\s-1PKCS7\s0 *SMIME_read_PKCS7(\s-1BIO\s0 *in, \s-1BIO\s0 **bcont); +.Vb 1 +\& #include +\& +\& PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fISMIME_read_PKCS7()\fR parses a message in S/MIME format. diff --git a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_write_CMS.3 similarity index 65% copy from secure/lib/libcrypto/man/SMIME_write_PKCS7.3 copy to secure/lib/libcrypto/man/SMIME_write_CMS.3 index 91bd5c9eed..152035287d 100644 --- a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 +++ b/secure/lib/libcrypto/man/SMIME_write_CMS.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,58 +123,65 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SMIME_write_PKCS7 3" -.TH SMIME_write_PKCS7 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "SMIME_write_CMS 3" +.TH SMIME_write_CMS 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SMIME_write_PKCS7 \- convert PKCS#7 structure to S/MIME format. +.Vb 1 +\& SMIME_write_CMS \- convert CMS structure to S/MIME format. +.Ve .SH "SYNOPSIS" .IX Header "SYNOPSIS" -int SMIME_write_PKCS7(\s-1BIO\s0 *out, \s-1PKCS7\s0 *p7, \s-1BIO\s0 *data, int flags); +.Vb 1 +\& #include +\& +\& int SMIME_write_CMS(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISMIME_write_PKCS7()\fR adds the appropriate \s-1MIME\s0 headers to a PKCS#7 +\&\fISMIME_write_CMS()\fR adds the appropriate \s-1MIME\s0 headers to a \s-1CMS\s0 structure to produce an S/MIME message. .PP -\&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBp7\fR is the appropriate -\&\fB\s-1PKCS7\s0\fR structure. If cleartext signing (\fBmultipart/signed\fR) is -being used then the signed data must be supplied in the \fBdata\fR -argument. \fBflags\fR is an optional set of flags. +\&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBcms\fR is the appropriate +\&\fBCMS_ContentInfo\fR structure. If streaming is enabled then the content must be +supplied in the \fBdata\fR argument. \fBflags\fR is an optional set of flags. .SH "NOTES" .IX Header "NOTES" The following flags can be passed in the \fBflags\fR parameter. .PP -If \fB\s-1PKCS7_DETACHED\s0\fR is set then cleartext signing will be used, -this option only makes sense for signedData where \fB\s-1PKCS7_DETACHED\s0\fR -is also set when \fIPKCS7_sign()\fR is also called. +If \fB\s-1CMS_DETACHED\s0\fR is set then cleartext signing will be used, this option only +makes sense for SignedData where \fB\s-1CMS_DETACHED\s0\fR is also set when \fICMS_sign()\fR is +called. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are added to +the content, this only makes sense if \fB\s-1CMS_DETACHED\s0\fR is also set. .PP -If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR -are added to the content, this only makes sense if \fB\s-1PKCS7_DETACHED\s0\fR -is also set. +If the \fB\s-1CMS_STREAM\s0\fR flag is set streaming is performed. This flag should only +be set if \fB\s-1CMS_STREAM\s0\fR was also set in the previous call to a CMS_ContentInfo +creation function. .PP -If the \fB\s-1PKCS7_PARTSIGN\s0\fR flag is set the signed data is finalized -and output along with the content. This flag should only be set -if \fB\s-1PKCS7_DETACHED\s0\fR is also set and the previous call to \fIPKCS7_sign()\fR -also set these flags. +If cleartext signing is being used and \fB\s-1CMS_STREAM\s0\fR not set then the data must +be read twice: once to compute the signature in \fICMS_sign()\fR and once to output +the S/MIME message. .PP -If cleartext signing is being used and \fB\s-1PKCS7_PARTSIGN\s0\fR not set then -the data must be read twice: once to compute the signature in \fIPKCS7_sign()\fR -and once to output the S/MIME message. +If streaming is performed the content is output in \s-1BER\s0 format using indefinite +length constructed encoding except in the case of signed data with detached +content where the content is absent and \s-1DER\s0 format is used. .SH "BUGS" .IX Header "BUGS" -\&\fISMIME_write_PKCS7()\fR always base64 encodes PKCS#7 structures, there -should be an option to disable this. +\&\fISMIME_write_CMS()\fR always base64 encodes \s-1CMS\s0 structures, there should be an +option to disable this. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISMIME_write_PKCS7()\fR returns 1 for success or 0 for failure. +\&\fISMIME_write_CMS()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3), -\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3) -\&\fIPKCS7_decrypt\fR\|(3) +\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), +\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3) +\&\fICMS_decrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fISMIME_write_PKCS7()\fR was added to OpenSSL 0.9.5 +\&\fISMIME_write_CMS()\fR was added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 index 91bd5c9eed..4384354612 100644 --- a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 +++ b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_write_PKCS7 3" -.TH SMIME_write_PKCS7 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SMIME_write_PKCS7 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -141,16 +133,19 @@ SMIME_write_PKCS7 \- convert PKCS#7 structure to S/MIME format. .SH "SYNOPSIS" .IX Header "SYNOPSIS" -int SMIME_write_PKCS7(\s-1BIO\s0 *out, \s-1PKCS7\s0 *p7, \s-1BIO\s0 *data, int flags); +.Vb 1 +\& #include +\& +\& int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fISMIME_write_PKCS7()\fR adds the appropriate \s-1MIME\s0 headers to a PKCS#7 structure to produce an S/MIME message. .PP -\&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBp7\fR is the appropriate -\&\fB\s-1PKCS7\s0\fR structure. If cleartext signing (\fBmultipart/signed\fR) is -being used then the signed data must be supplied in the \fBdata\fR -argument. \fBflags\fR is an optional set of flags. +\&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBp7\fR is the appropriate \fB\s-1PKCS7\s0\fR +structure. If streaming is enabled then the content must be supplied in the +\&\fBdata\fR argument. \fBflags\fR is an optional set of flags. .SH "NOTES" .IX Header "NOTES" The following flags can be passed in the \fBflags\fR parameter. @@ -163,14 +158,17 @@ If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/ are added to the content, this only makes sense if \fB\s-1PKCS7_DETACHED\s0\fR is also set. .PP -If the \fB\s-1PKCS7_PARTSIGN\s0\fR flag is set the signed data is finalized -and output along with the content. This flag should only be set -if \fB\s-1PKCS7_DETACHED\s0\fR is also set and the previous call to \fIPKCS7_sign()\fR -also set these flags. +If the \fB\s-1PKCS7_STREAM\s0\fR flag is set streaming is performed. This flag should +only be set if \fB\s-1PKCS7_STREAM\s0\fR was also set in the previous call to +\&\fIPKCS7_sign()\fR or \fB\f(BIPKCS7_encrypt()\fB\fR. .PP -If cleartext signing is being used and \fB\s-1PKCS7_PARTSIGN\s0\fR not set then +If cleartext signing is being used and \fB\s-1PKCS7_STREAM\s0\fR not set then the data must be read twice: once to compute the signature in \fIPKCS7_sign()\fR and once to output the S/MIME message. +.PP +If streaming is performed the content is output in \s-1BER\s0 format using indefinite +length constructuted encoding except in the case of signed data with detached +content where the content is absent and \s-1DER\s0 format is used. .SH "BUGS" .IX Header "BUGS" \&\fISMIME_write_PKCS7()\fR always base64 encodes PKCS#7 structures, there diff --git a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 index 04cb95932a..c0d4234ec2 100644 --- a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 +++ b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_ENTRY_get_object 3" -.TH X509_NAME_ENTRY_get_object 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH X509_NAME_ENTRY_get_object 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,15 +136,19 @@ X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID, X509_NAME_ENTRY_create_by_OBJ \- X509_NAME_ENTRY utility functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" -\&\s-1ASN1_OBJECT\s0 * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); -\&\s-1ASN1_STRING\s0 * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); -.PP -int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, \s-1ASN1_OBJECT\s0 *obj); -int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len); -.PP -X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len); -X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len); -X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, \s-1ASN1_OBJECT\s0 *obj, int type, const unsigned char *bytes, int len); +.Vb 1 +\& #include +\& +\& ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); +\& ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); +\& +\& int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj); +\& int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len); +\& +\& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len); +\& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len); +\& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fIX509_NAME_ENTRY_get_object()\fR retrieves the field name of \fBne\fR in diff --git a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 index a8d1f86ef9..546964c5b6 100644 --- a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 +++ b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_add_entry_by_txt 3" -.TH X509_NAME_add_entry_by_txt 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH X509_NAME_add_entry_by_txt 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -142,15 +134,19 @@ X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_N X509_NAME_add_entry, X509_NAME_delete_entry \- X509_NAME modification functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" -int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set); -.PP -int X509_NAME_add_entry_by_OBJ(X509_NAME *name, \s-1ASN1_OBJECT\s0 *obj, int type, unsigned char *bytes, int len, int loc, int set); -.PP -int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set); -.PP -int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set); -.PP -X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); +.Vb 1 +\& #include +\& +\& int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set); +\& +\& int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set); +\& +\& int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set); +\& +\& int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set); +\& +\& X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fIX509_NAME_add_entry_by_txt()\fR, \fIX509_NAME_add_entry_by_OBJ()\fR and diff --git a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 index 1c6acd68f9..adac212a53 100644 --- a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 +++ b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_get_index_by_NID 3" -.TH X509_NAME_get_index_by_NID 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH X509_NAME_get_index_by_NID 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -143,14 +135,18 @@ X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ \- X509_NAME lookup and enumeration functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" -int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos); -int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos); -.PP -int X509_NAME_entry_count(X509_NAME *name); -X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); -.PP -int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len); -int X509_NAME_get_text_by_OBJ(X509_NAME *name, \s-1ASN1_OBJECT\s0 *obj, char *buf,int len); +.Vb 1 +\& #include +\& +\& int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos); +\& int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos); +\& +\& int X509_NAME_entry_count(X509_NAME *name); +\& X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); +\& +\& int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len); +\& int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions allow an \fBX509_NAME\fR structure to be examined. The diff --git a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 b/secure/lib/libcrypto/man/X509_NAME_print_ex.3 index db3042fd90..21f1ad0106 100644 --- a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 +++ b/secure/lib/libcrypto/man/X509_NAME_print_ex.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_print_ex 3" -.TH X509_NAME_print_ex 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH X509_NAME_print_ex 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 new file mode 100644 index 0000000000..784f42c248 --- /dev/null +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 @@ -0,0 +1,385 @@ +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_CTX_get_error 3" +.TH X509_STORE_CTX_get_error 3 "2010-06-01" "1.0.0a" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, X509_STORE_CTX_get_error_depth, X509_STORE_CTX_get_current_cert, X509_STORE_CTX_get1_chain, X509_verify_cert_error_string \- get or set certificate verification status information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s); +\& int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); +\& X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +\& +\& STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); +\& +\& const char *X509_verify_cert_error_string(long n); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are typically called after \fIX509_verify_cert()\fR has indicated +an error or in a verification callback to determine the nature of an error. +.PP +\&\fIX509_STORE_CTX_get_error()\fR returns the error code of \fBctx\fR, see +the \fB\s-1ERROR\s0 \s-1CODES\s0\fR section for a full description of all error codes. +.PP +\&\fIX509_STORE_CTX_set_error()\fR sets the error code of \fBctx\fR to \fBs\fR. For example +it might be used in a verification callback to set an error based on additional +checks. +.PP +\&\fIX509_STORE_CTX_get_error_depth()\fR returns the \fBdepth\fR of the error. This is a +non-negative integer representing where in the certificate chain the error +occurred. If it is zero it occured in the end entity certificate, one if +it is the certificate which signed the end entity certificate and so on. +.PP +\&\fIX509_STORE_CTX_get_current_cert()\fR returns the certificate in \fBctx\fR which +caused the error or \fB\s-1NULL\s0\fR if no certificate is relevant. +.PP +\&\fIX509_STORE_CTX_get1_chain()\fR returns a complete validate chain if a previous +call to \fIX509_verify_cert()\fR is successful. If the call to \fIX509_verify_cert()\fR +is \fBnot\fR successful the returned chain may be incomplete or invalid. The +returned chain persists after the \fBctx\fR structure is freed, when it is +no longer needed it should be free up using: +.PP +.Vb 1 +\& sk_X509_pop_free(chain, X509_free); +.Ve +.PP +\&\fIX509_verify_cert_error_string()\fR returns a human readable error string for +verification error \fBn\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_STORE_CTX_get_error()\fR returns \fBX509_V_OK\fR or an error code. +.PP +\&\fIX509_STORE_CTX_get_error_depth()\fR returns a non-negative error depth. +.PP +\&\fIX509_STORE_CTX_get_current_cert()\fR returns the cerificate which caused the +error or \fB\s-1NULL\s0\fR if no certificate is relevant to the error. +.PP +\&\fIX509_verify_cert_error_string()\fR returns a human readable error string for +verification error \fBn\fR. +.SH "ERROR CODES" +.IX Header "ERROR CODES" +A list of error codes and messages is shown below. Some of the +error codes are defined but currently never returned: these are described as +\&\*(L"unused\*(R". +.IP "\fBX509_V_OK: ok\fR" 4 +.IX Item "X509_V_OK: ok" +the operation was successful. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate" +the issuer certificate could not be found: this occurs if the issuer certificate +of an untrusted certificate cannot be found. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate \s-1CRL\s0\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL" +the \s-1CRL\s0 of a certificate could not be found. +.IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature" +the certificate signature could not be decrypted. This means that the actual +signature value could not be determined rather than it not matching the +expected value, this is only meaningful for \s-1RSA\s0 keys. +.IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt \s-1CRL\s0's signature\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature" +the \s-1CRL\s0 signature could not be decrypted: this means that the actual signature +value could not be determined rather than it not matching the expected value. +Unused. +.IP "\fBX509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key" +the public key in the certificate SubjectPublicKeyInfo could not be read. +.IP "\fBX509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure\fR" 4 +.IX Item "X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure" +the signature of the certificate is invalid. +.IP "\fBX509_V_ERR_CRL_SIGNATURE_FAILURE: \s-1CRL\s0 signature failure\fR" 4 +.IX Item "X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure" +the signature of the certificate is invalid. +.IP "\fBX509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid\fR" 4 +.IX Item "X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid" +the certificate is not yet valid: the notBefore date is after the current time. +.IP "\fBX509_V_ERR_CERT_HAS_EXPIRED: certificate has expired\fR" 4 +.IX Item "X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired" +the certificate has expired: that is the notAfter date is before the current time. +.IP "\fBX509_V_ERR_CRL_NOT_YET_VALID: \s-1CRL\s0 is not yet valid\fR" 4 +.IX Item "X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid" +the \s-1CRL\s0 is not yet valid. +.IP "\fBX509_V_ERR_CRL_HAS_EXPIRED: \s-1CRL\s0 has expired\fR" 4 +.IX Item "X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired" +the \s-1CRL\s0 has expired. +.IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field" +the certificate notBefore field contains an invalid time. +.IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field" +the certificate notAfter field contains an invalid time. +.IP "\fBX509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in \s-1CRL\s0's lastUpdate field\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field" +the \s-1CRL\s0 lastUpdate field contains an invalid time. +.IP "\fBX509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in \s-1CRL\s0's nextUpdate field\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field" +the \s-1CRL\s0 nextUpdate field contains an invalid time. +.IP "\fBX509_V_ERR_OUT_OF_MEM: out of memory\fR" 4 +.IX Item "X509_V_ERR_OUT_OF_MEM: out of memory" +an error occurred trying to allocate memory. This should never happen. +.IP "\fBX509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate\fR" 4 +.IX Item "X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate" +the passed certificate is self signed and the same certificate cannot be found +in the list of trusted certificates. +.IP "\fBX509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain\fR" 4 +.IX Item "X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain" +the certificate chain could be built up using the untrusted certificates but +the root could not be found locally. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate" +the issuer certificate of a locally looked up certificate could not be found. +This normally means the list of trusted certificates is not complete. +.IP "\fBX509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate" +no signatures could be verified because the chain contains only one certificate +and it is not self signed. +.IP "\fBX509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long\fR" 4 +.IX Item "X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long" +the certificate chain length is greater than the supplied maximum depth. Unused. +.IP "\fBX509_V_ERR_CERT_REVOKED: certificate revoked\fR" 4 +.IX Item "X509_V_ERR_CERT_REVOKED: certificate revoked" +the certificate has been revoked. +.IP "\fBX509_V_ERR_INVALID_CA: invalid \s-1CA\s0 certificate\fR" 4 +.IX Item "X509_V_ERR_INVALID_CA: invalid CA certificate" +a \s-1CA\s0 certificate is invalid. Either it is not a \s-1CA\s0 or its extensions are not +consistent with the supplied purpose. +.IP "\fBX509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded\fR" 4 +.IX Item "X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded" +the basicConstraints pathlength parameter has been exceeded. +.IP "\fBX509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose\fR" 4 +.IX Item "X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose" +the supplied certificate cannot be used for the specified purpose. +.IP "\fBX509_V_ERR_CERT_UNTRUSTED: certificate not trusted\fR" 4 +.IX Item "X509_V_ERR_CERT_UNTRUSTED: certificate not trusted" +the root \s-1CA\s0 is not marked as trusted for the specified purpose. +.IP "\fBX509_V_ERR_CERT_REJECTED: certificate rejected\fR" 4 +.IX Item "X509_V_ERR_CERT_REJECTED: certificate rejected" +the root \s-1CA\s0 is marked to reject the specified purpose. +.IP "\fBX509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch\fR" 4 +.IX Item "X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch" +the current candidate issuer certificate was rejected because its subject name +did not match the issuer name of the current certificate. This is only set +if issuer check debugging is enabled it is used for status notification and +is \fBnot\fR in itself an error. +.IP "\fBX509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch\fR" 4 +.IX Item "X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch" +the current candidate issuer certificate was rejected because its subject key +identifier was present and did not match the authority key identifier current +certificate. This is only set if issuer check debugging is enabled it is used +for status notification and is \fBnot\fR in itself an error. +.IP "\fBX509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch\fR" 4 +.IX Item "X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch" +the current candidate issuer certificate was rejected because its issuer name +and serial number was present and did not match the authority key identifier of +the current certificate. This is only set if issuer check debugging is enabled +it is used for status notification and is \fBnot\fR in itself an error. +.IP "\fBX509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing\fR" 4 +.IX Item "X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing" +the current candidate issuer certificate was rejected because its keyUsage +extension does not permit certificate signing. This is only set if issuer check +debugging is enabled it is used for status notification and is \fBnot\fR in itself +an error. +.IP "\fBX509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension\fR" 4 +.IX Item "X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension" +A certificate extension had an invalid value (for example an incorrect +encoding) or some value inconsistent with other extensions. +.IP "\fBX509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension\fR" 4 +.IX Item "X509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension" +A certificate policies extension had an invalid value (for example an incorrect +encoding) or some value inconsistent with other extensions. This error only +occurs if policy processing is enabled. +.IP "\fBX509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy\fR" 4 +.IX Item "X509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy" +The verification flags were set to require and explicit policy but none was +present. +.IP "\fBX509_V_ERR_DIFFERENT_CRL_SCOPE: Different \s-1CRL\s0 scope\fR" 4 +.IX Item "X509_V_ERR_DIFFERENT_CRL_SCOPE: Different CRL scope" +The only CRLs that could be found did not match the scope of the certificate. +.IP "\fBX509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature" +Some feature of a certificate extension is not supported. Unused. +.IP "\fBX509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation\fR" 4 +.IX Item "X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation" +A name constraint violation occured in the permitted subtrees. +.IP "\fBX509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation\fR" 4 +.IX Item "X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation" +A name constraint violation occured in the excluded subtrees. +.IP "\fBX509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported\fR" 4 +.IX Item "X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported" +A certificate name constraints extension included a minimum or maximum field: +this is not supported. +.IP "\fBX509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type" +An unsupported name constraint type was encountered. OpenSSL currently only +supports directory name, \s-1DNS\s0 name, email and \s-1URI\s0 types. +.IP "\fBX509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax" +The format of the name constraint is not recognised: for example an email +address format of a form not mentioned in \s-1RFC3280\s0. This could be caused by +a garbage extension or some new feature not currently supported. +.IP "\fBX509_V_ERR_CRL_PATH_VALIDATION_ERROR: \s-1CRL\s0 path validation error\fR" 4 +.IX Item "X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error" +An error occured when attempting to verify the \s-1CRL\s0 path. This error can only +happen if extended \s-1CRL\s0 checking is enabled. +.IP "\fBX509_V_ERR_APPLICATION_VERIFICATION: application verification failure\fR" 4 +.IX Item "X509_V_ERR_APPLICATION_VERIFICATION: application verification failure" +an application specific error. This will never be returned unless explicitly +set by an application. +.SH "NOTES" +.IX Header "NOTES" +The above functions should be used instead of directly referencing the fields +in the \fBX509_VERIFY_CTX\fR structure. +.PP +In versions of OpenSSL before 1.0 the current certificate returned by +\&\fIX509_STORE_CTX_get_current_cert()\fR was never \fB\s-1NULL\s0\fR. Applications should +check the return value before printing out any debugging information relating +to the current certificate. +.PP +If an unrecognised error code is passed to \fIX509_verify_cert_error_string()\fR the +numerical value of the unknown code is returned in a static buffer. This is not +thread safe but will never happen unless an invalid code is passed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 +.SH "POD ERRORS" +.IX Header "POD ERRORS" +Hey! \fBThe above document had some coding errors, which are explained below:\fR +.IP "Around line 281:" 4 +.IX Item "Around line 281:" +You forgot a '=back' before '=head1' diff --git a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 similarity index 75% copy from secure/lib/libcrypto/man/DSA_get_ex_new_index.3 copy to secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 index a49c665a86..bc1cd57a1f 100644 --- a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,38 +123,42 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DSA_get_ex_new_index 3" -.TH DSA_get_ex_new_index 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "X509_STORE_CTX_get_ex_new_index 3" +.TH X509_STORE_CTX_get_ex_new_index 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data \- add application specific data to DSA structures +X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_ex_data \- add application specific data to X509_STORE_CTX structures .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& #include +\& #include \& -\& int DSA_get_ex_new_index(long argl, void *argp, +\& int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, \& CRYPTO_EX_new *new_func, \& CRYPTO_EX_dup *dup_func, \& CRYPTO_EX_free *free_func); \& -\& int DSA_set_ex_data(DSA *d, int idx, void *arg); +\& int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *d, int idx, void *arg); \& -\& char *DSA_get_ex_data(DSA *d, int idx); +\& char *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *d, int idx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -These functions handle application specific data in \s-1DSA\s0 -structures. Their usage is identical to that of -\&\fIRSA_get_ex_new_index()\fR, \fIRSA_set_ex_data()\fR and \fIRSA_get_ex_data()\fR -as described in \fIRSA_get_ex_new_index\fR\|(3). +These functions handle application specific data in X509_STORE_CTX structures. +Their usage is identical to that of \fIRSA_get_ex_new_index()\fR, \fIRSA_set_ex_data()\fR +and \fIRSA_get_ex_data()\fR as described in \fIRSA_get_ex_new_index\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +This mechanism is used internally by the \fBssl\fR library to store the \fB\s-1SSL\s0\fR +structure associated with a verification operation in an \fBX509_STORE_CTX\fR +structure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIRSA_get_ex_new_index\fR\|(3), \fIdsa\fR\|(3) +\&\fIRSA_get_ex_new_index\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIDSA_get_ex_new_index()\fR, \fIDSA_set_ex_data()\fR and \fIDSA_get_ex_data()\fR are -available since OpenSSL 0.9.5. +\&\fIX509_STORE_CTX_get_ex_new_index()\fR, \fIX509_STORE_CTX_set_ex_data()\fR and +\&\fIX509_STORE_CTX_get_ex_data()\fR are available since OpenSSL 0.9.5. diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 new file mode 100644 index 0000000000..d990c24845 --- /dev/null +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 @@ -0,0 +1,247 @@ +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_CTX_new 3" +.TH X509_STORE_CTX_new 3 "2010-06-01" "1.0.0a" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_init, X509_STORE_CTX_trusted_stack, X509_STORE_CTX_set_cert, X509_STORE_CTX_set_chain, X509_STORE_CTX_set0_crls, X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, X509_STORE_CTX_set_default \- X509_STORE_CTX initialisation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_STORE_CTX *X509_STORE_CTX_new(void); +\& void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_free(X509_STORE_CTX *ctx); +\& +\& int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, +\& X509 *x509, STACK_OF(X509) *chain); +\& +\& void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +\& +\& void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx,X509 *x); +\& void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx,STACK_OF(X509) *sk); +\& void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk); +\& +\& X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); +\& int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions initialise an \fBX509_STORE_CTX\fR structure for subsequent use +by \fIX509_verify_cert()\fR. +.PP +\&\fIX509_STORE_CTX_new()\fR returns a newly initialised \fBX509_STORE_CTX\fR structure. +.PP +\&\fIX509_STORE_CTX_cleanup()\fR internally cleans up an \fBX509_STORE_CTX\fR structure. +The context can then be reused with an new call to \fIX509_STORE_CTX_init()\fR. +.PP +\&\fIX509_STORE_CTX_free()\fR completely frees up \fBctx\fR. After this call \fBctx\fR +is no longer valid. +.PP +\&\fIX509_STORE_CTX_init()\fR sets up \fBctx\fR for a subsequent verification operation. +The trusted certificate store is set to \fBstore\fR, the end entity certificate +to be verified is set to \fBx509\fR and a set of additional certificates (which +will be untrusted but may be used to build the chain) in \fBchain\fR. Any or +all of the \fBstore\fR, \fBx509\fR and \fBchain\fR parameters can be \fB\s-1NULL\s0\fR. +.PP +\&\fIX509_STORE_CTX_trusted_stack()\fR sets the set of trusted certificates of \fBctx\fR +to \fBsk\fR. This is an alternative way of specifying trusted certificates +instead of using an \fBX509_STORE\fR. +.PP +\&\fIX509_STORE_CTX_set_cert()\fR sets the certificate to be vertified in \fBctx\fR to +\&\fBx\fR. +.PP +\&\fIX509_STORE_CTX_set_chain()\fR sets the additional certificate chain used by \fBctx\fR +to \fBsk\fR. +.PP +\&\fIX509_STORE_CTX_set0_crls()\fR sets a set of CRLs to use to aid certificate +verification to \fBsk\fR. These CRLs will only be used if \s-1CRL\s0 verification is +enabled in the associated \fBX509_VERIFY_PARAM\fR structure. This might be +used where additional \*(L"useful\*(R" CRLs are supplied as part of a protocol, +for example in a PKCS#7 structure. +.PP +X509_VERIFY_PARAM *\fIX509_STORE_CTX_get0_param()\fR retrieves an intenal pointer +to the verification parameters associated with \fBctx\fR. +.PP +\&\fIX509_STORE_CTX_set0_param()\fR sets the intenal verification parameter pointer +to \fBparam\fR. After this call \fBparam\fR should not be used. +.PP +\&\fIX509_STORE_CTX_set_default()\fR looks up and sets the default verification +method to \fBname\fR. This uses the function \fIX509_VERIFY_PARAM_lookup()\fR to +find an appropriate set of parameters from \fBname\fR. +.SH "NOTES" +.IX Header "NOTES" +The certificates and CRLs in a store are used internally and should \fBnot\fR +be freed up until after the associated \fBX509_STORE_CTX\fR is freed. Legacy +applications might implicitly use an \fBX509_STORE_CTX\fR like this: +.PP +.Vb 2 +\& X509_STORE_CTX ctx; +\& X509_STORE_CTX_init(&ctx, store, cert, chain); +.Ve +.PP +this is \fBnot\fR recommended in new applications they should instead do: +.PP +.Vb 5 +\& X509_STORE_CTX *ctx; +\& ctx = X509_STORE_CTX_new(); +\& if (ctx == NULL) +\& /* Bad error */ +\& X509_STORE_CTX_init(ctx, store, cert, chain); +.Ve +.SH "BUGS" +.IX Header "BUGS" +The certificates and CRLs in a context are used internally and should \fBnot\fR +be freed up until after the associated \fBX509_STORE_CTX\fR is freed. Copies +should be made or reference counts increased instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_STORE_CTX_new()\fR returns an newly allocates context or \fB\s-1NULL\s0\fR is an +error occurred. +.PP +\&\fIX509_STORE_CTX_init()\fR returns 1 for success or 0 if an error occurred. +.PP +\&\fIX509_STORE_CTX_get0_param()\fR returns a pointer to an \fBX509_VERIFY_PARAM\fR +structure or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIX509_STORE_CTX_cleanup()\fR, \fIX509_STORE_CTX_free()\fR, \fIX509_STORE_CTX_trusted_stack()\fR, +\&\fIX509_STORE_CTX_set_cert()\fR, \fIX509_STORE_CTX_set_chain()\fR, +\&\fIX509_STORE_CTX_set0_crls()\fR and \fIX509_STORE_CTX_set0_param()\fR do not return +values. +.PP +\&\fIX509_STORE_CTX_set_default()\fR returns 1 for success or 0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_verify_cert\fR\|(3) +\&\fIX509_VERIFY_PARAM_set_flags\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIX509_STORE_CTX_set0_crls()\fR was first added to OpenSSL 1.0.0 diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 new file mode 100644 index 0000000000..692842a5e1 --- /dev/null +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 @@ -0,0 +1,289 @@ +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_CTX_set_verify_cb 3" +.TH X509_STORE_CTX_set_verify_cb 3 "2010-06-01" "1.0.0a" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_CTX_set_verify_cb \- set verification callback +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, +\& int (*verify_cb)(int ok, X509_STORE_CTX *ctx)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_STORE_CTX_set_verify_cb()\fR sets the verification callback of \fBctx\fR to +\&\fBverify_cb\fR overwriting any existing callback. +.PP +The verification callback can be used to customise the operation of certificate +verification, either by overriding error conditions or logging errors for +debugging purposes. +.PP +However a verification callback is \fBnot\fR essential and the default operation +is often sufficient. +.PP +The \fBok\fR parameter to the callback indicates the value the callback should +return to retain the default behaviour. If it is zero then and error condition +is indicated. If it is 1 then no error occurred. If the flag +\&\fBX509_V_FLAG_NOTIFY_POLICY\fR is set then \fBok\fR is set to 2 to indicate the +policy checking is complete. +.PP +The \fBctx\fR parameter to the callback is the \fBX509_STORE_CTX\fR structure that +is performing the verification operation. A callback can examine this +structure and receive additional information about the error, for example +by calling \fIX509_STORE_CTX_get_current_cert()\fR. Additional application data can +be passed to the callback via the \fBex_data\fR mechanism. +.SH "WARNING" +.IX Header "WARNING" +In general a verification callback should \fB\s-1NOT\s0\fR unconditionally return 1 in +all circumstances because this will allow verification to succeed no matter +what the error. This effectively removes all security from the application +because \fBany\fR certificate (including untrusted generated ones) will be +accepted. +.SH "NOTES" +.IX Header "NOTES" +The verification callback can be set and inherited from the parent structure +performing the operation. In some cases (such as S/MIME verification) the +\&\fBX509_STORE_CTX\fR structure is created and destroyed internally and the +only way to set a custom verification callback is by inheriting it from the +associated \fBX509_STORE\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_STORE_CTX_set_verify_cb()\fR does not return a value. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Default callback operation: +.PP +.Vb 4 +\& int verify_callback(int ok, X509_STORE_CTX *ctx) +\& { +\& return ok; +\& } +.Ve +.PP +Simple example, suppose a certificate in the chain is expired and we wish +to continue after this error: +.PP +.Vb 8 +\& int verify_callback(int ok, X509_STORE_CTX *ctx) +\& { +\& /* Tolerate certificate expiration */ +\& if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED) +\& return 1; +\& /* Otherwise don\*(Aqt override */ +\& return ok; +\& } +.Ve +.PP +More complex example, we don't wish to continue after \fBany\fR certificate has +expired just one specific case: +.PP +.Vb 11 +\& int verify_callback(int ok, X509_STORE_CTX *ctx) +\& { +\& int err = X509_STORE_CTX_get_error(ctx); +\& X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx); +\& if (err == X509_V_ERR_CERT_HAS_EXPIRED) +\& { +\& if (check_is_acceptable_expired_cert(err_cert) +\& return 1; +\& } +\& return ok; +\& } +.Ve +.PP +Full featured logging callback. In this case the \fBbio_err\fR is assumed to be +a global logging \fB\s-1BIO\s0\fR, an alternative would to store a \s-1BIO\s0 in \fBctx\fR using +\&\fBex_data\fR. +.PP +.Vb 4 +\& int verify_callback(int ok, X509_STORE_CTX *ctx) +\& { +\& X509 *err_cert; +\& int err,depth; +\& +\& err_cert = X509_STORE_CTX_get_current_cert(ctx); +\& err = X509_STORE_CTX_get_error(ctx); +\& depth = X509_STORE_CTX_get_error_depth(ctx); +\& +\& BIO_printf(bio_err,"depth=%d ",depth); +\& if (err_cert) +\& { +\& X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), +\& 0, XN_FLAG_ONELINE); +\& BIO_puts(bio_err, "\en"); +\& } +\& else +\& BIO_puts(bio_err, "\en"); +\& if (!ok) +\& BIO_printf(bio_err,"verify error:num=%d:%s\en",err, +\& X509_verify_cert_error_string(err)); +\& switch (err) +\& { +\& case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: +\& BIO_puts(bio_err,"issuer= "); +\& X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), +\& 0, XN_FLAG_ONELINE); +\& BIO_puts(bio_err, "\en"); +\& break; +\& case X509_V_ERR_CERT_NOT_YET_VALID: +\& case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: +\& BIO_printf(bio_err,"notBefore="); +\& ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert)); +\& BIO_printf(bio_err,"\en"); +\& break; +\& case X509_V_ERR_CERT_HAS_EXPIRED: +\& case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: +\& BIO_printf(bio_err,"notAfter="); +\& ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert)); +\& BIO_printf(bio_err,"\en"); +\& break; +\& case X509_V_ERR_NO_EXPLICIT_POLICY: +\& policies_print(bio_err, ctx); +\& break; +\& } +\& if (err == X509_V_OK && ok == 2) +\& /* print out policies */ +\& +\& BIO_printf(bio_err,"verify return:%d\en",ok); +\& return(ok); +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_STORE_CTX_get_error\fR\|(3) +\&\fIX509_STORE_set_verify_cb_func\fR\|(3) +\&\fIX509_STORE_CTX_get_ex_new_index\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIX509_STORE_CTX_set_verify_cb()\fR is available in all versions of SSLeay and +OpenSSL. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 similarity index 70% copy from secure/lib/libcrypto/man/EVP_PKEY_new.3 copy to secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 index 32afc42fe4..734aab083d 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_new.3 +++ b/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,46 +123,53 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_new 3" -.TH EVP_PKEY_new 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "X509_STORE_set_verify_cb_func 3" +.TH X509_STORE_set_verify_cb_func 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_new, EVP_PKEY_free \- private key allocation functions. +X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb \- set verification callback .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& #include +\& #include +\& +\& void X509_STORE_set_verify_cb(X509_STORE *st, +\& int (*verify_cb)(int ok, X509_STORE_CTX *ctx)); \& -\& EVP_PKEY *EVP_PKEY_new(void); -\& void EVP_PKEY_free(EVP_PKEY *key); +\& void X509_STORE_set_verify_cb_func(X509_STORE *st, +\& int (*verify_cb)(int ok, X509_STORE_CTX *ctx)); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIEVP_PKEY_new()\fR function allocates an empty \fB\s-1EVP_PKEY\s0\fR -structure which is used by OpenSSL to store private keys. +\&\fIX509_STORE_set_verify_cb()\fR sets the verification callback of \fBctx\fR to +\&\fBverify_cb\fR overwriting any existing callback. .PP -\&\fIEVP_PKEY_free()\fR frees up the private key \fBkey\fR. +\&\fIX509_STORE_set_verify_cb_func()\fR also sets the verification callback but it +is implemented as a macro. .SH "NOTES" .IX Header "NOTES" -The \fB\s-1EVP_PKEY\s0\fR structure is used by various OpenSSL functions -which require a general private key without reference to any -particular algorithm. -.PP -The structure returned by \fIEVP_PKEY_new()\fR is empty. To add a -private key to this empty structure the functions described in -\&\fIEVP_PKEY_set1_RSA\fR\|(3) should be used. +The verification callback from an \fBX509_STORE\fR is inherited by +the corresponding \fBX509_STORE_CTX\fR structure when it is initialized. This can +be used to set the verification callback when the \fBX509_STORE_CTX\fR is +otherwise inaccessible (for example during S/MIME verification). +.SH "BUGS" +.IX Header "BUGS" +The macro version of this function was the only one available before +OpenSSL 1.0.0. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_PKEY_new()\fR returns either the newly allocated \fB\s-1EVP_PKEY\s0\fR -structure of \fB\s-1NULL\s0\fR if an error occurred. -.PP -\&\fIEVP_PKEY_free()\fR does not return a value. +\&\fIX509_STORE_set_verify_cb()\fR and \fIX509_STORE_set_verify_cb_func()\fR do not return +a value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_set1_RSA\fR\|(3) +\&\fIX509_STORE_CTX_set_verify_cb\fR\|(3) +\&\fICMS_verify\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\s-1TBA\s0 +\&\fIX509_STORE_set_verify_cb_func()\fR is available in all versions of SSLeay and +OpenSSL. +.PP +\&\fIX509_STORE_set_verify_cb()\fR was added to OpenSSL 1.0.0. diff --git a/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 new file mode 100644 index 0000000000..51019301b9 --- /dev/null +++ b/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 @@ -0,0 +1,292 @@ +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_VERIFY_PARAM_set_flags 3" +.TH X509_VERIFY_PARAM_set_flags 3 "2010-06-01" "1.0.0a" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies \- X509 verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags); +\& int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, +\& unsigned long flags); +\& unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param); +\& +\& int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); +\& int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); +\& +\& void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); +\& +\& int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, +\& ASN1_OBJECT *policy); +\& int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, +\& STACK_OF(ASN1_OBJECT) *policies); +\& +\& void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); +\& int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions manipulate the \fBX509_VERIFY_PARAM\fR structure associated with +a certificate verification operation. +.PP +The \fIX509_VERIFY_PARAM_set_flags()\fR function sets the flags in \fBparam\fR by oring +it with \fBflags\fR. See the \fB\s-1VERIFICATION\s0 \s-1FLAGS\s0\fR section for a complete +description of values the \fBflags\fR parameter can take. +.PP +\&\fIX509_VERIFY_PARAM_get_flags()\fR returns the flags in \fBparam\fR. +.PP +\&\fIX509_VERIFY_PARAM_clear_flags()\fR clears the flags \fBflags\fR in \fBparam\fR. +.PP +\&\fIX509_VERIFY_PARAM_set_purpose()\fR sets the verification purpose in \fBparam\fR +to \fBpurpose\fR. This determines the acceptable purpose of the certificate +chain, for example \s-1SSL\s0 client or \s-1SSL\s0 server. +.PP +\&\fIX509_VERIFY_PARAM_set_trust()\fR sets the trust setting in \fBparam\fR to +\&\fBtrust\fR. +.PP +\&\fIX509_VERIFY_PARAM_set_time()\fR sets the verification time in \fBparam\fR to +\&\fBt\fR. Normally the current time is used. +.PP +\&\fIX509_VERIFY_PARAM_add0_policy()\fR enables policy checking (it is disabled +by default) and adds \fBpolicy\fR to the acceptable policy set. +.PP +\&\fIX509_VERIFY_PARAM_set1_policies()\fR enables policy checking (it is disabled +by default) and sets the acceptable policy set to \fBpolicies\fR. Any existing +policy set is cleared. The \fBpolicies\fR parameter can be \fB\s-1NULL\s0\fR to clear +an existing policy set. +.PP +\&\fIX509_VERIFY_PARAM_set_depth()\fR sets the maximum verification depth to \fBdepth\fR. +That is the maximum number of untrusted \s-1CA\s0 certificates that can appear in a +chain. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_VERIFY_PARAM_set_flags()\fR, \fIX509_VERIFY_PARAM_clear_flags()\fR, +\&\fIX509_VERIFY_PARAM_set_purpose()\fR, \fIX509_VERIFY_PARAM_set_trust()\fR, +\&\fIX509_VERIFY_PARAM_add0_policy()\fR and \fIX509_VERIFY_PARAM_set1_policies()\fR return 1 +for success and 0 for failure. +.PP +\&\fIX509_VERIFY_PARAM_get_flags()\fR returns the current verification flags. +.PP +\&\fIX509_VERIFY_PARAM_set_time()\fR and \fIX509_VERIFY_PARAM_set_depth()\fR do not return +values. +.PP +\&\fIX509_VERIFY_PARAM_get_depth()\fR returns the current verification depth. +.SH "VERIFICATION FLAGS" +.IX Header "VERIFICATION FLAGS" +The verification flags consists of zero or more of the following flags +ored together. +.PP +\&\fBX509_V_FLAG_CRL_CHECK\fR enables \s-1CRL\s0 checking for the certificate chain leaf +certificate. An error occurs if a suitable \s-1CRL\s0 cannot be found. +.PP +\&\fBX509_V_FLAG_CRL_CHECK_ALL\fR enables \s-1CRL\s0 checking for the entire certificate +chain. +.PP +\&\fBX509_V_FLAG_IGNORE_CRITICAL\fR disabled critical extension checking. By default +any unhandled critical extensions in certificates or (if checked) CRLs results +in a fatal error. If this flag is set unhandled critical extensions are +ignored. \fB\s-1WARNING\s0\fR setting this option for anything other than debugging +purposes can be a security risk. Finer control over which extensions are +supported can be performed in the verification callback. +.PP +THe \fBX509_V_FLAG_X509_STRICT\fR flag disables workarounds for some broken +certificates and makes the verification strictly apply \fBX509\fR rules. +.PP +\&\fBX509_V_FLAG_ALLOW_PROXY_CERTS\fR enables proxy certificate verification. +.PP +\&\fBX509_V_FLAG_POLICY_CHECK\fR enables certificate policy checking, by default +no policy checking is peformed. Additional information is sent to the +verification callback relating to policy checking. +.PP +\&\fBX509_V_FLAG_EXPLICIT_POLICY\fR, \fBX509_V_FLAG_INHIBIT_ANY\fR and +\&\fBX509_V_FLAG_INHIBIT_MAP\fR set the \fBrequire explicit policy\fR, \fBinhibit any +policy\fR and \fBinhibit policy mapping\fR flags respectively as defined in +\&\fB\s-1RFC3280\s0\fR. Policy checking is automatically enabled if any of these flags +are set. +.PP +If \fBX509_V_FLAG_NOTIFY_POLICY\fR is set and the policy checking is successful +a special status code is set to the verification callback. This permits it +to examine the valid policy tree and perform additional checks or simply +log it for debugging purposes. +.PP +By default some addtional features such as indirect CRLs and CRLs signed by +different keys are disabled. If \fBX509_V_FLAG_EXTENDED_CRL_SUPPORT\fR is set +they are enabled. +.PP +If \fBX509_V_FLAG_USE_DELTAS\fR ise set delta CRLs (if present) are used to +determine certificate status. If not set deltas are ignored. +.PP +\&\fBX509_V_FLAG_CHECK_SS_SIGNATURE\fR enables checking of the root \s-1CA\s0 self signed +cerificate signature. By default this check is disabled because it doesn't +add any additional security but in some cases applications might want to +check the signature anyway. A side effect of not checking the root \s-1CA\s0 +signature is that disabled or unsupported message digests on the root \s-1CA\s0 +are not treated as fatal errors. +.PP +The \fBX509_V_FLAG_CB_ISSUER_CHECK\fR flag enables debugging of certificate +issuer checks. It is \fBnot\fR needed unless you are logging certificate +verification. If this flag is set then additional status codes will be sent +to the verification callback and it \fBmust\fR be prepared to handle such cases +without assuming they are hard errors. +.SH "NOTES" +.IX Header "NOTES" +The above functions should be used to manipulate verification parameters +instead of legacy functions which work in specific structures such as +\&\fIX509_STORE_CTX_set_flags()\fR. +.SH "BUGS" +.IX Header "BUGS" +Delta \s-1CRL\s0 checking is currently primitive. Only a single delta can be used and +(partly due to limitations of \fBX509_STORE\fR) constructed CRLs are not +maintained. +.PP +If CRLs checking is enable CRLs are expected to be available in the +corresponding \fBX509_STORE\fR structure. No attempt is made to download +CRLs from the \s-1CRL\s0 distribution points extension. +.SH "EXAMPLE" +.IX Header "EXAMPLE" +Enable \s-1CRL\s0 checking when performing certificate verification during \s-1SSL\s0 +connections associated with an \fB\s-1SSL_CTX\s0\fR structure \fBctx\fR: +.PP +.Vb 5 +\& X509_VERIFY_PARAM *param; +\& param = X509_VERIFY_PARAM_new(); +\& X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); +\& SSL_CTX_set1_param(ctx, param); +\& X509_VERIFY_PARAM_free(param); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/X509_new.3 b/secure/lib/libcrypto/man/X509_new.3 index b0c200f9ec..8e5de12aeb 100644 --- a/secure/lib/libcrypto/man/X509_new.3 +++ b/secure/lib/libcrypto/man/X509_new.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_new 3" -.TH X509_new 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH X509_new 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -141,7 +133,9 @@ X509_new, X509_free \- X509 certificate ASN1 allocation functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 2 +.Vb 1 +\& #include +\& \& X509 *X509_new(void); \& void X509_free(X509 *a); .Ve diff --git a/secure/lib/libcrypto/man/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/X509_verify_cert.3 similarity index 70% copy from secure/lib/libcrypto/man/EVP_PKEY_new.3 copy to secure/lib/libcrypto/man/X509_verify_cert.3 index 32afc42fe4..5478d3fbc7 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_new.3 +++ b/secure/lib/libcrypto/man/X509_verify_cert.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,46 +123,52 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_new 3" -.TH EVP_PKEY_new 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "X509_verify_cert 3" +.TH X509_verify_cert 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_new, EVP_PKEY_free \- private key allocation functions. +X509_verify_cert \- discover and verify X509 certificte chain .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& #include +\& #include \& -\& EVP_PKEY *EVP_PKEY_new(void); -\& void EVP_PKEY_free(EVP_PKEY *key); +\& int X509_verify_cert(X509_STORE_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fIEVP_PKEY_new()\fR function allocates an empty \fB\s-1EVP_PKEY\s0\fR -structure which is used by OpenSSL to store private keys. +The \fIX509_verify_cert()\fR function attempts to discover and validate a +certificate chain based on parameters in \fBctx\fR. A complete description of +the process is contained in the \fIverify\fR\|(1) manual page. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If a complete chain can be built and validated this function returns 1, +otherwise it return zero, in exceptional circumstances it can also +return a negative code. .PP -\&\fIEVP_PKEY_free()\fR frees up the private key \fBkey\fR. +If the function fails additional error information can be obtained by +examining \fBctx\fR using, for example \fIX509_STORE_CTX_get_error()\fR. .SH "NOTES" .IX Header "NOTES" -The \fB\s-1EVP_PKEY\s0\fR structure is used by various OpenSSL functions -which require a general private key without reference to any -particular algorithm. -.PP -The structure returned by \fIEVP_PKEY_new()\fR is empty. To add a -private key to this empty structure the functions described in -\&\fIEVP_PKEY_set1_RSA\fR\|(3) should be used. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fIEVP_PKEY_new()\fR returns either the newly allocated \fB\s-1EVP_PKEY\s0\fR -structure of \fB\s-1NULL\s0\fR if an error occurred. +Applications rarely call this function directly but it is used by +OpenSSL internally for certificate validation, in both the S/MIME and +\&\s-1SSL/TLS\s0 code. .PP -\&\fIEVP_PKEY_free()\fR does not return a value. +The negative return value from \fIX509_verify_cert()\fR can only occur if no +certificate is set in \fBctx\fR (due to a programming error) or if a retry +operation is requested during internal lookups (which never happens with +standard lookup methods). It is however recommended that application check +for <= 0 return value on error. +.SH "BUGS" +.IX Header "BUGS" +This function uses the header \fBx509.h\fR as opposed to most chain verification +functiosn which use \fBx509_vfy.h\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIEVP_PKEY_set1_RSA\fR\|(3) +\&\fIX509_STORE_CTX_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\s-1TBA\s0 +\&\fIX509_verify_cert()\fR is available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/bio.3 b/secure/lib/libcrypto/man/bio.3 index 2e48544b57..b73da4dd0d 100644 --- a/secure/lib/libcrypto/man/bio.3 +++ b/secure/lib/libcrypto/man/bio.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "bio 3" -.TH bio 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH bio 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/blowfish.3 b/secure/lib/libcrypto/man/blowfish.3 index 70d9170dca..ef2168aa49 100644 --- a/secure/lib/libcrypto/man/blowfish.3 +++ b/secure/lib/libcrypto/man/blowfish.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "blowfish 3" -.TH blowfish 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH blowfish 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/bn.3 b/secure/lib/libcrypto/man/bn.3 index c937980d67..416311e613 100644 --- a/secure/lib/libcrypto/man/bn.3 +++ b/secure/lib/libcrypto/man/bn.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "bn 3" -.TH bn 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH bn 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/bn_internal.3 b/secure/lib/libcrypto/man/bn_internal.3 index da52c27b2e..9eeac506d1 100644 --- a/secure/lib/libcrypto/man/bn_internal.3 +++ b/secure/lib/libcrypto/man/bn_internal.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "bn_internal 3" -.TH bn_internal 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH bn_internal 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,7 +140,9 @@ bn_print, bn_dump, bn_set_max, bn_set_high, bn_set_low \- BIGNUM library internal functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 9 +.Vb 1 +\& #include +\& \& BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w); \& BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, \& BN_ULONG w); @@ -203,16 +197,20 @@ This page documents the internal functions used by the OpenSSL \&\fB\s-1BIGNUM\s0\fR implementation. They are described here to facilitate debugging and extending the library. They are \fInot\fR to be used by applications. -.Sh "The \s-1BIGNUM\s0 structure" +.SS "The \s-1BIGNUM\s0 structure" .IX Subsection "The BIGNUM structure" -.Vb 7 -\& typedef struct bignum_st +.Vb 1 +\& typedef struct bignum_st BIGNUM; +\& +\& struct bignum_st \& { -\& int top; /* number of words used in d */ -\& BN_ULONG *d; /* pointer to an array containing the integer value */ -\& int max; /* size of the d array */ -\& int neg; /* sign */ -\& } BIGNUM; +\& BN_ULONG *d; /* Pointer to an array of \*(AqBN_BITS2\*(Aq bit chunks. */ +\& int top; /* Index of last used d +1. */ +\& /* The next are internal book keeping for bn_expand. */ +\& int dmax; /* Size of the d array. */ +\& int neg; /* one if the number is negative */ +\& int flags; +\& }; .Ve .PP The integer value is stored in \fBd\fR, a \fImalloc()\fRed array of words (\fB\s-1BN_ULONG\s0\fR), @@ -220,18 +218,23 @@ least significant word first. A \fB\s-1BN_ULONG\s0\fR can be either 16, 32 or 64 in size, depending on the 'number of bits' (\fB\s-1BITS2\s0\fR) specified in \&\f(CW\*(C`openssl/bn.h\*(C'\fR. .PP -\&\fBmax\fR is the size of the \fBd\fR array that has been allocated. \fBtop\fR +\&\fBdmax\fR is the size of the \fBd\fR array that has been allocated. \fBtop\fR is the number of words being used, so for a value of 4, bn.d[0]=4 and bn.top=1. \fBneg\fR is 1 if the number is negative. When a \fB\s-1BIGNUM\s0\fR is \&\fB0\fR, the \fBd\fR field can be \fB\s-1NULL\s0\fR and \fBtop\fR == \fB0\fR. .PP +\&\fBflags\fR is a bit field of flags which are defined in \f(CW\*(C`openssl/bn.h\*(C'\fR. The +flags begin with \fB\s-1BN_FLG_\s0\fR. The macros BN_set_flags(b,n) and +BN_get_flags(b,n) exist to enable or fetch flag(s) \fBn\fR from \fB\s-1BIGNUM\s0\fR +structure \fBb\fR. +.PP Various routines in this library require the use of temporary \&\fB\s-1BIGNUM\s0\fR variables during their execution. Since dynamic memory allocation to create \fB\s-1BIGNUM\s0\fRs is rather expensive when used in conjunction with repeated subroutine calls, the \fB\s-1BN_CTX\s0\fR structure is used. This structure contains \fB\s-1BN_CTX_NUM\s0\fR \fB\s-1BIGNUM\s0\fRs, see \&\fIBN_CTX_start\fR\|(3). -.Sh "Low-level arithmetic operations" +.SS "Low-level arithmetic operations" .IX Subsection "Low-level arithmetic operations" These functions are implemented in C and for several platforms in assembly language: @@ -328,7 +331,7 @@ places the low word of the result in \fBr\fR and the high word in \fBc\fR. .PP sqr(\fBr0\fR, \fBr1\fR, \fBa\fR) computes \fBa\fR*\fBa\fR and places the low word of the result in \fBr0\fR and the high word in \fBr1\fR. -.Sh "Size changes" +.SS "Size changes" .IX Subsection "Size changes" \&\fIbn_expand()\fR ensures that \fBb\fR has enough space for a \fBbits\fR bit number. \fIbn_wexpand()\fR ensures that \fBb\fR has enough space for an @@ -338,15 +341,15 @@ data. They return \fB\s-1NULL\s0\fR on error, \fBb\fR otherwise. .PP The \fIbn_fix_top()\fR macro reduces \fBa\->top\fR to point to the most significant non-zero word plus one when \fBa\fR has shrunk. -.Sh "Debugging" +.SS "Debugging" .IX Subsection "Debugging" \&\fIbn_check_top()\fR verifies that \f(CW\*(C`((a)\->top >= 0 && (a)\->top -<= (a)\->max)\*(C'\fR. A violation will cause the program to abort. +<= (a)\->dmax)\*(C'\fR. A violation will cause the program to abort. .PP \&\fIbn_print()\fR prints \fBa\fR to stderr. \fIbn_dump()\fR prints \fBn\fR words at \fBd\fR (in reverse order, i.e. most significant word first) to stderr. .PP -\&\fIbn_set_max()\fR makes \fBa\fR a static number with a \fBmax\fR of its current size. +\&\fIbn_set_max()\fR makes \fBa\fR a static number with a \fBdmax\fR of its current size. This is used by \fIbn_set_low()\fR and \fIbn_set_high()\fR to make \fBr\fR a read-only \&\fB\s-1BIGNUM\s0\fR that contains the \fBn\fR low or high words of \fBa\fR. .PP diff --git a/secure/lib/libcrypto/man/buffer.3 b/secure/lib/libcrypto/man/buffer.3 index 9273131c48..a9054785ad 100644 --- a/secure/lib/libcrypto/man/buffer.3 +++ b/secure/lib/libcrypto/man/buffer.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "buffer 3" -.TH buffer 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH buffer 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/crypto.3 b/secure/lib/libcrypto/man/crypto.3 index 7d68843303..fa493ec66e 100644 --- a/secure/lib/libcrypto/man/crypto.3 +++ b/secure/lib/libcrypto/man/crypto.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "crypto 3" -.TH crypto 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH crypto 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 index 9eb729e83a..2052f8f2cc 100644 --- a/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 +++ b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_ASN1_OBJECT 3" -.TH d2i_ASN1_OBJECT 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH d2i_ASN1_OBJECT 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_DHparams.3 b/secure/lib/libcrypto/man/d2i_DHparams.3 index 43a6e383bf..95c2715066 100644 --- a/secure/lib/libcrypto/man/d2i_DHparams.3 +++ b/secure/lib/libcrypto/man/d2i_DHparams.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_DHparams 3" -.TH d2i_DHparams 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH d2i_DHparams 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 index a1814db52d..e4e136fb57 100644 --- a/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 +++ b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_DSAPublicKey 3" -.TH d2i_DSAPublicKey 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH d2i_DSAPublicKey 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 index 851faf190c..169e2a2a24 100644 --- a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 +++ b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_PKCS8PrivateKey 3" -.TH d2i_PKCS8PrivateKey 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH d2i_PKCS8PrivateKey 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 index 885503856c..5d4eb62ffb 100644 --- a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 +++ b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_RSAPublicKey 3" -.TH d2i_RSAPublicKey 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH d2i_RSAPublicKey 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,21 +139,21 @@ d2i_Netscape_RSA \- RSA public and private key encoding functions. \& #include \& #include \& -\& RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length); +\& RSA * d2i_RSAPublicKey(RSA **a, const unsigned char **pp, long length); \& \& int i2d_RSAPublicKey(RSA *a, unsigned char **pp); \& -\& RSA * d2i_RSA_PUBKEY(RSA **a, unsigned char **pp, long length); +\& RSA * d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length); \& \& int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp); \& -\& RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length); +\& RSA * d2i_RSAPrivateKey(RSA **a, const unsigned char **pp, long length); \& \& int i2d_RSAPrivateKey(RSA *a, unsigned char **pp); \& \& int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)()); \& -\& RSA * d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)()); +\& RSA * d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)()); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" diff --git a/secure/lib/libcrypto/man/d2i_X509.3 b/secure/lib/libcrypto/man/d2i_X509.3 index 6a78b8c235..d44e630fbd 100644 --- a/secure/lib/libcrypto/man/d2i_X509.3 +++ b/secure/lib/libcrypto/man/d2i_X509.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509 3" -.TH d2i_X509 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH d2i_X509 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,8 +143,8 @@ i2d_X509_fp \- X509 encode and decode functions \& X509 *d2i_X509_bio(BIO *bp, X509 **x); \& X509 *d2i_X509_fp(FILE *fp, X509 **x); \& -\& int i2d_X509_bio(X509 *x, BIO *bp); -\& int i2d_X509_fp(X509 *x, FILE *fp); +\& int i2d_X509_bio(BIO *bp, X509 *x); +\& int i2d_X509_fp(FILE *fp, X509 *x); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -353,11 +345,11 @@ always succeed. or \fB\s-1NULL\s0\fR if an error occurs. The error code that can be obtained by \&\fIERR_get_error\fR\|(3). .PP -\&\fIi2d_X509()\fR, \fIi2d_X509_bio()\fR and \fIi2d_X509_fp()\fR return a the number of bytes -successfully encoded or a negative value if an error occurs. The error code -can be obtained by \fIERR_get_error\fR\|(3). +\&\fIi2d_X509()\fR returns the number of bytes successfully encoded or a negative +value if an error occurs. The error code can be obtained by +\&\fIERR_get_error\fR\|(3). .PP -\&\fIi2d_X509_bio()\fR and \fIi2d_X509_fp()\fR returns 1 for success and 0 if an error +\&\fIi2d_X509_bio()\fR and \fIi2d_X509_fp()\fR return 1 for success and 0 if an error occurs The error code can be obtained by \fIERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" diff --git a/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 index 1205fbb603..9179ca52db 100644 --- a/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 +++ b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_ALGOR 3" -.TH d2i_X509_ALGOR 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH d2i_X509_ALGOR 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_X509_CRL.3 b/secure/lib/libcrypto/man/d2i_X509_CRL.3 index 0caf390828..d2ce1e81f8 100644 --- a/secure/lib/libcrypto/man/d2i_X509_CRL.3 +++ b/secure/lib/libcrypto/man/d2i_X509_CRL.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_CRL 3" -.TH d2i_X509_CRL 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH d2i_X509_CRL 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,8 +143,8 @@ i2d_X509_CRL_bio, i2d_X509_CRL_fp \- PKCS#10 certificate request functions. \& X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **x); \& X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **x); \& -\& int i2d_X509_CRL_bio(X509_CRL *x, BIO *bp); -\& int i2d_X509_CRL_fp(X509_CRL *x, FILE *fp); +\& int i2d_X509_CRL_bio(BIO *bp, X509_CRL *x); +\& int i2d_X509_CRL_fp(FILE *fp, X509_CRL *x); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" diff --git a/secure/lib/libcrypto/man/d2i_X509_NAME.3 b/secure/lib/libcrypto/man/d2i_X509_NAME.3 index 5a72699952..647604f4c3 100644 --- a/secure/lib/libcrypto/man/d2i_X509_NAME.3 +++ b/secure/lib/libcrypto/man/d2i_X509_NAME.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_NAME 3" -.TH d2i_X509_NAME 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH d2i_X509_NAME 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_X509_REQ.3 b/secure/lib/libcrypto/man/d2i_X509_REQ.3 index eb92639acb..e4103df2ed 100644 --- a/secure/lib/libcrypto/man/d2i_X509_REQ.3 +++ b/secure/lib/libcrypto/man/d2i_X509_REQ.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_REQ 3" -.TH d2i_X509_REQ 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH d2i_X509_REQ 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,8 +143,8 @@ i2d_X509_REQ_bio, i2d_X509_REQ_fp \- PKCS#10 certificate request functions. \& X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **x); \& X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **x); \& -\& int i2d_X509_REQ_bio(X509_REQ *x, BIO *bp); -\& int i2d_X509_REQ_fp(X509_REQ *x, FILE *fp); +\& int i2d_X509_REQ_bio(BIO *bp, X509_REQ *x); +\& int i2d_X509_REQ_fp(FILE *fp, X509_REQ *x); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" diff --git a/secure/lib/libcrypto/man/d2i_X509_SIG.3 b/secure/lib/libcrypto/man/d2i_X509_SIG.3 index 6feb59d838..bd6cc91deb 100644 --- a/secure/lib/libcrypto/man/d2i_X509_SIG.3 +++ b/secure/lib/libcrypto/man/d2i_X509_SIG.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_SIG 3" -.TH d2i_X509_SIG 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH d2i_X509_SIG 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/des.3 b/secure/lib/libcrypto/man/des.3 index bee35cd574..586ef8a4b7 100644 --- a/secure/lib/libcrypto/man/des.3 +++ b/secure/lib/libcrypto/man/des.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "des 3" -.TH des 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH des 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/des_modes.7 b/secure/lib/libcrypto/man/des_modes.7 index 1341c45092..8c8660cd32 100644 --- a/secure/lib/libcrypto/man/des_modes.7 +++ b/secure/lib/libcrypto/man/des_modes.7 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DES_MODES 7" -.TH DES_MODES 7 "2010-02-27" "0.9.8m" "OpenSSL" +.TH DES_MODES 7 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,7 +138,7 @@ are used for using block ciphers in a way similar to stream ciphers, among other things. .SH "OVERVIEW" .IX Header "OVERVIEW" -.Sh "Electronic Codebook Mode (\s-1ECB\s0)" +.SS "Electronic Codebook Mode (\s-1ECB\s0)" .IX Subsection "Electronic Codebook Mode (ECB)" Normally, this is found as the function \fIalgorithm\fR\fI_ecb_encrypt()\fR. .IP "\(bu" 2 @@ -158,7 +150,7 @@ The same plaintext block always produces the same ciphertext block (for the same key) making it vulnerable to a 'dictionary attack'. .IP "\(bu" 2 An error will only affect one ciphertext block. -.Sh "Cipher Block Chaining Mode (\s-1CBC\s0)" +.SS "Cipher Block Chaining Mode (\s-1CBC\s0)" .IX Subsection "Cipher Block Chaining Mode (CBC)" Normally, this is found as the function \fIalgorithm\fR\fI_cbc_encrypt()\fR. Be aware that \fIdes_cbc_encrypt()\fR is not really \s-1DES\s0 \s-1CBC\s0 (it does @@ -177,7 +169,7 @@ The use of different starting variables prevents the same plaintext enciphering to the same ciphertext. .IP "\(bu" 2 An error will affect the current and the following ciphertext blocks. -.Sh "Cipher Feedback Mode (\s-1CFB\s0)" +.SS "Cipher Feedback Mode (\s-1CFB\s0)" .IX Subsection "Cipher Feedback Mode (CFB)" Normally, this is found as the function \fIalgorithm\fR\fI_cfb_encrypt()\fR. .IP "\(bu" 2 @@ -203,7 +195,7 @@ greater processing overheads. Only multiples of j bits can be enciphered. .IP "\(bu" 2 An error will affect the current and the following ciphertext variables. -.Sh "Output Feedback Mode (\s-1OFB\s0)" +.SS "Output Feedback Mode (\s-1OFB\s0)" .IX Subsection "Output Feedback Mode (OFB)" Normally, this is found as the function \fIalgorithm\fR\fI_ofb_encrypt()\fR. .IP "\(bu" 2 @@ -240,7 +232,7 @@ different from the start variable values used before with the same key. The reason for this is that an identical bit stream would be produced each time from the same parameters. This would be susceptible to a 'known plaintext' attack. -.Sh "Triple \s-1ECB\s0 Mode" +.SS "Triple \s-1ECB\s0 Mode" .IX Subsection "Triple ECB Mode" Normally, this is found as the function \fIalgorithm\fR\fI_ecb3_encrypt()\fR. .IP "\(bu" 2 @@ -260,7 +252,7 @@ to only slightly more than 56 bits, but these require a lot of memory. .IP "\(bu" 2 If all 3 keys are the same, this is effectively the same as normal ecb mode. -.Sh "Triple \s-1CBC\s0 Mode" +.SS "Triple \s-1CBC\s0 Mode" .IX Subsection "Triple CBC Mode" Normally, this is found as the function \fIalgorithm\fR\fI_ede3_cbc_encrypt()\fR. .IP "\(bu" 2 diff --git a/secure/lib/libcrypto/man/dh.3 b/secure/lib/libcrypto/man/dh.3 index d81323cc0b..e64c739c48 100644 --- a/secure/lib/libcrypto/man/dh.3 +++ b/secure/lib/libcrypto/man/dh.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "dh 3" -.TH dh 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH dh 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/dsa.3 b/secure/lib/libcrypto/man/dsa.3 index 0e7468bd86..3c02f870a3 100644 --- a/secure/lib/libcrypto/man/dsa.3 +++ b/secure/lib/libcrypto/man/dsa.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "dsa 3" -.TH dsa 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH dsa 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ecdsa.3 b/secure/lib/libcrypto/man/ecdsa.3 index 8f75cc8ef0..7956f32eaf 100644 --- a/secure/lib/libcrypto/man/ecdsa.3 +++ b/secure/lib/libcrypto/man/ecdsa.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ecdsa 3" -.TH ecdsa 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH ecdsa 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/engine.3 b/secure/lib/libcrypto/man/engine.3 index 43d7477254..d4a12bbc18 100644 --- a/secure/lib/libcrypto/man/engine.3 +++ b/secure/lib/libcrypto/man/engine.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "engine 3" -.TH engine 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH engine 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -314,7 +306,7 @@ implementation includes the following abstractions; \& EVP_DIGEST \- potentially multiple hash algorithms (indexed by \*(Aqnid\*(Aq) \& key\-loading \- loading public and/or private EVP_PKEY keys .Ve -.Sh "Reference counting and handles" +.SS "Reference counting and handles" .IX Subsection "Reference counting and handles" Due to the modular nature of the \s-1ENGINE\s0 \s-1API\s0, pointers to ENGINEs need to be treated as handles \- ie. not only as pointers, but also as references to @@ -401,7 +393,7 @@ default implementation for a given task, eg. by \fIENGINE_get_default_RSA()\fR, section, though they are not usually required by application programmers as they are used automatically when creating and using the relevant algorithm-specific types in OpenSSL, such as \s-1RSA\s0, \s-1DSA\s0, \s-1EVP_CIPHER_CTX\s0, etc. -.Sh "Default implementations" +.SS "Default implementations" .IX Subsection "Default implementations" For each supported abstraction, the \s-1ENGINE\s0 code maintains an internal table of state to control which implementations are available for a given @@ -440,7 +432,7 @@ that it also sets the state table's cached response for the \*(L"get_default\*(R query. In the case of abstractions like \s-1EVP_CIPHER\s0, where implementations are indexed by 'nid', these flags and cached-responses are distinct for each 'nid' value. -.Sh "Application requirements" +.SS "Application requirements" .IX Subsection "Application requirements" This section will explain the basic things an application programmer should support to make the most useful elements of the \s-1ENGINE\s0 functionality @@ -556,7 +548,7 @@ That's all that's required. Eg. the next time OpenSSL tries to set up an \&\s-1RSA\s0 key, any bundled ENGINEs that implement \s-1RSA_METHOD\s0 will be passed to \&\fIENGINE_init()\fR and if any of those succeed, that \s-1ENGINE\s0 will be set as the default for \s-1RSA\s0 use from then on. -.Sh "Advanced configuration support" +.SS "Advanced configuration support" .IX Subsection "Advanced configuration support" There is a mechanism supported by the \s-1ENGINE\s0 framework that allows each \&\s-1ENGINE\s0 implementation to define an arbitrary set of configuration @@ -731,7 +723,7 @@ supports certain specific commands it might want to use (eg. application \*(L"fo might query various ENGINEs to see if they implement \*(L"\s-1FOO_GET_VENDOR_LOGO_GIF\s0\*(R" \- and \s-1ENGINE\s0 could therefore decide whether or not to support this \*(L"foo\*(R"\-specific extension). -.Sh "Future developments" +.SS "Future developments" .IX Subsection "Future developments" The \s-1ENGINE\s0 \s-1API\s0 and internal architecture is currently being reviewed. Slated for possible release in 0.9.8 is support for transparent loading of \*(L"dynamic\*(R" diff --git a/secure/lib/libcrypto/man/err.3 b/secure/lib/libcrypto/man/err.3 index 4dbf4c97de..75183fff81 100644 --- a/secure/lib/libcrypto/man/err.3 +++ b/secure/lib/libcrypto/man/err.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "err 3" -.TH err 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH err 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -207,7 +199,7 @@ OpenSSL error system from within your application. .PP The remainder of this section is of interest only if you want to add new error codes to OpenSSL or add error codes from external libraries. -.Sh "Reporting errors" +.SS "Reporting errors" .IX Subsection "Reporting errors" Each sub-library has a specific macro \fIXXXerr()\fR that is used to report errors. Its first argument is a function code \fB\s-1XXX_F_\s0...\fR, the second @@ -237,7 +229,7 @@ Although a library will normally report errors using its own specific XXXerr macro, another library's macro can be used. This is normally only done when a library wants to include \s-1ASN1\s0 code which must use the \fIASN1err()\fR macro. -.Sh "Adding new libraries" +.SS "Adding new libraries" .IX Subsection "Adding new libraries" When adding a new sub-library to OpenSSL, assign it a library number \&\fB\s-1ERR_LIB_XXX\s0\fR, define a macro \fIXXXerr()\fR (both in \fBerr.h\fR), add its diff --git a/secure/lib/libcrypto/man/evp.3 b/secure/lib/libcrypto/man/evp.3 index d656d88d47..dc4b299e61 100644 --- a/secure/lib/libcrypto/man/evp.3 +++ b/secure/lib/libcrypto/man/evp.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "evp 3" -.TH evp 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH evp 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -158,14 +150,24 @@ digital signatures. Symmetric encryption is available with the \fBEVP_Encrypt\fR\fI...\fR functions. The \fBEVP_Digest\fR\fI...\fR functions provide message digests. .PP +The \fB\s-1EVP_PKEY\s0\fR\fI...\fR functions provide a high level interface to +asymmetric algorithms. +.PP Algorithms are loaded with \fIOpenSSL_add_all_algorithms\fR\|(3). .PP -All the symmetric algorithms (ciphers) and digests can be replaced by \s-1ENGINE\s0 -modules providing alternative implementations. If \s-1ENGINE\s0 implementations of -ciphers or digests are registered as defaults, then the various \s-1EVP\s0 functions -will automatically use those implementations automatically in preference to -built in software implementations. For more information, consult the \fIengine\fR\|(3) -man page. +All the symmetric algorithms (ciphers), digests and asymmetric algorithms +(public key algorithms) can be replaced by \s-1ENGINE\s0 modules providing alternative +implementations. If \s-1ENGINE\s0 implementations of ciphers or digests are registered +as defaults, then the various \s-1EVP\s0 functions will automatically use those +implementations automatically in preference to built in software +implementations. For more information, consult the \fIengine\fR\|(3) man page. +.PP +Although low level algorithm specific functions exist for many algorithms +their use is discouraged. They cannot be used with an \s-1ENGINE\s0 and \s-1ENGINE\s0 +versions of new algorithms cannot be accessed using the low level functions. +Also makes code harder to adapt to new algorithms and some options are not +cleanly supported at the low level and some operations are more efficient +using the high level interface. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIEVP_DigestInit\fR\|(3), diff --git a/secure/lib/libcrypto/man/hmac.3 b/secure/lib/libcrypto/man/hmac.3 index b8462ce8a7..36e5ac128d 100644 --- a/secure/lib/libcrypto/man/hmac.3 +++ b/secure/lib/libcrypto/man/hmac.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "hmac 3" -.TH hmac 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH hmac 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,12 +143,12 @@ authentication code \& \& void HMAC_CTX_init(HMAC_CTX *ctx); \& -\& void HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, +\& int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, \& const EVP_MD *md); -\& void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, +\& int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, \& const EVP_MD *md, ENGINE *impl); -\& void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len); -\& void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); +\& int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len); +\& int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); \& \& void HMAC_CTX_cleanup(HMAC_CTX *ctx); \& void HMAC_cleanup(HMAC_CTX *ctx); @@ -177,8 +169,6 @@ If \fBmd\fR is \s-1NULL\s0, the digest is placed in a static array. The size of the output is placed in \fBmd_len\fR, unless it is \fB\s-1NULL\s0\fR. .PP \&\fBevp_md\fR can be \fIEVP_sha1()\fR, \fIEVP_ripemd160()\fR etc. -\&\fBkey\fR and \fBevp_md\fR may be \fB\s-1NULL\s0\fR if a key and hash function have -been set in a previous call to \fIHMAC_Init()\fR for that \fB\s-1HMAC_CTX\s0\fR. .PP \&\fIHMAC_CTX_init()\fR initialises a \fB\s-1HMAC_CTX\s0\fR before first use. It must be called. @@ -213,10 +203,13 @@ be authenticated (\fBlen\fR bytes at \fBdata\fR). must have space for the hash function output. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\s-1\fIHMAC\s0()\fR returns a pointer to the message authentication code. +\&\s-1\fIHMAC\s0()\fR returns a pointer to the message authentication code or \s-1NULL\s0 if +an error occurred. .PP -\&\fIHMAC_CTX_init()\fR, \fIHMAC_Init_ex()\fR, \fIHMAC_Update()\fR, \fIHMAC_Final()\fR and -\&\fIHMAC_CTX_cleanup()\fR do not return values. +\&\fIHMAC_Init_ex()\fR, \fIHMAC_Update()\fR and \fIHMAC_Final()\fR return 1 for success or 0 if +an error occurred. +.PP +\&\fIHMAC_CTX_init()\fR and \fIHMAC_CTX_cleanup()\fR do not return values. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1RFC\s0 2104 @@ -230,3 +223,6 @@ are available since SSLeay 0.9.0. .PP \&\fIHMAC_CTX_init()\fR, \fIHMAC_Init_ex()\fR and \fIHMAC_CTX_cleanup()\fR are available since OpenSSL 0.9.7. +.PP +\&\fIHMAC_Init_ex()\fR, \fIHMAC_Update()\fR and \fIHMAC_Final()\fR did not return values in +versions of OpenSSL before 1.0.0. diff --git a/secure/lib/libcrypto/man/DH_new.3 b/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 similarity index 77% copy from secure/lib/libcrypto/man/DH_new.3 copy to secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 index 24ece8fcfd..dade049a29 100644 --- a/secure/lib/libcrypto/man/DH_new.3 +++ b/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,41 +123,45 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DH_new 3" -.TH DH_new 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "i2d_CMS_bio_stream 3" +.TH i2d_CMS_bio_stream 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -DH_new, DH_free \- allocate and free DH objects +.Vb 1 +\& i2d_CMS_bio_stream \- output CMS_ContentInfo structure in BER format. +.Ve .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& #include -\& -\& DH* DH_new(void); +\& #include \& -\& void DH_free(DH *dh); +\& int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDH_new()\fR allocates and initializes a \fB\s-1DH\s0\fR structure. +\&\fIi2d_CMS_bio_stream()\fR outputs a CMS_ContentInfo structure in \s-1BER\s0 format. .PP -\&\fIDH_free()\fR frees the \fB\s-1DH\s0\fR structure and its components. The values are -erased before the memory is returned to the system. +It is otherwise identical to the function \fISMIME_write_CMS()\fR. +.SH "NOTES" +.IX Header "NOTES" +This function is effectively a version of the \fIi2d_CMS_bio()\fR supporting +streaming. +.SH "BUGS" +.IX Header "BUGS" +The prefix \*(L"i2d\*(R" is arguably wrong because the function outputs \s-1BER\s0 format. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If the allocation fails, \fIDH_new()\fR returns \fB\s-1NULL\s0\fR and sets an error -code that can be obtained by \fIERR_get_error\fR\|(3). Otherwise it returns -a pointer to the newly allocated structure. -.PP -\&\fIDH_free()\fR returns no value. +\&\fIi2d_CMS_bio_stream()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdh\fR\|(3), \fIERR_get_error\fR\|(3), -\&\fIDH_generate_parameters\fR\|(3), -\&\fIDH_generate_key\fR\|(3) +\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), +\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3) +\&\fICMS_decrypt\fR\|(3), +\&\fISMIME_write_CMS\fR\|(3), +\&\fIPEM_write_bio_CMS_stream\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIDH_new()\fR and \fIDH_free()\fR are available in all versions of SSLeay and OpenSSL. +\&\fIi2d_CMS_bio_stream()\fR was added to OpenSSL 1.0.0 diff --git a/secure/lib/libcrypto/man/DH_new.3 b/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 similarity index 77% copy from secure/lib/libcrypto/man/DH_new.3 copy to secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 index 24ece8fcfd..8328c668c6 100644 --- a/secure/lib/libcrypto/man/DH_new.3 +++ b/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,41 +123,43 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DH_new 3" -.TH DH_new 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "i2d_PKCS7_bio_stream 3" +.TH i2d_PKCS7_bio_stream 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -DH_new, DH_free \- allocate and free DH objects +i2d_PKCS7_bio_stream \- output PKCS7 structure in BER format. .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& #include +\& #include \& -\& DH* DH_new(void); -\& -\& void DH_free(DH *dh); +\& int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *data, int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDH_new()\fR allocates and initializes a \fB\s-1DH\s0\fR structure. +\&\fIi2d_PKCS7_bio_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1BER\s0 format. .PP -\&\fIDH_free()\fR frees the \fB\s-1DH\s0\fR structure and its components. The values are -erased before the memory is returned to the system. +It is otherwise identical to the function \fISMIME_write_PKCS7()\fR. +.SH "NOTES" +.IX Header "NOTES" +This function is effectively a version of the \fId2i_PKCS7_bio()\fR supporting +streaming. +.SH "BUGS" +.IX Header "BUGS" +The prefix \*(L"d2i\*(R" is arguably wrong because the function outputs \s-1BER\s0 format. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If the allocation fails, \fIDH_new()\fR returns \fB\s-1NULL\s0\fR and sets an error -code that can be obtained by \fIERR_get_error\fR\|(3). Otherwise it returns -a pointer to the newly allocated structure. -.PP -\&\fIDH_free()\fR returns no value. +\&\fIi2d_PKCS7_bio_stream()\fR returns 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdh\fR\|(3), \fIERR_get_error\fR\|(3), -\&\fIDH_generate_parameters\fR\|(3), -\&\fIDH_generate_key\fR\|(3) +\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3), +\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3) +\&\fIPKCS7_decrypt\fR\|(3), +\&\fISMIME_write_PKCS7\fR\|(3), +\&\fIPEM_write_bio_PKCS7_stream\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIDH_new()\fR and \fIDH_free()\fR are available in all versions of SSLeay and OpenSSL. +\&\fIi2d_PKCS7_bio_stream()\fR was added to OpenSSL 1.0.0 diff --git a/secure/lib/libcrypto/man/lh_stats.3 b/secure/lib/libcrypto/man/lh_stats.3 index 5a25b45f51..1fa9c4e7f1 100644 --- a/secure/lib/libcrypto/man/lh_stats.3 +++ b/secure/lib/libcrypto/man/lh_stats.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "lh_stats 3" -.TH lh_stats 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH lh_stats 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/lhash.3 b/secure/lib/libcrypto/man/lhash.3 index 62fc185783..8c6112ab60 100644 --- a/secure/lib/libcrypto/man/lhash.3 +++ b/secure/lib/libcrypto/man/lhash.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "lhash 3" -.TH lhash 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH lhash 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,18 +136,20 @@ lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall, lh_doall_arg, lh_e .Vb 1 \& #include \& -\& LHASH *lh_new(LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE compare); -\& void lh_free(LHASH *table); +\& DECLARE_LHASH_OF(); +\& +\& LHASH *lh__new(); +\& void lh__free(LHASH_OF( *table); \& -\& void *lh_insert(LHASH *table, void *data); -\& void *lh_delete(LHASH *table, void *data); -\& void *lh_retrieve(LHASH *table, void *data); +\& *lh__insert(LHASH_OF( *table, *data); +\& *lh__delete(LHASH_OF( *table, *data); +\& *lh_retrieve(LHASH_OF *table, *data); \& -\& void lh_doall(LHASH *table, LHASH_DOALL_FN_TYPE func); -\& void lh_doall_arg(LHASH *table, LHASH_DOALL_ARG_FN_TYPE func, -\& void *arg); +\& void lh__doall(LHASH_OF( *table, LHASH_DOALL_FN_TYPE func); +\& void lh__doall_arg(LHASH_OF( *table, LHASH_DOALL_ARG_FN_TYPE func, +\& , *arg); \& -\& int lh_error(LHASH *table); +\& int lh__error(LHASH_OF( *table); \& \& typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *); \& typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *); @@ -164,118 +158,118 @@ lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall, lh_doall_arg, lh_e .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -This library implements dynamic hash tables. The hash table entries -can be arbitrary structures. Usually they consist of key and value -fields. -.PP -\&\fIlh_new()\fR creates a new \fB\s-1LHASH\s0\fR structure to store arbitrary data -entries, and provides the 'hash' and 'compare' callbacks to be used in -organising the table's entries. The \fBhash\fR callback takes a pointer -to a table entry as its argument and returns an unsigned long hash -value for its key field. The hash value is normally truncated to a -power of 2, so make sure that your hash function returns well mixed -low order bits. The \fBcompare\fR callback takes two arguments (pointers -to two hash table entries), and returns 0 if their keys are equal, -non-zero otherwise. If your hash table will contain items of some -particular type and the \fBhash\fR and \fBcompare\fR callbacks hash/compare -these types, then the \fB\s-1DECLARE_LHASH_HASH_FN\s0\fR and -\&\fB\s-1IMPLEMENT_LHASH_COMP_FN\s0\fR macros can be used to create callback -wrappers of the prototypes required by \fIlh_new()\fR. These provide -per-variable casts before calling the type-specific callbacks written -by the application author. These macros, as well as those used for -the \*(L"doall\*(R" callbacks, are defined as; +This library implements type-checked dynamic hash tables. The hash +table entries can be arbitrary structures. Usually they consist of key +and value fields. +.PP +lh_\fI_new()\fR creates a new \fB\s-1LHASH_OF\s0( structure to store +arbitrary data entries, and provides the 'hash' and 'compare' +callbacks to be used in organising the table's entries. The \fBhash\fR +callback takes a pointer to a table entry as its argument and returns +an unsigned long hash value for its key field. The hash value is +normally truncated to a power of 2, so make sure that your hash +function returns well mixed low order bits. The \fBcompare\fR callback +takes two arguments (pointers to two hash table entries), and returns +0 if their keys are equal, non-zero otherwise. If your hash table +will contain items of some particular type and the \fBhash\fR and +\&\fBcompare\fR callbacks hash/compare these types, then the +\&\fB\s-1DECLARE_LHASH_HASH_FN\s0\fR and \fB\s-1IMPLEMENT_LHASH_COMP_FN\s0\fR macros can be +used to create callback wrappers of the prototypes required by +lh_\fI_new()\fR. These provide per-variable casts before calling the +type-specific callbacks written by the application author. These +macros, as well as those used for the \*(L"doall\*(R" callbacks, are defined +as; .PP .Vb 7 -\& #define DECLARE_LHASH_HASH_FN(f_name,o_type) \e -\& unsigned long f_name##_LHASH_HASH(const void *); -\& #define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \e -\& unsigned long f_name##_LHASH_HASH(const void *arg) { \e -\& o_type a = (o_type)arg; \e -\& return f_name(a); } -\& #define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH +\& #define DECLARE_LHASH_HASH_FN(name, o_type) \e +\& unsigned long name##_LHASH_HASH(const void *); +\& #define IMPLEMENT_LHASH_HASH_FN(name, o_type) \e +\& unsigned long name##_LHASH_HASH(const void *arg) { \e +\& const o_type *a = arg; \e +\& return name##_hash(a); } +\& #define LHASH_HASH_FN(name) name##_LHASH_HASH \& -\& #define DECLARE_LHASH_COMP_FN(f_name,o_type) \e -\& int f_name##_LHASH_COMP(const void *, const void *); -\& #define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \e -\& int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \e -\& o_type a = (o_type)arg1; \e -\& o_type b = (o_type)arg2; \e -\& return f_name(a,b); } -\& #define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP +\& #define DECLARE_LHASH_COMP_FN(name, o_type) \e +\& int name##_LHASH_COMP(const void *, const void *); +\& #define IMPLEMENT_LHASH_COMP_FN(name, o_type) \e +\& int name##_LHASH_COMP(const void *arg1, const void *arg2) { \e +\& const o_type *a = arg1; \e +\& const o_type *b = arg2; \e +\& return name##_cmp(a,b); } +\& #define LHASH_COMP_FN(name) name##_LHASH_COMP \& -\& #define DECLARE_LHASH_DOALL_FN(f_name,o_type) \e -\& void f_name##_LHASH_DOALL(const void *); -\& #define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \e -\& void f_name##_LHASH_DOALL(const void *arg) { \e -\& o_type a = (o_type)arg; \e -\& f_name(a); } -\& #define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL +\& #define DECLARE_LHASH_DOALL_FN(name, o_type) \e +\& void name##_LHASH_DOALL(void *); +\& #define IMPLEMENT_LHASH_DOALL_FN(name, o_type) \e +\& void name##_LHASH_DOALL(void *arg) { \e +\& o_type *a = arg; \e +\& name##_doall(a); } +\& #define LHASH_DOALL_FN(name) name##_LHASH_DOALL +\& +\& #define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \e +\& void name##_LHASH_DOALL_ARG(void *, void *); +\& #define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \e +\& void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \e +\& o_type *a = arg1; \e +\& a_type *b = arg2; \e +\& name##_doall_arg(a, b); } +\& #define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG +\& +\& An example of a hash table storing (pointers to) structures of type \*(AqSTUFF\*(Aq +\& could be defined as follows; \& -\& #define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \e -\& void f_name##_LHASH_DOALL_ARG(const void *, const void *); -\& #define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \e -\& void f_name##_LHASH_DOALL_ARG(const void *arg1, const void *arg2) { \e -\& o_type a = (o_type)arg1; \e -\& a_type b = (a_type)arg2; \e -\& f_name(a,b); } -\& #define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG -.Ve -.PP -An example of a hash table storing (pointers to) structures of type '\s-1STUFF\s0' -could be defined as follows; -.PP -.Vb 10 \& /* Calculates the hash value of \*(Aqtohash\*(Aq (implemented elsewhere) */ \& unsigned long STUFF_hash(const STUFF *tohash); \& /* Orders \*(Aqarg1\*(Aq and \*(Aqarg2\*(Aq (implemented elsewhere) */ -\& int STUFF_cmp(const STUFF *arg1, const STUFF *arg2); +\& int stuff_cmp(const STUFF *arg1, const STUFF *arg2); \& /* Create the type\-safe wrapper functions for use in the LHASH internals */ -\& static IMPLEMENT_LHASH_HASH_FN(STUFF_hash, const STUFF *) -\& static IMPLEMENT_LHASH_COMP_FN(STUFF_cmp, const STUFF *); +\& static IMPLEMENT_LHASH_HASH_FN(stuff, STUFF); +\& static IMPLEMENT_LHASH_COMP_FN(stuff, STUFF); \& /* ... */ \& int main(int argc, char *argv[]) { \& /* Create the new hash table using the hash/compare wrappers */ -\& LHASH *hashtable = lh_new(LHASH_HASH_FN(STUFF_hash), +\& LHASH_OF(STUFF) *hashtable = lh_STUFF_new(LHASH_HASH_FN(STUFF_hash), \& LHASH_COMP_FN(STUFF_cmp)); \& /* ... */ \& } .Ve .PP -\&\fIlh_free()\fR frees the \fB\s-1LHASH\s0\fR structure \fBtable\fR. Allocated hash table -entries will not be freed; consider using \fIlh_doall()\fR to deallocate any -remaining entries in the hash table (see below). +lh_\fI_free()\fR frees the \fB\s-1LHASH_OF\s0( structure +\&\fBtable\fR. Allocated hash table entries will not be freed; consider +using lh_\fI_doall()\fR to deallocate any remaining entries in the +hash table (see below). .PP -\&\fIlh_insert()\fR inserts the structure pointed to by \fBdata\fR into \fBtable\fR. -If there already is an entry with the same key, the old value is -replaced. Note that \fIlh_insert()\fR stores pointers, the data are not -copied. +lh_\fI_insert()\fR inserts the structure pointed to by \fBdata\fR into +\&\fBtable\fR. If there already is an entry with the same key, the old +value is replaced. Note that lh_\fI_insert()\fR stores pointers, the +data are not copied. .PP -\&\fIlh_delete()\fR deletes an entry from \fBtable\fR. +lh_\fI_delete()\fR deletes an entry from \fBtable\fR. .PP -\&\fIlh_retrieve()\fR looks up an entry in \fBtable\fR. Normally, \fBdata\fR is -a structure with the key field(s) set; the function will return a +lh_\fI_retrieve()\fR looks up an entry in \fBtable\fR. Normally, \fBdata\fR +is a structure with the key field(s) set; the function will return a pointer to a fully populated structure. .PP -\&\fIlh_doall()\fR will, for every entry in the hash table, call \fBfunc\fR with -the data item as its parameter. For \fIlh_doall()\fR and \fIlh_doall_arg()\fR, -function pointer casting should be avoided in the callbacks (see -\&\fB\s-1NOTE\s0\fR) \- instead, either declare the callbacks to match the -prototype required in \fIlh_new()\fR or use the declare/implement macros to -create type-safe wrappers that cast variables prior to calling your -type-specific callbacks. An example of this is illustrated here where -the callback is used to cleanup resources for items in the hash table -prior to the hashtable itself being deallocated: +lh_\fI_doall()\fR will, for every entry in the hash table, call +\&\fBfunc\fR with the data item as its parameter. For lh_\fI_doall()\fR +and lh_\fI_doall_arg()\fR, function pointer casting should be avoided +in the callbacks (see \fB\s-1NOTE\s0\fR) \- instead use the declare/implement +macros to create type-checked wrappers that cast variables prior to +calling your type-specific callbacks. An example of this is +illustrated here where the callback is used to cleanup resources for +items in the hash table prior to the hashtable itself being +deallocated: .PP .Vb 9 \& /* Cleans up resources belonging to \*(Aqa\*(Aq (this is implemented elsewhere) */ -\& void STUFF_cleanup(STUFF *a); +\& void STUFF_cleanup_doall(STUFF *a); \& /* Implement a prototype\-compatible wrapper for "STUFF_cleanup" */ -\& IMPLEMENT_LHASH_DOALL_FN(STUFF_cleanup, STUFF *) +\& IMPLEMENT_LHASH_DOALL_FN(STUFF_cleanup, STUFF) \& /* ... then later in the code ... */ \& /* So to run "STUFF_cleanup" against all items in a hash table ... */ -\& lh_doall(hashtable, LHASH_DOALL_FN(STUFF_cleanup)); +\& lh_STUFF_doall(hashtable, LHASH_DOALL_FN(STUFF_cleanup)); \& /* Then the hash table itself can be deallocated */ -\& lh_free(hashtable); +\& lh_STUFF_free(hashtable); .Ve .PP When doing this, be careful if you delete entries from the hash table @@ -287,51 +281,52 @@ you start (which will stop the hash table ever decreasing in size). The best solution is probably to avoid deleting items from the hash table inside a \*(L"doall\*(R" callback! .PP -\&\fIlh_doall_arg()\fR is the same as \fIlh_doall()\fR except that \fBfunc\fR will be -called with \fBarg\fR as the second argument and \fBfunc\fR should be of -type \fB\s-1LHASH_DOALL_ARG_FN_TYPE\s0\fR (a callback prototype that is passed -both the table entry and an extra argument). As with \fIlh_doall()\fR, you -can instead choose to declare your callback with a prototype matching -the types you are dealing with and use the declare/implement macros to -create compatible wrappers that cast variables before calling your -type-specific callbacks. An example of this is demonstrated here -(printing all hash table entries to a \s-1BIO\s0 that is provided by the -caller): -.PP -.Vb 7 +lh_\fI_doall_arg()\fR is the same as lh_\fI_doall()\fR except that +\&\fBfunc\fR will be called with \fBarg\fR as the second argument and \fBfunc\fR +should be of type \fB\s-1LHASH_DOALL_ARG_FN_TYPE\s0\fR (a callback prototype +that is passed both the table entry and an extra argument). As with +\&\fIlh_doall()\fR, you can instead choose to declare your callback with a +prototype matching the types you are dealing with and use the +declare/implement macros to create compatible wrappers that cast +variables before calling your type-specific callbacks. An example of +this is demonstrated here (printing all hash table entries to a \s-1BIO\s0 +that is provided by the caller): +.PP +.Vb 8 \& /* Prints item \*(Aqa\*(Aq to \*(Aqoutput_bio\*(Aq (this is implemented elsewhere) */ -\& void STUFF_print(const STUFF *a, BIO *output_bio); +\& void STUFF_print_doall_arg(const STUFF *a, BIO *output_bio); \& /* Implement a prototype\-compatible wrapper for "STUFF_print" */ -\& static IMPLEMENT_LHASH_DOALL_ARG_FN(STUFF_print, const STUFF *, BIO *) +\& static IMPLEMENT_LHASH_DOALL_ARG_FN(STUFF, const STUFF, BIO) \& /* ... then later in the code ... */ \& /* Print out the entire hashtable to a particular BIO */ -\& lh_doall_arg(hashtable, LHASH_DOALL_ARG_FN(STUFF_print), logging_bio); +\& lh_STUFF_doall_arg(hashtable, LHASH_DOALL_ARG_FN(STUFF_print), BIO, +\& logging_bio); .Ve .PP -\&\fIlh_error()\fR can be used to determine if an error occurred in the last -operation. \fIlh_error()\fR is a macro. +lh_\fI_error()\fR can be used to determine if an error occurred in the last +operation. lh_\fI_error()\fR is a macro. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIlh_new()\fR returns \fB\s-1NULL\s0\fR on error, otherwise a pointer to the new +lh_\fI_new()\fR returns \fB\s-1NULL\s0\fR on error, otherwise a pointer to the new \&\fB\s-1LHASH\s0\fR structure. .PP -When a hash table entry is replaced, \fIlh_insert()\fR returns the value +When a hash table entry is replaced, lh_\fI_insert()\fR returns the value being replaced. \fB\s-1NULL\s0\fR is returned on normal operation and on error. .PP -\&\fIlh_delete()\fR returns the entry being deleted. \fB\s-1NULL\s0\fR is returned if +lh_\fI_delete()\fR returns the entry being deleted. \fB\s-1NULL\s0\fR is returned if there is no such value in the hash table. .PP -\&\fIlh_retrieve()\fR returns the hash table entry if it has been found, +lh_\fI_retrieve()\fR returns the hash table entry if it has been found, \&\fB\s-1NULL\s0\fR otherwise. .PP -\&\fIlh_error()\fR returns 1 if an error occurred in the last operation, 0 +lh_\fI_error()\fR returns 1 if an error occurred in the last operation, 0 otherwise. .PP -\&\fIlh_free()\fR, \fIlh_doall()\fR and \fIlh_doall_arg()\fR return no values. +lh_\fI_free()\fR, lh_\fI_doall()\fR and lh_\fI_doall_arg()\fR return no values. .SH "NOTE" .IX Header "NOTE" The various \s-1LHASH\s0 macros and callback types exist to make it possible -to write type-safe code without resorting to function-prototype +to write type-checked code without resorting to function-prototype casting \- an evil that makes application code much harder to audit/verify and also opens the window of opportunity for stack corruption and other hard-to-find bugs. It also, apparently, violates @@ -368,7 +363,7 @@ DECLARE/IMPLEMENT_LHASH_DOALL_[\s-1ARG_\s0]_FN macros that provide types without any \*(L"const\*(R" qualifiers. .SH "BUGS" .IX Header "BUGS" -\&\fIlh_insert()\fR returns \fB\s-1NULL\s0\fR both for success and error. +lh_\fI_insert()\fR returns \fB\s-1NULL\s0\fR both for success and error. .SH "INTERNALS" .IX Header "INTERNALS" The following description is based on the SSLeay documentation: @@ -414,8 +409,8 @@ will be much less expensive that 10 calls to your compare function. .Ve .PP Since the \fB\s-1LHASH\s0\fR routines would normally be passed structures, this -routine would not normally be passed to \fIlh_new()\fR, rather it would be -used in the function passed to \fIlh_new()\fR. +routine would not normally be passed to lh_\fI_new()\fR, rather it would be +used in the function passed to lh_\fI_new()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIlh_stats\fR\|(3) @@ -430,3 +425,6 @@ In OpenSSL 0.9.7, all lhash functions that were passed function pointers were changed for better type safety, and the function types \s-1LHASH_COMP_FN_TYPE\s0, \&\s-1LHASH_HASH_FN_TYPE\s0, \s-1LHASH_DOALL_FN_TYPE\s0 and \s-1LHASH_DOALL_ARG_FN_TYPE\s0 became available. +.PP +In OpenSSL 1.0.0, the lhash interface was revamped for even better +type checking. diff --git a/secure/lib/libcrypto/man/md5.3 b/secure/lib/libcrypto/man/md5.3 index 0ec20a54c2..d88585db61 100644 --- a/secure/lib/libcrypto/man/md5.3 +++ b/secure/lib/libcrypto/man/md5.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "md5 3" -.TH md5 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH md5 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/mdc2.3 b/secure/lib/libcrypto/man/mdc2.3 index 0bd0df6401..f93bbac039 100644 --- a/secure/lib/libcrypto/man/mdc2.3 +++ b/secure/lib/libcrypto/man/mdc2.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "mdc2 3" -.TH mdc2 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH mdc2 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/pem.3 b/secure/lib/libcrypto/man/pem.3 index 69230f7b8e..f3684c62ac 100644 --- a/secure/lib/libcrypto/man/pem.3 +++ b/secure/lib/libcrypto/man/pem.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,13 +124,13 @@ .\" ======================================================================== .\" .IX Title "pem 3" -.TH pem 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH pem 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -PEM \- PEM routines +PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, PEM_write_NETSCAPE_CERT_SEQUENCE \- PEM routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 diff --git a/secure/lib/libcrypto/man/rand.3 b/secure/lib/libcrypto/man/rand.3 index 8ae086293e..c7aa46b9c1 100644 --- a/secure/lib/libcrypto/man/rand.3 +++ b/secure/lib/libcrypto/man/rand.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "rand 3" -.TH rand 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH rand 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/rc4.3 b/secure/lib/libcrypto/man/rc4.3 index 4de6deda87..fd4e60160f 100644 --- a/secure/lib/libcrypto/man/rc4.3 +++ b/secure/lib/libcrypto/man/rc4.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "rc4 3" -.TH rc4 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH rc4 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ripemd.3 b/secure/lib/libcrypto/man/ripemd.3 index 6860f2446b..51a88e5599 100644 --- a/secure/lib/libcrypto/man/ripemd.3 +++ b/secure/lib/libcrypto/man/ripemd.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ripemd 3" -.TH ripemd 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH ripemd 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/rsa.3 b/secure/lib/libcrypto/man/rsa.3 index 7854a1627f..cf5d2c633d 100644 --- a/secure/lib/libcrypto/man/rsa.3 +++ b/secure/lib/libcrypto/man/rsa.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "rsa 3" -.TH rsa 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH rsa 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/sha.3 b/secure/lib/libcrypto/man/sha.3 index 91a8f4bbf0..d9901e095e 100644 --- a/secure/lib/libcrypto/man/sha.3 +++ b/secure/lib/libcrypto/man/sha.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "sha 3" -.TH sha 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH sha 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/threads.3 b/secure/lib/libcrypto/man/threads.3 index cf6ee42c27..cfe1747038 100644 --- a/secure/lib/libcrypto/man/threads.3 +++ b/secure/lib/libcrypto/man/threads.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,13 +124,15 @@ .\" ======================================================================== .\" .IX Title "threads 3" -.TH threads 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH threads 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks, +CRYPTO_THREADID_set_callback, CRYPTO_THREADID_get_callback, +CRYPTO_THREADID_current, CRYPTO_THREADID_cmp, CRYPTO_THREADID_cpy, +CRYPTO_THREADID_hash, CRYPTO_set_locking_callback, CRYPTO_num_locks, CRYPTO_set_dynlock_create_callback, CRYPTO_set_dynlock_lock_callback, CRYPTO_set_dynlock_destroy_callback, CRYPTO_get_new_dynlockid, CRYPTO_destroy_dynlockid, CRYPTO_lock \- OpenSSL thread support @@ -147,14 +141,26 @@ CRYPTO_destroy_dynlockid, CRYPTO_lock \- OpenSSL thread support .Vb 1 \& #include \& -\& void CRYPTO_set_locking_callback(void (*locking_function)(int mode, -\& int n, const char *file, int line)); -\& -\& void CRYPTO_set_id_callback(unsigned long (*id_function)(void)); +\& /* Don\*(Aqt use this structure directly. */ +\& typedef struct crypto_threadid_st +\& { +\& void *ptr; +\& unsigned long val; +\& } CRYPTO_THREADID; +\& /* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */ +\& void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val); +\& void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr); +\& int CRYPTO_THREADID_set_callback(void (*threadid_func)(CRYPTO_THREADID *)); +\& void (*CRYPTO_THREADID_get_callback(void))(CRYPTO_THREADID *); +\& void CRYPTO_THREADID_current(CRYPTO_THREADID *id); +\& int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, +\& const CRYPTO_THREADID *b); +\& void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, +\& const CRYPTO_THREADID *src); +\& unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id); \& \& int CRYPTO_num_locks(void); \& -\& \& /* struct CRYPTO_dynlock_value needs to be defined by the user */ \& struct CRYPTO_dynlock_value; \& @@ -186,7 +192,8 @@ CRYPTO_destroy_dynlockid, CRYPTO_lock \- OpenSSL thread support .SH "DESCRIPTION" .IX Header "DESCRIPTION" OpenSSL can safely be used in multi-threaded applications provided -that at least two callback functions are set. +that at least two callback functions are set, locking_function and +threadid_func. .PP locking_function(int mode, int n, const char *file, int line) is needed to perform locking on shared data structures. @@ -201,10 +208,34 @@ different mutex locks. It sets the \fBn\fR\-th lock if \fBmode\fR & \&\fBfile\fR and \fBline\fR are the file number of the function setting the lock. They can be useful for debugging. .PP -id_function(void) is a function that returns a thread \s-1ID\s0, for example -\&\fIpthread_self()\fR if it returns an integer (see \s-1NOTES\s0 below). It isn't -needed on Windows nor on platforms where \fIgetpid()\fR returns a different -\&\s-1ID\s0 for each thread (see \s-1NOTES\s0 below). +threadid_func(\s-1CRYPTO_THREADID\s0 *id) is needed to record the currently-executing +thread's identifier into \fBid\fR. The implementation of this callback should not +fill in \fBid\fR directly, but should use \fICRYPTO_THREADID_set_numeric()\fR if thread +IDs are numeric, or \fICRYPTO_THREADID_set_pointer()\fR if they are pointer-based. +If the application does not register such a callback using +\&\fICRYPTO_THREADID_set_callback()\fR, then a default implementation is used \- on +Windows and BeOS this uses the system's default thread identifying APIs, and on +all other platforms it uses the address of \fBerrno\fR. The latter is satisfactory +for thread-safety if and only if the platform has a thread-local error number +facility. +.PP +Once \fIthreadid_func()\fR is registered, or if the built-in default implementation is +to be used; +.IP "\(bu" 4 +\&\fICRYPTO_THREADID_current()\fR records the currently-executing thread \s-1ID\s0 into the +given \fBid\fR object. +.IP "\(bu" 4 +\&\fICRYPTO_THREADID_cmp()\fR compares two thread IDs (returning zero for equality, ie. +the same semantics as \fImemcmp()\fR). +.IP "\(bu" 4 +\&\fICRYPTO_THREADID_cpy()\fR duplicates a thread \s-1ID\s0 value, +.IP "\(bu" 4 +\&\fICRYPTO_THREADID_hash()\fR returns a numeric value usable as a hash-table key. This +is usually the exact numeric or pointer-based thread \s-1ID\s0 used internally, however +this also handles the unusual case where pointers are larger than 'long' +variables and the platform's thread IDs are pointer-based \- in this case, mixing +is done to attempt to produce a unique numeric value even though it is not as +wide as the platform's true thread IDs. .PP Additionally, OpenSSL supports dynamic locks, and sometimes, some parts of OpenSSL need it for better performance. To enable this, the following @@ -271,32 +302,20 @@ You can find out if OpenSSL was configured with thread support: .PP Also, dynamic locks are currently not used internally by OpenSSL, but may do so in the future. -.PP -Defining id_function(void) has it's own issues. Generally speaking, -\&\fIpthread_self()\fR should be used, even on platforms where \fIgetpid()\fR gives -different answers in each thread, since that may depend on the machine -the program is run on, not the machine where the program is being -compiled. For instance, Red Hat 8 Linux and earlier used -LinuxThreads, whose \fIgetpid()\fR returns a different value for each -thread. Red Hat 9 Linux and later use \s-1NPTL\s0, which is -Posix-conformant, and has a \fIgetpid()\fR that returns the same value for -all threads in a process. A program compiled on Red Hat 8 and run on -Red Hat 9 will therefore see \fIgetpid()\fR returning the same value for -all threads. -.PP -There is still the issue of platforms where \fIpthread_self()\fR returns -something other than an integer. This is a bit unusual, and this -manual has no cookbook solution for that case. .SH "EXAMPLES" .IX Header "EXAMPLES" \&\fBcrypto/threads/mttest.c\fR shows examples of the callback functions on Solaris, Irix and Win32. .SH "HISTORY" .IX Header "HISTORY" -\&\fICRYPTO_set_locking_callback()\fR and \fICRYPTO_set_id_callback()\fR are +\&\fICRYPTO_set_locking_callback()\fR is available in all versions of SSLeay and OpenSSL. \&\fICRYPTO_num_locks()\fR was added in OpenSSL 0.9.4. All functions dealing with dynamic locks were added in OpenSSL 0.9.5b\-dev. +\&\fB\s-1CRYPTO_THREADID\s0\fR and associated functions were introduced in OpenSSL 1.0.0 +to replace (actually, deprecate) the previous \fICRYPTO_set_id_callback()\fR, +\&\fICRYPTO_get_id_callback()\fR, and \fICRYPTO_thread_id()\fR functions which assumed +thread IDs to always be represented by 'unsigned long'. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIcrypto\fR\|(3) diff --git a/secure/lib/libcrypto/man/ui.3 b/secure/lib/libcrypto/man/ui.3 index e5f7235a6f..bf2fb1d375 100644 --- a/secure/lib/libcrypto/man/ui.3 +++ b/secure/lib/libcrypto/man/ui.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ui 3" -.TH ui 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH ui 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ui_compat.3 b/secure/lib/libcrypto/man/ui_compat.3 index 90c12d7f8e..e0fb583180 100644 --- a/secure/lib/libcrypto/man/ui_compat.3 +++ b/secure/lib/libcrypto/man/ui_compat.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ui_compat 3" -.TH ui_compat 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH ui_compat 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -142,7 +134,9 @@ des_read_password, des_read_2passwords, des_read_pw_string, des_read_pw \- Compatibility user interface functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 3 +.Vb 1 +\& #include +\& \& int des_read_password(DES_cblock *key,const char *prompt,int verify); \& int des_read_2passwords(DES_cblock *key1,DES_cblock *key2, \& const char *prompt,int verify); diff --git a/secure/lib/libcrypto/man/x509.3 b/secure/lib/libcrypto/man/x509.3 index fb11a450e3..aa04185c25 100644 --- a/secure/lib/libcrypto/man/x509.3 +++ b/secure/lib/libcrypto/man/x509.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "x509 3" -.TH x509 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH x509 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/opensslconf-i386.h b/secure/lib/libcrypto/opensslconf-i386.h index b9ee0c3657..d45cdda510 100644 --- a/secure/lib/libcrypto/opensslconf-i386.h +++ b/secure/lib/libcrypto/opensslconf-i386.h @@ -5,15 +5,6 @@ #ifndef OPENSSL_DOING_MAKEDEPEND -#ifndef OPENSSL_NO_CAMELLIA -# define OPENSSL_NO_CAMELLIA -#endif -#ifndef OPENSSL_NO_CAPIENG -# define OPENSSL_NO_CAPIENG -#endif -#ifndef OPENSSL_NO_CMS -# define OPENSSL_NO_CMS -#endif #ifndef OPENSSL_NO_GMP # define OPENSSL_NO_GMP #endif @@ -26,8 +17,8 @@ #ifndef OPENSSL_NO_KRB5 # define OPENSSL_NO_KRB5 #endif -#ifndef OPENSSL_NO_MDC2 -# define OPENSSL_NO_MDC2 +#ifndef OPENSSL_NO_MD2 +# define OPENSSL_NO_MD2 #endif #ifndef OPENSSL_NO_RC5 # define OPENSSL_NO_RC5 @@ -35,8 +26,8 @@ #ifndef OPENSSL_NO_RFC3779 # define OPENSSL_NO_RFC3779 #endif -#ifndef OPENSSL_NO_SEED -# define OPENSSL_NO_SEED +#ifndef OPENSSL_NO_STORE +# define OPENSSL_NO_STORE #endif #endif /* OPENSSL_DOING_MAKEDEPEND */ @@ -56,15 +47,6 @@ who haven't had the time to do the appropriate changes in their applications. */ #ifdef OPENSSL_ALGORITHM_DEFINES -# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA) -# define NO_CAMELLIA -# endif -# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG) -# define NO_CAPIENG -# endif -# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS) -# define NO_CMS -# endif # if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) # define NO_GMP # endif @@ -77,8 +59,8 @@ # if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) # define NO_KRB5 # endif -# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2) -# define NO_MDC2 +# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2) +# define NO_MD2 # endif # if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) # define NO_RC5 @@ -86,30 +68,13 @@ # if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) # define NO_RFC3779 # endif -# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED) -# define NO_SEED +# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) +# define NO_STORE # endif #endif /* crypto/opensslconf.h.in */ -#ifdef OPENSSL_DOING_MAKEDEPEND - -/* Include any symbols here that have to be explicitly set to enable a feature - * that should be visible to makedepend. - * - * [Our "make depend" doesn't actually look at this, we use actual build settings - * instead; we want to make it easy to remove subdirectories with disabled algorithms.] - */ - -#if 0 -#ifndef OPENSSL_FIPS -#define OPENSSL_FIPS -#endif -#endif - -#endif - /* Generate 80386 code? */ #undef I386_ONLY @@ -173,14 +138,9 @@ /* Should we define BN_DIV2W here? */ /* Only one for the following should be defined */ -/* The prime number generation stuff may not work when - * EIGHT_BIT but I don't care since I've only used this mode - * for debuging the bignum libraries */ #undef SIXTY_FOUR_BIT_LONG #undef SIXTY_FOUR_BIT #define THIRTY_TWO_BIT -#undef SIXTEEN_BIT -#undef EIGHT_BIT #endif #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) diff --git a/secure/lib/libcrypto/opensslconf-x86_64.h b/secure/lib/libcrypto/opensslconf-x86_64.h index 5d971bfe2f..bbda22f060 100644 --- a/secure/lib/libcrypto/opensslconf-x86_64.h +++ b/secure/lib/libcrypto/opensslconf-x86_64.h @@ -5,15 +5,6 @@ #ifndef OPENSSL_DOING_MAKEDEPEND -#ifndef OPENSSL_NO_CAMELLIA -# define OPENSSL_NO_CAMELLIA -#endif -#ifndef OPENSSL_NO_CAPIENG -# define OPENSSL_NO_CAPIENG -#endif -#ifndef OPENSSL_NO_CMS -# define OPENSSL_NO_CMS -#endif #ifndef OPENSSL_NO_GMP # define OPENSSL_NO_GMP #endif @@ -26,8 +17,8 @@ #ifndef OPENSSL_NO_KRB5 # define OPENSSL_NO_KRB5 #endif -#ifndef OPENSSL_NO_MDC2 -# define OPENSSL_NO_MDC2 +#ifndef OPENSSL_NO_MD2 +# define OPENSSL_NO_MD2 #endif #ifndef OPENSSL_NO_RC5 # define OPENSSL_NO_RC5 @@ -35,8 +26,8 @@ #ifndef OPENSSL_NO_RFC3779 # define OPENSSL_NO_RFC3779 #endif -#ifndef OPENSSL_NO_SEED -# define OPENSSL_NO_SEED +#ifndef OPENSSL_NO_STORE +# define OPENSSL_NO_STORE #endif #endif /* OPENSSL_DOING_MAKEDEPEND */ @@ -56,15 +47,6 @@ who haven't had the time to do the appropriate changes in their applications. */ #ifdef OPENSSL_ALGORITHM_DEFINES -# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA) -# define NO_CAMELLIA -# endif -# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG) -# define NO_CAPIENG -# endif -# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS) -# define NO_CMS -# endif # if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) # define NO_GMP # endif @@ -77,8 +59,8 @@ # if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) # define NO_KRB5 # endif -# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2) -# define NO_MDC2 +# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2) +# define NO_MD2 # endif # if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) # define NO_RC5 @@ -86,30 +68,13 @@ # if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) # define NO_RFC3779 # endif -# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED) -# define NO_SEED +# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) +# define NO_STORE # endif #endif /* crypto/opensslconf.h.in */ -#ifdef OPENSSL_DOING_MAKEDEPEND - -/* Include any symbols here that have to be explicitly set to enable a feature - * that should be visible to makedepend. - * - * [Our "make depend" doesn't actually look at this, we use actual build settings - * instead; we want to make it easy to remove subdirectories with disabled algorithms.] - */ - -#if 0 -#ifndef OPENSSL_FIPS -#define OPENSSL_FIPS -#endif -#endif - -#endif - /* Generate 80386 code? */ #undef I386_ONLY @@ -173,14 +138,9 @@ /* Should we define BN_DIV2W here? */ /* Only one for the following should be defined */ -/* The prime number generation stuff may not work when - * EIGHT_BIT but I don't care since I've only used this mode - * for debuging the bignum libraries */ #define SIXTY_FOUR_BIT_LONG #undef SIXTY_FOUR_BIT #undef THIRTY_TWO_BIT -#undef SIXTEEN_BIT -#undef EIGHT_BIT #endif #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) diff --git a/secure/lib/libssl/Makefile.man b/secure/lib/libssl/Makefile.man index 8307d4c394..64961ed101 100644 --- a/secure/lib/libssl/Makefile.man +++ b/secure/lib/libssl/Makefile.man @@ -82,8 +82,13 @@ MLINKS+= SSL_CTX_set_msg_callback.3 SSL_set_msg_callback.3 MLINKS+= SSL_CTX_set_msg_callback.3 SSL_get_msg_callback_arg.3 MAN+= SSL_CTX_set_options.3 MLINKS+= SSL_CTX_set_options.3 SSL_set_options.3 +MLINKS+= SSL_CTX_set_options.3 SSL_CTX_clear_options.3 +MLINKS+= SSL_CTX_set_options.3 SSL_clear_options.3 MLINKS+= SSL_CTX_set_options.3 SSL_CTX_get_options.3 MLINKS+= SSL_CTX_set_options.3 SSL_get_options.3 +MLINKS+= SSL_CTX_set_options.3 SSL_get_secure_renegotiation_support.3 +MAN+= SSL_CTX_set_psk_client_callback.3 +MLINKS+= SSL_CTX_set_psk_client_callback.3 SSL_set_psk_client_callback.3 MAN+= SSL_CTX_set_quiet_shutdown.3 MLINKS+= SSL_CTX_set_quiet_shutdown.3 SSL_CTX_get_quiet_shutdown.3 MLINKS+= SSL_CTX_set_quiet_shutdown.3 SSL_set_quiet_shutdown.3 @@ -132,6 +137,10 @@ MLINKS+= SSL_CTX_use_certificate.3 SSL_use_RSAPrivateKey_ASN1.3 MLINKS+= SSL_CTX_use_certificate.3 SSL_use_RSAPrivateKey_file.3 MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_check_private_key.3 MLINKS+= SSL_CTX_use_certificate.3 SSL_check_private_key.3 +MAN+= SSL_CTX_use_psk_identity_hint.3 +MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_use_psk_identity_hint.3 +MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_CTX_set_psk_server_callback.3 +MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_set_psk_server_callback.3 MAN+= SSL_SESSION_free.3 MAN+= SSL_SESSION_get_ex_new_index.3 MLINKS+= SSL_SESSION_get_ex_new_index.3 SSL_SESSION_set_ex_data.3 @@ -168,6 +177,8 @@ MLINKS+= SSL_get_ex_new_index.3 SSL_get_ex_data.3 MAN+= SSL_get_fd.3 MAN+= SSL_get_peer_cert_chain.3 MAN+= SSL_get_peer_certificate.3 +MAN+= SSL_get_psk_identity.3 +MLINKS+= SSL_get_psk_identity.3 SSL_get_psk_identity_hint.3 MAN+= SSL_get_rbio.3 MAN+= SSL_get_session.3 MAN+= SSL_get_verify_result.3 diff --git a/secure/lib/libssl/man/SSL_CIPHER_get_name.3 b/secure/lib/libssl/man/SSL_CIPHER_get_name.3 index a7cafb8963..0445d36c15 100644 --- a/secure/lib/libssl/man/SSL_CIPHER_get_name.3 +++ b/secure/lib/libssl/man/SSL_CIPHER_get_name.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CIPHER_get_name 3" -.TH SSL_CIPHER_get_name 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CIPHER_get_name 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,7 +139,7 @@ SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_des \& const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher); \& int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits); \& char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher); -\& char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int size); +\& char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" diff --git a/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 index 97b39f9379..bb5db2b448 100644 --- a/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 +++ b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_COMP_add_compression_method 3" -.TH SSL_COMP_add_compression_method 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_COMP_add_compression_method 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 index fcbd7a8c78..cb2b0afeb0 100644 --- a/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 +++ b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_add_extra_chain_cert 3" -.TH SSL_CTX_add_extra_chain_cert 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_add_extra_chain_cert 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_add_session.3 b/secure/lib/libssl/man/SSL_CTX_add_session.3 index 2423f5c149..c570689ab9 100644 --- a/secure/lib/libssl/man/SSL_CTX_add_session.3 +++ b/secure/lib/libssl/man/SSL_CTX_add_session.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_add_session 3" -.TH SSL_CTX_add_session 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_add_session 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_ctrl.3 b/secure/lib/libssl/man/SSL_CTX_ctrl.3 index f60cd14a89..a3d19665c3 100644 --- a/secure/lib/libssl/man/SSL_CTX_ctrl.3 +++ b/secure/lib/libssl/man/SSL_CTX_ctrl.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_ctrl 3" -.TH SSL_CTX_ctrl 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_ctrl 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 index b24ea109d5..7da8aa8412 100644 --- a/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 +++ b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_flush_sessions 3" -.TH SSL_CTX_flush_sessions 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_flush_sessions 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_free.3 b/secure/lib/libssl/man/SSL_CTX_free.3 index 67c15d2a39..3ad1949c20 100644 --- a/secure/lib/libssl/man/SSL_CTX_free.3 +++ b/secure/lib/libssl/man/SSL_CTX_free.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_free 3" -.TH SSL_CTX_free 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_free 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 index d433f56af2..302a4e1edf 100644 --- a/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_get_ex_new_index 3" -.TH SSL_CTX_get_ex_new_index 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_get_ex_new_index 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 index b2b09f3d5d..1e94f09c74 100644 --- a/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_get_verify_mode 3" -.TH SSL_CTX_get_verify_mode 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_get_verify_mode 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 index ea234dbd3a..24bd01e857 100644 --- a/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 +++ b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_load_verify_locations 3" -.TH SSL_CTX_load_verify_locations 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_load_verify_locations 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_new.3 b/secure/lib/libssl/man/SSL_CTX_new.3 index 18cbf1c2a1..abfa087c7f 100644 --- a/secure/lib/libssl/man/SSL_CTX_new.3 +++ b/secure/lib/libssl/man/SSL_CTX_new.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_new 3" -.TH SSL_CTX_new 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_new 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,7 +136,7 @@ SSL_CTX_new \- create a new SSL_CTX object as framework for TLS/SSL enabled func .Vb 1 \& #include \& -\& SSL_CTX *SSL_CTX_new(SSL_METHOD *method); +\& SSL_CTX *SSL_CTX_new(const SSL_METHOD *method); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" diff --git a/secure/lib/libssl/man/SSL_CTX_sess_number.3 b/secure/lib/libssl/man/SSL_CTX_sess_number.3 index 92306bed1f..acf9dc6f6b 100644 --- a/secure/lib/libssl/man/SSL_CTX_sess_number.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_number.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sess_number 3" -.TH SSL_CTX_sess_number 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_sess_number 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 index 1b3e3b74ea..940a90ac2b 100644 --- a/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sess_set_cache_size 3" -.TH SSL_CTX_sess_set_cache_size 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_sess_set_cache_size 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 index e0ebdd2b46..0e0ecac9d3 100644 --- a/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sess_set_get_cb 3" -.TH SSL_CTX_sess_set_get_cb 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_sess_set_get_cb 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_sessions.3 b/secure/lib/libssl/man/SSL_CTX_sessions.3 index ceb1a45802..65043d3d58 100644 --- a/secure/lib/libssl/man/SSL_CTX_sessions.3 +++ b/secure/lib/libssl/man/SSL_CTX_sessions.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sessions 3" -.TH SSL_CTX_sessions 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_sessions 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 index dfc05e837f..89b5c3a025 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_cert_store 3" -.TH SSL_CTX_set_cert_store 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_set_cert_store 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 index 2d19f31efc..b7330455d5 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_cert_verify_callback 3" -.TH SSL_CTX_set_cert_verify_callback 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_set_cert_verify_callback 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 index 195cd0797f..6ec2404199 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_cipher_list 3" -.TH SSL_CTX_set_cipher_list 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_set_cipher_list 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 index 82b91888f0..b19d9d45e6 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_client_CA_list 3" -.TH SSL_CTX_set_client_CA_list 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_set_client_CA_list 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 index 027644b84a..5e7f3153df 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_client_cert_cb 3" -.TH SSL_CTX_set_client_cert_cb 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_set_client_cert_cb 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 index bf422b8b8c..543882804e 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_default_passwd_cb 3" -.TH SSL_CTX_set_default_passwd_cb 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_set_default_passwd_cb 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 index 36190dbc4d..f0932614f0 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_generate_session_id 3" -.TH SSL_CTX_set_generate_session_id 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_set_generate_session_id 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 index 0bcb4b8a81..e9e6a4f4af 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_info_callback 3" -.TH SSL_CTX_set_info_callback 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_set_info_callback 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 index 5548a08f70..d65b64723a 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_max_cert_list 3" -.TH SSL_CTX_set_max_cert_list 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_set_max_cert_list 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_mode.3 index 6c6ed209fb..fe31424240 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_mode.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_mode 3" -.TH SSL_CTX_set_mode 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_set_mode 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -190,6 +182,15 @@ In a blocking environment, applications are not always prepared to deal with read/write operations returning without success report. The flag \s-1SSL_MODE_AUTO_RETRY\s0 will cause read/write operations to only return after the handshake and successful completion. +.IP "\s-1SSL_MODE_RELEASE_BUFFERS\s0" 4 +.IX Item "SSL_MODE_RELEASE_BUFFERS" +When we no longer need a read buffer or a write buffer for a given \s-1SSL\s0, +then release the memory we were using to hold it. Released memory is +either appended to a list of unused \s-1RAM\s0 chunks on the \s-1SSL_CTX\s0, or simply +freed if the list of unused chunks would become longer than +\&\s-1SSL_CTX\-\s0>freelist_max_len, which defaults to 32. Using this flag can +save around 34k per idle \s-1SSL\s0 connection. +This flag has no effect on \s-1SSL\s0 v2 connections, or on \s-1DTLS\s0 connections. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_CTX_set_mode()\fR and \fISSL_set_mode()\fR return the new mode bitmask diff --git a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 index 2b57a257f0..f2beba92d1 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_msg_callback 3" -.TH SSL_CTX_set_msg_callback 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_set_msg_callback 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_options.3 b/secure/lib/libssl/man/SSL_CTX_set_options.3 index ba3f5bae27..d639b69629 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_options.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_options.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,13 +124,13 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_options 3" -.TH SSL_CTX_set_options 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_set_options 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options \- manipulate SSL engine options +SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, SSL_clear_options, SSL_CTX_get_options, SSL_get_options, SSL_get_secure_renegotiation_support \- manipulate SSL options .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -147,25 +139,40 @@ SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options \- ma \& long SSL_CTX_set_options(SSL_CTX *ctx, long options); \& long SSL_set_options(SSL *ssl, long options); \& +\& long SSL_CTX_clear_options(SSL_CTX *ctx, long options); +\& long SSL_clear_options(SSL *ssl, long options); +\& \& long SSL_CTX_get_options(SSL_CTX *ctx); \& long SSL_get_options(SSL *ssl); +\& +\& long SSL_get_secure_renegotiation_support(SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +Note: all these functions are implemented using macros. +.PP \&\fISSL_CTX_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBctx\fR. Options already set before are not cleared! .PP \&\fISSL_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBssl\fR. Options already set before are not cleared! .PP +\&\fISSL_CTX_clear_options()\fR clears the options set via bitmask in \fBoptions\fR +to \fBctx\fR. +.PP +\&\fISSL_clear_options()\fR clears the options set via bitmask in \fBoptions\fR to \fBssl\fR. +.PP \&\fISSL_CTX_get_options()\fR returns the options set for \fBctx\fR. .PP \&\fISSL_get_options()\fR returns the options set for \fBssl\fR. +.PP +\&\fISSL_get_secure_renegotiation_support()\fR indicates whether the peer supports +secure renegotiation. .SH "NOTES" .IX Header "NOTES" The behaviour of the \s-1SSL\s0 library can be changed by setting several options. The options are coded as bitmasks and can be combined by a logical \fBor\fR -operation (|). Options can only be added but can never be reset. +operation (|). .PP \&\fISSL_CTX_set_options()\fR and \fISSL_set_options()\fR affect the (external) protocol behaviour of the \s-1SSL\s0 library. The (internal) behaviour of @@ -305,21 +312,106 @@ Do not use the TLSv1 protocol. .IX Item "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION" When performing renegotiation as a server, always start a new session (i.e., session resumption requests are only accepted in the initial -handshake). This option is not needed for clients. +handshake). This option is not needed for clients. .IP "\s-1SSL_OP_NO_TICKET\s0" 4 .IX Item "SSL_OP_NO_TICKET" Normally clients and servers will, where possible, transparently make use -of RFC4507bis tickets for stateless session resumption if extension support -is explicitly set when OpenSSL is compiled. +of RFC4507bis tickets for stateless session resumption. .Sp If this option is set this functionality is disabled and tickets will not be used by clients or servers. +.IP "\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0" 4 +.IX Item "SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION" +Allow legacy insecure renegotiation between OpenSSL and unpatched clients or +servers. See the \fB\s-1SECURE\s0 \s-1RENEGOTIATION\s0\fR section for more details. +.IP "\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0" 4 +.IX Item "SSL_OP_LEGACY_SERVER_CONNECT" +Allow legacy insecure renegotiation between OpenSSL and unpatched servers +\&\fBonly\fR: this option is currently set by default. See the +\&\fB\s-1SECURE\s0 \s-1RENEGOTIATION\s0\fR section for more details. +.SH "SECURE RENEGOTIATION" +.IX Header "SECURE RENEGOTIATION" +OpenSSL 0.9.8m and later always attempts to use secure renegotiation as +described in \s-1RFC5746\s0. This counters the prefix attack described in +\&\s-1CVE\-2009\-3555\s0 and elsewhere. +.PP +The deprecated and highly broken SSLv2 protocol does not support +renegotiation at all: its use is \fBstrongly\fR discouraged. +.PP +This attack has far reaching consequences which application writers should be +aware of. In the description below an implementation supporting secure +renegotiation is referred to as \fIpatched\fR. A server not supporting secure +renegotiation is referred to as \fIunpatched\fR. +.PP +The following sections describe the operations permitted by OpenSSL's secure +renegotiation implementation. +.SS "Patched client and server" +.IX Subsection "Patched client and server" +Connections and renegotiation are always permitted by OpenSSL implementations. +.SS "Unpatched client and patched OpenSSL server" +.IX Subsection "Unpatched client and patched OpenSSL server" +The initial connection suceeds but client renegotiation is denied by the +server with a \fBno_renegotiation\fR warning alert if \s-1TLS\s0 v1.0 is used or a fatal +\&\fBhandshake_failure\fR alert in \s-1SSL\s0 v3.0. +.PP +If the patched OpenSSL server attempts to renegotiate a fatal +\&\fBhandshake_failure\fR alert is sent. This is because the server code may be +unaware of the unpatched nature of the client. +.PP +If the option \fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR is set then +renegotiation \fBalways\fR succeeds. +.PP +\&\fB\s-1NB:\s0\fR a bug in OpenSSL clients earlier than 0.9.8m (all of which are +unpatched) will result in the connection hanging if it receives a +\&\fBno_renegotiation\fR alert. OpenSSL versions 0.9.8m and later will regard +a \fBno_renegotiation\fR alert as fatal and respond with a fatal +\&\fBhandshake_failure\fR alert. This is because the OpenSSL \s-1API\s0 currently has +no provision to indicate to an application that a renegotiation attempt +was refused. +.SS "Patched OpenSSL client and unpatched server." +.IX Subsection "Patched OpenSSL client and unpatched server." +If the option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR or +\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR is set then initial connections +and renegotiation between patched OpenSSL clients and unpatched servers +succeeds. If neither option is set then initial connections to unpatched +servers will fail. +.PP +The option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR is currently set by default even +though it has security implications: otherwise it would be impossible to +connect to unpatched servers (i.e. all of them initially) and this is clearly +not acceptable. Renegotiation is permitted because this does not add any +additional security issues: during an attack clients do not see any +renegotiations anyway. +.PP +As more servers become patched the option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR will +\&\fBnot\fR be set by default in a future version of OpenSSL. +.PP +OpenSSL client applications wishing to ensure they can connect to unpatched +servers should always \fBset\fR \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR +.PP +OpenSSL client applications that want to ensure they can \fBnot\fR connect to +unpatched servers (and thus avoid any security issues) should always \fBclear\fR +\&\fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR using \fISSL_CTX_clear_options()\fR or +\&\fISSL_clear_options()\fR. +.PP +The difference between the \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR and +\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR options is that +\&\fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR enables initial connections and secure +renegotiation between OpenSSL clients and unpatched servers \fBonly\fR, while +\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR allows initial connections +and renegotiation between OpenSSL and unpatched clients or servers. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_CTX_set_options()\fR and \fISSL_set_options()\fR return the new options bitmask after adding \fBoptions\fR. .PP +\&\fISSL_CTX_clear_options()\fR and \fISSL_clear_options()\fR return the new options bitmask +after clearing \fBoptions\fR. +.PP \&\fISSL_CTX_get_options()\fR and \fISSL_get_options()\fR return the current bitmask. +.PP +\&\fISSL_get_secure_renegotiation_support()\fR returns 1 is the peer supports +secure renegotiation and 0 if it does not. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIssl\fR\|(3), \fISSL_new\fR\|(3), \fISSL_clear\fR\|(3), @@ -340,3 +432,10 @@ and must be explicitly set. Versions up to OpenSSL 0.9.6c do not include the countermeasure that can be disabled with this option (in OpenSSL 0.9.6d, it was always enabled). +.PP +\&\fISSL_CTX_clear_options()\fR and \fISSL_clear_options()\fR were first added in OpenSSL +0.9.8m. +.PP +\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR, \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR +and the function \fISSL_get_secure_renegotiation_support()\fR were first added in +OpenSSL 0.9.8m. diff --git a/secure/lib/libssl/man/SSL_get_current_cipher.3 b/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 similarity index 65% copy from secure/lib/libssl/man/SSL_get_current_cipher.3 copy to secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 index edd6d68376..663ff501aa 100644 --- a/secure/lib/libssl/man/SSL_get_current_cipher.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,45 +123,53 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_get_current_cipher 3" -.TH SSL_get_current_cipher 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "SSL_CTX_set_psk_client_callback 3" +.TH SSL_CTX_set_psk_client_callback 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_get_current_cipher, SSL_get_cipher, SSL_get_cipher_name, -SSL_get_cipher_bits, SSL_get_cipher_version \- get SSL_CIPHER of a connection +SSL_CTX_set_psk_client_callback, SSL_set_psk_client_callback \- set PSK client callback .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& -\& SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl); -\& #define SSL_get_cipher(s) \e -\& SSL_CIPHER_get_name(SSL_get_current_cipher(s)) -\& #define SSL_get_cipher_name(s) \e -\& SSL_CIPHER_get_name(SSL_get_current_cipher(s)) -\& #define SSL_get_cipher_bits(s,np) \e -\& SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) -\& #define SSL_get_cipher_version(s) \e -\& SSL_CIPHER_get_version(SSL_get_current_cipher(s)) +\& void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, +\& unsigned int (*callback)(SSL *ssl, const char *hint, +\& char *identity, unsigned int max_identity_len, +\& unsigned char *psk, unsigned int max_psk_len)); +\& void SSL_set_psk_client_callback(SSL *ssl, +\& unsigned int (*callback)(SSL *ssl, const char *hint, +\& char *identity, unsigned int max_identity_len, +\& unsigned char *psk, unsigned int max_psk_len)); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_current_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing -the description of the actually used cipher of a connection established with -the \fBssl\fR object. +A client application must provide a callback function which is called +when the client is sending the ClientKeyExchange message to the server. .PP -\&\fISSL_get_cipher()\fR and \fISSL_get_cipher_name()\fR are identical macros to obtain the -name of the currently used cipher. \fISSL_get_cipher_bits()\fR is a -macro to obtain the number of secret/algorithm bits used and -\&\fISSL_get_cipher_version()\fR returns the protocol name. -See \fISSL_CIPHER_get_name\fR\|(3) for more details. +The purpose of the callback function is to select the \s-1PSK\s0 identity and +the pre-shared key to use during the connection setup phase. +.PP +The callback is set using functions \fISSL_CTX_set_psk_client_callback()\fR +or \fISSL_set_psk_client_callback()\fR. The callback function is given the +connection in parameter \fBssl\fR, a \fB\s-1NULL\s0\fR\-terminated \s-1PSK\s0 identity hint +sent by the server in parameter \fBhint\fR, a buffer \fBidentity\fR of +length \fBmax_identity_len\fR bytes where the the resulting +\&\fB\s-1NULL\s0\fR\-terminated identity is to be stored, and a buffer \fBpsk\fR of +length \fBmax_psk_len\fR bytes where the resulting pre-shared key is to +be stored. +.SH "NOTES" +.IX Header "NOTES" +Note that parameter \fBhint\fR given to the callback may be \fB\s-1NULL\s0\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_get_current_cipher()\fR returns the cipher actually used or \s-1NULL\s0, when -no session has been established. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fIssl\fR\|(3), \fISSL_CIPHER_get_name\fR\|(3) +Return values from the client callback are interpreted as follows: +.PP +On success (callback found a \s-1PSK\s0 identity and a pre-shared key to use) +the length (> 0) of \fBpsk\fR in bytes is returned. +.PP +Otherwise or on errors callback should return 0. In this case +the connection setup fails. diff --git a/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 index 161f81e4dd..cf60ea2261 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_quiet_shutdown 3" -.TH SSL_CTX_set_quiet_shutdown 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_set_quiet_shutdown 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 index 16c23ef89b..12ff7154d3 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_session_cache_mode 3" -.TH SSL_CTX_set_session_cache_mode 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_set_session_cache_mode 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 index f56ae0ed88..43fac9b50f 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_session_id_context 3" -.TH SSL_CTX_set_session_id_context 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_set_session_id_context 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 index 8ad853fba2..6a4446c985 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_ssl_version 3" -.TH SSL_CTX_set_ssl_version 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_set_ssl_version 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,9 +137,9 @@ SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method .Vb 1 \& #include \& -\& int SSL_CTX_set_ssl_version(SSL_CTX *ctx, SSL_METHOD *method); -\& int SSL_set_ssl_method(SSL *s, SSL_METHOD *method); -\& SSL_METHOD *SSL_get_ssl_method(SSL *ssl); +\& int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *method); +\& int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); +\& const SSL_METHOD *SSL_get_ssl_method(SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" diff --git a/secure/lib/libssl/man/SSL_CTX_set_timeout.3 b/secure/lib/libssl/man/SSL_CTX_set_timeout.3 index d819dd7f9f..a6dc1b4e4d 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_timeout.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_timeout.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_timeout 3" -.TH SSL_CTX_set_timeout 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_set_timeout 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 index 4cba4477dc..6e4fb89e5f 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_tmp_dh_callback 3" -.TH SSL_CTX_set_tmp_dh_callback 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_set_tmp_dh_callback 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 index 9f06232773..effb85b23f 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_tmp_rsa_callback 3" -.TH SSL_CTX_set_tmp_rsa_callback 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_set_tmp_rsa_callback 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_verify.3 b/secure/lib/libssl/man/SSL_CTX_set_verify.3 index 14c85739b0..c1da78f711 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_verify.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_verify.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_verify 3" -.TH SSL_CTX_set_verify 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_set_verify 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_use_certificate.3 b/secure/lib/libssl/man/SSL_CTX_use_certificate.3 index bce6f1868c..e2f7c87507 100644 --- a/secure/lib/libssl/man/SSL_CTX_use_certificate.3 +++ b/secure/lib/libssl/man/SSL_CTX_use_certificate.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_use_certificate 3" -.TH SSL_CTX_use_certificate 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_CTX_use_certificate 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_connect.3 b/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 similarity index 55% copy from secure/lib/libssl/man/SSL_connect.3 copy to secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 index 2e0c67e9f3..0c9ef32f64 100644 --- a/secure/lib/libssl/man/SSL_connect.3 +++ b/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,75 +123,76 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_connect 3" -.TH SSL_connect 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "SSL_CTX_use_psk_identity_hint 3" +.TH SSL_CTX_use_psk_identity_hint 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_connect \- initiate the TLS/SSL handshake with an TLS/SSL server +SSL_CTX_use_psk_identity_hint, SSL_use_psk_identity_hint, +SSL_CTX_set_psk_server_callback, SSL_set_psk_server_callback \- set PSK +identity hint to use .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& -\& int SSL_connect(SSL *ssl); +\& int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint); +\& int SSL_use_psk_identity_hint(SSL *ssl, const char *hint); +\& +\& void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, +\& unsigned int (*callback)(SSL *ssl, const char *identity, +\& unsigned char *psk, int max_psk_len)); +\& void SSL_set_psk_server_callback(SSL *ssl, +\& unsigned int (*callback)(SSL *ssl, const char *identity, +\& unsigned char *psk, int max_psk_len)); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_connect()\fR initiates the \s-1TLS/SSL\s0 handshake with a server. The communication -channel must already have been set and assigned to the \fBssl\fR by setting an -underlying \fB\s-1BIO\s0\fR. -.SH "NOTES" -.IX Header "NOTES" -The behaviour of \fISSL_connect()\fR depends on the underlying \s-1BIO\s0. +\&\fISSL_CTX_use_psk_identity_hint()\fR sets the given \fB\s-1NULL\s0\fR\-terminated \s-1PSK\s0 +identity hint \fBhint\fR to \s-1SSL\s0 context object +\&\fBctx\fR. \fISSL_use_psk_identity_hint()\fR sets the given \fB\s-1NULL\s0\fR\-terminated +\&\s-1PSK\s0 identity hint \fBhint\fR to \s-1SSL\s0 connection object \fBssl\fR. If \fBhint\fR +is \fB\s-1NULL\s0\fR the current hint from \fBctx\fR or \fBssl\fR is deleted. .PP -If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_connect()\fR will only return once the -handshake has been finished or an error occurred. +In the case where \s-1PSK\s0 identity hint is \fB\s-1NULL\s0\fR, the server +does not send the ServerKeyExchange message to the client. .PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_connect()\fR will also return -when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_connect()\fR -to continue the handshake, indicating the problem by the return value \-1. -In this case a call to \fISSL_get_error()\fR with the -return value of \fISSL_connect()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or -\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after -taking appropriate action to satisfy the needs of \fISSL_connect()\fR. -The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket, -nothing is to be done, but \fIselect()\fR can be used to check for the required -condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written -into or retrieved out of the \s-1BIO\s0 before being able to continue. +A server application must provide a callback function which is called +when the server receives the ClientKeyExchange message from the +client. The purpose of the callback function is to validate the +received \s-1PSK\s0 identity and to fetch the pre-shared key used during the +connection setup phase. The callback is set using functions +\&\fISSL_CTX_set_psk_server_callback()\fR or +\&\fISSL_set_psk_server_callback()\fR. The callback function is given the +connection in parameter \fBssl\fR, \fB\s-1NULL\s0\fR\-terminated \s-1PSK\s0 identity sent +by the client in parameter \fBidentity\fR, and a buffer \fBpsk\fR of length +\&\fBmax_psk_len\fR bytes where the pre-shared key is to be stored. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The following return values can occur: -.IP "1." 4 -The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been -established. -.IP "2." 4 -The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and -by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the -return value \fBret\fR to find out the reason. -.IP "3." 4 -<0 +\&\fISSL_CTX_use_psk_identity_hint()\fR and \fISSL_use_psk_identity_hint()\fR return +1 on success, 0 otherwise. +.PP +Return values from the server callback are interpreted as follows: +.IP "> 0" 4 +.IX Item "> 0" +\&\s-1PSK\s0 identity was found and the server callback has provided the \s-1PSK\s0 +successfully in parameter \fBpsk\fR. Return value is the length of +\&\fBpsk\fR in bytes. It is an error to return a value greater than +\&\fBmax_psk_len\fR. .Sp -The \s-1TLS/SSL\s0 handshake was not successful, because a fatal error occurred either -at the protocol level or a connection failure occurred. The shutdown was -not clean. It can also occur of action is need to continue the operation -for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\fR -to find out the reason. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fISSL_get_error\fR\|(3), \fISSL_accept\fR\|(3), -\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(3), \fIbio\fR\|(3), -\&\fISSL_set_connect_state\fR\|(3), -\&\fISSL_do_handshake\fR\|(3), -\&\fISSL_CTX_new\fR\|(3) +If the \s-1PSK\s0 identity was not found but the callback instructs the +protocol to continue anyway, the callback must provide some random +data to \fBpsk\fR and return the length of the random data, so the +connection will fail with decryption_error before it will be finished +completely. +.IP "0" 4 +\&\s-1PSK\s0 identity was not found. An \*(L"unknown_psk_identity\*(R" alert message +will be sent and the connection setup fails. .SH "POD ERRORS" .IX Header "POD ERRORS" Hey! \fBThe above document had some coding errors, which are explained below:\fR -.IP "Around line 49:" 4 -.IX Item "Around line 49:" -You have '=item 0' instead of the expected '=item 2' -.IP "Around line 55:" 4 -.IX Item "Around line 55:" -Expected '=item 3' +.IP "Around line 84:" 4 +.IX Item "Around line 84:" +\&'=item' outside of any '=over' diff --git a/secure/lib/libssl/man/SSL_SESSION_free.3 b/secure/lib/libssl/man/SSL_SESSION_free.3 index 92a9285190..d34d4710ef 100644 --- a/secure/lib/libssl/man/SSL_SESSION_free.3 +++ b/secure/lib/libssl/man/SSL_SESSION_free.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_free 3" -.TH SSL_SESSION_free 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_SESSION_free 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 index 7dc0a2cb37..41f4966152 100644 --- a/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_get_ex_new_index 3" -.TH SSL_SESSION_get_ex_new_index 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_SESSION_get_ex_new_index 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_SESSION_get_time.3 b/secure/lib/libssl/man/SSL_SESSION_get_time.3 index 85d3142ef1..5719ef046e 100644 --- a/secure/lib/libssl/man/SSL_SESSION_get_time.3 +++ b/secure/lib/libssl/man/SSL_SESSION_get_time.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_get_time 3" -.TH SSL_SESSION_get_time 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_SESSION_get_time 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_accept.3 b/secure/lib/libssl/man/SSL_accept.3 index 008ec4ac22..30d1e742d1 100644 --- a/secure/lib/libssl/man/SSL_accept.3 +++ b/secure/lib/libssl/man/SSL_accept.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_accept 3" -.TH SSL_accept 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_accept 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_alert_type_string.3 b/secure/lib/libssl/man/SSL_alert_type_string.3 index 780bc8e666..6a54955dec 100644 --- a/secure/lib/libssl/man/SSL_alert_type_string.3 +++ b/secure/lib/libssl/man/SSL_alert_type_string.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_alert_type_string 3" -.TH SSL_alert_type_string 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_alert_type_string 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_clear.3 b/secure/lib/libssl/man/SSL_clear.3 index 014f225ce7..fd813d4bcb 100644 --- a/secure/lib/libssl/man/SSL_clear.3 +++ b/secure/lib/libssl/man/SSL_clear.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_clear 3" -.TH SSL_clear 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_clear 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_connect.3 b/secure/lib/libssl/man/SSL_connect.3 index 2e0c67e9f3..be57b0878e 100644 --- a/secure/lib/libssl/man/SSL_connect.3 +++ b/secure/lib/libssl/man/SSL_connect.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_connect 3" -.TH SSL_connect 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_connect 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_do_handshake.3 b/secure/lib/libssl/man/SSL_do_handshake.3 index 085fcd63f8..a21b4d8552 100644 --- a/secure/lib/libssl/man/SSL_do_handshake.3 +++ b/secure/lib/libssl/man/SSL_do_handshake.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_do_handshake 3" -.TH SSL_do_handshake 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_do_handshake 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_free.3 b/secure/lib/libssl/man/SSL_free.3 index 11a9cc159d..0e0b34dfe0 100644 --- a/secure/lib/libssl/man/SSL_free.3 +++ b/secure/lib/libssl/man/SSL_free.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_free 3" -.TH SSL_free 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_free 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_SSL_CTX.3 b/secure/lib/libssl/man/SSL_get_SSL_CTX.3 index 83e5de0958..7654c7a5b4 100644 --- a/secure/lib/libssl/man/SSL_get_SSL_CTX.3 +++ b/secure/lib/libssl/man/SSL_get_SSL_CTX.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_SSL_CTX 3" -.TH SSL_get_SSL_CTX 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_get_SSL_CTX 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_ciphers.3 b/secure/lib/libssl/man/SSL_get_ciphers.3 index 318bfc35a5..60e4cd5b12 100644 --- a/secure/lib/libssl/man/SSL_get_ciphers.3 +++ b/secure/lib/libssl/man/SSL_get_ciphers.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_ciphers 3" -.TH SSL_get_ciphers 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_get_ciphers 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_client_CA_list.3 b/secure/lib/libssl/man/SSL_get_client_CA_list.3 index 1b227b7859..fb8939d22d 100644 --- a/secure/lib/libssl/man/SSL_get_client_CA_list.3 +++ b/secure/lib/libssl/man/SSL_get_client_CA_list.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_client_CA_list 3" -.TH SSL_get_client_CA_list 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_get_client_CA_list 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_current_cipher.3 b/secure/lib/libssl/man/SSL_get_current_cipher.3 index edd6d68376..29a595d64c 100644 --- a/secure/lib/libssl/man/SSL_get_current_cipher.3 +++ b/secure/lib/libssl/man/SSL_get_current_cipher.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_current_cipher 3" -.TH SSL_get_current_cipher 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_get_current_cipher 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_default_timeout.3 b/secure/lib/libssl/man/SSL_get_default_timeout.3 index ea9a9397d4..34bdde9f92 100644 --- a/secure/lib/libssl/man/SSL_get_default_timeout.3 +++ b/secure/lib/libssl/man/SSL_get_default_timeout.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_default_timeout 3" -.TH SSL_get_default_timeout 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_get_default_timeout 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_error.3 b/secure/lib/libssl/man/SSL_get_error.3 index 157e8b3199..4c9203348d 100644 --- a/secure/lib/libssl/man/SSL_get_error.3 +++ b/secure/lib/libssl/man/SSL_get_error.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_error 3" -.TH SSL_get_error 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_get_error 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 index 1395fd182b..cd637b078f 100644 --- a/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 +++ b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3" -.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_get_ex_new_index.3 index 6c110ee110..850cbc3007 100644 --- a/secure/lib/libssl/man/SSL_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_get_ex_new_index.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_ex_new_index 3" -.TH SSL_get_ex_new_index 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_get_ex_new_index 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_fd.3 b/secure/lib/libssl/man/SSL_get_fd.3 index ccce1e621f..bf75e08870 100644 --- a/secure/lib/libssl/man/SSL_get_fd.3 +++ b/secure/lib/libssl/man/SSL_get_fd.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_fd 3" -.TH SSL_get_fd 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_get_fd 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 index 84b1b410d7..a079ba4305 100644 --- a/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 +++ b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_peer_cert_chain 3" -.TH SSL_get_peer_cert_chain 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_get_peer_cert_chain 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_peer_certificate.3 b/secure/lib/libssl/man/SSL_get_peer_certificate.3 index 9e32978c6b..385d7192c9 100644 --- a/secure/lib/libssl/man/SSL_get_peer_certificate.3 +++ b/secure/lib/libssl/man/SSL_get_peer_certificate.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_peer_certificate 3" -.TH SSL_get_peer_certificate 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_get_peer_certificate 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_version.3 b/secure/lib/libssl/man/SSL_get_psk_identity.3 similarity index 76% copy from secure/lib/libssl/man/SSL_get_version.3 copy to secure/lib/libssl/man/SSL_get_psk_identity.3 index 9e40628c51..d8f4f5634c 100644 --- a/secure/lib/libssl/man/SSL_get_version.3 +++ b/secure/lib/libssl/man/SSL_get_psk_identity.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,40 +123,34 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_get_version 3" -.TH SSL_get_version 3 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "SSL_get_psk_identity 3" +.TH SSL_get_psk_identity 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_get_version \- get the protocol version of a connection. +SSL_get_psk_identity, SSL_get_psk_identity_hint \- get PSK client identity and hint .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include \& -\& const char *SSL_get_version(const SSL *ssl); +\& const char *SSL_get_psk_identity_hint(const SSL *ssl); +\& const char *SSL_get_psk_identity(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_cipher_version()\fR returns the name of the protocol used for the -connection \fBssl\fR. +\&\fISSL_get_psk_identity_hint()\fR is used to retrieve the \s-1PSK\s0 identity hint +used during the connection setup related to \s-1SSL\s0 object +\&\fBssl\fR. Similarly, \fISSL_get_psk_identity()\fR is used to retrieve the \s-1PSK\s0 +identity used during the connection setup. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The following strings can occur: -.IP "SSLv2" 4 -.IX Item "SSLv2" -The connection uses the SSLv2 protocol. -.IP "SSLv3" 4 -.IX Item "SSLv3" -The connection uses the SSLv3 protocol. -.IP "TLSv1" 4 -.IX Item "TLSv1" -The connection uses the TLSv1 protocol. -.IP "unknown" 4 -.IX Item "unknown" -This indicates that no version has been set (no connection established). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fIssl\fR\|(3) +If non\-\fB\s-1NULL\s0\fR, \fISSL_get_psk_identity_hint()\fR returns the \s-1PSK\s0 identity +hint and \fISSL_get_psk_identity()\fR returns the \s-1PSK\s0 identity. Both are +\&\fB\s-1NULL\s0\fR\-terminated. \fISSL_get_psk_identity_hint()\fR may return \fB\s-1NULL\s0\fR if +no \s-1PSK\s0 identity hint was used during the connection setup. +.PP +Note that the return value is valid only during the lifetime of the +\&\s-1SSL\s0 object \fBssl\fR. diff --git a/secure/lib/libssl/man/SSL_get_rbio.3 b/secure/lib/libssl/man/SSL_get_rbio.3 index b0fc987f93..9814c69ab6 100644 --- a/secure/lib/libssl/man/SSL_get_rbio.3 +++ b/secure/lib/libssl/man/SSL_get_rbio.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_rbio 3" -.TH SSL_get_rbio 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_get_rbio 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_session.3 b/secure/lib/libssl/man/SSL_get_session.3 index 66ca614846..431656f137 100644 --- a/secure/lib/libssl/man/SSL_get_session.3 +++ b/secure/lib/libssl/man/SSL_get_session.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_session 3" -.TH SSL_get_session 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_get_session 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_verify_result.3 b/secure/lib/libssl/man/SSL_get_verify_result.3 index da4aba948e..1081bc9b2c 100644 --- a/secure/lib/libssl/man/SSL_get_verify_result.3 +++ b/secure/lib/libssl/man/SSL_get_verify_result.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_verify_result 3" -.TH SSL_get_verify_result 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_get_verify_result 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_version.3 b/secure/lib/libssl/man/SSL_get_version.3 index 9e40628c51..4e97ffa6fc 100644 --- a/secure/lib/libssl/man/SSL_get_version.3 +++ b/secure/lib/libssl/man/SSL_get_version.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_version 3" -.TH SSL_get_version 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_get_version 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_library_init.3 b/secure/lib/libssl/man/SSL_library_init.3 index 9f3793abeb..ecaccd8254 100644 --- a/secure/lib/libssl/man/SSL_library_init.3 +++ b/secure/lib/libssl/man/SSL_library_init.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_library_init 3" -.TH SSL_library_init 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_library_init 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,32 +143,36 @@ SSL_library_init, OpenSSL_add_ssl_algorithms, SSLeay_add_ssl_algorithms .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_library_init()\fR registers the available ciphers and digests. +\&\fISSL_library_init()\fR registers the available \s-1SSL/TLS\s0 ciphers and digests. .PP \&\fIOpenSSL_add_ssl_algorithms()\fR and \fISSLeay_add_ssl_algorithms()\fR are synonyms for \fISSL_library_init()\fR. .SH "NOTES" .IX Header "NOTES" \&\fISSL_library_init()\fR must be called before any other action takes place. +\&\fISSL_library_init()\fR is not reentrant. .SH "WARNING" .IX Header "WARNING" -\&\fISSL_library_init()\fR only registers ciphers. Another important initialization -is the seeding of the \s-1PRNG\s0 (Pseudo Random Number Generator), which has to -be performed separately. +\&\fISSL_library_init()\fR adds ciphers and digests used directly and indirectly by +\&\s-1SSL/TLS\s0. .SH "EXAMPLES" .IX Header "EXAMPLES" A typical \s-1TLS/SSL\s0 application will start with the library initialization, -will provide readable error messages and will seed the \s-1PRNG\s0. +and provide readable error messages. .PP -.Vb 3 +.Vb 2 \& SSL_load_error_strings(); /* readable error messages */ \& SSL_library_init(); /* initialize library */ -\& actions_to_seed_PRNG(); .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_library_init()\fR always returns \*(L"1\*(R", so it is safe to discard the return value. +.SH "NOTES" +.IX Header "NOTES" +OpenSSL 0.9.8o and 1.0.0a and later added \s-1SHA2\s0 algorithms to \fISSL_library_init()\fR. +Applications which need to use \s-1SHA2\s0 in earlier versions of OpenSSL should call +\&\fIOpenSSL_add_all_algorithms()\fR as well. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIssl\fR\|(3), \fISSL_load_error_strings\fR\|(3), diff --git a/secure/lib/libssl/man/SSL_load_client_CA_file.3 b/secure/lib/libssl/man/SSL_load_client_CA_file.3 index cee3c1d343..cfe5b7883e 100644 --- a/secure/lib/libssl/man/SSL_load_client_CA_file.3 +++ b/secure/lib/libssl/man/SSL_load_client_CA_file.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_load_client_CA_file 3" -.TH SSL_load_client_CA_file 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_load_client_CA_file 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_new.3 b/secure/lib/libssl/man/SSL_new.3 index 4443dcf2d1..fd6e854ab2 100644 --- a/secure/lib/libssl/man/SSL_new.3 +++ b/secure/lib/libssl/man/SSL_new.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_new 3" -.TH SSL_new 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_new 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_pending.3 b/secure/lib/libssl/man/SSL_pending.3 index b613723b6d..8b7114d3a1 100644 --- a/secure/lib/libssl/man/SSL_pending.3 +++ b/secure/lib/libssl/man/SSL_pending.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_pending 3" -.TH SSL_pending 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_pending 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_read.3 b/secure/lib/libssl/man/SSL_read.3 index a4764180c6..e998030da8 100644 --- a/secure/lib/libssl/man/SSL_read.3 +++ b/secure/lib/libssl/man/SSL_read.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_read 3" -.TH SSL_read 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_read 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_rstate_string.3 b/secure/lib/libssl/man/SSL_rstate_string.3 index 1117cfe568..9b9d3a62bd 100644 --- a/secure/lib/libssl/man/SSL_rstate_string.3 +++ b/secure/lib/libssl/man/SSL_rstate_string.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_rstate_string 3" -.TH SSL_rstate_string 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_rstate_string 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_session_reused.3 b/secure/lib/libssl/man/SSL_session_reused.3 index 21bc5c17d1..234d2526cb 100644 --- a/secure/lib/libssl/man/SSL_session_reused.3 +++ b/secure/lib/libssl/man/SSL_session_reused.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_session_reused 3" -.TH SSL_session_reused 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_session_reused 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_bio.3 b/secure/lib/libssl/man/SSL_set_bio.3 index 4d5fb61cb7..05abc24367 100644 --- a/secure/lib/libssl/man/SSL_set_bio.3 +++ b/secure/lib/libssl/man/SSL_set_bio.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_bio 3" -.TH SSL_set_bio 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_set_bio 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_connect_state.3 b/secure/lib/libssl/man/SSL_set_connect_state.3 index 4ee23ae213..7c15a1ca8f 100644 --- a/secure/lib/libssl/man/SSL_set_connect_state.3 +++ b/secure/lib/libssl/man/SSL_set_connect_state.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_connect_state 3" -.TH SSL_set_connect_state 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_set_connect_state 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_fd.3 b/secure/lib/libssl/man/SSL_set_fd.3 index 23e3960ec3..96cefc7535 100644 --- a/secure/lib/libssl/man/SSL_set_fd.3 +++ b/secure/lib/libssl/man/SSL_set_fd.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_fd 3" -.TH SSL_set_fd 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_set_fd 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_session.3 b/secure/lib/libssl/man/SSL_set_session.3 index 2077f418d8..8928c7c218 100644 --- a/secure/lib/libssl/man/SSL_set_session.3 +++ b/secure/lib/libssl/man/SSL_set_session.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_session 3" -.TH SSL_set_session 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_set_session 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_shutdown.3 b/secure/lib/libssl/man/SSL_set_shutdown.3 index b46a2cce49..9d81a6a0f5 100644 --- a/secure/lib/libssl/man/SSL_set_shutdown.3 +++ b/secure/lib/libssl/man/SSL_set_shutdown.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_shutdown 3" -.TH SSL_set_shutdown 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_set_shutdown 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_verify_result.3 b/secure/lib/libssl/man/SSL_set_verify_result.3 index 67f9d250a6..16183e5f63 100644 --- a/secure/lib/libssl/man/SSL_set_verify_result.3 +++ b/secure/lib/libssl/man/SSL_set_verify_result.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_verify_result 3" -.TH SSL_set_verify_result 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_set_verify_result 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_shutdown.3 b/secure/lib/libssl/man/SSL_shutdown.3 index 723819f267..4d77a39165 100644 --- a/secure/lib/libssl/man/SSL_shutdown.3 +++ b/secure/lib/libssl/man/SSL_shutdown.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_shutdown 3" -.TH SSL_shutdown 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_shutdown 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_state_string.3 b/secure/lib/libssl/man/SSL_state_string.3 index d04db104a5..9668ae01e6 100644 --- a/secure/lib/libssl/man/SSL_state_string.3 +++ b/secure/lib/libssl/man/SSL_state_string.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_state_string 3" -.TH SSL_state_string 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_state_string 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_want.3 b/secure/lib/libssl/man/SSL_want.3 index d906d199fe..ef6541b6a3 100644 --- a/secure/lib/libssl/man/SSL_want.3 +++ b/secure/lib/libssl/man/SSL_want.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_want 3" -.TH SSL_want 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_want 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_write.3 b/secure/lib/libssl/man/SSL_write.3 index 873cb19cc6..790c368df0 100644 --- a/secure/lib/libssl/man/SSL_write.3 +++ b/secure/lib/libssl/man/SSL_write.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_write 3" -.TH SSL_write 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SSL_write 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/d2i_SSL_SESSION.3 b/secure/lib/libssl/man/d2i_SSL_SESSION.3 index 0f71ba152f..99a96657a9 100644 --- a/secure/lib/libssl/man/d2i_SSL_SESSION.3 +++ b/secure/lib/libssl/man/d2i_SSL_SESSION.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_SSL_SESSION 3" -.TH d2i_SSL_SESSION 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH d2i_SSL_SESSION 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/ssl.3 b/secure/lib/libssl/man/ssl.3 index 35ac92a485..0a2e5d3b82 100644 --- a/secure/lib/libssl/man/ssl.3 +++ b/secure/lib/libssl/man/ssl.3 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ssl 3" -.TH ssl 3 "2010-02-27" "0.9.8m" "OpenSSL" +.TH ssl 3 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -234,38 +226,38 @@ it's already included by ssl.h\fR. .IX Header "API FUNCTIONS" Currently the OpenSSL \fBssl\fR library exports 214 \s-1API\s0 functions. They are documented in the following: -.Sh "\s-1DEALING\s0 \s-1WITH\s0 \s-1PROTOCOL\s0 \s-1METHODS\s0" +.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1PROTOCOL\s0 \s-1METHODS\s0" .IX Subsection "DEALING WITH PROTOCOL METHODS" Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 protocol methods defined in \fB\s-1SSL_METHOD\s0\fR structures. -.IP "\s-1SSL_METHOD\s0 *\fBSSLv2_client_method\fR(void);" 4 -.IX Item "SSL_METHOD *SSLv2_client_method(void);" +.IP "const \s-1SSL_METHOD\s0 *\fBSSLv2_client_method\fR(void);" 4 +.IX Item "const SSL_METHOD *SSLv2_client_method(void);" Constructor for the SSLv2 \s-1SSL_METHOD\s0 structure for a dedicated client. -.IP "\s-1SSL_METHOD\s0 *\fBSSLv2_server_method\fR(void);" 4 -.IX Item "SSL_METHOD *SSLv2_server_method(void);" +.IP "const \s-1SSL_METHOD\s0 *\fBSSLv2_server_method\fR(void);" 4 +.IX Item "const SSL_METHOD *SSLv2_server_method(void);" Constructor for the SSLv2 \s-1SSL_METHOD\s0 structure for a dedicated server. -.IP "\s-1SSL_METHOD\s0 *\fBSSLv2_method\fR(void);" 4 -.IX Item "SSL_METHOD *SSLv2_method(void);" +.IP "const \s-1SSL_METHOD\s0 *\fBSSLv2_method\fR(void);" 4 +.IX Item "const SSL_METHOD *SSLv2_method(void);" Constructor for the SSLv2 \s-1SSL_METHOD\s0 structure for combined client and server. -.IP "\s-1SSL_METHOD\s0 *\fBSSLv3_client_method\fR(void);" 4 -.IX Item "SSL_METHOD *SSLv3_client_method(void);" +.IP "const \s-1SSL_METHOD\s0 *\fBSSLv3_client_method\fR(void);" 4 +.IX Item "const SSL_METHOD *SSLv3_client_method(void);" Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for a dedicated client. -.IP "\s-1SSL_METHOD\s0 *\fBSSLv3_server_method\fR(void);" 4 -.IX Item "SSL_METHOD *SSLv3_server_method(void);" +.IP "const \s-1SSL_METHOD\s0 *\fBSSLv3_server_method\fR(void);" 4 +.IX Item "const SSL_METHOD *SSLv3_server_method(void);" Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for a dedicated server. -.IP "\s-1SSL_METHOD\s0 *\fBSSLv3_method\fR(void);" 4 -.IX Item "SSL_METHOD *SSLv3_method(void);" +.IP "const \s-1SSL_METHOD\s0 *\fBSSLv3_method\fR(void);" 4 +.IX Item "const SSL_METHOD *SSLv3_method(void);" Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for combined client and server. -.IP "\s-1SSL_METHOD\s0 *\fBTLSv1_client_method\fR(void);" 4 -.IX Item "SSL_METHOD *TLSv1_client_method(void);" +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_client_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_client_method(void);" Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for a dedicated client. -.IP "\s-1SSL_METHOD\s0 *\fBTLSv1_server_method\fR(void);" 4 -.IX Item "SSL_METHOD *TLSv1_server_method(void);" +.IP "cosnt \s-1SSL_METHOD\s0 *\fBTLSv1_server_method\fR(void);" 4 +.IX Item "cosnt SSL_METHOD *TLSv1_server_method(void);" Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for a dedicated server. -.IP "\s-1SSL_METHOD\s0 *\fBTLSv1_method\fR(void);" 4 -.IX Item "SSL_METHOD *TLSv1_method(void);" +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_method(void);" Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for combined client and server. -.Sh "\s-1DEALING\s0 \s-1WITH\s0 \s-1CIPHERS\s0" +.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1CIPHERS\s0" .IX Subsection "DEALING WITH CIPHERS" Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 ciphers defined in \fB\s-1SSL_CIPHER\s0\fR structures. @@ -288,7 +280,7 @@ definitions in the header files. Returns a string like "\f(CW\*(C`TLSv1/SSLv3\*(C'\fR\*(L" or \*(R"\f(CW\*(C`SSLv2\*(C'\fR" which indicates the \&\s-1SSL/TLS\s0 protocol version to which \fIcipher\fR belongs (i.e. where it was defined in the specification the first time). -.Sh "\s-1DEALING\s0 \s-1WITH\s0 \s-1PROTOCOL\s0 \s-1CONTEXTS\s0" +.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1PROTOCOL\s0 \s-1CONTEXTS\s0" .IX Subsection "DEALING WITH PROTOCOL CONTEXTS" Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 protocol context defined in the \fB\s-1SSL_CTX\s0\fR structure. @@ -335,8 +327,8 @@ protocol context defined in the \fB\s-1SSL_CTX\s0\fR structure. .IX Item "int SSL_CTX_load_verify_locations(SSL_CTX *ctx, char *CAfile, char *CApath);" .IP "long \fBSSL_CTX_need_tmp_RSA\fR(\s-1SSL_CTX\s0 *ctx);" 4 .IX Item "long SSL_CTX_need_tmp_RSA(SSL_CTX *ctx);" -.IP "\s-1SSL_CTX\s0 *\fBSSL_CTX_new\fR(\s-1SSL_METHOD\s0 *meth);" 4 -.IX Item "SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);" +.IP "\s-1SSL_CTX\s0 *\fBSSL_CTX_new\fR(const \s-1SSL_METHOD\s0 *meth);" 4 +.IX Item "SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);" .IP "int \fBSSL_CTX_remove_session\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *c);" 4 .IX Item "int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c);" .IP "int \fBSSL_CTX_sess_accept\fR(\s-1SSL_CTX\s0 *ctx);" 4 @@ -413,8 +405,8 @@ protocol context defined in the \fB\s-1SSL_CTX\s0\fR structure. .IX Item "void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);" .IP "void \fBSSL_CTX_set_session_cache_mode\fR(\s-1SSL_CTX\s0 *ctx, int mode);" 4 .IX Item "void SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode);" -.IP "int \fBSSL_CTX_set_ssl_version\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_METHOD\s0 *meth);" 4 -.IX Item "int SSL_CTX_set_ssl_version(SSL_CTX *ctx, SSL_METHOD *meth);" +.IP "int \fBSSL_CTX_set_ssl_version\fR(\s-1SSL_CTX\s0 *ctx, const \s-1SSL_METHOD\s0 *meth);" 4 +.IX Item "int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);" .IP "void \fBSSL_CTX_set_timeout\fR(\s-1SSL_CTX\s0 *ctx, long t);" 4 .IX Item "void SSL_CTX_set_timeout(SSL_CTX *ctx, long t);" .IP "long \fBSSL_CTX_set_tmp_dh\fR(SSL_CTX* ctx, \s-1DH\s0 *dh);" 4 @@ -460,8 +452,14 @@ session instead of a context. .IX Item "int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);" .IP "int \fBSSL_CTX_use_certificate_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4 .IX Item "int SSL_CTX_use_certificate_file(SSL_CTX *ctx, char *file, int type);" +.IP "void \fBSSL_CTX_set_psk_client_callback\fR(\s-1SSL_CTX\s0 *ctx, unsigned int (*callback)(\s-1SSL\s0 *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));" 4 +.IX Item "void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));" +.IP "int \fBSSL_CTX_use_psk_identity_hint\fR(\s-1SSL_CTX\s0 *ctx, const char *hint);" 4 +.IX Item "int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint);" +.IP "void \fBSSL_CTX_set_psk_server_callback\fR(\s-1SSL_CTX\s0 *ctx, unsigned int (*callback)(\s-1SSL\s0 *ssl, const char *identity, unsigned char *psk, int max_psk_len));" 4 +.IX Item "void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));" .PD -.Sh "\s-1DEALING\s0 \s-1WITH\s0 \s-1SESSIONS\s0" +.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1SESSIONS\s0" .IX Subsection "DEALING WITH SESSIONS" Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 sessions defined in the \fB\s-1SSL_SESSION\s0\fR structures. @@ -497,7 +495,7 @@ sessions defined in the \fB\s-1SSL_SESSION\s0\fR structures. .IP "long \fBSSL_SESSION_set_timeout\fR(\s-1SSL_SESSION\s0 *s, long t);" 4 .IX Item "long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);" .PD -.Sh "\s-1DEALING\s0 \s-1WITH\s0 \s-1CONNECTIONS\s0" +.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1CONNECTIONS\s0" .IX Subsection "DEALING WITH CONNECTIONS" Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 connection defined in the \fB\s-1SSL\s0\fR structure. @@ -592,8 +590,8 @@ connection defined in the \fB\s-1SSL\s0\fR structure. .IX Item "char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int len);" .IP "int \fBSSL_get_shutdown\fR(const \s-1SSL\s0 *ssl);" 4 .IX Item "int SSL_get_shutdown(const SSL *ssl);" -.IP "\s-1SSL_METHOD\s0 *\fBSSL_get_ssl_method\fR(\s-1SSL\s0 *ssl);" 4 -.IX Item "SSL_METHOD *SSL_get_ssl_method(SSL *ssl);" +.IP "const \s-1SSL_METHOD\s0 *\fBSSL_get_ssl_method\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "const SSL_METHOD *SSL_get_ssl_method(SSL *ssl);" .IP "int \fBSSL_get_state\fR(const \s-1SSL\s0 *ssl);" 4 .IX Item "int SSL_get_state(const SSL *ssl);" .IP "long \fBSSL_get_time\fR(const \s-1SSL\s0 *ssl);" 4 @@ -676,8 +674,8 @@ connection defined in the \fB\s-1SSL\s0\fR structure. .IX Item "int SSL_set_session(SSL *ssl, SSL_SESSION *session);" .IP "void \fBSSL_set_shutdown\fR(\s-1SSL\s0 *ssl, int mode);" 4 .IX Item "void SSL_set_shutdown(SSL *ssl, int mode);" -.IP "int \fBSSL_set_ssl_method\fR(\s-1SSL\s0 *ssl, \s-1SSL_METHOD\s0 *meth);" 4 -.IX Item "int SSL_set_ssl_method(SSL *ssl, SSL_METHOD *meth);" +.IP "int \fBSSL_set_ssl_method\fR(\s-1SSL\s0 *ssl, const \s-1SSL_METHOD\s0 *meth);" 4 +.IX Item "int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *meth);" .IP "void \fBSSL_set_time\fR(\s-1SSL\s0 *ssl, long t);" 4 .IX Item "void SSL_set_time(SSL *ssl, long t);" .IP "void \fBSSL_set_timeout\fR(\s-1SSL\s0 *ssl, long t);" 4 @@ -730,6 +728,16 @@ connection defined in the \fB\s-1SSL\s0\fR structure. .IX Item "int SSL_want_x509_lookup(const SSL *ssl);" .IP "int \fBSSL_write\fR(\s-1SSL\s0 *ssl, const void *buf, int num);" 4 .IX Item "int SSL_write(SSL *ssl, const void *buf, int num);" +.IP "void \fBSSL_set_psk_client_callback\fR(\s-1SSL\s0 *ssl, unsigned int (*callback)(\s-1SSL\s0 *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));" 4 +.IX Item "void SSL_set_psk_client_callback(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));" +.IP "int \fBSSL_use_psk_identity_hint\fR(\s-1SSL\s0 *ssl, const char *hint);" 4 +.IX Item "int SSL_use_psk_identity_hint(SSL *ssl, const char *hint);" +.IP "void \fBSSL_set_psk_server_callback\fR(\s-1SSL\s0 *ssl, unsigned int (*callback)(\s-1SSL\s0 *ssl, const char *identity, unsigned char *psk, int max_psk_len));" 4 +.IX Item "void SSL_set_psk_server_callback(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));" +.IP "const char *\fBSSL_get_psk_identity_hint\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "const char *SSL_get_psk_identity_hint(SSL *ssl);" +.IP "const char *\fBSSL_get_psk_identity\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "const char *SSL_get_psk_identity(SSL *ssl);" .PD .SH "SEE ALSO" .IX Header "SEE ALSO" @@ -805,7 +813,10 @@ connection defined in the \fB\s-1SSL\s0\fR structure. \&\fISSL_SESSION_free\fR\|(3), \&\fISSL_SESSION_get_ex_new_index\fR\|(3), \&\fISSL_SESSION_get_time\fR\|(3), -\&\fId2i_SSL_SESSION\fR\|(3) +\&\fId2i_SSL_SESSION\fR\|(3), +\&\fISSL_CTX_set_psk_client_callback\fR\|(3), +\&\fISSL_CTX_use_psk_identity_hint\fR\|(3), +\&\fISSL_get_psk_identity\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fIssl\fR\|(3) document appeared in OpenSSL 0.9.2 diff --git a/secure/usr.bin/openssl/Makefile b/secure/usr.bin/openssl/Makefile index a6e6c7990e..04dc458a5a 100644 --- a/secure/usr.bin/openssl/Makefile +++ b/secure/usr.bin/openssl/Makefile @@ -14,12 +14,14 @@ LDADD= -lssl -lcrypto CFLAGS+= -DMONOLITH -I${.CURDIR} -SRCS+= app_rand.c apps.c asn1pars.c ca.c ciphers.c crl.c crl2p7.c \ +SRCS+= app_rand.c apps.c asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c \ dgst.c dh.c dhparam.c dsa.c dsaparam.c ec.c ecparam.c enc.c \ - engine.c errstr.c gendh.c gendsa.c genrsa.c nseq.c ocsp.c openssl.c \ - passwd.c pkcs12.c pkcs7.c pkcs8.c prime.c rand.c req.c rsa.c \ + engine.c errstr.c gendh.c gendsa.c genpkey.c \ + genrsa.c nseq.c ocsp.c openssl.c \ + passwd.c pkcs12.c pkcs7.c pkcs8.c pkey.c pkeyparam.c pkeyutl.c \ + prime.c rand.c req.c rsa.c \ rsautl.c s_cb.c s_client.c s_server.c s_socket.c s_time.c sess_id.c \ - smime.c speed.c spkac.c verify.c version.c x509.c + smime.c speed.c spkac.c ts.c verify.c version.c x509.c .include diff --git a/secure/usr.bin/openssl/Makefile.man b/secure/usr.bin/openssl/Makefile.man index e68f15482f..481eba2b22 100644 --- a/secure/usr.bin/openssl/Makefile.man +++ b/secure/usr.bin/openssl/Makefile.man @@ -3,6 +3,7 @@ MAN+= CA.pl.1 MAN+= asn1parse.1 MAN+= ca.1 MAN+= ciphers.1 +MAN+= cms.1 MAN+= config.5 MAN+= crl.1 MAN+= crl2pkcs7.1 @@ -22,6 +23,7 @@ MAN+= ecparam.1 MAN+= enc.1 MAN+= errstr.1 MAN+= gendsa.1 +MAN+= genpkey.1 MAN+= genrsa.1 MAN+= nseq.1 MAN+= ocsp.1 @@ -30,6 +32,9 @@ MAN+= passwd.1 MAN+= pkcs12.1 MAN+= pkcs7.1 MAN+= pkcs8.1 +MAN+= pkey.1 +MAN+= pkeyparam.1 +MAN+= pkeyutl.1 MAN+= rand.1 MAN+= req.1 MAN+= rsa.1 @@ -41,6 +46,8 @@ MAN+= sess_id.1 MAN+= smime.1 MAN+= speed.1 MAN+= spkac.1 +MAN+= ts.1 +MAN+= tsget.1 MAN+= verify.1 MAN+= version.1 MAN+= x509.1 diff --git a/secure/usr.bin/openssl/man/CA.pl.1 b/secure/usr.bin/openssl/man/CA.pl.1 index 4d548f690d..b0d7198e90 100644 --- a/secure/usr.bin/openssl/man/CA.pl.1 +++ b/secure/usr.bin/openssl/man/CA.pl.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CA.PL 1" -.TH CA.PL 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH CA.PL 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/asn1parse.1 b/secure/usr.bin/openssl/man/asn1parse.1 index 05cad92965..008dd71ccd 100644 --- a/secure/usr.bin/openssl/man/asn1parse.1 +++ b/secure/usr.bin/openssl/man/asn1parse.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ASN1PARSE 1" -.TH ASN1PARSE 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH ASN1PARSE 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -194,12 +186,12 @@ option can be used multiple times to \*(L"drill down\*(R" into a nested structur .IP "\fB\-genstr string\fR, \fB\-genconf file\fR" 4 .IX Item "-genstr string, -genconf file" generate encoded data based on \fBstring\fR, \fBfile\fR or both using -\&\fIASN1_generate_nconf()\fR format. If \fBfile\fR only is present then the string -is obtained from the default section using the name \fBasn1\fR. The encoded -data is passed through the \s-1ASN1\s0 parser and printed out as though it came -from a file, the contents can thus be examined and written to a file -using the \fBout\fR option. -.Sh "\s-1OUTPUT\s0" +\&\fIASN1_generate_nconf\fR\|(3) format. If \fBfile\fR only is +present then the string is obtained from the default section using the name +\&\fBasn1\fR. The encoded data is passed through the \s-1ASN1\s0 parser and printed out as +though it came from a file, the contents can thus be examined and written to a +file using the \fBout\fR option. +.SS "\s-1OUTPUT\s0" .IX Subsection "OUTPUT" The output will typically contain lines like this: .PP @@ -300,3 +292,6 @@ Example config file: .IX Header "BUGS" There should be options to change the format of output lines. The output of some \&\s-1ASN\s0.1 types is not well handled (if at all). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIASN1_generate_nconf\fR\|(3) diff --git a/secure/usr.bin/openssl/man/ca.1 b/secure/usr.bin/openssl/man/ca.1 index 866d2fa88b..afaccaad80 100644 --- a/secure/usr.bin/openssl/man/ca.1 +++ b/secure/usr.bin/openssl/man/ca.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CA 1" -.TH CA 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH CA 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -311,7 +303,9 @@ the section of the configuration file containing certificate extensions to be added when a certificate is issued (defaults to \fBx509_extensions\fR unless the \fB\-extfile\fR option is used). If no extension section is present then, a V1 certificate is created. If the extension section -is present (even if it is empty), then a V3 certificate is created. +is present (even if it is empty), then a V3 certificate is created. See the:w +\&\fIx509v3_config\fR\|(5) manual page for details of the +extension section format. .IP "\fB\-extfile file\fR" 4 .IX Item "-extfile file" an additional configuration file to read certificate extensions from @@ -319,7 +313,7 @@ an additional configuration file to read certificate extensions from used). .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" -specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR +specifying an engine (by its unique \fBid\fR string) will cause \fBca\fR to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. @@ -387,7 +381,9 @@ include. If no \s-1CRL\s0 extension section is present then a V1 \s-1CRL\s0 is created, if the \s-1CRL\s0 extension section is present (even if it is empty) then a V2 \s-1CRL\s0 is created. The \s-1CRL\s0 extensions specified are \&\s-1CRL\s0 extensions and \fBnot\fR \s-1CRL\s0 entry extensions. It should be noted -that some software (for example Netscape) can't handle V2 CRLs. +that some software (for example Netscape) can't handle V2 CRLs. See +\&\fIx509v3_config\fR\|(5) manual page for details of the +extension section format. .SH "CONFIGURATION FILE OPTIONS" .IX Header "CONFIGURATION FILE OPTIONS" The section of the configuration file containing options for \fBca\fR @@ -732,4 +728,4 @@ then even if a certificate is issued with \s-1CA:TRUE\s0 it will not be valid. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIreq\fR\|(1), \fIspkac\fR\|(1), \fIx509\fR\|(1), \s-1\fICA\s0.pl\fR\|(1), -\&\fIconfig\fR\|(5) +\&\fIconfig\fR\|(5), \fIx509v3_config\fR\|(5) diff --git a/secure/usr.bin/openssl/man/ciphers.1 b/secure/usr.bin/openssl/man/ciphers.1 index d5b0065e60..9ed3eae7f5 100644 --- a/secure/usr.bin/openssl/man/ciphers.1 +++ b/secure/usr.bin/openssl/man/ciphers.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CIPHERS 1" -.TH CIPHERS 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH CIPHERS 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -143,26 +135,30 @@ ciphers \- SSL cipher display and cipher list tool. .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBciphers\fR [\fB\-v\fR] +[\fB\-V\fR] [\fB\-ssl2\fR] [\fB\-ssl3\fR] [\fB\-tls1\fR] [\fBcipherlist\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fBcipherlist\fR command converts OpenSSL cipher lists into ordered +The \fBciphers\fR command converts textual OpenSSL cipher lists into ordered \&\s-1SSL\s0 cipher preference lists. It can be used as a test tool to determine the appropriate cipherlist. .SH "COMMAND OPTIONS" .IX Header "COMMAND OPTIONS" .IP "\fB\-v\fR" 4 .IX Item "-v" -verbose option. List ciphers with a complete description of +Verbose option. List ciphers with a complete description of protocol version (SSLv2 or SSLv3; the latter includes \s-1TLS\s0), key exchange, authentication, encryption and mac algorithms used along with any key size restrictions and whether the algorithm is classed as an \*(L"export\*(R" cipher. Note that without the \fB\-v\fR option, ciphers may seem to appear twice in a cipher list; this is when similar ciphers are available for \&\s-1SSL\s0 v2 and for \s-1SSL\s0 v3/TLS v1. +.IP "\fB\-V\fR" 4 +.IX Item "-V" +Like \fB\-V\fR, but include cipher suite codes in output (hex format). .IP "\fB\-ssl3\fR" 4 .IX Item "-ssl3" only include \s-1SSL\s0 v3 ciphers. @@ -223,8 +219,8 @@ the current cipher list in order of encryption algorithm key length. The following is a list of all permitted cipher strings and their meanings. .IP "\fB\s-1DEFAULT\s0\fR" 4 .IX Item "DEFAULT" -the default cipher list. This is determined at compile time and is normally -\&\fB\s-1AES:ALL:\s0!aNULL:!eNULL:+RC4:@STRENGTH\fR. This must be the first cipher string +the default cipher list. This is determined at compile time and, as of OpenSSL +1.0.0, is normally \fB\s-1ALL:\s0!aNULL:!eNULL\fR. This must be the first cipher string specified. .IP "\fB\s-1COMPLEMENTOFDEFAULT\s0\fR" 4 .IX Item "COMPLEMENTOFDEFAULT" @@ -233,7 +229,8 @@ this is \fB\s-1ADH\s0\fR. Note that this rule does not cover \fBeNULL\fR, which not included by \fB\s-1ALL\s0\fR (use \fB\s-1COMPLEMENTOFALL\s0\fR if necessary). .IP "\fB\s-1ALL\s0\fR" 4 .IX Item "ALL" -all ciphers suites except the \fBeNULL\fR ciphers which must be explicitly enabled. +all cipher suites except the \fBeNULL\fR ciphers which must be explicitly enabled; +as of OpenSSL, the \fB\s-1ALL\s0\fR cipher suites are reasonably ordered by default .IP "\fB\s-1COMPLEMENTOFALL\s0\fR" 4 .IX Item "COMPLEMENTOFALL" the cipher suites not enabled by \fB\s-1ALL\s0\fR, currently being \fBeNULL\fR. @@ -332,13 +329,33 @@ cipher suites using \s-1MD5\s0. .IP "\fB\s-1SHA1\s0\fR, \fB\s-1SHA\s0\fR" 4 .IX Item "SHA1, SHA" cipher suites using \s-1SHA1\s0. +.IP "\fBaGOST\fR" 4 +.IX Item "aGOST" +cipher suites using \s-1GOST\s0 R 34.10 (either 2001 or 94) for authenticaction +(needs an engine supporting \s-1GOST\s0 algorithms). +.IP "\fBaGOST01\fR" 4 +.IX Item "aGOST01" +cipher suites using \s-1GOST\s0 R 34.10\-2001 authentication. +.IP "\fBaGOST94\fR" 4 +.IX Item "aGOST94" +cipher suites using \s-1GOST\s0 R 34.10\-94 authentication (note that R 34.10\-94 +standard has been expired so use \s-1GOST\s0 R 34.10\-2001) +.IP "\fBkGOST\fR" 4 +.IX Item "kGOST" +cipher suites, using \s-1VKO\s0 34.10 key exchange, specified in the \s-1RFC\s0 4357. +.IP "\fB\s-1GOST94\s0\fR" 4 +.IX Item "GOST94" +cipher suites, using \s-1HMAC\s0 based on \s-1GOST\s0 R 34.11\-94. +.IP "\fB\s-1GOST89MAC\s0\fR" 4 +.IX Item "GOST89MAC" +cipher suites using \s-1GOST\s0 28147\-89 \s-1MAC\s0 \fBinstead of\fR \s-1HMAC\s0. .SH "CIPHER SUITE NAMES" .IX Header "CIPHER SUITE NAMES" The following lists give the \s-1SSL\s0 or \s-1TLS\s0 cipher suites names from the relevant specification and their OpenSSL equivalents. It should be noted, that several cipher suite names do not include the authentication used, e.g. \s-1DES\-CBC3\-SHA\s0. In these cases, \s-1RSA\s0 authentication is used. -.Sh "\s-1SSL\s0 v3.0 cipher suites." +.SS "\s-1SSL\s0 v3.0 cipher suites." .IX Subsection "SSL v3.0 cipher suites." .Vb 10 \& SSL_RSA_WITH_NULL_MD5 NULL\-MD5 @@ -375,7 +392,7 @@ e.g. \s-1DES\-CBC3\-SHA\s0. In these cases, \s-1RSA\s0 authentication is used. \& SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented. \& SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented. .Ve -.Sh "\s-1TLS\s0 v1.0 cipher suites." +.SS "\s-1TLS\s0 v1.0 cipher suites." .IX Subsection "TLS v1.0 cipher suites." .Vb 10 \& TLS_RSA_WITH_NULL_MD5 NULL\-MD5 @@ -408,7 +425,7 @@ e.g. \s-1DES\-CBC3\-SHA\s0. In these cases, \s-1RSA\s0 authentication is used. \& TLS_DH_anon_WITH_DES_CBC_SHA ADH\-DES\-CBC\-SHA \& TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH\-DES\-CBC3\-SHA .Ve -.Sh "\s-1AES\s0 ciphersuites from \s-1RFC3268\s0, extending \s-1TLS\s0 v1.0" +.SS "\s-1AES\s0 ciphersuites from \s-1RFC3268\s0, extending \s-1TLS\s0 v1.0" .IX Subsection "AES ciphersuites from RFC3268, extending TLS v1.0" .Vb 2 \& TLS_RSA_WITH_AES_128_CBC_SHA AES128\-SHA @@ -427,7 +444,7 @@ e.g. \s-1DES\-CBC3\-SHA\s0. In these cases, \s-1RSA\s0 authentication is used. \& TLS_DH_anon_WITH_AES_128_CBC_SHA ADH\-AES128\-SHA \& TLS_DH_anon_WITH_AES_256_CBC_SHA ADH\-AES256\-SHA .Ve -.Sh "Camellia ciphersuites from \s-1RFC4132\s0, extending \s-1TLS\s0 v1.0" +.SS "Camellia ciphersuites from \s-1RFC4132\s0, extending \s-1TLS\s0 v1.0" .IX Subsection "Camellia ciphersuites from RFC4132, extending TLS v1.0" .Vb 2 \& TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128\-SHA @@ -446,7 +463,7 @@ e.g. \s-1DES\-CBC3\-SHA\s0. In these cases, \s-1RSA\s0 authentication is used. \& TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH\-CAMELLIA128\-SHA \& TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH\-CAMELLIA256\-SHA .Ve -.Sh "\s-1SEED\s0 ciphersuites from \s-1RFC4162\s0, extending \s-1TLS\s0 v1.0" +.SS "\s-1SEED\s0 ciphersuites from \s-1RFC4162\s0, extending \s-1TLS\s0 v1.0" .IX Subsection "SEED ciphersuites from RFC4162, extending TLS v1.0" .Vb 1 \& TLS_RSA_WITH_SEED_CBC_SHA SEED\-SHA @@ -459,7 +476,18 @@ e.g. \s-1DES\-CBC3\-SHA\s0. In these cases, \s-1RSA\s0 authentication is used. \& \& TLS_DH_anon_WITH_SEED_CBC_SHA ADH\-SEED\-SHA .Ve -.Sh "Additional Export 1024 and other cipher suites" +.SS "\s-1GOST\s0 ciphersuites from draft-chudov-cryptopro-cptls, extending \s-1TLS\s0 v1.0" +.IX Subsection "GOST ciphersuites from draft-chudov-cryptopro-cptls, extending TLS v1.0" +Note: these ciphers require an engine which including \s-1GOST\s0 cryptographic +algorithms, such as the \fBccgost\fR engine, included in the OpenSSL distribution. +.PP +.Vb 4 +\& TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94\-GOST89\-GOST89 +\& TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001\-GOST89\-GOST89 +\& TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94\-NULL\-GOST94 +\& TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001\-NULL\-GOST94 +.Ve +.SS "Additional Export 1024 and other cipher suites" .IX Subsection "Additional Export 1024 and other cipher suites" Note: these ciphers can also be used in \s-1SSL\s0 v3. .PP @@ -470,7 +498,7 @@ Note: these ciphers can also be used in \s-1SSL\s0 v3. \& TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024\-DHE\-DSS\-RC4\-SHA \& TLS_DHE_DSS_WITH_RC4_128_SHA DHE\-DSS\-RC4\-SHA .Ve -.Sh "\s-1SSL\s0 v2.0 cipher suites." +.SS "\s-1SSL\s0 v2.0 cipher suites." .IX Subsection "SSL v2.0 cipher suites." .Vb 7 \& SSL_CK_RC4_128_WITH_MD5 RC4\-MD5 @@ -526,5 +554,6 @@ encryption. \&\fIs_client\fR\|(1), \fIs_server\fR\|(1), \fIssl\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -The \fB\s-1COMPLENTOFALL\s0\fR and \fB\s-1COMPLEMENTOFDEFAULT\s0\fR selection options were -added in version 0.9.7. +The \fB\s-1COMPLENTOFALL\s0\fR and \fB\s-1COMPLEMENTOFDEFAULT\s0\fR selection options +for cipherlist strings were added in OpenSSL 0.9.7. +The \fB\-V\fR option for the \fBciphers\fR command was added in OpenSSL 1.0.0. diff --git a/secure/usr.bin/openssl/man/smime.1 b/secure/usr.bin/openssl/man/cms.1 similarity index 50% copy from secure/usr.bin/openssl/man/smime.1 copy to secure/usr.bin/openssl/man/cms.1 index 4e00981e26..ca61a886c1 100644 --- a/secure/usr.bin/openssl/man/smime.1 +++ b/secure/usr.bin/openssl/man/cms.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,61 +123,88 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SMIME 1" -.TH SMIME 1 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "CMS 1" +.TH CMS 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -smime \- S/MIME utility +cms \- CMS utility .SH "SYNOPSIS" .IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBsmime\fR +\&\fBopenssl\fR \fBcms\fR [\fB\-encrypt\fR] [\fB\-decrypt\fR] [\fB\-sign\fR] [\fB\-verify\fR] -[\fB\-pk7out\fR] -[\fB\-des\fR] -[\fB\-des3\fR] -[\fB\-rc2\-40\fR] -[\fB\-rc2\-64\fR] -[\fB\-rc2\-128\fR] -[\fB\-aes128\fR] -[\fB\-aes192\fR] -[\fB\-aes256\fR] -[\fB\-camellia128\fR] -[\fB\-camellia192\fR] -[\fB\-camellia256\fR] -[\fB\-in file\fR] -[\fB\-certfile file\fR] -[\fB\-signer file\fR] -[\fB\-recip file\fR] +[\fB\-cmsout\fR] +[\fB\-resign\fR] +[\fB\-data_create\fR] +[\fB\-data_out\fR] +[\fB\-digest_create\fR] +[\fB\-digest_verify\fR] +[\fB\-compress\fR] +[\fB\-uncompress\fR] +[\fB\-EncryptedData_encrypt\fR] +[\fB\-sign_receipt\fR] +[\fB\-verify_receipt receipt\fR] +[\fB\-in filename\fR] [\fB\-inform SMIME|PEM|DER\fR] -[\fB\-passin arg\fR] -[\fB\-inkey file\fR] -[\fB\-out file\fR] +[\fB\-rctform SMIME|PEM|DER\fR] +[\fB\-out filename\fR] [\fB\-outform SMIME|PEM|DER\fR] -[\fB\-content file\fR] -[\fB\-to addr\fR] -[\fB\-from ad\fR] -[\fB\-subject s\fR] +[\fB\-stream \-indef \-noindef\fR] +[\fB\-noindef\fR] +[\fB\-content filename\fR] [\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-print\fR] +[\fB\-CAfile file\fR] +[\fB\-CApath dir\fR] +[\fB\-md digest\fR] +[\fB\-[cipher]\fR] +[\fB\-nointern\fR] +[\fB\-no_signer_cert_verify\fR] +[\fB\-nocerts\fR] +[\fB\-noattr\fR] +[\fB\-nosmimecap\fR] +[\fB\-binary\fR] +[\fB\-nodetach\fR] +[\fB\-certfile file\fR] +[\fB\-certsout file\fR] +[\fB\-signer file\fR] +[\fB\-recip file\fR] +[\fB\-keyid\fR] +[\fB\-receipt_request_all \-receipt_request_first\fR] +[\fB\-receipt_request_from emailaddress\fR] +[\fB\-receipt_request_to emailaddress\fR] +[\fB\-receipt_request_print\fR] +[\fB\-secretkey key\fR] +[\fB\-secretkeyid id\fR] +[\fB\-econtent_type type\fR] +[\fB\-inkey file\fR] +[\fB\-passin arg\fR] [\fB\-rand file(s)\fR] +[\fBcert.pem...\fR] +[\fB\-to addr\fR] +[\fB\-from addr\fR] +[\fB\-subject subj\fR] [cert.pem]... .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fBsmime\fR command handles S/MIME mail. It can encrypt, decrypt, sign and -verify S/MIME messages. +The \fBcms\fR command handles S/MIME v3.1 mail. It can encrypt, decrypt, sign and +verify, compress and uncompress S/MIME messages. .SH "COMMAND OPTIONS" .IX Header "COMMAND OPTIONS" -There are five operation options that set the type of operation to be performed. -The meaning of the other options varies according to the operation type. +There are fourteen operation options that set the type of operation to be +performed. The meaning of the other options varies according to the operation +type. .IP "\fB\-encrypt\fR" 4 .IX Item "-encrypt" encrypt mail for the given recipient certificates. Input file is the message -to be encrypted. The output file is the encrypted mail in \s-1MIME\s0 format. +to be encrypted. The output file is the encrypted mail in \s-1MIME\s0 format. The +actual \s-1CMS\s0 type is EnvelopedData. .IP "\fB\-decrypt\fR" 4 .IX Item "-decrypt" decrypt mail using the supplied certificate and private key. Expects an @@ -200,37 +219,92 @@ to the output file. .IX Item "-verify" verify signed mail. Expects a signed mail message on input and outputs the signed data. Both clear text and opaque signing is supported. -.IP "\fB\-pk7out\fR" 4 -.IX Item "-pk7out" -takes an input message and writes out a \s-1PEM\s0 encoded PKCS#7 structure. +.IP "\fB\-cmsout\fR" 4 +.IX Item "-cmsout" +takes an input message and writes out a \s-1PEM\s0 encoded \s-1CMS\s0 structure. +.IP "\fB\-resign\fR" 4 +.IX Item "-resign" +resign a message: take an existing message and one or more new signers. +.IP "\fB\-data_create\fR" 4 +.IX Item "-data_create" +Create a \s-1CMS\s0 \fBData\fR type. +.IP "\fB\-data_out\fR" 4 +.IX Item "-data_out" +\&\fBData\fR type and output the content. +.IP "\fB\-digest_create\fR" 4 +.IX Item "-digest_create" +Create a \s-1CMS\s0 \fBDigestedData\fR type. +.IP "\fB\-digest_verify\fR" 4 +.IX Item "-digest_verify" +Verify a \s-1CMS\s0 \fBDigestedData\fR type and output the content. +.IP "\fB\-compress\fR" 4 +.IX Item "-compress" +Create a \s-1CMS\s0 \fBCompressedData\fR type. OpenSSL must be compiled with \fBzlib\fR +support for this option to work, otherwise it will output an error. +.IP "\fB\-uncompress\fR" 4 +.IX Item "-uncompress" +Uncompress a \s-1CMS\s0 \fBCompressedData\fR type and output the content. OpenSSL must be +compiled with \fBzlib\fR support for this option to work, otherwise it will +output an error. +.IP "\fB\-EncryptedData_encrypt\fR" 4 +.IX Item "-EncryptedData_encrypt" +Encrypt suppled content using supplied symmetric key and algorithm using a \s-1CMS\s0 +\&\fBEncrytedData\fR type and output the content. +.IP "\fB\-sign_receipt\fR" 4 +.IX Item "-sign_receipt" +Generate and output a signed receipt for the supplied message. The input +message \fBmust\fR contain a signed receipt request. Functionality is otherwise +similar to the \fB\-sign\fR operation. +.IP "\fB\-verify_receipt receipt\fR" 4 +.IX Item "-verify_receipt receipt" +Verify a signed receipt in filename \fBreceipt\fR. The input message \fBmust\fR +contain the original receipt request. Functionality is otherwise similar +to the \fB\-verify\fR operation. .IP "\fB\-in filename\fR" 4 .IX Item "-in filename" -the input message to be encrypted or signed or the \s-1MIME\s0 message to -be decrypted or verified. +the input message to be encrypted or signed or the message to be decrypted +or verified. .IP "\fB\-inform SMIME|PEM|DER\fR" 4 .IX Item "-inform SMIME|PEM|DER" -this specifies the input format for the PKCS#7 structure. The default +this specifies the input format for the \s-1CMS\s0 structure. The default is \fB\s-1SMIME\s0\fR which reads an S/MIME format message. \fB\s-1PEM\s0\fR and \fB\s-1DER\s0\fR -format change this to expect \s-1PEM\s0 and \s-1DER\s0 format PKCS#7 structures -instead. This currently only affects the input format of the PKCS#7 -structure, if no PKCS#7 structure is being input (for example with +format change this to expect \s-1PEM\s0 and \s-1DER\s0 format \s-1CMS\s0 structures +instead. This currently only affects the input format of the \s-1CMS\s0 +structure, if no \s-1CMS\s0 structure is being input (for example with \&\fB\-encrypt\fR or \fB\-sign\fR) this option has no effect. +.IP "\fB\-rctform SMIME|PEM|DER\fR" 4 +.IX Item "-rctform SMIME|PEM|DER" +specify the format for a signed receipt for use with the \fB\-receipt_verify\fR +operation. .IP "\fB\-out filename\fR" 4 .IX Item "-out filename" the message text that has been decrypted or verified or the output \s-1MIME\s0 format message that has been signed or verified. .IP "\fB\-outform SMIME|PEM|DER\fR" 4 .IX Item "-outform SMIME|PEM|DER" -this specifies the output format for the PKCS#7 structure. The default -is \fB\s-1SMIME\s0\fR which write an S/MIME format message. \fB\s-1PEM\s0\fR and \fB\s-1DER\s0\fR -format change this to write \s-1PEM\s0 and \s-1DER\s0 format PKCS#7 structures -instead. This currently only affects the output format of the PKCS#7 -structure, if no PKCS#7 structure is being output (for example with +this specifies the output format for the \s-1CMS\s0 structure. The default +is \fB\s-1SMIME\s0\fR which writes an S/MIME format message. \fB\s-1PEM\s0\fR and \fB\s-1DER\s0\fR +format change this to write \s-1PEM\s0 and \s-1DER\s0 format \s-1CMS\s0 structures +instead. This currently only affects the output format of the \s-1CMS\s0 +structure, if no \s-1CMS\s0 structure is being output (for example with \&\fB\-verify\fR or \fB\-decrypt\fR) this option has no effect. +.IP "\fB\-stream \-indef \-noindef\fR" 4 +.IX Item "-stream -indef -noindef" +the \fB\-stream\fR and \fB\-indef\fR options are equivalent and enable streaming I/O +for encoding operations. This permits single pass processing of data without +the need to hold the entire contents in memory, potentially supporting very +large files. Streaming is automatically set for S/MIME signing with detached +data if the output format is \fB\s-1SMIME\s0\fR it is currently off by default for all +other operations. +.IP "\fB\-noindef\fR" 4 +.IX Item "-noindef" +disable streaming I/O where it would produce and indefinite length constructed +encoding. This option currently has no effect. In future streaming will be +enabled by default on all relevant operations and this option will disable it. .IP "\fB\-content filename\fR" 4 .IX Item "-content filename" This specifies a file containing the detached content, this is only -useful with the \fB\-verify\fR command. This is only usable if the PKCS#7 +useful with the \fB\-verify\fR command. This is only usable if the \s-1CMS\s0 structure is using the detached signature form where the content is not included. This option will override any content if the input format is S/MIME and it uses the multipart/signed \s-1MIME\s0 content type. @@ -240,6 +314,15 @@ this option adds plain text (text/plain) \s-1MIME\s0 headers to the supplied message if encrypting or signing. If decrypting or verifying it strips off text headers: if the decrypted or verified message is not of \s-1MIME\s0 type text/plain then an error occurs. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +for the \fB\-cmsout\fR operation do not output the parsed \s-1CMS\s0 structure. This +is useful when combined with the \fB\-print\fR option or if the syntax of the \s-1CMS\s0 +structure is being checked. +.IP "\fB\-print\fR" 4 +.IX Item "-print" +for the \fB\-cmsout\fR operation print out all fields of the \s-1CMS\s0 structure. This +is mainly useful for testing purposes. .IP "\fB\-CAfile file\fR" 4 .IX Item "-CAfile file" a file containing trusted \s-1CA\s0 certificates, only used with \fB\-verify\fR. @@ -249,27 +332,29 @@ a directory containing trusted \s-1CA\s0 certificates, only used with \&\fB\-verify\fR. This directory must be a standard certificate directory: that is a hash of each subject name (using \fBx509 \-hash\fR) should be linked to each certificate. -.IP "\fB\-des \-des3 \-rc2\-40 \-rc2\-64 \-rc2\-128 \-aes128 \-aes192 \-aes256 \-camellia128 \-camellia192 \-camellia256\fR" 4 -.IX Item "-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256 -camellia128 -camellia192 -camellia256" -the encryption algorithm to use. \s-1DES\s0 (56 bits), triple \s-1DES\s0 (168 bits), -40, 64 or 128 bit \s-1RC2\s0, 128, 192 or 256 bit \s-1AES\s0, or 128, 192 or 256 bit Camellia respectively. If not -specified 40 bit \s-1RC2\s0 is used. Only used with \fB\-encrypt\fR. +.IP "\fB\-md digest\fR" 4 +.IX Item "-md digest" +digest algorithm to use when signing or resigning. If not present then the +default digest algorithm for the signing key will be used (usually \s-1SHA1\s0). +.IP "\fB\-[cipher]\fR" 4 +.IX Item "-[cipher]" +the encryption algorithm to use. For example triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR +or 256 bit \s-1AES\s0 \- \fB\-aes256\fR. Any standard algorithm name (as used by the +\&\fIEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for +example \fB\-aes_128_cbc\fR. See \fBenc\fR for a list of ciphers +supported by your version of OpenSSL. +.Sp +If not specified triple \s-1DES\s0 is used. Only used with \fB\-encrypt\fR and +\&\fB\-EncryptedData_create\fR commands. .IP "\fB\-nointern\fR" 4 .IX Item "-nointern" when verifying a message normally certificates (if any) included in the message are searched for the signing certificate. With this option only the certificates specified in the \fB\-certfile\fR option are used. The supplied certificates can still be used as untrusted CAs however. -.IP "\fB\-noverify\fR" 4 -.IX Item "-noverify" +.IP "\fB\-no_signer_cert_verify\fR" 4 +.IX Item "-no_signer_cert_verify" do not verify the signers certificate of a signed message. -.IP "\fB\-nochain\fR" 4 -.IX Item "-nochain" -do not do chain verification of signers certificates: that is don't -use the certificates in the signed message as untrusted CAs. -.IP "\fB\-nosigs\fR" 4 -.IX Item "-nosigs" -don't try to verify the signatures on the message. .IP "\fB\-nocerts\fR" 4 .IX Item "-nocerts" when signing a message the signer's certificate is normally included @@ -281,6 +366,10 @@ available locally (passed using the \fB\-certfile\fR option for example). normally when a message is signed a set of attributes are included which include the signing time and supported symmetric algorithms. With this option they are not included. +.IP "\fB\-nosmimecap\fR" 4 +.IX Item "-nosmimecap" +exclude the list of supported algorithms from signed attributes, other options +such as signing time and content type are still included. .IP "\fB\-binary\fR" 4 .IX Item "-binary" normally the input message is converted to \*(L"canonical\*(R" format which is @@ -298,21 +387,67 @@ the \s-1MIME\s0 type multipart/signed is used. allows additional certificates to be specified. When signing these will be included with the message. When verifying these will be searched for the signers certificates. The certificates should be in \s-1PEM\s0 format. +.IP "\fB\-certsout file\fR" 4 +.IX Item "-certsout file" +any certificates contained in the message are written to \fBfile\fR. .IP "\fB\-signer file\fR" 4 .IX Item "-signer file" -the signers certificate when signing a message. If a message is -being verified then the signers certificates will be written to this -file if the verification was successful. +a signing certificate when signing or resigning a message, this option can be +used multiple times if more than one signer is required. If a message is being +verified then the signers certificates will be written to this file if the +verification was successful. .IP "\fB\-recip file\fR" 4 .IX Item "-recip file" the recipients certificate when decrypting a message. This certificate must match one of the recipients of the message or an error occurs. +.IP "\fB\-keyid\fR" 4 +.IX Item "-keyid" +use subject key identifier to identify certificates instead of issuer name and +serial number. The supplied certificate \fBmust\fR include a subject key +identifier extension. Supported by \fB\-sign\fR and \fB\-encrypt\fR options. +.IP "\fB\-receipt_request_all \-receipt_request_first\fR" 4 +.IX Item "-receipt_request_all -receipt_request_first" +for \fB\-sign\fR option include a signed receipt request. Indicate requests should +be provided by all receipient or first tier recipients (those mailed directly +and not from a mailing list). Ignored it \fB\-receipt_request_from\fR is included. +.IP "\fB\-receipt_request_from emailaddress\fR" 4 +.IX Item "-receipt_request_from emailaddress" +for \fB\-sign\fR option include a signed receipt request. Add an explicit email +address where receipts should be supplied. +.IP "\fB\-receipt_request_to emailaddress\fR" 4 +.IX Item "-receipt_request_to emailaddress" +Add an explicit email address where signed receipts should be sent to. This +option \fBmust\fR but supplied if a signed receipt it requested. +.IP "\fB\-receipt_request_print\fR" 4 +.IX Item "-receipt_request_print" +For the \fB\-verify\fR operation print out the contents of any signed receipt +requests. +.IP "\fB\-secretkey key\fR" 4 +.IX Item "-secretkey key" +specify symmetric key to use. The key must be supplied in hex format and be +consistent with the algorithm used. Supported by the \fB\-EncryptedData_encrypt\fR +\&\fB\-EncrryptedData_decrypt\fR, \fB\-encrypt\fR and \fB\-decrypt\fR options. When used +with \fB\-encrypt\fR or \fB\-decrypt\fR the supplied key is used to wrap or unwrap the +content encryption key using an \s-1AES\s0 key in the \fBKEKRecipientInfo\fR type. +.IP "\fB\-secretkeyid id\fR" 4 +.IX Item "-secretkeyid id" +the key identifier for the supplied symmetric key for \fBKEKRecipientInfo\fR type. +This option \fBmust\fR be present if the \fB\-secretkey\fR option is used with +\&\fB\-encrypt\fR. With \fB\-decrypt\fR operations the \fBid\fR is used to locate the +relevant key if it is not supplied then an attempt is used to decrypt any +\&\fBKEKRecipientInfo\fR structures. +.IP "\fB\-econtent_type type\fR" 4 +.IX Item "-econtent_type type" +set the encapsulated content type to \fBtype\fR if not supplied the \fBData\fR type +is used. The \fBtype\fR argument can be any valid \s-1OID\s0 name in either text or +numerical format. .IP "\fB\-inkey file\fR" 4 .IX Item "-inkey file" the private key to use when signing or decrypting. This must match the corresponding certificate. If this option is not specified then the private key must be included in the certificate file specified with -the \fB\-recip\fR or \fB\-signer\fR file. +the \fB\-recip\fR or \fB\-signer\fR file. When signing this option can be used +multiple times to specify successive keys. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" the private key password source. For more information about the format of \fBarg\fR @@ -334,6 +469,10 @@ the relevant mail headers. These are included outside the signed portion of a message so they may be included manually. If signing then many S/MIME mail clients check the signers certificate's email address matches that specified in the From: address. +.IP "\fB\-purpose, \-ignore_critical, \-issuer_checks, \-crl_check, \-crl_check_all, \-policy_check, \-extended_crl, \-x509_strict, \-policy \-check_ss_sig\fR" 4 +.IX Item "-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig" +Set various certificate chain valiadition option. See the +\&\fBverify\fR manual page for details. .SH "NOTES" .IX Header "NOTES" The \s-1MIME\s0 message must be sent without any blank lines between the @@ -356,8 +495,21 @@ choke if a message contains multiple signers. It is possible to sign messages \*(L"in parallel\*(R" by signing an already signed message. .PP The options \fB\-encrypt\fR and \fB\-decrypt\fR reflect common usage in S/MIME -clients. Strictly speaking these process PKCS#7 enveloped data: PKCS#7 +clients. Strictly speaking these process \s-1CMS\s0 enveloped data: \s-1CMS\s0 encrypted data is used for other purposes. +.PP +The \fB\-resign\fR option uses an existing message digest when adding a new +signer. This means that attributes must be present in at least one existing +signer using the same message digest or this operation will fail. +.PP +The \fB\-stream\fR and \fB\-indef\fR options enable experimental streaming I/O support. +As a result the encoding is \s-1BER\s0 using indefinite length constructed encoding +and no longer \s-1DER\s0. Streaming is supported for the \fB\-encrypt\fR operation and the +\&\fB\-sign\fR operation if the content is not detached. +.PP +Streaming is always used for the \fB\-sign\fR operation with detached data but +since the content is no longer part of the \s-1CMS\s0 structure the encoding +remains \s-1DER\s0. .SH "EXIT CODES" .IX Header "EXIT CODES" .IP "0" 4 @@ -370,7 +522,7 @@ an error occurred parsing the command options. one of the input files could not be read. .IP "3" 4 .IX Item "3" -an error occurred creating the PKCS#7 file or when reading the \s-1MIME\s0 +an error occurred creating the \s-1CMS\s0 file or when reading the \s-1MIME\s0 message. .IP "4" 4 .IX Item "4" @@ -379,19 +531,36 @@ an error occurred decrypting or verifying the message. .IX Item "5" the message was verified correctly but an error occurred writing out the signers certificates. +.SH "COMPATIBILITY WITH PKCS#7 format." +.IX Header "COMPATIBILITY WITH PKCS#7 format." +The \fBsmime\fR utility can only process the older \fBPKCS#7\fR format. The \fBcms\fR +utility supports Cryptographic Message Syntax format. Use of some features +will result in messages which cannot be processed by applications which only +support the older format. These are detailed below. +.PP +The use of the \fB\-keyid\fR option with \fB\-sign\fR or \fB\-encrypt\fR. +.PP +The \fB\-outform \s-1PEM\s0\fR option uses different headers. +.PP +The \fB\-compress\fR option. +.PP +The \fB\-secretkey\fR option when used with \fB\-encrypt\fR. +.PP +Additionally the \fB\-EncryptedData_create\fR and \fB\-data_create\fR type cannot +be processed by the older \fBsmime\fR command. .SH "EXAMPLES" .IX Header "EXAMPLES" Create a cleartext signed message: .PP .Vb 2 -\& openssl smime \-sign \-in message.txt \-text \-out mail.msg \e +\& openssl cms \-sign \-in message.txt \-text \-out mail.msg \e \& \-signer mycert.pem .Ve .PP -Create and opaque signed message +Create an opaque signed message .PP .Vb 2 -\& openssl smime \-sign \-in message.txt \-text \-out mail.msg \-nodetach \e +\& openssl cms \-sign \-in message.txt \-text \-out mail.msg \-nodetach \e \& \-signer mycert.pem .Ve .PP @@ -399,14 +568,21 @@ Create a signed message, include some additional certificates and read the private key from another file: .PP .Vb 2 -\& openssl smime \-sign \-in in.txt \-text \-out mail.msg \e +\& openssl cms \-sign \-in in.txt \-text \-out mail.msg \e \& \-signer mycert.pem \-inkey mykey.pem \-certfile mycerts.pem .Ve .PP +Create a signed message with two signers, use key identifier: +.PP +.Vb 2 +\& openssl cms \-sign \-in message.txt \-text \-out mail.msg \e +\& \-signer mycert.pem \-signer othercert.pem \-keyid +.Ve +.PP Send a signed message under Unix directly to sendmail, including headers: .PP .Vb 3 -\& openssl smime \-sign \-in in.txt \-text \-signer mycert.pem \e +\& openssl cms \-sign \-in in.txt \-text \-signer mycert.pem \e \& \-from steve@openssl.org \-to someone@somewhere \e \& \-subject "Signed message" | sendmail someone@somewhere .Ve @@ -414,13 +590,13 @@ Send a signed message under Unix directly to sendmail, including headers: Verify a message and extract the signer's certificate if successful: .PP .Vb 1 -\& openssl smime \-verify \-in mail.msg \-signer user.pem \-out signedtext.txt +\& openssl cms \-verify \-in mail.msg \-signer user.pem \-out signedtext.txt .Ve .PP Send encrypted mail using triple \s-1DES:\s0 .PP .Vb 3 -\& openssl smime \-encrypt \-in in.txt \-from steve@openssl.org \e +\& openssl cms \-encrypt \-in in.txt \-from steve@openssl.org \e \& \-to someone@somewhere \-subject "Encrypted message" \e \& \-des3 user.pem \-out mail.msg .Ve @@ -428,19 +604,19 @@ Send encrypted mail using triple \s-1DES:\s0 Sign and encrypt mail: .PP .Vb 4 -\& openssl smime \-sign \-in ml.txt \-signer my.pem \-text \e -\& | openssl smime \-encrypt \-out mail.msg \e +\& openssl cms \-sign \-in ml.txt \-signer my.pem \-text \e +\& | openssl cms \-encrypt \-out mail.msg \e \& \-from steve@openssl.org \-to someone@somewhere \e \& \-subject "Signed and Encrypted message" \-des3 user.pem .Ve .PP -Note: the encryption command does not include the \fB\-text\fR option because the message -being encrypted already has \s-1MIME\s0 headers. +Note: the encryption command does not include the \fB\-text\fR option because the +message being encrypted already has \s-1MIME\s0 headers. .PP Decrypt mail: .PP .Vb 1 -\& openssl smime \-decrypt \-in mail.msg \-recip mycert.pem \-inkey key.pem +\& openssl cms \-decrypt \-in mail.msg \-recip mycert.pem \-inkey key.pem .Ve .PP The output from Netscape form signing is a PKCS#7 structure with the @@ -456,30 +632,38 @@ it with: and using the command, .PP .Vb 1 -\& openssl smime \-verify \-inform PEM \-in signature.pem \-content content.txt +\& openssl cms \-verify \-inform PEM \-in signature.pem \-content content.txt .Ve .PP alternatively you can base64 decode the signature and use .PP .Vb 1 -\& openssl smime \-verify \-inform DER \-in signature.der \-content content.txt +\& openssl cms \-verify \-inform DER \-in signature.der \-content content.txt .Ve .PP Create an encrypted message using 128 bit Camellia: .PP .Vb 1 -\& openssl smime \-encrypt \-in plain.txt \-camellia128 \-out mail.msg cert.pem +\& openssl cms \-encrypt \-in plain.txt \-camellia128 \-out mail.msg cert.pem +.Ve +.PP +Add a signer to an existing message: +.PP +.Vb 1 +\& openssl cms \-resign \-in mail.msg \-signer newsign.pem \-out mail2.msg .Ve .SH "BUGS" .IX Header "BUGS" -The \s-1MIME\s0 parser isn't very clever: it seems to handle most messages that I've thrown -at it but it may choke on others. +The \s-1MIME\s0 parser isn't very clever: it seems to handle most messages that I've +thrown at it but it may choke on others. .PP -The code currently will only write out the signer's certificate to a file: if the -signer has a separate encryption certificate this must be manually extracted. There -should be some heuristic that determines the correct encryption certificate. +The code currently will only write out the signer's certificate to a file: if +the signer has a separate encryption certificate this must be manually +extracted. There should be some heuristic that determines the correct +encryption certificate. .PP -Ideally a database should be maintained of a certificates for each email address. +Ideally a database should be maintained of a certificates for each email +address. .PP The code doesn't currently take note of the permitted symmetric encryption algorithms as supplied in the SMIMECapabilities signed attribute. this means the @@ -487,6 +671,7 @@ user has to manually include the correct encryption algorithm. It should store the list of permitted ciphers in a database and only use those. .PP No revocation checking is done on the signer's certificate. -.PP -The current code can only handle S/MIME v2 messages, the more complex S/MIME v3 -structures may cause parsing errors. +.SH "HISTORY" +.IX Header "HISTORY" +The use of multiple \fB\-signer\fR options and the \fB\-resign\fR command were first +added in OpenSSL 1.0.0 diff --git a/secure/usr.bin/openssl/man/config.5 b/secure/usr.bin/openssl/man/config.5 index c231933f84..c4eba75672 100644 --- a/secure/usr.bin/openssl/man/config.5 +++ b/secure/usr.bin/openssl/man/config.5 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CONFIG 5" -.TH CONFIG 5 "2010-02-27" "0.9.8m" "OpenSSL" +.TH CONFIG 5 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -224,7 +216,7 @@ section containing configuration module specific information. E.g. .PP Currently there are two configuration modules. One for \s-1ASN1\s0 objects another for \s-1ENGINE\s0 configuration. -.Sh "\s-1ASN1\s0 \s-1OBJECT\s0 \s-1CONFIGURATION\s0 \s-1MODULE\s0" +.SS "\s-1ASN1\s0 \s-1OBJECT\s0 \s-1CONFIGURATION\s0 \s-1MODULE\s0" .IX Subsection "ASN1 OBJECT CONFIGURATION MODULE" This module has the name \fBoid_section\fR. The value of this variable points to a section containing name value pairs of OIDs: the name is the \s-1OID\s0 short @@ -247,7 +239,7 @@ by a comma and the numerical \s-1OID\s0 form. For example: .Vb 1 \& shortName = some object long name, 1.2.3.4 .Ve -.Sh "\s-1ENGINE\s0 \s-1CONFIGURATION\s0 \s-1MODULE\s0" +.SS "\s-1ENGINE\s0 \s-1CONFIGURATION\s0 \s-1MODULE\s0" .IX Subsection "ENGINE CONFIGURATION MODULE" This \s-1ENGINE\s0 configuration module has the name \fBengines\fR. The value of this variable points to a section containing further \s-1ENGINE\s0 configuration diff --git a/secure/usr.bin/openssl/man/crl.1 b/secure/usr.bin/openssl/man/crl.1 index 31c65a6bc5..80ada5b526 100644 --- a/secure/usr.bin/openssl/man/crl.1 +++ b/secure/usr.bin/openssl/man/crl.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CRL 1" -.TH CRL 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH CRL 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/crl2pkcs7.1 b/secure/usr.bin/openssl/man/crl2pkcs7.1 index ce78aba906..408870bb5d 100644 --- a/secure/usr.bin/openssl/man/crl2pkcs7.1 +++ b/secure/usr.bin/openssl/man/crl2pkcs7.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CRL2PKCS7 1" -.TH CRL2PKCS7 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH CRL2PKCS7 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/dgst.1 b/secure/usr.bin/openssl/man/dgst.1 index 747c62ce7f..9cbd0d1385 100644 --- a/secure/usr.bin/openssl/man/dgst.1 +++ b/secure/usr.bin/openssl/man/dgst.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DGST 1" -.TH DGST 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH DGST 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,6 +141,7 @@ dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 \- message digests [\fB\-binary\fR] [\fB\-out filename\fR] [\fB\-sign filename\fR] +[\fB\-keyform arg\fR] [\fB\-passin arg\fR] [\fB\-verify filename\fR] [\fB\-prverify filename\fR] @@ -186,6 +179,19 @@ filename to output to, or standard output by default. .IP "\fB\-sign filename\fR" 4 .IX Item "-sign filename" digitally sign the digest using the private key in \*(L"filename\*(R". +.IP "\fB\-keyform arg\fR" 4 +.IX Item "-keyform arg" +Specifies the key format to sign digest with. Only \s-1PEM\s0 and \s-1ENGINE\s0 +formats are supported by the \fBdgst\fR command. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Use engine \fBid\fR for operations (including private key storage). +This engine is not used as source for digest algorithms, unless it is +also specified in the configuration file. +.IP "\fB\-sigopt nm:v\fR" 4 +.IX Item "-sigopt nm:v" +Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" the private key password source. For more information about the format of \fBarg\fR @@ -203,6 +209,31 @@ the actual signature to verify. .IP "\fB\-hmac key\fR" 4 .IX Item "-hmac key" create a hashed \s-1MAC\s0 using \*(L"key\*(R". +.IP "\fB\-mac alg\fR" 4 +.IX Item "-mac alg" +create \s-1MAC\s0 (keyed Message Authentication Code). The most popular \s-1MAC\s0 +algorithm is \s-1HMAC\s0 (hash-based \s-1MAC\s0), but there are other \s-1MAC\s0 algorithms +which are not based on hash, for instance \fBgost-mac\fR algorithm, +supported by \fBccgost\fR engine. \s-1MAC\s0 keys and other options should be set +via \fB\-macopt\fR parameter. +.IP "\fB\-macopt nm:v\fR" 4 +.IX Item "-macopt nm:v" +Passes options to \s-1MAC\s0 algorithm, specified by \fB\-mac\fR key. +Following options are supported by both by \fB\s-1HMAC\s0\fR and \fBgost-mac\fR: +.RS 4 +.IP "\fBkey:string\fR" 8 +.IX Item "key:string" +Specifies \s-1MAC\s0 key as alphnumeric string (use if key contain printable +characters only). String length must conform to any restrictions of +the \s-1MAC\s0 algorithm for example exactly 32 chars for gost-mac. +.IP "\fBhexkey:string\fR" 8 +.IX Item "hexkey:string" +Specifies \s-1MAC\s0 key in hexadecimal form (two hex digits per byte). +Key length must conform to any restrictions of the \s-1MAC\s0 algorithm +for example exactly 32 chars for gost-mac. +.RE +.RS 4 +.RE .IP "\fB\-rand file(s)\fR" 4 .IX Item "-rand file(s)" a file or files containing random data used to seed the random number diff --git a/secure/usr.bin/openssl/man/dhparam.1 b/secure/usr.bin/openssl/man/dhparam.1 index c192d99fe5..b2f53e6705 100644 --- a/secure/usr.bin/openssl/man/dhparam.1 +++ b/secure/usr.bin/openssl/man/dhparam.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DHPARAM 1" -.TH DHPARAM 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH DHPARAM 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -219,7 +211,7 @@ this option converts the parameters into C code. The parameters can then be loaded by calling the \fBget_dh\fR\fInumbits\fR\fB()\fR function. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" -specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR +specifying an engine (by its unique \fBid\fR string) will cause \fBdhparam\fR to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. diff --git a/secure/usr.bin/openssl/man/dsa.1 b/secure/usr.bin/openssl/man/dsa.1 index b6b027bb56..8b086300cd 100644 --- a/secure/usr.bin/openssl/man/dsa.1 +++ b/secure/usr.bin/openssl/man/dsa.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA 1" -.TH DSA 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH DSA 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -228,7 +220,7 @@ key will be output instead. This option is automatically set if the input is a public key. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" -specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR +specifying an engine (by its unique \fBid\fR string) will cause \fBdsa\fR to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. diff --git a/secure/usr.bin/openssl/man/dsaparam.1 b/secure/usr.bin/openssl/man/dsaparam.1 index 6c782268ae..714dac171b 100644 --- a/secure/usr.bin/openssl/man/dsaparam.1 +++ b/secure/usr.bin/openssl/man/dsaparam.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSAPARAM 1" -.TH DSAPARAM 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH DSAPARAM 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -206,7 +198,7 @@ this option specifies that a parameter set should be generated of size the input file (if any) is ignored. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" -specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR +specifying an engine (by its unique \fBid\fR string) will cause \fBdsaparam\fR to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. diff --git a/secure/usr.bin/openssl/man/ec.1 b/secure/usr.bin/openssl/man/ec.1 index 2b106b417d..721b9dedda 100644 --- a/secure/usr.bin/openssl/man/ec.1 +++ b/secure/usr.bin/openssl/man/ec.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EC 1" -.TH EC 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH EC 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -247,7 +239,7 @@ explicitly given (see \s-1RFC\s0 3279 for the definition of the is currently not implemented in OpenSSL. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" -specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR +specifying an engine (by its unique \fBid\fR string) will cause \fBec\fR to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. diff --git a/secure/usr.bin/openssl/man/ecparam.1 b/secure/usr.bin/openssl/man/ecparam.1 index 20d9c4392d..be47cca080 100644 --- a/secure/usr.bin/openssl/man/ecparam.1 +++ b/secure/usr.bin/openssl/man/ecparam.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ECPARAM 1" -.TH ECPARAM 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH ECPARAM 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -237,7 +229,7 @@ The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" -specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR +specifying an engine (by its unique \fBid\fR string) will cause \fBecparam\fR to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. diff --git a/secure/usr.bin/openssl/man/enc.1 b/secure/usr.bin/openssl/man/enc.1 index c48bd1a158..25d883e38d 100644 --- a/secure/usr.bin/openssl/man/enc.1 +++ b/secure/usr.bin/openssl/man/enc.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ENC 1" -.TH ENC 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH ENC 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,17 +139,24 @@ enc \- symmetric cipher routines [\fB\-pass arg\fR] [\fB\-e\fR] [\fB\-d\fR] -[\fB\-a\fR] +[\fB\-a/\-base64\fR] [\fB\-A\fR] [\fB\-k password\fR] [\fB\-kfile filename\fR] [\fB\-K key\fR] [\fB\-iv \s-1IV\s0\fR] +[\fB\-S salt\fR] +[\fB\-salt\fR] +[\fB\-nosalt\fR] +[\fB\-z\fR] +[\fB\-md\fR] [\fB\-p\fR] [\fB\-P\fR] [\fB\-bufsize number\fR] [\fB\-nopad\fR] [\fB\-debug\fR] +[\fB\-none\fR] +[\fB\-engine id\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" The symmetric cipher commands allow data to be encrypted or decrypted @@ -178,14 +177,12 @@ the password source. For more information about the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). .IP "\fB\-salt\fR" 4 .IX Item "-salt" -use a salt in the key derivation routines. This option should \fB\s-1ALWAYS\s0\fR -be used unless compatibility with previous versions of OpenSSL or SSLeay -is required. This option is only present on OpenSSL versions 0.9.5 or -above. +use a salt in the key derivation routines. This is the default. .IP "\fB\-nosalt\fR" 4 .IX Item "-nosalt" -don't use a salt in the key derivation routines. This is the default for -compatibility with previous versions of OpenSSL and SSLeay. +don't use a salt in the key derivation routines. This option \fB\s-1SHOULD\s0 \s-1NOT\s0\fR be +used except for test purposes or compatibility with ancient versions of OpenSSL +and SSLeay. .IP "\fB\-e\fR" 4 .IX Item "-e" encrypt the input data: this is the default. @@ -197,6 +194,9 @@ decrypt the input data. base64 process the data. This means that if encryption is taking place the data is base64 encoded after encryption. If decryption is set then the input data is base64 decoded before being decrypted. +.IP "\fB\-base64\fR" 4 +.IX Item "-base64" +same as \fB\-a\fR .IP "\fB\-A\fR" 4 .IX Item "-A" if the \fB\-a\fR option is set then base64 process the data on one line. @@ -209,10 +209,16 @@ versions of OpenSSL. Superseded by the \fB\-pass\fR argument. read the password to derive the key from the first line of \fBfilename\fR. This is for compatibility with previous versions of OpenSSL. Superseded by the \fB\-pass\fR argument. +.IP "\fB\-nosalt\fR" 4 +.IX Item "-nosalt" +do not use a salt +.IP "\fB\-salt\fR" 4 +.IX Item "-salt" +use salt (randomly generated or provide with \fB\-S\fR option) when +encrypting (this is the default). .IP "\fB\-S salt\fR" 4 .IX Item "-S salt" -the actual salt to use: this must be represented as a string comprised only -of hex digits. +the actual salt to use: this must be represented as a string of hex digits. .IP "\fB\-K key\fR" 4 .IX Item "-K key" the actual key to use: this must be represented as a string comprised only @@ -243,10 +249,30 @@ disable standard block padding .IP "\fB\-debug\fR" 4 .IX Item "-debug" debug the BIOs used for I/O. +.IP "\fB\-z\fR" 4 +.IX Item "-z" +Compress or decompress clear text using zlib before encryption or after +decryption. This option exists only if OpenSSL with compiled with zlib +or zlib-dynamic option. +.IP "\fB\-none\fR" 4 +.IX Item "-none" +Use \s-1NULL\s0 cipher (no encryption or decryption of input). .SH "NOTES" .IX Header "NOTES" The program can be called either as \fBopenssl ciphername\fR or -\&\fBopenssl enc \-ciphername\fR. +\&\fBopenssl enc \-ciphername\fR. But the first form doesn't work with +engine-provided ciphers, because this form is processed before the +configuration file is read and any ENGINEs loaded. +.PP +Engines which provide entirely new encryption algorithms (such as ccgost +engine which provides gost89 algorithm) should be configured in the +configuration file. Engines, specified in the command line using \-engine +options can only be used for hadrware-assisted implementations of +ciphers, which are supported by OpenSSL core or other engine, specified +in the configuration file. +.PP +When enc command lists supported ciphers, ciphers provided by engines, +specified in the configuration files are listed too. .PP A password will be prompted for to derive the key and \s-1IV\s0 if necessary. .PP @@ -278,6 +304,13 @@ All \s-1RC2\s0 ciphers have the same key and effective key length. Blowfish and \s-1RC5\s0 algorithms use a 128 bit key. .SH "SUPPORTED CIPHERS" .IX Header "SUPPORTED CIPHERS" +Note that some of these ciphers can be disabled at compile time +and some are available only if an appropriate engine is configured +in the configuration file. The output of the \fBenc\fR command run with +unsupported options (for example \fBopenssl enc \-help\fR) includes a +list of ciphers, supported by your versesion of OpenSSL, including +ones provided by configured engines. +.PP .Vb 1 \& base64 Base 64 \& @@ -313,6 +346,9 @@ Blowfish and \s-1RC5\s0 algorithms use a 128 bit key. \& \& desx DESX algorithm. \& +\& gost89 GOST 28147\-89 in CFB mode (provided by ccgost engine) +\& gost89\-cnt \`GOST 28147\-89 in CNT mode (provided by ccgost engine) +\& \& idea\-cbc IDEA algorithm in CBC mode \& idea same as idea\-cbc \& idea\-cfb IDEA in CFB mode diff --git a/secure/usr.bin/openssl/man/errstr.1 b/secure/usr.bin/openssl/man/errstr.1 index 70928ab19f..62d91ceb4a 100644 --- a/secure/usr.bin/openssl/man/errstr.1 +++ b/secure/usr.bin/openssl/man/errstr.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERRSTR 1" -.TH ERRSTR 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH ERRSTR 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/gendsa.1 b/secure/usr.bin/openssl/man/gendsa.1 index 15d75012d7..d6914a6c2a 100644 --- a/secure/usr.bin/openssl/man/gendsa.1 +++ b/secure/usr.bin/openssl/man/gendsa.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "GENDSA 1" -.TH GENDSA 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH GENDSA 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -169,7 +161,7 @@ The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" -specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR +specifying an engine (by its unique \fBid\fR string) will cause \fBgendsa\fR to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. diff --git a/secure/usr.bin/openssl/man/genpkey.1 b/secure/usr.bin/openssl/man/genpkey.1 new file mode 100644 index 0000000000..ae644bc03c --- /dev/null +++ b/secure/usr.bin/openssl/man/genpkey.1 @@ -0,0 +1,312 @@ +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "GENPKEY 1" +.TH GENPKEY 1 "2010-06-01" "1.0.0a" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +genpkey \- generate a private key +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBgenpkey\fR +[\fB\-out filename\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-pass arg\fR] +[\fB\-cipher\fR] +[\fB\-engine id\fR] +[\fB\-paramfile file\fR] +[\fB\-algorithm alg\fR] +[\fB\-pkeyopt opt:value\fR] +[\fB\-genparam\fR] +[\fB\-text\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBgenpkey\fR command generates a private key. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +the output filename. If this argument is not specified then standard output is +used. +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format \s-1DER\s0 or \s-1PEM\s0. +.IP "\fB\-pass arg\fR" 4 +.IX Item "-pass arg" +the output file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +.IP "\fB\-cipher\fR" 4 +.IX Item "-cipher" +This option encrypts the private key with the supplied cipher. Any algorithm +name accepted by \fIEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +specifying an engine (by its unique \fBid\fR string) will cause \fBgenpkey\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. If used this option should precede all other +options. +.IP "\fB\-algorithm alg\fR" 4 +.IX Item "-algorithm alg" +public key algorithm to use such as \s-1RSA\s0, \s-1DSA\s0 or \s-1DH\s0. If used this option must +precede any \fB\-pkeyopt\fR options. The options \fB\-paramfile\fR and \fB\-algorithm\fR +are mutually exclusive. +.IP "\fB\-pkeyopt opt:value\fR" 4 +.IX Item "-pkeyopt opt:value" +set the public key algorithm option \fBopt\fR to \fBvalue\fR. The precise set of +options supported depends on the public key algorithm used and its +implementation. See \fB\s-1KEY\s0 \s-1GENERATION\s0 \s-1OPTIONS\s0\fR below for more details. +.IP "\fB\-genparam\fR" 4 +.IX Item "-genparam" +generate a set of parameters instead of a private key. If used this option must +precede and \fB\-algorithm\fR, \fB\-paramfile\fR or \fB\-pkeyopt\fR options. +.IP "\fB\-paramfile filename\fR" 4 +.IX Item "-paramfile filename" +Some public key algorithms generate a private key based on a set of parameters. +They can be supplied using this option. If this option is used the public key +algorithm used is determined by the parameters. If used this option must +precede and \fB\-pkeyopt\fR options. The options \fB\-paramfile\fR and \fB\-algorithm\fR +are mutually exclusive. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Print an (unencrypted) text representation of private and public keys and +parameters along with the \s-1PEM\s0 or \s-1DER\s0 structure. +.SH "KEY GENERATION OPTIONS" +.IX Header "KEY GENERATION OPTIONS" +The options supported by each algorith and indeed each implementation of an +algorithm can vary. The options for the OpenSSL implementations are detailed +below. +.SH "RSA KEY GENERATION OPTIONS" +.IX Header "RSA KEY GENERATION OPTIONS" +.IP "\fBrsa_keygen_bits:numbits\fR" 4 +.IX Item "rsa_keygen_bits:numbits" +The number of bits in the generated key. If not specified 1024 is used. +.IP "\fBrsa_keygen_pubexp:value\fR" 4 +.IX Item "rsa_keygen_pubexp:value" +The \s-1RSA\s0 public exponent value. This can be a large decimal or +hexadecimal value if preceded by \fB0x\fR. Default value is 65537. +.SH "DSA PARAMETER GENERATION OPTIONS" +.IX Header "DSA PARAMETER GENERATION OPTIONS" +.IP "\fBdsa_paramgen_bits:numbits\fR" 4 +.IX Item "dsa_paramgen_bits:numbits" +The number of bits in the generated parameters. If not specified 1024 is used. +.SH "DH PARAMETER GENERATION OPTIONS" +.IX Header "DH PARAMETER GENERATION OPTIONS" +.IP "\fBdh_paramgen_prime_len:numbits\fR" 4 +.IX Item "dh_paramgen_prime_len:numbits" +The number of bits in the prime parameter \fBp\fR. +.IP "\fBdh_paramgen_generator:value\fR" 4 +.IX Item "dh_paramgen_generator:value" +The value to use for the generator \fBg\fR. +.SH "EC PARAMETER GENERATION OPTIONS" +.IX Header "EC PARAMETER GENERATION OPTIONS" +.IP "\fBec_paramgen_curve:curve\fR" 4 +.IX Item "ec_paramgen_curve:curve" +the \s-1EC\s0 curve to use. +.SH "GOST2001 KEY GENERATION AND PARAMETER OPTIONS" +.IX Header "GOST2001 KEY GENERATION AND PARAMETER OPTIONS" +Gost 2001 support is not enabled by default. To enable this algorithm, +one should load the ccgost engine in the OpenSSL configuration file. +See \s-1README\s0.gost file in the engines/ccgost directiry of the source +distribution for more details. +.PP +Use of a parameter file for the \s-1GOST\s0 R 34.10 algorithm is optional. +Parameters can be specified during key generation directly as well as +during generation of parameter file. +.IP "\fBparamset:name\fR" 4 +.IX Item "paramset:name" +Specifies \s-1GOST\s0 R 34.10\-2001 parameter set according to \s-1RFC\s0 4357. +Parameter set can be specified using abbreviated name, object short name or +numeric \s-1OID\s0. Following parameter sets are supported: +.Sp +.Vb 7 +\& paramset OID Usage +\& A 1.2.643.2.2.35.1 Signature +\& B 1.2.643.2.2.35.2 Signature +\& C 1.2.643.2.2.35.3 Signature +\& XA 1.2.643.2.2.36.0 Key exchange +\& XB 1.2.643.2.2.36.1 Key exchange +\& test 1.2.643.2.2.35.0 Test purposes +.Ve +.SH "NOTES" +.IX Header "NOTES" +The use of the genpkey program is encouraged over the algorithm specific +utilities because additional algorithm options and \s-1ENGINE\s0 provided algorithms +can be used. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Generate an \s-1RSA\s0 private key using default parameters: +.PP +.Vb 1 +\& openssl genpkey \-algorithm RSA \-out key.pem +.Ve +.PP +Encrypt output private key using 128 bit \s-1AES\s0 and the passphrase \*(L"hello\*(R": +.PP +.Vb 1 +\& openssl genpkey \-algorithm RSA \-out key.pem \-aes\-128\-cbc \-pass pass:hello +.Ve +.PP +Generate a 2048 bit \s-1RSA\s0 key using 3 as the public exponent: +.PP +.Vb 2 +\& openssl genpkey \-algorithm RSA \-out key.pem \-pkeyopt rsa_keygen_bits:2048 \e +\& \-pkeyopt rsa_keygen_pubexp:3 +.Ve +.PP +Generate 1024 bit \s-1DSA\s0 parameters: +.PP +.Vb 2 +\& openssl genpkey \-genparam \-algorithm DSA \-out dsap.pem \e +\& \-pkeyopt dsa_paramgen_bits:1024 +.Ve +.PP +Generate \s-1DSA\s0 key from parameters: +.PP +.Vb 1 +\& openssl genpkey \-paramfile dsap.pem \-out dsakey.pem +.Ve +.PP +Generate 1024 bit \s-1DH\s0 parameters: +.PP +.Vb 2 +\& openssl genpkey \-genparam \-algorithm DH \-out dhp.pem \e +\& \-pkeyopt dh_paramgen_prime_len:1024 +.Ve +.PP +Generate \s-1DH\s0 key from parameters: +.PP +.Vb 1 +\& openssl genpkey \-paramfile dhp.pem \-out dhkey.pem +.Ve +.SH "POD ERRORS" +.IX Header "POD ERRORS" +Hey! \fBThe above document had some coding errors, which are explained below:\fR +.IP "Around line 117:" 4 +.IX Item "Around line 117:" +You forgot a '=back' before '=head1' diff --git a/secure/usr.bin/openssl/man/genrsa.1 b/secure/usr.bin/openssl/man/genrsa.1 index 67e5608a35..fac9ca3c98 100644 --- a/secure/usr.bin/openssl/man/genrsa.1 +++ b/secure/usr.bin/openssl/man/genrsa.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "GENRSA 1" -.TH GENRSA 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH GENRSA 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -183,7 +175,7 @@ The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" -specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR +specifying an engine (by its unique \fBid\fR string) will cause \fBgenrsa\fR to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. diff --git a/secure/usr.bin/openssl/man/nseq.1 b/secure/usr.bin/openssl/man/nseq.1 index bc7ba3a468..5c444c1608 100644 --- a/secure/usr.bin/openssl/man/nseq.1 +++ b/secure/usr.bin/openssl/man/nseq.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "NSEQ 1" -.TH NSEQ 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH NSEQ 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ocsp.1 b/secure/usr.bin/openssl/man/ocsp.1 index d6b36cfffa..3a1e1d31b0 100644 --- a/secure/usr.bin/openssl/man/ocsp.1 +++ b/secure/usr.bin/openssl/man/ocsp.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OCSP 1" -.TH OCSP 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH OCSP 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -186,6 +178,7 @@ ocsp \- Online Certificate Status Protocol utility [\fB\-ndays n\fR] [\fB\-resp_key_id\fR] [\fB\-nrequest n\fR] +[\fB\-md5|\-sha1|...\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" The Online Certificate Status Protocol (\s-1OCSP\s0) enables applications to @@ -314,6 +307,10 @@ If the \fBnotAfter\fR time is omitted from a response then this means that new s information is immediately available. In this case the age of the \fBnotBefore\fR field is checked to see it is not older than \fBage\fR seconds old. By default this additional check is not performed. +.IP "\fB\-md5|\-sha1|\-sha256|\-ripemod160|...\fR" 4 +.IX Item "-md5|-sha1|-sha256|-ripemod160|..." +this option sets digest algorithm to use for certificate identification +in the \s-1OCSP\s0 request. By default \s-1SHA\-1\s0 is used. .SH "OCSP SERVER OPTIONS" .IX Header "OCSP SERVER OPTIONS" .IP "\fB\-index indexfile\fR" 4 diff --git a/secure/usr.bin/openssl/man/openssl.1 b/secure/usr.bin/openssl/man/openssl.1 index 6f045b3bf1..3c41d96e6f 100644 --- a/secure/usr.bin/openssl/man/openssl.1 +++ b/secure/usr.bin/openssl/man/openssl.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL 1" -.TH OPENSSL 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH OPENSSL 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -146,7 +138,7 @@ openssl \- OpenSSL command line tool [ \fIcommand_opts\fR ] [ \fIcommand_args\fR ] .PP -\&\fBopenssl\fR [ \fBlist-standard-commands\fR | \fBlist-message-digest-commands\fR | \fBlist-cipher-commands\fR ] +\&\fBopenssl\fR [ \fBlist-standard-commands\fR | \fBlist-message-digest-commands\fR | \fBlist-cipher-commands\fR | \fBlist-cipher-algorithms\fR | \fBlist-message-digest-algorithms\fR | \fBlist-public-key-algorithms\fR] .PP \&\fBopenssl\fR \fBno\-\fR\fI\s-1XXX\s0\fR [ \fIarbitrary options\fR ] .SH "DESCRIPTION" @@ -159,13 +151,15 @@ The \fBopenssl\fR program is a command line tool for using the various cryptography functions of OpenSSL's \fBcrypto\fR library from the shell. It can be used for .PP -.Vb 6 -\& o Creation of RSA, DH and DSA key parameters +.Vb 8 +\& o Creation and management of private keys, public keys and parameters +\& o Public key cryptographic operations \& o Creation of X.509 certificates, CSRs and CRLs \& o Calculation of Message Digests \& o Encryption and Decryption with Ciphers \& o SSL/TLS Client and Server Tests \& o Handling of S/MIME signed or encrypted mail +\& o Time Stamp requests, generation and verification .Ve .SH "COMMAND SUMMARY" .IX Header "COMMAND SUMMARY" @@ -178,6 +172,16 @@ and \fBlist-cipher-commands\fR output a list (one entry per line) of the names of all standard commands, message digest commands, or cipher commands, respectively, that are available in the present \fBopenssl\fR utility. .PP +The pseudo-commands \fBlist-cipher-algorithms\fR and +\&\fBlist-message-digest-algorithms\fR list all cipher and message digest names, one entry per line. Aliases are listed as: +.PP +.Vb 1 +\& from => to +.Ve +.PP +The pseudo-command \fBlist-public-key-algorithms\fR lists all supported public +key algorithms. +.PP The pseudo-command \fBno\-\fR\fI\s-1XXX\s0\fR tests whether a command of the specified name is available. If no command named \fI\s-1XXX\s0\fR exists, it returns 0 (success) and prints \fBno\-\fR\fI\s-1XXX\s0\fR; otherwise it returns 1 @@ -188,7 +192,7 @@ same name, this provides an easy way for shell scripts to test for the availability of ciphers in the \fBopenssl\fR program. (\fBno\-\fR\fI\s-1XXX\s0\fR is not able to detect pseudo-commands such as \fBquit\fR, \&\fBlist\-\fR\fI...\fR\fB\-commands\fR, or \fBno\-\fR\fI\s-1XXX\s0\fR itself.) -.Sh "\s-1STANDARD\s0 \s-1COMMANDS\s0" +.SS "\s-1STANDARD\s0 \s-1COMMANDS\s0" .IX Subsection "STANDARD COMMANDS" .IP "\fBasn1parse\fR" 10 .IX Item "asn1parse" @@ -199,6 +203,9 @@ Certificate Authority (\s-1CA\s0) Management. .IP "\fBciphers\fR" 10 .IX Item "ciphers" Cipher Suite Description Determination. +.IP "\fBcms\fR" 10 +.IX Item "cms" +\&\s-1CMS\s0 (Cryptographic Message Syntax) utility .IP "\fBcrl\fR" 10 .IX Item "crl" Certificate Revocation List (\s-1CRL\s0) Management. @@ -212,31 +219,49 @@ Message Digest Calculation. .IX Item "dh" Diffie-Hellman Parameter Management. Obsoleted by \fBdhparam\fR. +.IP "\fBdhparam\fR" 10 +.IX Item "dhparam" +Generation and Management of Diffie-Hellman Parameters. Superseded by +\&\fBgenpkey\fR and \fBpkeyparam\fR .IP "\fBdsa\fR" 10 .IX Item "dsa" \&\s-1DSA\s0 Data Management. .IP "\fBdsaparam\fR" 10 .IX Item "dsaparam" -\&\s-1DSA\s0 Parameter Generation. +\&\s-1DSA\s0 Parameter Generation and Management. Superseded by +\&\fBgenpkey\fR and \fBpkeyparam\fR +.IP "\fBec\fR" 10 +.IX Item "ec" +\&\s-1EC\s0 (Elliptic curve) key processing +.IP "\fBecparam\fR" 10 +.IX Item "ecparam" +\&\s-1EC\s0 parameter manipulation and generation .IP "\fBenc\fR" 10 .IX Item "enc" Encoding with Ciphers. +.IP "\fBengine\fR" 10 +.IX Item "engine" +Engine (loadble module) information and manipulation. .IP "\fBerrstr\fR" 10 .IX Item "errstr" Error Number to Error String Conversion. -.IP "\fBdhparam\fR" 10 -.IX Item "dhparam" -Generation and Management of Diffie-Hellman Parameters. .IP "\fBgendh\fR" 10 .IX Item "gendh" Generation of Diffie-Hellman Parameters. Obsoleted by \fBdhparam\fR. .IP "\fBgendsa\fR" 10 .IX Item "gendsa" -Generation of \s-1DSA\s0 Parameters. +Generation of \s-1DSA\s0 Private Key from Parameters. Superseded by +\&\fBgenpkey\fR and \fBpkey\fR +.IP "\fBgenpkey\fR" 10 +.IX Item "genpkey" +Generation of Private Key or Parameters. .IP "\fBgenrsa\fR" 10 .IX Item "genrsa" -Generation of \s-1RSA\s0 Parameters. +Generation of \s-1RSA\s0 Private Key. Superceded by \fBgenpkey\fR. +.IP "\fBnseq\fR" 10 +.IX Item "nseq" +Create or examine a netscape certificate sequence .IP "\fBocsp\fR" 10 .IX Item "ocsp" Online Certificate Status Protocol utility. @@ -249,18 +274,28 @@ PKCS#12 Data Management. .IP "\fBpkcs7\fR" 10 .IX Item "pkcs7" PKCS#7 Data Management. +.IP "\fBpkey\fR" 10 +.IX Item "pkey" +Public and private key management. +.IP "\fBpkeyparam\fR" 10 +.IX Item "pkeyparam" +Public key algorithm parameter management. +.IP "\fBpkeyutl\fR" 10 +.IX Item "pkeyutl" +Public key algorithm cryptographic operation utility. .IP "\fBrand\fR" 10 .IX Item "rand" Generate pseudo-random bytes. .IP "\fBreq\fR" 10 .IX Item "req" -X.509 Certificate Signing Request (\s-1CSR\s0) Management. +PKCS#10 X.509 Certificate Signing Request (\s-1CSR\s0) Management. .IP "\fBrsa\fR" 10 .IX Item "rsa" -\&\s-1RSA\s0 Data Management. +\&\s-1RSA\s0 key management. .IP "\fBrsautl\fR" 10 .IX Item "rsautl" -\&\s-1RSA\s0 utility for signing, verification, encryption, and decryption. +\&\s-1RSA\s0 utility for signing, verification, encryption, and decryption. Superseded +by \fBpkeyutl\fR .IP "\fBs_client\fR" 10 .IX Item "s_client" This implements a generic \s-1SSL/TLS\s0 client which can establish a transparent @@ -287,6 +322,12 @@ S/MIME mail processing. .IP "\fBspeed\fR" 10 .IX Item "speed" Algorithm Speed Measurement. +.IP "\fBspkac\fR" 10 +.IX Item "spkac" +\&\s-1SPKAC\s0 printing and generating utility +.IP "\fBts\fR" 10 +.IX Item "ts" +Time Stamping Authority tool (client/server) .IP "\fBverify\fR" 10 .IX Item "verify" X.509 Certificate Verification. @@ -296,7 +337,7 @@ OpenSSL Version Information. .IP "\fBx509\fR" 10 .IX Item "x509" X.509 Certificate Data Management. -.Sh "\s-1MESSAGE\s0 \s-1DIGEST\s0 \s-1COMMANDS\s0" +.SS "\s-1MESSAGE\s0 \s-1DIGEST\s0 \s-1COMMANDS\s0" .IX Subsection "MESSAGE DIGEST COMMANDS" .IP "\fBmd2\fR" 10 .IX Item "md2" @@ -316,19 +357,19 @@ X.509 Certificate Data Management. .IP "\fBsha1\fR" 10 .IX Item "sha1" \&\s-1SHA\-1\s0 Digest -.IP "\fBsha224\fR" 10 +.IP "\fBsha224\fR" 4 .IX Item "sha224" \&\s-1SHA\-224\s0 Digest -.IP "\fBsha256\fR" 10 +.IP "\fBsha256\fR" 4 .IX Item "sha256" \&\s-1SHA\-256\s0 Digest -.IP "\fBsha384\fR" 10 +.IP "\fBsha384\fR" 4 .IX Item "sha384" \&\s-1SHA\-384\s0 Digest -.IP "\fBsha512\fR" 10 +.IP "\fBsha512\fR" 4 .IX Item "sha512" \&\s-1SHA\-512\s0 Digest -.Sh "\s-1ENCODING\s0 \s-1AND\s0 \s-1CIPHER\s0 \s-1COMMANDS\s0" +.SS "\s-1ENCODING\s0 \s-1AND\s0 \s-1CIPHER\s0 \s-1COMMANDS\s0" .IX Subsection "ENCODING AND CIPHER COMMANDS" .IP "\fBbase64\fR" 10 .IX Item "base64" @@ -398,7 +439,7 @@ read the password from standard input. \&\fIasn1parse\fR\|(1), \fIca\fR\|(1), \fIconfig\fR\|(5), \&\fIcrl\fR\|(1), \fIcrl2pkcs7\fR\|(1), \fIdgst\fR\|(1), \&\fIdhparam\fR\|(1), \fIdsa\fR\|(1), \fIdsaparam\fR\|(1), -\&\fIenc\fR\|(1), \fIgendsa\fR\|(1), +\&\fIenc\fR\|(1), \fIgendsa\fR\|(1), \fIgenpkey\fR\|(1), \&\fIgenrsa\fR\|(1), \fInseq\fR\|(1), \fIopenssl\fR\|(1), \&\fIpasswd\fR\|(1), \&\fIpkcs12\fR\|(1), \fIpkcs7\fR\|(1), \fIpkcs8\fR\|(1), @@ -407,11 +448,21 @@ read the password from standard input. \&\fIs_server\fR\|(1), \fIs_time\fR\|(1), \&\fIsmime\fR\|(1), \fIspkac\fR\|(1), \&\fIverify\fR\|(1), \fIversion\fR\|(1), \fIx509\fR\|(1), -\&\fIcrypto\fR\|(3), \fIssl\fR\|(3) +\&\fIcrypto\fR\|(3), \fIssl\fR\|(3), \fIx509v3_config\fR\|(5) .SH "HISTORY" .IX Header "HISTORY" The \fIopenssl\fR\|(1) document appeared in OpenSSL 0.9.2. The \fBlist\-\fR\fI\s-1XXX\s0\fR\fB\-commands\fR pseudo-commands were added in OpenSSL 0.9.3; +The \fBlist\-\fR\fI\s-1XXX\s0\fR\fB\-algorithms\fR pseudo-commands were added in OpenSSL 1.0.0; the \fBno\-\fR\fI\s-1XXX\s0\fR pseudo-commands were added in OpenSSL 0.9.5a. For notes on the availability of other commands, see their individual manual pages. +.SH "POD ERRORS" +.IX Header "POD ERRORS" +Hey! \fBThe above document had some coding errors, which are explained below:\fR +.IP "Around line 292:" 4 +.IX Item "Around line 292:" +\&'=item' outside of any '=over' +.IP "Around line 308:" 4 +.IX Item "Around line 308:" +You forgot a '=back' before '=head2' diff --git a/secure/usr.bin/openssl/man/passwd.1 b/secure/usr.bin/openssl/man/passwd.1 index a9d53dffad..d95ffee1a2 100644 --- a/secure/usr.bin/openssl/man/passwd.1 +++ b/secure/usr.bin/openssl/man/passwd.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PASSWD 1" -.TH PASSWD 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH PASSWD 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkcs12.1 b/secure/usr.bin/openssl/man/pkcs12.1 index 32ea9e9550..3ce1926d80 100644 --- a/secure/usr.bin/openssl/man/pkcs12.1 +++ b/secure/usr.bin/openssl/man/pkcs12.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12 1" -.TH PKCS12 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH PKCS12 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -157,22 +149,23 @@ pkcs12 \- PKCS#12 file utility [\fB\-cacerts\fR] [\fB\-nokeys\fR] [\fB\-info\fR] -[\fB\-des\fR] -[\fB\-des3\fR] -[\fB\-idea\fR] -[\fB\-nodes\fR] +[\fB\-des | \-des3 | \-idea | \-aes128 | \-aes192 | \-aes256 | \-camellia128 | \-camellia192 | \-camellia256 | \-nodes\fR] [\fB\-noiter\fR] -[\fB\-maciter\fR] +[\fB\-maciter | \-nomaciter | \-nomac\fR] [\fB\-twopass\fR] [\fB\-descert\fR] -[\fB\-certpbe\fR] -[\fB\-keypbe\fR] +[\fB\-certpbe cipher\fR] +[\fB\-keypbe cipher\fR] +[\fB\-macalg digest\fR] [\fB\-keyex\fR] [\fB\-keysig\fR] [\fB\-password arg\fR] [\fB\-passin arg\fR] [\fB\-passout arg\fR] [\fB\-rand file(s)\fR] +[\fB\-CAfile file\fR] +[\fB\-CApath dir\fR] +[\fB\-CSP name\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBpkcs12\fR command allows PKCS#12 files (sometimes referred to as @@ -181,7 +174,7 @@ programs including Netscape, \s-1MSIE\s0 and \s-1MS\s0 Outlook. .SH "COMMAND OPTIONS" .IX Header "COMMAND OPTIONS" There are a lot of options the meaning of some depends of whether a PKCS#12 file -is being created or parsed. By default a PKCS#12 file is parsed a PKCS#12 +is being created or parsed. By default a PKCS#12 file is parsed. A PKCS#12 file can be created by using the \fB\-export\fR option (see below). .SH "PARSING OPTIONS" .IX Header "PARSING OPTIONS" @@ -191,22 +184,22 @@ This specifies filename of the PKCS#12 file to be parsed. Standard input is used by default. .IP "\fB\-out filename\fR" 4 .IX Item "-out filename" -The filename to write certificates and private keys to, standard output by default. -They are all written in \s-1PEM\s0 format. +The filename to write certificates and private keys to, standard output by +default. They are all written in \s-1PEM\s0 format. .IP "\fB\-pass arg\fR, \fB\-passin arg\fR" 4 .IX Item "-pass arg, -passin arg" -the PKCS#12 file (i.e. input file) password source. For more information about the -format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in +the PKCS#12 file (i.e. input file) password source. For more information about +the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \&\fIopenssl\fR\|(1). .IP "\fB\-passout arg\fR" 4 .IX Item "-passout arg" -pass phrase source to encrypt any outputed private keys with. For more information -about the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in -\&\fIopenssl\fR\|(1). +pass phrase source to encrypt any outputed private keys with. For more +information about the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section +in \fIopenssl\fR\|(1). .IP "\fB\-noout\fR" 4 .IX Item "-noout" -this option inhibits output of the keys and certificates to the output file version -of the PKCS#12 file. +this option inhibits output of the keys and certificates to the output file +version of the PKCS#12 file. .IP "\fB\-clcerts\fR" 4 .IX Item "-clcerts" only output client certificates (not \s-1CA\s0 certificates). @@ -232,6 +225,12 @@ use triple \s-1DES\s0 to encrypt private keys before outputting, this is the def .IP "\fB\-idea\fR" 4 .IX Item "-idea" use \s-1IDEA\s0 to encrypt private keys before outputting. +.IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR" 4 +.IX Item "-aes128, -aes192, -aes256" +use \s-1AES\s0 to encrypt private keys before outputting. +.IP "\fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR" 4 +.IX Item "-camellia128, -camellia192, -camellia256" +use Camellia to encrypt private keys before outputting. .IP "\fB\-nodes\fR" 4 .IX Item "-nodes" don't encrypt the private keys at all. @@ -255,18 +254,18 @@ This specifies filename to write the PKCS#12 file to. Standard output is used by default. .IP "\fB\-in filename\fR" 4 .IX Item "-in filename" -The filename to read certificates and private keys from, standard input by default. -They must all be in \s-1PEM\s0 format. The order doesn't matter but one private key and -its corresponding certificate should be present. If additional certificates are -present they will also be included in the PKCS#12 file. +The filename to read certificates and private keys from, standard input by +default. They must all be in \s-1PEM\s0 format. The order doesn't matter but one +private key and its corresponding certificate should be present. If additional +certificates are present they will also be included in the PKCS#12 file. .IP "\fB\-inkey filename\fR" 4 .IX Item "-inkey filename" file to read private key from. If not present then a private key must be present in the input file. .IP "\fB\-name friendlyname\fR" 4 .IX Item "-name friendlyname" -This specifies the \*(L"friendly name\*(R" for the certificate and private key. This name -is typically displayed in list boxes by software importing the file. +This specifies the \*(L"friendly name\*(R" for the certificate and private key. This +name is typically displayed in list boxes by software importing the file. .IP "\fB\-certfile filename\fR" 4 .IX Item "-certfile filename" A filename to read additional certificates from. @@ -299,9 +298,11 @@ key is encrypted using triple \s-1DES\s0 and the certificate using 40 bit \s-1RC .IP "\fB\-keypbe alg\fR, \fB\-certpbe alg\fR" 4 .IX Item "-keypbe alg, -certpbe alg" these options allow the algorithm used to encrypt the private key and -certificates to be selected. Although any PKCS#5 v1.5 or PKCS#12 algorithms -can be selected it is advisable only to use PKCS#12 algorithms. See the list -in the \fB\s-1NOTES\s0\fR section for more information. +certificates to be selected. Any PKCS#5 v1.5 or PKCS#12 \s-1PBE\s0 algorithm name +can be used (see \fB\s-1NOTES\s0\fR section for more information). If a a cipher name +(as output by the \fBlist-cipher-algorithms\fR command is specified then it +is used with PKCS#5 v2.0. For interoperability reasons it is advisable to only +use PKCS#12 algorithms. .IP "\fB\-keyex|\-keysig\fR" 4 .IX Item "-keyex|-keysig" specifies that the private key is to be used for key exchange or just signing. @@ -312,6 +313,9 @@ option marks the key for signing only. Signing only keys can be used for S/MIME signing, authenticode (ActiveX control signing) and \s-1SSL\s0 client authentication, however due to a bug only \s-1MSIE\s0 5.0 and later support the use of signing only keys for \s-1SSL\s0 client authentication. +.IP "\fB\-macalg digest\fR" 4 +.IX Item "-macalg digest" +specify the \s-1MAC\s0 digest algorithm. If not included them \s-1SHA1\s0 will be used. .IP "\fB\-nomaciter\fR, \fB\-noiter\fR" 4 .IX Item "-nomaciter, -noiter" these options affect the iteration counts on the \s-1MAC\s0 and key algorithms. @@ -333,6 +337,9 @@ option. .IX Item "-maciter" This option is included for compatibility with previous versions, it used to be needed to use \s-1MAC\s0 iterations counts but they are now used by default. +.IP "\fB\-nomac\fR" 4 +.IX Item "-nomac" +don't attempt to provide the \s-1MAC\s0 integrity. .IP "\fB\-rand file(s)\fR" 4 .IX Item "-rand file(s)" a file or files containing random data used to seed the random number @@ -340,6 +347,17 @@ generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). Multiple files can be specified separated by a OS-dependent character. The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. +.IP "\fB\-CAfile file\fR" 4 +.IX Item "-CAfile file" +\&\s-1CA\s0 storage as a file. +.IP "\fB\-CApath dir\fR" 4 +.IX Item "-CApath dir" +\&\s-1CA\s0 storage as a directory. This directory must be a standard certificate +directory: that is a hash of each subject name (using \fBx509 \-hash\fR) should be +linked to each certificate. +.IP "\fB\-CSP name\fR" 4 +.IX Item "-CSP name" +write \fBname\fR as a Microsoft \s-1CSP\s0 name. .SH "NOTES" .IX Header "NOTES" Although there are a large number of options most of them are very rarely diff --git a/secure/usr.bin/openssl/man/pkcs7.1 b/secure/usr.bin/openssl/man/pkcs7.1 index bd4477ce9a..66cfca9169 100644 --- a/secure/usr.bin/openssl/man/pkcs7.1 +++ b/secure/usr.bin/openssl/man/pkcs7.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7 1" -.TH PKCS7 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH PKCS7 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -186,7 +178,7 @@ don't output the encoded version of the PKCS#7 structure (or certificates is \fB\-print_certs\fR is set). .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" -specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR +specifying an engine (by its unique \fBid\fR string) will cause \fBpkcs7\fR to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. diff --git a/secure/usr.bin/openssl/man/pkcs8.1 b/secure/usr.bin/openssl/man/pkcs8.1 index f0c878bf6f..9f5a28feba 100644 --- a/secure/usr.bin/openssl/man/pkcs8.1 +++ b/secure/usr.bin/openssl/man/pkcs8.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS8 1" -.TH PKCS8 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH PKCS8 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -243,7 +235,7 @@ This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use. A complete list of possible algorithms is included below. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" -specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR +specifying an engine (by its unique \fBid\fR string) will cause \fBpkcs8\fR to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. diff --git a/secure/usr.bin/openssl/man/dsa.1 b/secure/usr.bin/openssl/man/pkey.1 similarity index 62% copy from secure/usr.bin/openssl/man/dsa.1 copy to secure/usr.bin/openssl/man/pkey.1 index b6b027bb56..387eef674a 100644 --- a/secure/usr.bin/openssl/man/dsa.1 +++ b/secure/usr.bin/openssl/man/pkey.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,51 +123,39 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DSA 1" -.TH DSA 1 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "PKEY 1" +.TH PKEY 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -dsa \- DSA key processing +pkey \- public or private key processing tool .SH "SYNOPSIS" .IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBdsa\fR +\&\fBopenssl\fR \fBpkey\fR [\fB\-inform PEM|DER\fR] [\fB\-outform PEM|DER\fR] [\fB\-in filename\fR] [\fB\-passin arg\fR] [\fB\-out filename\fR] [\fB\-passout arg\fR] -[\fB\-des\fR] -[\fB\-des3\fR] -[\fB\-idea\fR] +[\fB\-cipher\fR] [\fB\-text\fR] +[\fB\-text_pub\fR] [\fB\-noout\fR] -[\fB\-modulus\fR] [\fB\-pubin\fR] [\fB\-pubout\fR] [\fB\-engine id\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fBdsa\fR command processes \s-1DSA\s0 keys. They can be converted between various -forms and their components printed out. \fBNote\fR This command uses the -traditional SSLeay compatible format for private key encryption: newer -applications should use the more secure PKCS#8 format using the \fBpkcs8\fR +The \fBpkey\fR command processes public or private keys. They can be converted +between various forms and their components printed out. .SH "COMMAND OPTIONS" .IX Header "COMMAND OPTIONS" .IP "\fB\-inform DER|PEM\fR" 4 .IX Item "-inform DER|PEM" -This specifies the input format. The \fB\s-1DER\s0\fR option with a private key uses -an \s-1ASN1\s0 \s-1DER\s0 encoded form of an \s-1ASN\s0.1 \s-1SEQUENCE\s0 consisting of the values of -version (currently zero), p, q, g, the public and private key components -respectively as \s-1ASN\s0.1 INTEGERs. When used with a public key it uses a -SubjectPublicKeyInfo structure: it is an error if the key is not \s-1DSA\s0. -.Sp -The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64 -encoded with additional header and footer lines. In the case of a private key -PKCS#8 format is also accepted. +This specifies the input format \s-1DER\s0 or \s-1PEM\s0. .IP "\fB\-outform DER|PEM\fR" 4 .IX Item "-outform DER|PEM" This specifies the output format, the options have the same meaning as the @@ -191,94 +171,81 @@ the input file password source. For more information about the format of \fBarg\ see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). .IP "\fB\-out filename\fR" 4 .IX Item "-out filename" -This specifies the output filename to write a key to or standard output by -is not specified. If any encryption options are set then a pass phrase will be -prompted for. The output filename should \fBnot\fR be the same as the input +This specifies the output filename to write a key to or standard output if this +option is not specified. If any encryption options are set then a pass phrase +will be prompted for. The output filename should \fBnot\fR be the same as the input filename. -.IP "\fB\-passout arg\fR" 4 -.IX Item "-passout arg" +.IP "\fB\-passout password\fR" 4 +.IX Item "-passout password" the output file password source. For more information about the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). -.IP "\fB\-des|\-des3|\-idea\fR" 4 -.IX Item "-des|-des3|-idea" -These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the -\&\s-1IDEA\s0 ciphers respectively before outputting it. A pass phrase is prompted for. -If none of these options is specified the key is written in plain text. This -means that using the \fBdsa\fR utility to read in an encrypted key with no -encryption option can be used to remove the pass phrase from a key, or by -setting the encryption options it can be use to add or change the pass phrase. -These options can only be used with \s-1PEM\s0 format output files. +.IP "\fB\-cipher\fR" 4 +.IX Item "-cipher" +These options encrypt the private key with the supplied cipher. Any algorithm +name accepted by \fIEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR. .IP "\fB\-text\fR" 4 .IX Item "-text" -prints out the public, private key components and parameters. +prints out the various public or private key components in +plain text in addition to the encoded version. +.IP "\fB\-text_pub\fR" 4 +.IX Item "-text_pub" +print out only public key components even if a private key is being processed. .IP "\fB\-noout\fR" 4 .IX Item "-noout" -this option prevents output of the encoded version of the key. -.IP "\fB\-modulus\fR" 4 -.IX Item "-modulus" -this option prints out the value of the public key component of the key. +do not output the encoded version of the key. .IP "\fB\-pubin\fR" 4 .IX Item "-pubin" -by default a private key is read from the input file: with this option a -public key is read instead. +by default a private key is read from the input file: with this +option a public key is read instead. .IP "\fB\-pubout\fR" 4 .IX Item "-pubout" -by default a private key is output. With this option a public -key will be output instead. This option is automatically set if the input is -a public key. +by default a private key is output: with this option a public +key will be output instead. This option is automatically set if +the input is a public key. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" -specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR +specifying an engine (by its unique \fBid\fR string) will cause \fBpkey\fR to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. -.SH "NOTES" -.IX Header "NOTES" -The \s-1PEM\s0 private key format uses the header and footer lines: -.PP -.Vb 2 -\& \-\-\-\-\-BEGIN DSA PRIVATE KEY\-\-\-\-\- -\& \-\-\-\-\-END DSA PRIVATE KEY\-\-\-\-\- -.Ve -.PP -The \s-1PEM\s0 public key format uses the header and footer lines: -.PP -.Vb 2 -\& \-\-\-\-\-BEGIN PUBLIC KEY\-\-\-\-\- -\& \-\-\-\-\-END PUBLIC KEY\-\-\-\-\- -.Ve .SH "EXAMPLES" .IX Header "EXAMPLES" -To remove the pass phrase on a \s-1DSA\s0 private key: +To remove the pass phrase on an \s-1RSA\s0 private key: .PP .Vb 1 -\& openssl dsa \-in key.pem \-out keyout.pem +\& openssl pkey \-in key.pem \-out keyout.pem .Ve .PP To encrypt a private key using triple \s-1DES:\s0 .PP .Vb 1 -\& openssl dsa \-in key.pem \-des3 \-out keyout.pem +\& openssl pkey \-in key.pem \-des3 \-out keyout.pem .Ve .PP To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: .PP .Vb 1 -\& openssl dsa \-in key.pem \-outform DER \-out keyout.der +\& openssl pkey \-in key.pem \-outform DER \-out keyout.der .Ve .PP To print out the components of a private key to standard output: .PP .Vb 1 -\& openssl dsa \-in key.pem \-text \-noout +\& openssl pkey \-in key.pem \-text \-noout +.Ve +.PP +To print out the public components of a private key to standard output: +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-text_pub \-noout .Ve .PP To just output the public part of a private key: .PP .Vb 1 -\& openssl dsa \-in key.pem \-pubout \-out pubkey.pem +\& openssl pkey \-in key.pem \-pubout \-out pubkey.pem .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIdsaparam\fR\|(1), \fIgendsa\fR\|(1), \fIrsa\fR\|(1), -\&\fIgenrsa\fR\|(1) +\&\fIgenpkey\fR\|(1), \fIrsa\fR\|(1), \fIpkcs8\fR\|(1), +\&\fIdsa\fR\|(1), \fIgenrsa\fR\|(1), \fIgendsa\fR\|(1) diff --git a/secure/usr.bin/openssl/man/speed.1 b/secure/usr.bin/openssl/man/pkeyparam.1 similarity index 70% copy from secure/usr.bin/openssl/man/speed.1 copy to secure/usr.bin/openssl/man/pkeyparam.1 index b21718ccc2..bc1492c153 100644 --- a/secure/usr.bin/openssl/man/speed.1 +++ b/secure/usr.bin/openssl/man/pkeyparam.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -131,55 +123,60 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SPEED 1" -.TH SPEED 1 "2010-02-27" "0.9.8m" "OpenSSL" +.IX Title "PKEYPARAM 1" +.TH PKEYPARAM 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -speed \- test library performance +pkeyparam \- public key algorithm parameter processing tool .SH "SYNOPSIS" .IX Header "SYNOPSIS" -\&\fBopenssl speed\fR +\&\fBopenssl\fR \fBpkeyparam\fR +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-text\fR] +[\fB\-noout\fR] [\fB\-engine id\fR] -[\fBmd2\fR] -[\fBmdc2\fR] -[\fBmd5\fR] -[\fBhmac\fR] -[\fBsha1\fR] -[\fBrmd160\fR] -[\fBidea-cbc\fR] -[\fBrc2\-cbc\fR] -[\fBrc5\-cbc\fR] -[\fBbf-cbc\fR] -[\fBdes-cbc\fR] -[\fBdes\-ede3\fR] -[\fBrc4\fR] -[\fBrsa512\fR] -[\fBrsa1024\fR] -[\fBrsa2048\fR] -[\fBrsa4096\fR] -[\fBdsa512\fR] -[\fBdsa1024\fR] -[\fBdsa2048\fR] -[\fBidea\fR] -[\fBrc2\fR] -[\fBdes\fR] -[\fBrsa\fR] -[\fBblowfish\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" -This command is used to test the performance of cryptographic algorithms. -.SH "OPTIONS" -.IX Header "OPTIONS" +The \fBpkey\fR command processes public or private keys. They can be converted +between various forms and their components printed out. +.SH "COMMAND OPTIONS" +.IX Header "COMMAND OPTIONS" +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read parameters from or standard input if +this option is not specified. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write parameters to or standard output if +this option is not specified. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +prints out the parameters in plain text in addition to the encoded version. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +do not output the encoded version of the parameters. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" -specifying an engine (by it's unique \fBid\fR string) will cause \fBspeed\fR +specifying an engine (by its unique \fBid\fR string) will cause \fBpkeyparam\fR to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. -.IP "\fB[zero or more test algorithms]\fR" 4 -.IX Item "[zero or more test algorithms]" -If any options are given, \fBspeed\fR tests those algorithms, otherwise all of -the above are tested. +.SH "EXAMPLE" +.IX Header "EXAMPLE" +Print out text version of parameters: +.PP +.Vb 1 +\& openssl pkeyparam \-in param.pem \-text +.Ve +.SH "NOTES" +.IX Header "NOTES" +There are no \fB\-inform\fR or \fB\-outform\fR options for this command because only +\&\s-1PEM\s0 format is supported because the key type is determined by the \s-1PEM\s0 headers. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIgenpkey\fR\|(1), \fIrsa\fR\|(1), \fIpkcs8\fR\|(1), +\&\fIdsa\fR\|(1), \fIgenrsa\fR\|(1), \fIgendsa\fR\|(1) diff --git a/secure/usr.bin/openssl/man/pkeyutl.1 b/secure/usr.bin/openssl/man/pkeyutl.1 new file mode 100644 index 0000000000..0fdce47e8b --- /dev/null +++ b/secure/usr.bin/openssl/man/pkeyutl.1 @@ -0,0 +1,320 @@ +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKEYUTL 1" +.TH PKEYUTL 1 "2010-06-01" "1.0.0a" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +pkeyutl \- public key algorithm utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkeyutl\fR +[\fB\-in file\fR] +[\fB\-out file\fR] +[\fB\-sigfile file\fR] +[\fB\-inkey file\fR] +[\fB\-keyform PEM|DER\fR] +[\fB\-passin arg\fR] +[\fB\-peerkey file\fR] +[\fB\-peerform PEM|DER\fR] +[\fB\-pubin\fR] +[\fB\-certin\fR] +[\fB\-rev\fR] +[\fB\-sign\fR] +[\fB\-verify\fR] +[\fB\-verifyrecover\fR] +[\fB\-encrypt\fR] +[\fB\-decrypt\fR] +[\fB\-derive\fR] +[\fB\-pkeyopt opt:value\fR] +[\fB\-hexdump\fR] +[\fB\-asn1parse\fR] +[\fB\-engine id\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBpkeyutl\fR command can be used to perform public key operations using +any supported algorithm. +.SH "COMMAND OPTIONS" +.IX Header "COMMAND OPTIONS" +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read data from or standard input +if this option is not specified. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +specifies the output filename to write to or standard output by +default. +.IP "\fB\-inkey file\fR" 4 +.IX Item "-inkey file" +the input key file, by default it should be a private key. +.IP "\fB\-keyform PEM|DER\fR" 4 +.IX Item "-keyform PEM|DER" +the key format \s-1PEM\s0, \s-1DER\s0 or \s-1ENGINE\s0. +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +the input key password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +.IP "\fB\-peerkey file\fR" 4 +.IX Item "-peerkey file" +the peer key file, used by key derivation (agreement) operations. +.IP "\fB\-peerform PEM|DER\fR" 4 +.IX Item "-peerform PEM|DER" +the peer key format \s-1PEM\s0, \s-1DER\s0 or \s-1ENGINE\s0. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +specifying an engine (by its unique \fBid\fR string) will cause \fBpkeyutl\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.IP "\fB\-pubin\fR" 4 +.IX Item "-pubin" +the input file is a public key. +.IP "\fB\-certin\fR" 4 +.IX Item "-certin" +the input is a certificate containing a public key. +.IP "\fB\-rev\fR" 4 +.IX Item "-rev" +reverse the order of the input buffer. This is useful for some libraries +(such as CryptoAPI) which represent the buffer in little endian format. +.IP "\fB\-sign\fR" 4 +.IX Item "-sign" +sign the input data and output the signed result. This requires +a private key. +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +verify the input data against the signature file and indicate if the +verification succeeded or failed. +.IP "\fB\-verifyrecover\fR" 4 +.IX Item "-verifyrecover" +verify the input data and output the recovered data. +.IP "\fB\-encrypt\fR" 4 +.IX Item "-encrypt" +encrypt the input data using a public key. +.IP "\fB\-decrypt\fR" 4 +.IX Item "-decrypt" +decrypt the input data using a private key. +.IP "\fB\-derive\fR" 4 +.IX Item "-derive" +derive a shared secret using the peer key. +.IP "\fB\-hexdump\fR" 4 +.IX Item "-hexdump" +hex dump the output data. +.IP "\fB\-asn1parse\fR" 4 +.IX Item "-asn1parse" +asn1parse the output data, this is useful when combined with the +\&\fB\-verifyrecover\fR option when an \s-1ASN1\s0 structure is signed. +.SH "NOTES" +.IX Header "NOTES" +The operations and options supported vary according to the key algorithm +and its implementation. The OpenSSL operations and options are indicated below. +.PP +Unless otherwise mentioned all algorithms support the \fBdigest:alg\fR option +which specifies the digest in use for sign, verify and verifyrecover operations. +The value \fBalg\fR should represent a digest name as used in the +\&\fIEVP_get_digestbyname()\fR function for example \fBsha1\fR. +.SH "RSA ALGORITHM" +.IX Header "RSA ALGORITHM" +The \s-1RSA\s0 algorithm supports encrypt, decrypt, sign, verify and verifyrecover +operations in general. Some padding modes only support some of these +operations however. +.IP "\-\fBrsa_padding_mode:mode\fR" 4 +.IX Item "-rsa_padding_mode:mode" +This sets the \s-1RSA\s0 padding mode. Acceptable values for \fBmode\fR are \fBpkcs1\fR for +PKCS#1 padding, \fBsslv23\fR for SSLv23 padding, \fBnone\fR for no padding, \fBoaep\fR +for \fB\s-1OAEP\s0\fR mode, \fBx931\fR for X9.31 mode and \fBpss\fR for \s-1PSS\s0. +.Sp +In PKCS#1 padding if the message digest is not set then the supplied data is +signed or verified directly instead of using a \fBDigestInfo\fR structure. If a +digest is set then the a \fBDigestInfo\fR structure is used and its the length +must correspond to the digest type. +.Sp +For \fBoeap\fR mode only encryption and decryption is supported. +.Sp +For \fBx931\fR if the digest type is set it is used to format the block data +otherwise the first byte is used to specify the X9.31 digest \s-1ID\s0. Sign, +verify and verifyrecover are can be performed in this mode. +.Sp +For \fBpss\fR mode only sign and verify are supported and the digest type must be +specified. +.IP "\fBrsa_pss_saltlen:len\fR" 4 +.IX Item "rsa_pss_saltlen:len" +For \fBpss\fR mode only this option specifies the salt length. Two special values +are supported: \-1 sets the salt length to the digest length. When signing \-2 +sets the salt length to the maximum permissible value. When verifying \-2 causes +the salt length to be automatically determined based on the \fB\s-1PSS\s0\fR block +structure. +.SH "DSA ALGORITHM" +.IX Header "DSA ALGORITHM" +The \s-1DSA\s0 algorithm supports signing and verification operations only. Currently +there are no additional options other than \fBdigest\fR. Only the \s-1SHA1\s0 +digest can be used and this digest is assumed by default. +.SH "DH ALGORITHM" +.IX Header "DH ALGORITHM" +The \s-1DH\s0 algorithm only supports the derivation operation and no additional +options. +.SH "EC ALGORITHM" +.IX Header "EC ALGORITHM" +The \s-1EC\s0 algorithm supports sign, verify and derive operations. The sign and +verify operations use \s-1ECDSA\s0 and derive uses \s-1ECDH\s0. Currently there are no +additional options other than \fBdigest\fR. Only the \s-1SHA1\s0 digest can be used and +this digest is assumed by default. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Sign some data using a private key: +.PP +.Vb 1 +\& openssl pkeyutl \-sign \-in file \-inkey key.pem \-out sig +.Ve +.PP +Recover the signed data (e.g. if an \s-1RSA\s0 key is used): +.PP +.Vb 1 +\& openssl pkeyutl \-verifyrecover \-in sig \-inkey key.pem +.Ve +.PP +Verify the signature (e.g. a \s-1DSA\s0 key): +.PP +.Vb 1 +\& openssl pkeyutl \-verify \-in file \-sigfile sig \-inkey key.pem +.Ve +.PP +Sign data using a message digest value (this is currently only valid for \s-1RSA\s0): +.PP +.Vb 1 +\& openssl pkeyutl \-sign \-in file \-inkey key.pem \-out sig \-pkeyopt digest:sha256 +.Ve +.PP +Derive a shared secret value: +.PP +.Vb 1 +\& openssl pkeyutl \-derive \-inkey key.pem \-peerkey pubkey.pem \-out secret +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIgenpkey\fR\|(1), \fIpkey\fR\|(1), \fIrsautl\fR\|(1) +\&\fIdgst\fR\|(1), \fIrsa\fR\|(1), \fIgenrsa\fR\|(1) diff --git a/secure/usr.bin/openssl/man/rand.1 b/secure/usr.bin/openssl/man/rand.1 index da3677071b..4a11151d1b 100644 --- a/secure/usr.bin/openssl/man/rand.1 +++ b/secure/usr.bin/openssl/man/rand.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RAND 1" -.TH RAND 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH RAND 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/req.1 b/secure/usr.bin/openssl/man/req.1 index 8265ea0100..06e2108748 100644 --- a/secure/usr.bin/openssl/man/req.1 +++ b/secure/usr.bin/openssl/man/req.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "REQ 1" -.TH REQ 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH REQ 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,12 +148,13 @@ req \- PKCS#10 certificate request and certificate generating utility. [\fB\-new\fR] [\fB\-rand file(s)\fR] [\fB\-newkey rsa:bits\fR] -[\fB\-newkey dsa:file\fR] +[\fB\-newkey alg:file\fR] [\fB\-nodes\fR] [\fB\-key filename\fR] [\fB\-keyform PEM|DER\fR] [\fB\-keyout filename\fR] -[\fB\-[md5|sha1|md2|mdc2]\fR] +[\fB\-keygen_engine id\fR] +[\fB\-[digest]\fR] [\fB\-config filename\fR] [\fB\-subj arg\fR] [\fB\-multivalue\-rdn\fR] @@ -169,11 +162,15 @@ req \- PKCS#10 certificate request and certificate generating utility. [\fB\-days n\fR] [\fB\-set_serial n\fR] [\fB\-asn1\-kludge\fR] +[\fB\-no\-asn1\-kludge\fR] [\fB\-newhdr\fR] [\fB\-extensions section\fR] [\fB\-reqexts section\fR] [\fB\-utf8\fR] [\fB\-nameopt\fR] +[\fB\-reqopt\fR] +[\fB\-subject\fR] +[\fB\-subj arg\fR] [\fB\-batch\fR] [\fB\-verbose\fR] [\fB\-engine id\fR] @@ -214,6 +211,10 @@ see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\f .IP "\fB\-text\fR" 4 .IX Item "-text" prints out the certificate request in text form. +.IP "\fB\-subject\fR" 4 +.IX Item "-subject" +prints out the request subject (or certificate subject if \fB\-x509\fR is +specified) .IP "\fB\-pubkey\fR" 4 .IX Item "-pubkey" outputs the public key. @@ -236,6 +237,12 @@ in the configuration file and any requested extensions. .Sp If the \fB\-key\fR option is not used it will generate a new \s-1RSA\s0 private key using information specified in the configuration file. +.IP "\fB\-subj arg\fR" 4 +.IX Item "-subj arg" +Replaces subject field of input request with specified data and outputs +modified request. The arg must be formatted as +\&\fI/type0=value0/type1=value1/type2=...\fR, +characters may be escaped by \e (backslash), no spaces are skipped. .IP "\fB\-rand file(s)\fR" 4 .IX Item "-rand file(s)" a file or files containing random data used to seed the random number @@ -246,10 +253,33 @@ all others. .IP "\fB\-newkey arg\fR" 4 .IX Item "-newkey arg" this option creates a new certificate request and a new private -key. The argument takes one of two forms. \fBrsa:nbits\fR, where +key. The argument takes one of several forms. \fBrsa:nbits\fR, where \&\fBnbits\fR is the number of bits, generates an \s-1RSA\s0 key \fBnbits\fR -in size. \fBdsa:filename\fR generates a \s-1DSA\s0 key using the parameters -in the file \fBfilename\fR. +in size. If \fBnbits\fR is omitted, i.e. \fB\-newkey rsa\fR specified, +the default key size, specified in the configuration file is used. +.Sp +All other algorithms support the \fB\-newkey alg:file\fR form, where file may be +an algorithm parameter file, created by the \fBgenpkey \-genparam\fR command +or and X.509 certificate for a key with approriate algorithm. +.Sp +\&\fBparam:file\fR generates a key using the parameter file or certificate \fBfile\fR, +the algorithm is determined by the parameters. \fBalgname:file\fR use algorithm +\&\fBalgname\fR and parameter file \fBfile\fR: the two algorithms must match or an +error occurs. \fBalgname\fR just uses algorithm \fBalgname\fR, and parameters, +if neccessary should be specified via \fB\-pkeyopt\fR parameter. +.Sp +\&\fBdsa:filename\fR generates a \s-1DSA\s0 key using the parameters +in the file \fBfilename\fR. \fBec:filename\fR generates \s-1EC\s0 key (usable both with +\&\s-1ECDSA\s0 or \s-1ECDH\s0 algorithms), \fBgost2001:filename\fR generates \s-1GOST\s0 R +34.10\-2001 key (requires \fBccgost\fR engine configured in the configuration +file). If just \fBgost2001\fR is specified a parameter set should be +specified by \fB\-pkeyopt paramset:X\fR +.IP "\fB\-pkeyopt opt:value\fR" 4 +.IX Item "-pkeyopt opt:value" +set the public key algorithm option \fBopt\fR to \fBvalue\fR. The precise set of +options supported depends on the public key algorithm used and its +implementation. See \fB\s-1KEY\s0 \s-1GENERATION\s0 \s-1OPTIONS\s0\fR in the \fBgenpkey\fR manual page +for more details. .IP "\fB\-key filename\fR" 4 .IX Item "-key filename" This specifies the file to read the private key from. It also @@ -267,11 +297,15 @@ configuration file is used. .IX Item "-nodes" if this option is specified then if a private key is created it will not be encrypted. -.IP "\fB\-[md5|sha1|md2|mdc2]\fR" 4 -.IX Item "-[md5|sha1|md2|mdc2]" -this specifies the message digest to sign the request with. This -overrides the digest algorithm specified in the configuration file. -This option is ignored for \s-1DSA\s0 requests: they always use \s-1SHA1\s0. +.IP "\fB\-[digest]\fR" 4 +.IX Item "-[digest]" +this specifies the message digest to sign the request with (such as +\&\fB\-md5\fR, \fB\-sha1\fR). This overrides the digest algorithm specified in +the configuration file. +.Sp +Some public key algorithms may override this choice. For instance, \s-1DSA\s0 +signatures always use \s-1SHA1\s0, \s-1GOST\s0 R 34.10 signatures always use +\&\s-1GOST\s0 R 34.11\-94 (\fB\-md_gost94\fR). .IP "\fB\-config filename\fR" 4 .IX Item "-config filename" this allows an alternative configuration file to be specified, @@ -331,6 +365,13 @@ option which determines how the subject or issuer names are displayed. The \&\fBoption\fR argument can be a single option or multiple options separated by commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to set multiple options. See the \fIx509\fR\|(1) manual page for details. +.IP "\fB\-reqopt\fR" 4 +.IX Item "-reqopt" +customise the output format used with \fB\-text\fR. The \fBoption\fR argument can be +a single option or multiple options separated by commas. +.Sp +See discission of the \fB\-certopt\fR parameter in the \fBx509\fR +command. .IP "\fB\-asn1\-kludge\fR" 4 .IX Item "-asn1-kludge" by default the \fBreq\fR command outputs certificate requests containing @@ -345,6 +386,9 @@ empty \fB\s-1SET\s0 \s-1OF\s0\fR. The invalid form does not include the empty \&\fB\s-1SET\s0 \s-1OF\s0\fR whereas the correct form does. .Sp It should be noted that very few CAs still require the use of this option. +.IP "\fB\-no\-asn1\-kludge\fR" 4 +.IX Item "-no-asn1-kludge" +Reverses effect of \fB\-asn1\-kludge\fR .IP "\fB\-newhdr\fR" 4 .IX Item "-newhdr" Adds the word \fB\s-1NEW\s0\fR to the \s-1PEM\s0 file header and footer lines on the outputed @@ -357,10 +401,14 @@ non-interactive mode. print extra details about the operations being performed. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" -specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR +specifying an engine (by its unique \fBid\fR string) will cause \fBreq\fR to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. +.IP "\fB\-keygen_engine id\fR" 4 +.IX Item "-keygen_engine id" +specifies an engine (by its unique \fBid\fR string) which would be used +for key generation operations. .SH "CONFIGURATION FILE FORMAT" .IX Header "CONFIGURATION FILE FORMAT" The configuration options are specified in the \fBreq\fR section of @@ -429,7 +477,9 @@ problems with BMPStrings and UTF8Strings: in particular Netscape. .IX Item "req_extensions" this specifies the configuration file section containing a list of extensions to add to the certificate request. It can be overridden -by the \fB\-reqexts\fR command line switch. +by the \fB\-reqexts\fR command line switch. See the +\&\fIx509v3_config\fR\|(5) manual page for details of the +extension section format. .IP "\fBx509_extensions\fR" 4 .IX Item "x509_extensions" this specifies the configuration file section containing a list of @@ -706,4 +756,5 @@ address in subjectAltName should be input by the user. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIx509\fR\|(1), \fIca\fR\|(1), \fIgenrsa\fR\|(1), -\&\fIgendsa\fR\|(1), \fIconfig\fR\|(5) +\&\fIgendsa\fR\|(1), \fIconfig\fR\|(5), +\&\fIx509v3_config\fR\|(5) diff --git a/secure/usr.bin/openssl/man/rsa.1 b/secure/usr.bin/openssl/man/rsa.1 index 5286cae3cf..8e850a83da 100644 --- a/secure/usr.bin/openssl/man/rsa.1 +++ b/secure/usr.bin/openssl/man/rsa.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA 1" -.TH RSA 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH RSA 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -236,7 +228,7 @@ key will be output instead. This option is automatically set if the input is a public key. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" -specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR +specifying an engine (by its unique \fBid\fR string) will cause \fBrsa\fR to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. diff --git a/secure/usr.bin/openssl/man/rsautl.1 b/secure/usr.bin/openssl/man/rsautl.1 index 4fd9848715..9de119c2a5 100644 --- a/secure/usr.bin/openssl/man/rsautl.1 +++ b/secure/usr.bin/openssl/man/rsautl.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSAUTL 1" -.TH RSAUTL 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH RSAUTL 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/s_client.1 b/secure/usr.bin/openssl/man/s_client.1 index 91983a864f..eef29e8ac3 100644 --- a/secure/usr.bin/openssl/man/s_client.1 +++ b/secure/usr.bin/openssl/man/s_client.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "S_CLIENT 1" -.TH S_CLIENT 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH S_CLIENT 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -222,6 +214,10 @@ also used when building the client certificate chain. .IX Item "-CAfile file" A file containing trusted certificates to use during server authentication and to use when attempting to build the client certificate chain. +.IP "\fB\-purpose, \-ignore_critical, \-issuer_checks, \-crl_check, \-crl_check_all, \-policy_check, \-extended_crl, \-x509_strict, \-policy \-check_ss_sig\fR" 4 +.IX Item "-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig" +Set various certificate chain valiadition option. See the +\&\fBverify\fR manual page for details. .IP "\fB\-reconnect\fR" 4 .IX Item "-reconnect" reconnects to the same server 5 times using the same session \s-1ID\s0, this can @@ -270,6 +266,14 @@ input. .IX Item "-quiet" inhibit printing of session and certificate information. This implicitly turns on \fB\-ign_eof\fR as well. +.IP "\fB\-psk_identity identity\fR" 4 +.IX Item "-psk_identity identity" +Use the \s-1PSK\s0 identity \fBidentity\fR when using a \s-1PSK\s0 cipher suite. +.IP "\fB\-psk key\fR" 4 +.IX Item "-psk key" +Use the \s-1PSK\s0 key \fBkey\fR when using a \s-1PSK\s0 cipher suite. The key is +given as a hexadecimal number without leading 0x, for example \-psk +1a2b3c4d. .IP "\fB\-ssl2\fR, \fB\-ssl3\fR, \fB\-tls1\fR, \fB\-no_ssl2\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR" 4 .IX Item "-ssl2, -ssl3, -tls1, -no_ssl2, -no_ssl3, -no_tls1" these options disable the use of certain \s-1SSL\s0 or \s-1TLS\s0 protocols. By default @@ -297,13 +301,10 @@ send the protocol-specific message(s) to switch to \s-1TLS\s0 for communication. supported keywords are \*(L"smtp\*(R", \*(L"pop3\*(R", \*(L"imap\*(R", and \*(L"ftp\*(R". .IP "\fB\-tlsextdebug\fR" 4 .IX Item "-tlsextdebug" -print out a hex dump of any \s-1TLS\s0 extensions received from the server. Note: this -option is only available if extension support is explicitly enabled at compile -time +print out a hex dump of any \s-1TLS\s0 extensions received from the server. .IP "\fB\-no_ticket\fR" 4 .IX Item "-no_ticket" -disable RFC4507bis session ticket support. Note: this option is only available -if extension support is explicitly enabled at compile time +disable RFC4507bis session ticket support. .IP "\fB\-sess_out filename\fR" 4 .IX Item "-sess_out filename" output \s-1SSL\s0 session to \fBfilename\fR @@ -313,7 +314,7 @@ load \s-1SSL\s0 session from \fBfilename\fR. The client will attempt to resume a connection from this session. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" -specifying an engine (by it's unique \fBid\fR string) will cause \fBs_client\fR +specifying an engine (by its unique \fBid\fR string) will cause \fBs_client\fR to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. @@ -371,9 +372,6 @@ If there are problems verifying a server certificate then the Since the SSLv23 client hello cannot include compression methods or extensions these will only be supported if its use is disabled, for example by using the \&\fB\-no_sslv2\fR option. -.PP -\&\s-1TLS\s0 extensions are only supported in OpenSSL 0.9.8 if they are explictly -enabled at compile time using for example the \fBenable-tlsext\fR switch. .SH "BUGS" .IX Header "BUGS" Because this program has a lot of options and also because some of diff --git a/secure/usr.bin/openssl/man/s_server.1 b/secure/usr.bin/openssl/man/s_server.1 index 159694158f..5959394197 100644 --- a/secure/usr.bin/openssl/man/s_server.1 +++ b/secure/usr.bin/openssl/man/s_server.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "S_SERVER 1" -.TH S_SERVER 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH S_SERVER 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -297,6 +289,14 @@ this option translated a line feed from the terminal into \s-1CR+LF\s0. .IP "\fB\-quiet\fR" 4 .IX Item "-quiet" inhibit printing of session and certificate information. +.IP "\fB\-psk_hint hint\fR" 4 +.IX Item "-psk_hint hint" +Use the \s-1PSK\s0 identity hint \fBhint\fR when using a \s-1PSK\s0 cipher suite. +.IP "\fB\-psk key\fR" 4 +.IX Item "-psk key" +Use the \s-1PSK\s0 key \fBkey\fR when using a \s-1PSK\s0 cipher suite. The key is +given as a hexadecimal number without leading 0x, for example \-psk +1a2b3c4d. .IP "\fB\-ssl2\fR, \fB\-ssl3\fR, \fB\-tls1\fR, \fB\-no_ssl2\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR" 4 .IX Item "-ssl2, -ssl3, -tls1, -no_ssl2, -no_ssl3, -no_tls1" these options disable the use of certain \s-1SSL\s0 or \s-1TLS\s0 protocols. By default @@ -343,7 +343,7 @@ assumed to contain a complete and correct \s-1HTTP\s0 response (lines that are part of the \s-1HTTP\s0 response line and headers must end with \s-1CRLF\s0). .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" -specifying an engine (by it's unique \fBid\fR string) will cause \fBs_server\fR +specifying an engine (by its unique \fBid\fR string) will cause \fBs_server\fR to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. @@ -407,9 +407,6 @@ is strictly speaking a protocol violation, some \s-1SSL\s0 clients interpret thi mean any \s-1CA\s0 is acceptable. This is useful for debugging purposes. .PP The session parameters can printed out using the \fBsess_id\fR program. -.PP -\&\s-1TLS\s0 extensions are only supported in OpenSSL 0.9.8 if they are explictly -enabled at compile time using for example the \fBenable-tlsext\fR switch. .SH "BUGS" .IX Header "BUGS" Because this program has a lot of options and also because some of diff --git a/secure/usr.bin/openssl/man/s_time.1 b/secure/usr.bin/openssl/man/s_time.1 index 71da86d64f..28e8a56d27 100644 --- a/secure/usr.bin/openssl/man/s_time.1 +++ b/secure/usr.bin/openssl/man/s_time.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "S_TIME 1" -.TH S_TIME 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH S_TIME 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/sess_id.1 b/secure/usr.bin/openssl/man/sess_id.1 index 46cb42b7b6..ad781e3f86 100644 --- a/secure/usr.bin/openssl/man/sess_id.1 +++ b/secure/usr.bin/openssl/man/sess_id.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SESS_ID 1" -.TH SESS_ID 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SESS_ID 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/smime.1 b/secure/usr.bin/openssl/man/smime.1 index 4e00981e26..a78b4faf8e 100644 --- a/secure/usr.bin/openssl/man/smime.1 +++ b/secure/usr.bin/openssl/man/smime.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SMIME 1" -.TH SMIME 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SMIME 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,19 +137,10 @@ smime \- S/MIME utility [\fB\-encrypt\fR] [\fB\-decrypt\fR] [\fB\-sign\fR] +[\fB\-resign\fR] [\fB\-verify\fR] [\fB\-pk7out\fR] -[\fB\-des\fR] -[\fB\-des3\fR] -[\fB\-rc2\-40\fR] -[\fB\-rc2\-64\fR] -[\fB\-rc2\-128\fR] -[\fB\-aes128\fR] -[\fB\-aes192\fR] -[\fB\-aes256\fR] -[\fB\-camellia128\fR] -[\fB\-camellia192\fR] -[\fB\-camellia256\fR] +[\fB\-[cipher]\fR] [\fB\-in file\fR] [\fB\-certfile file\fR] [\fB\-signer file\fR] @@ -172,7 +155,11 @@ smime \- S/MIME utility [\fB\-from ad\fR] [\fB\-subject s\fR] [\fB\-text\fR] +[\fB\-indef\fR] +[\fB\-noindef\fR] +[\fB\-stream\fR] [\fB\-rand file(s)\fR] +[\fB\-md digest\fR] [cert.pem]... .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -180,7 +167,7 @@ The \fBsmime\fR command handles S/MIME mail. It can encrypt, decrypt, sign and verify S/MIME messages. .SH "COMMAND OPTIONS" .IX Header "COMMAND OPTIONS" -There are five operation options that set the type of operation to be performed. +There are six operation options that set the type of operation to be performed. The meaning of the other options varies according to the operation type. .IP "\fB\-encrypt\fR" 4 .IX Item "-encrypt" @@ -203,6 +190,9 @@ the signed data. Both clear text and opaque signing is supported. .IP "\fB\-pk7out\fR" 4 .IX Item "-pk7out" takes an input message and writes out a \s-1PEM\s0 encoded PKCS#7 structure. +.IP "\fB\-resign\fR" 4 +.IX Item "-resign" +resign a message: take an existing message and one or more new signers. .IP "\fB\-in filename\fR" 4 .IX Item "-in filename" the input message to be encrypted or signed or the \s-1MIME\s0 message to @@ -227,6 +217,19 @@ format change this to write \s-1PEM\s0 and \s-1DER\s0 format PKCS#7 structures instead. This currently only affects the output format of the PKCS#7 structure, if no PKCS#7 structure is being output (for example with \&\fB\-verify\fR or \fB\-decrypt\fR) this option has no effect. +.IP "\fB\-stream \-indef \-noindef\fR" 4 +.IX Item "-stream -indef -noindef" +the \fB\-stream\fR and \fB\-indef\fR options are equivalent and enable streaming I/O +for encoding operations. This permits single pass processing of data without +the need to hold the entire contents in memory, potentially supporting very +large files. Streaming is automatically set for S/MIME signing with detached +data if the output format is \fB\s-1SMIME\s0\fR it is currently off by default for all +other operations. +.IP "\fB\-noindef\fR" 4 +.IX Item "-noindef" +disable streaming I/O where it would produce and indefinite length constructed +encoding. This option currently has no effect. In future streaming will be +enabled by default on all relevant operations and this option will disable it. .IP "\fB\-content filename\fR" 4 .IX Item "-content filename" This specifies a file containing the detached content, this is only @@ -249,11 +252,19 @@ a directory containing trusted \s-1CA\s0 certificates, only used with \&\fB\-verify\fR. This directory must be a standard certificate directory: that is a hash of each subject name (using \fBx509 \-hash\fR) should be linked to each certificate. -.IP "\fB\-des \-des3 \-rc2\-40 \-rc2\-64 \-rc2\-128 \-aes128 \-aes192 \-aes256 \-camellia128 \-camellia192 \-camellia256\fR" 4 -.IX Item "-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256 -camellia128 -camellia192 -camellia256" -the encryption algorithm to use. \s-1DES\s0 (56 bits), triple \s-1DES\s0 (168 bits), -40, 64 or 128 bit \s-1RC2\s0, 128, 192 or 256 bit \s-1AES\s0, or 128, 192 or 256 bit Camellia respectively. If not -specified 40 bit \s-1RC2\s0 is used. Only used with \fB\-encrypt\fR. +.IP "\fB\-md digest\fR" 4 +.IX Item "-md digest" +digest algorithm to use when signing or resigning. If not present then the +default digest algorithm for the signing key will be used (usually \s-1SHA1\s0). +.IP "\fB\-[cipher]\fR" 4 +.IX Item "-[cipher]" +the encryption algorithm to use. For example \s-1DES\s0 (56 bits) \- \fB\-des\fR, +triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR, +\&\fIEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for +example \fB\-aes_128_cbc\fR. See \fBenc\fR for list of ciphers +supported by your version of OpenSSL. +.Sp +If not specified 40 bit \s-1RC2\s0 is used. Only used with \fB\-encrypt\fR. .IP "\fB\-nointern\fR" 4 .IX Item "-nointern" when verifying a message normally certificates (if any) included in @@ -300,9 +311,10 @@ be included with the message. When verifying these will be searched for the signers certificates. The certificates should be in \s-1PEM\s0 format. .IP "\fB\-signer file\fR" 4 .IX Item "-signer file" -the signers certificate when signing a message. If a message is -being verified then the signers certificates will be written to this -file if the verification was successful. +a signing certificate when signing or resigning a message, this option can be +used multiple times if more than one signer is required. If a message is being +verified then the signers certificates will be written to this file if the +verification was successful. .IP "\fB\-recip file\fR" 4 .IX Item "-recip file" the recipients certificate when decrypting a message. This certificate @@ -312,7 +324,8 @@ must match one of the recipients of the message or an error occurs. the private key to use when signing or decrypting. This must match the corresponding certificate. If this option is not specified then the private key must be included in the certificate file specified with -the \fB\-recip\fR or \fB\-signer\fR file. +the \fB\-recip\fR or \fB\-signer\fR file. When signing this option can be used +multiple times to specify successive keys. .IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" the private key password source. For more information about the format of \fBarg\fR @@ -334,6 +347,10 @@ the relevant mail headers. These are included outside the signed portion of a message so they may be included manually. If signing then many S/MIME mail clients check the signers certificate's email address matches that specified in the From: address. +.IP "\fB\-purpose, \-ignore_critical, \-issuer_checks, \-crl_check, \-crl_check_all, \-policy_check, \-extended_crl, \-x509_strict, \-policy \-check_ss_sig\fR" 4 +.IX Item "-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig" +Set various options of certificate chain verification. See +\&\fBverify\fR manual page for details. .SH "NOTES" .IX Header "NOTES" The \s-1MIME\s0 message must be sent without any blank lines between the @@ -358,6 +375,19 @@ messages \*(L"in parallel\*(R" by signing an already signed message. The options \fB\-encrypt\fR and \fB\-decrypt\fR reflect common usage in S/MIME clients. Strictly speaking these process PKCS#7 enveloped data: PKCS#7 encrypted data is used for other purposes. +.PP +The \fB\-resign\fR option uses an existing message digest when adding a new +signer. This means that attributes must be present in at least one existing +signer using the same message digest or this operation will fail. +.PP +The \fB\-stream\fR and \fB\-indef\fR options enable experimental streaming I/O support. +As a result the encoding is \s-1BER\s0 using indefinite length constructed encoding +and no longer \s-1DER\s0. Streaming is supported for the \fB\-encrypt\fR operation and the +\&\fB\-sign\fR operation if the content is not detached. +.PP +Streaming is always used for the \fB\-sign\fR operation with detached data but +since the content is no longer part of the PKCS#7 structure the encoding +remains \s-1DER\s0. .SH "EXIT CODES" .IX Header "EXIT CODES" .IP "0" 4 @@ -388,7 +418,7 @@ Create a cleartext signed message: \& \-signer mycert.pem .Ve .PP -Create and opaque signed message +Create an opaque signed message .PP .Vb 2 \& openssl smime \-sign \-in message.txt \-text \-out mail.msg \-nodetach \e @@ -403,6 +433,13 @@ read the private key from another file: \& \-signer mycert.pem \-inkey mykey.pem \-certfile mycerts.pem .Ve .PP +Create a signed message with two signers: +.PP +.Vb 2 +\& openssl smime \-sign \-in message.txt \-text \-out mail.msg \e +\& \-signer mycert.pem \-signer othercert.pem +.Ve +.PP Send a signed message under Unix directly to sendmail, including headers: .PP .Vb 3 @@ -434,8 +471,8 @@ Sign and encrypt mail: \& \-subject "Signed and Encrypted message" \-des3 user.pem .Ve .PP -Note: the encryption command does not include the \fB\-text\fR option because the message -being encrypted already has \s-1MIME\s0 headers. +Note: the encryption command does not include the \fB\-text\fR option because the +message being encrypted already has \s-1MIME\s0 headers. .PP Decrypt mail: .PP @@ -470,16 +507,24 @@ Create an encrypted message using 128 bit Camellia: .Vb 1 \& openssl smime \-encrypt \-in plain.txt \-camellia128 \-out mail.msg cert.pem .Ve +.PP +Add a signer to an existing message: +.PP +.Vb 1 +\& openssl smime \-resign \-in mail.msg \-signer newsign.pem \-out mail2.msg +.Ve .SH "BUGS" .IX Header "BUGS" -The \s-1MIME\s0 parser isn't very clever: it seems to handle most messages that I've thrown -at it but it may choke on others. +The \s-1MIME\s0 parser isn't very clever: it seems to handle most messages that I've +thrown at it but it may choke on others. .PP -The code currently will only write out the signer's certificate to a file: if the -signer has a separate encryption certificate this must be manually extracted. There -should be some heuristic that determines the correct encryption certificate. +The code currently will only write out the signer's certificate to a file: if +the signer has a separate encryption certificate this must be manually +extracted. There should be some heuristic that determines the correct +encryption certificate. .PP -Ideally a database should be maintained of a certificates for each email address. +Ideally a database should be maintained of a certificates for each email +address. .PP The code doesn't currently take note of the permitted symmetric encryption algorithms as supplied in the SMIMECapabilities signed attribute. this means the @@ -490,3 +535,7 @@ No revocation checking is done on the signer's certificate. .PP The current code can only handle S/MIME v2 messages, the more complex S/MIME v3 structures may cause parsing errors. +.SH "HISTORY" +.IX Header "HISTORY" +The use of multiple \fB\-signer\fR options and the \fB\-resign\fR command were first +added in OpenSSL 1.0.0 diff --git a/secure/usr.bin/openssl/man/speed.1 b/secure/usr.bin/openssl/man/speed.1 index b21718ccc2..9f33801378 100644 --- a/secure/usr.bin/openssl/man/speed.1 +++ b/secure/usr.bin/openssl/man/speed.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SPEED 1" -.TH SPEED 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SPEED 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -175,7 +167,7 @@ This command is used to test the performance of cryptographic algorithms. .IX Header "OPTIONS" .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" -specifying an engine (by it's unique \fBid\fR string) will cause \fBspeed\fR +specifying an engine (by its unique \fBid\fR string) will cause \fBspeed\fR to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. diff --git a/secure/usr.bin/openssl/man/spkac.1 b/secure/usr.bin/openssl/man/spkac.1 index 94b3034889..e94de3035b 100644 --- a/secure/usr.bin/openssl/man/spkac.1 +++ b/secure/usr.bin/openssl/man/spkac.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SPKAC 1" -.TH SPKAC 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH SPKAC 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -202,7 +194,7 @@ being created). verifies the digital signature on the supplied \s-1SPKAC\s0. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" -specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR +specifying an engine (by its unique \fBid\fR string) will cause \fBspkac\fR to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. diff --git a/secure/usr.bin/openssl/man/ts.1 b/secure/usr.bin/openssl/man/ts.1 new file mode 100644 index 0000000000..12885756e6 --- /dev/null +++ b/secure/usr.bin/openssl/man/ts.1 @@ -0,0 +1,649 @@ +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "TS 1" +.TH TS 1 "2010-06-01" "1.0.0a" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ts \- Time Stamping Authority tool (client/server) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBts\fR +\&\fB\-query\fR +[\fB\-rand\fR file:file...] +[\fB\-config\fR configfile] +[\fB\-data\fR file_to_hash] +[\fB\-digest\fR digest_bytes] +[\fB\-md2\fR|\fB\-md4\fR|\fB\-md5\fR|\fB\-sha\fR|\fB\-sha1\fR|\fB\-mdc2\fR|\fB\-ripemd160\fR|\fB...\fR] +[\fB\-policy\fR object_id] +[\fB\-no_nonce\fR] +[\fB\-cert\fR] +[\fB\-in\fR request.tsq] +[\fB\-out\fR request.tsq] +[\fB\-text\fR] +.PP +\&\fBopenssl\fR \fBts\fR +\&\fB\-reply\fR +[\fB\-config\fR configfile] +[\fB\-section\fR tsa_section] +[\fB\-queryfile\fR request.tsq] +[\fB\-passin\fR password_src] +[\fB\-signer\fR tsa_cert.pem] +[\fB\-inkey\fR private.pem] +[\fB\-chain\fR certs_file.pem] +[\fB\-policy\fR object_id] +[\fB\-in\fR response.tsr] +[\fB\-token_in\fR] +[\fB\-out\fR response.tsr] +[\fB\-token_out\fR] +[\fB\-text\fR] +[\fB\-engine\fR id] +.PP +\&\fBopenssl\fR \fBts\fR +\&\fB\-verify\fR +[\fB\-data\fR file_to_hash] +[\fB\-digest\fR digest_bytes] +[\fB\-queryfile\fR request.tsq] +[\fB\-in\fR response.tsr] +[\fB\-token_in\fR] +[\fB\-CApath\fR trusted_cert_path] +[\fB\-CAfile\fR trusted_certs.pem] +[\fB\-untrusted\fR cert_file.pem] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBts\fR command is a basic Time Stamping Authority (\s-1TSA\s0) client and server +application as specified in \s-1RFC\s0 3161 (Time-Stamp Protocol, \s-1TSP\s0). A +\&\s-1TSA\s0 can be part of a \s-1PKI\s0 deployment and its role is to provide long +term proof of the existence of a certain datum before a particular +time. Here is a brief description of the protocol: +.IP "1." 4 +The \s-1TSA\s0 client computes a one-way hash value for a data file and sends +the hash to the \s-1TSA\s0. +.IP "2." 4 +The \s-1TSA\s0 attaches the current date and time to the received hash value, +signs them and sends the time stamp token back to the client. By +creating this token the \s-1TSA\s0 certifies the existence of the original +data file at the time of response generation. +.IP "3." 4 +The \s-1TSA\s0 client receives the time stamp token and verifies the +signature on it. It also checks if the token contains the same hash +value that it had sent to the \s-1TSA\s0. +.PP +There is one \s-1DER\s0 encoded protocol data unit defined for transporting a time +stamp request to the \s-1TSA\s0 and one for sending the time stamp response +back to the client. The \fBts\fR command has three main functions: +creating a time stamp request based on a data file, +creating a time stamp response based on a request, verifying if a +response corresponds to a particular request or a data file. +.PP +There is no support for sending the requests/responses automatically +over \s-1HTTP\s0 or \s-1TCP\s0 yet as suggested in \s-1RFC\s0 3161. The users must send the +requests either by ftp or e\-mail. +.SH "OPTIONS" +.IX Header "OPTIONS" +.SS "Time Stamp Request generation" +.IX Subsection "Time Stamp Request generation" +The \fB\-query\fR switch can be used for creating and printing a time stamp +request with the following options: +.IP "\fB\-rand\fR file:file..." 4 +.IX Item "-rand file:file..." +The files containing random data for seeding the random number +generator. Multiple files can be specified, the separator is \fB;\fR for +MS-Windows, \fB,\fR for \s-1VMS\s0 and \fB:\fR for all other platforms. (Optional) +.IP "\fB\-config\fR configfile" 4 +.IX Item "-config configfile" +The configuration file to use, this option overrides the +\&\fB\s-1OPENSSL_CONF\s0\fR environment variable. Only the \s-1OID\s0 section +of the config file is used with the \fB\-query\fR command. (Optional) +.IP "\fB\-data\fR file_to_hash" 4 +.IX Item "-data file_to_hash" +The data file for which the time stamp request needs to be +created. stdin is the default if neither the \fB\-data\fR nor the \fB\-digest\fR +parameter is specified. (Optional) +.IP "\fB\-digest\fR digest_bytes" 4 +.IX Item "-digest digest_bytes" +It is possible to specify the message imprint explicitly without the data +file. The imprint must be specified in a hexadecimal format, two characters +per byte, the bytes optionally separated by colons (e.g. 1A:F6:01:... or +1AF601...). The number of bytes must match the message digest algorithm +in use. (Optional) +.IP "\fB\-md2\fR|\fB\-md4\fR|\fB\-md5\fR|\fB\-sha\fR|\fB\-sha1\fR|\fB\-mdc2\fR|\fB\-ripemd160\fR|\fB...\fR" 4 +.IX Item "-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160|..." +The message digest to apply to the data file, it supports all the message +digest algorithms that are supported by the openssl \fBdgst\fR command. +The default is \s-1SHA\-1\s0. (Optional) +.IP "\fB\-policy\fR object_id" 4 +.IX Item "-policy object_id" +The policy that the client expects the \s-1TSA\s0 to use for creating the +time stamp token. Either the dotted \s-1OID\s0 notation or \s-1OID\s0 names defined +in the config file can be used. If no policy is requested the \s-1TSA\s0 will +use its own default policy. (Optional) +.IP "\fB\-no_nonce\fR" 4 +.IX Item "-no_nonce" +No nonce is specified in the request if this option is +given. Otherwise a 64 bit long pseudo-random none is +included in the request. It is recommended to use nonce to +protect against replay-attacks. (Optional) +.IP "\fB\-cert\fR" 4 +.IX Item "-cert" +The \s-1TSA\s0 is expected to include its signing certificate in the +response. (Optional) +.IP "\fB\-in\fR request.tsq" 4 +.IX Item "-in request.tsq" +This option specifies a previously created time stamp request in \s-1DER\s0 +format that will be printed into the output file. Useful when you need +to examine the content of a request in human-readable +.Sp +format. (Optional) +.IP "\fB\-out\fR request.tsq" 4 +.IX Item "-out request.tsq" +Name of the output file to which the request will be written. Default +is stdout. (Optional) +.IP "\fB\-text\fR" 4 +.IX Item "-text" +If this option is specified the output is human-readable text format +instead of \s-1DER\s0. (Optional) +.SS "Time Stamp Response generation" +.IX Subsection "Time Stamp Response generation" +A time stamp response (TimeStampResp) consists of a response status +and the time stamp token itself (ContentInfo), if the token generation was +successful. The \fB\-reply\fR command is for creating a time stamp +response or time stamp token based on a request and printing the +response/token in human-readable format. If \fB\-token_out\fR is not +specified the output is always a time stamp response (TimeStampResp), +otherwise it is a time stamp token (ContentInfo). +.IP "\fB\-config\fR configfile" 4 +.IX Item "-config configfile" +The configuration file to use, this option overrides the +\&\fB\s-1OPENSSL_CONF\s0\fR environment variable. See \fB\s-1CONFIGURATION\s0 \s-1FILE\s0 +\&\s-1OPTIONS\s0\fR for configurable variables. (Optional) +.IP "\fB\-section\fR tsa_section" 4 +.IX Item "-section tsa_section" +The name of the config file section conatining the settings for the +response generation. If not specified the default \s-1TSA\s0 section is +used, see \fB\s-1CONFIGURATION\s0 \s-1FILE\s0 \s-1OPTIONS\s0\fR for details. (Optional) +.IP "\fB\-queryfile\fR request.tsq" 4 +.IX Item "-queryfile request.tsq" +The name of the file containing a \s-1DER\s0 encoded time stamp request. (Optional) +.IP "\fB\-passin\fR password_src" 4 +.IX Item "-passin password_src" +Specifies the password source for the private key of the \s-1TSA\s0. See +\&\fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR in \fIopenssl\fR\|(1). (Optional) +.IP "\fB\-signer\fR tsa_cert.pem" 4 +.IX Item "-signer tsa_cert.pem" +The signer certificate of the \s-1TSA\s0 in \s-1PEM\s0 format. The \s-1TSA\s0 signing +certificate must have exactly one extended key usage assigned to it: +timeStamping. The extended key usage must also be critical, otherwise +the certificate is going to be refused. Overrides the \fBsigner_cert\fR +variable of the config file. (Optional) +.IP "\fB\-inkey\fR private.pem" 4 +.IX Item "-inkey private.pem" +The signer private key of the \s-1TSA\s0 in \s-1PEM\s0 format. Overrides the +\&\fBsigner_key\fR config file option. (Optional) +.IP "\fB\-chain\fR certs_file.pem" 4 +.IX Item "-chain certs_file.pem" +The collection of certificates in \s-1PEM\s0 format that will all +be included in the response in addition to the signer certificate if +the \fB\-cert\fR option was used for the request. This file is supposed to +contain the certificate chain for the signer certificate from its +issuer upwards. The \fB\-reply\fR command does not build a certificate +chain automatically. (Optional) +.IP "\fB\-policy\fR object_id" 4 +.IX Item "-policy object_id" +The default policy to use for the response unless the client +explicitly requires a particular \s-1TSA\s0 policy. The \s-1OID\s0 can be specified +either in dotted notation or with its name. Overrides the +\&\fBdefault_policy\fR config file option. (Optional) +.IP "\fB\-in\fR response.tsr" 4 +.IX Item "-in response.tsr" +Specifies a previously created time stamp response or time stamp token +(if \fB\-token_in\fR is also specified) in \s-1DER\s0 format that will be written +to the output file. This option does not require a request, it is +useful e.g. when you need to examine the content of a response or +token or you want to extract the time stamp token from a response. If +the input is a token and the output is a time stamp response a default +\&'granted' status info is added to the token. (Optional) +.IP "\fB\-token_in\fR" 4 +.IX Item "-token_in" +This flag can be used together with the \fB\-in\fR option and indicates +that the input is a \s-1DER\s0 encoded time stamp token (ContentInfo) instead +of a time stamp response (TimeStampResp). (Optional) +.IP "\fB\-out\fR response.tsr" 4 +.IX Item "-out response.tsr" +The response is written to this file. The format and content of the +file depends on other options (see \fB\-text\fR, \fB\-token_out\fR). The default is +stdout. (Optional) +.IP "\fB\-token_out\fR" 4 +.IX Item "-token_out" +The output is a time stamp token (ContentInfo) instead of time stamp +response (TimeStampResp). (Optional) +.IP "\fB\-text\fR" 4 +.IX Item "-text" +If this option is specified the output is human-readable text format +instead of \s-1DER\s0. (Optional) +.IP "\fB\-engine\fR id" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBts\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. Default is builtin. (Optional) +.SS "Time Stamp Response verification" +.IX Subsection "Time Stamp Response verification" +The \fB\-verify\fR command is for verifying if a time stamp response or time +stamp token is valid and matches a particular time stamp request or +data file. The \fB\-verify\fR command does not use the configuration file. +.IP "\fB\-data\fR file_to_hash" 4 +.IX Item "-data file_to_hash" +The response or token must be verified against file_to_hash. The file +is hashed with the message digest algorithm specified in the token. +The \fB\-digest\fR and \fB\-queryfile\fR options must not be specified with this one. +(Optional) +.IP "\fB\-digest\fR digest_bytes" 4 +.IX Item "-digest digest_bytes" +The response or token must be verified against the message digest specified +with this option. The number of bytes must match the message digest algorithm +specified in the token. The \fB\-data\fR and \fB\-queryfile\fR options must not be +specified with this one. (Optional) +.IP "\fB\-queryfile\fR request.tsq" 4 +.IX Item "-queryfile request.tsq" +The original time stamp request in \s-1DER\s0 format. The \fB\-data\fR and \fB\-digest\fR +options must not be specified with this one. (Optional) +.IP "\fB\-in\fR response.tsr" 4 +.IX Item "-in response.tsr" +The time stamp response that needs to be verified in \s-1DER\s0 format. (Mandatory) +.IP "\fB\-token_in\fR" 4 +.IX Item "-token_in" +This flag can be used together with the \fB\-in\fR option and indicates +that the input is a \s-1DER\s0 encoded time stamp token (ContentInfo) instead +of a time stamp response (TimeStampResp). (Optional) +.IP "\fB\-CApath\fR trusted_cert_path" 4 +.IX Item "-CApath trusted_cert_path" +The name of the directory containing the trused \s-1CA\s0 certificates of the +client. See the similar option of \fIverify\fR\|(1) for additional +details. Either this option or \fB\-CAfile\fR must be specified. (Optional) +.IP "\fB\-CAfile\fR trusted_certs.pem" 4 +.IX Item "-CAfile trusted_certs.pem" +The name of the file containing a set of trusted self-signed \s-1CA\s0 +certificates in \s-1PEM\s0 format. See the similar option of +\&\fIverify\fR\|(1) for additional details. Either this option +or \fB\-CApath\fR must be specified. +(Optional) +.IP "\fB\-untrusted\fR cert_file.pem" 4 +.IX Item "-untrusted cert_file.pem" +Set of additional untrusted certificates in \s-1PEM\s0 format which may be +needed when building the certificate chain for the \s-1TSA\s0's signing +certificate. This file must contain the \s-1TSA\s0 signing certificate and +all intermediate \s-1CA\s0 certificates unless the response includes them. +(Optional) +.SH "CONFIGURATION FILE OPTIONS" +.IX Header "CONFIGURATION FILE OPTIONS" +The \fB\-query\fR and \fB\-reply\fR commands make use of a configuration file +defined by the \fB\s-1OPENSSL_CONF\s0\fR environment variable. See \fIconfig\fR\|(5) +for a general description of the syntax of the config file. The +\&\fB\-query\fR command uses only the symbolic \s-1OID\s0 names section +and it can work without it. However, the \fB\-reply\fR command needs the +config file for its operation. +.PP +When there is a command line switch equivalent of a variable the +switch always overrides the settings in the config file. +.IP "\fBtsa\fR section, \fBdefault_tsa\fR" 4 +.IX Item "tsa section, default_tsa" +This is the main section and it specifies the name of another section +that contains all the options for the \fB\-reply\fR command. This default +section can be overriden with the \fB\-section\fR command line switch. (Optional) +.IP "\fBoid_file\fR" 4 +.IX Item "oid_file" +See \fIca\fR\|(1) for description. (Optional) +.IP "\fBoid_section\fR" 4 +.IX Item "oid_section" +See \fIca\fR\|(1) for description. (Optional) +.IP "\fB\s-1RANDFILE\s0\fR" 4 +.IX Item "RANDFILE" +See \fIca\fR\|(1) for description. (Optional) +.IP "\fBserial\fR" 4 +.IX Item "serial" +The name of the file containing the hexadecimal serial number of the +last time stamp response created. This number is incremented by 1 for +each response. If the file does not exist at the time of response +generation a new file is created with serial number 1. (Mandatory) +.IP "\fBcrypto_device\fR" 4 +.IX Item "crypto_device" +Specifies the OpenSSL engine that will be set as the default for +all available algorithms. The default value is builtin, you can specify +any other engines supported by OpenSSL (e.g. use chil for the NCipher \s-1HSM\s0). +(Optional) +.IP "\fBsigner_cert\fR" 4 +.IX Item "signer_cert" +\&\s-1TSA\s0 signing certificate in \s-1PEM\s0 format. The same as the \fB\-signer\fR +command line option. (Optional) +.IP "\fBcerts\fR" 4 +.IX Item "certs" +A file containing a set of \s-1PEM\s0 encoded certificates that need to be +included in the response. The same as the \fB\-chain\fR command line +option. (Optional) +.IP "\fBsigner_key\fR" 4 +.IX Item "signer_key" +The private key of the \s-1TSA\s0 in \s-1PEM\s0 format. The same as the \fB\-inkey\fR +command line option. (Optional) +.IP "\fBdefault_policy\fR" 4 +.IX Item "default_policy" +The default policy to use when the request does not mandate any +policy. The same as the \fB\-policy\fR command line option. (Optional) +.IP "\fBother_policies\fR" 4 +.IX Item "other_policies" +Comma separated list of policies that are also acceptable by the \s-1TSA\s0 +and used only if the request explicitly specifies one of them. (Optional) +.IP "\fBdigests\fR" 4 +.IX Item "digests" +The list of message digest algorithms that the \s-1TSA\s0 accepts. At least +one algorithm must be specified. (Mandatory) +.IP "\fBaccuracy\fR" 4 +.IX Item "accuracy" +The accuracy of the time source of the \s-1TSA\s0 in seconds, milliseconds +and microseconds. E.g. secs:1, millisecs:500, microsecs:100. If any of +the components is missing zero is assumed for that field. (Optional) +.IP "\fBclock_precision_digits\fR" 4 +.IX Item "clock_precision_digits" +Specifies the maximum number of digits, which represent the fraction of +seconds, that need to be included in the time field. The trailing zeroes +must be removed from the time, so there might actually be fewer digits, +or no fraction of seconds at all. Supported only on \s-1UNIX\s0 platforms. +The maximum value is 6, default is 0. +(Optional) +.IP "\fBordering\fR" 4 +.IX Item "ordering" +If this option is yes the responses generated by this \s-1TSA\s0 can always +be ordered, even if the time difference between two responses is less +than the sum of their accuracies. Default is no. (Optional) +.IP "\fBtsa_name\fR" 4 +.IX Item "tsa_name" +Set this option to yes if the subject name of the \s-1TSA\s0 must be included in +the \s-1TSA\s0 name field of the response. Default is no. (Optional) +.IP "\fBess_cert_id_chain\fR" 4 +.IX Item "ess_cert_id_chain" +The SignedData objects created by the \s-1TSA\s0 always contain the +certificate identifier of the signing certificate in a signed +attribute (see \s-1RFC\s0 2634, Enhanced Security Services). If this option +is set to yes and either the \fBcerts\fR variable or the \fB\-chain\fR option +is specified then the certificate identifiers of the chain will also +be included in the SigningCertificate signed attribute. If this +variable is set to no, only the signing certificate identifier is +included. Default is no. (Optional) +.SH "ENVIRONMENT VARIABLES" +.IX Header "ENVIRONMENT VARIABLES" +\&\fB\s-1OPENSSL_CONF\s0\fR contains the path of the configuration file and can be +overriden by the \fB\-config\fR command line option. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +All the examples below presume that \fB\s-1OPENSSL_CONF\s0\fR is set to a proper +configuration file, e.g. the example configuration file +openssl/apps/openssl.cnf will do. +.SS "Time Stamp Request" +.IX Subsection "Time Stamp Request" +To create a time stamp request for design1.txt with \s-1SHA\-1\s0 +without nonce and policy and no certificate is required in the response: +.PP +.Vb 2 +\& openssl ts \-query \-data design1.txt \-no_nonce \e +\& \-out design1.tsq +.Ve +.PP +To create a similar time stamp request with specifying the message imprint +explicitly: +.PP +.Vb 2 +\& openssl ts \-query \-digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \e +\& \-no_nonce \-out design1.tsq +.Ve +.PP +To print the content of the previous request in human readable format: +.PP +.Vb 1 +\& openssl ts \-query \-in design1.tsq \-text +.Ve +.PP +To create a time stamp request which includes the \s-1MD\-5\s0 digest +of design2.txt, requests the signer certificate and nonce, +specifies a policy id (assuming the tsa_policy1 name is defined in the +\&\s-1OID\s0 section of the config file): +.PP +.Vb 2 +\& openssl ts \-query \-data design2.txt \-md5 \e +\& \-policy tsa_policy1 \-cert \-out design2.tsq +.Ve +.SS "Time Stamp Response" +.IX Subsection "Time Stamp Response" +Before generating a response a signing certificate must be created for +the \s-1TSA\s0 that contains the \fBtimeStamping\fR critical extended key usage extension +without any other key usage extensions. You can add the +\&'extendedKeyUsage = critical,timeStamping' line to the user certificate section +of the config file to generate a proper certificate. See \fIreq\fR\|(1), +\&\fIca\fR\|(1), \fIx509\fR\|(1) for instructions. The examples +below assume that cacert.pem contains the certificate of the \s-1CA\s0, +tsacert.pem is the signing certificate issued by cacert.pem and +tsakey.pem is the private key of the \s-1TSA\s0. +.PP +To create a time stamp response for a request: +.PP +.Vb 2 +\& openssl ts \-reply \-queryfile design1.tsq \-inkey tsakey.pem \e +\& \-signer tsacert.pem \-out design1.tsr +.Ve +.PP +If you want to use the settings in the config file you could just write: +.PP +.Vb 1 +\& openssl ts \-reply \-queryfile design1.tsq \-out design1.tsr +.Ve +.PP +To print a time stamp reply to stdout in human readable format: +.PP +.Vb 1 +\& openssl ts \-reply \-in design1.tsr \-text +.Ve +.PP +To create a time stamp token instead of time stamp response: +.PP +.Vb 1 +\& openssl ts \-reply \-queryfile design1.tsq \-out design1_token.der \-token_out +.Ve +.PP +To print a time stamp token to stdout in human readable format: +.PP +.Vb 1 +\& openssl ts \-reply \-in design1_token.der \-token_in \-text \-token_out +.Ve +.PP +To extract the time stamp token from a response: +.PP +.Vb 1 +\& openssl ts \-reply \-in design1.tsr \-out design1_token.der \-token_out +.Ve +.PP +To add 'granted' status info to a time stamp token thereby creating a +valid response: +.PP +.Vb 1 +\& openssl ts \-reply \-in design1_token.der \-token_in \-out design1.tsr +.Ve +.SS "Time Stamp Verification" +.IX Subsection "Time Stamp Verification" +To verify a time stamp reply against a request: +.PP +.Vb 2 +\& openssl ts \-verify \-queryfile design1.tsq \-in design1.tsr \e +\& \-CAfile cacert.pem \-untrusted tsacert.pem +.Ve +.PP +To verify a time stamp reply that includes the certificate chain: +.PP +.Vb 2 +\& openssl ts \-verify \-queryfile design2.tsq \-in design2.tsr \e +\& \-CAfile cacert.pem +.Ve +.PP +To verify a time stamp token against the original data file: + openssl ts \-verify \-data design2.txt \-in design2.tsr \e + \-CAfile cacert.pem +.PP +To verify a time stamp token against a message imprint: + openssl ts \-verify \-digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \e + \-in design2.tsr \-CAfile cacert.pem +.PP +You could also look at the 'test' directory for more examples. +.SH "BUGS" +.IX Header "BUGS" +If you find any bugs or you have suggestions please write to +Zoltan Glozik . Known issues: +.IP "\(bu" 4 +No support for time stamps over \s-1SMTP\s0, though it is quite easy +to implement an automatic e\-mail based \s-1TSA\s0 with \fIprocmail\fR\|(1) +and \fIperl\fR\|(1). \s-1HTTP\s0 server support is provided in the form of +a separate apache module. \s-1HTTP\s0 client support is provided by +\&\fItsget\fR\|(1). Pure \s-1TCP/IP\s0 protocol is not supported. +.IP "\(bu" 4 +The file containing the last serial number of the \s-1TSA\s0 is not +locked when being read or written. This is a problem if more than one +instance of \fIopenssl\fR\|(1) is trying to create a time stamp +response at the same time. This is not an issue when using the apache +server module, it does proper locking. +.IP "\(bu" 4 +Look for the \s-1FIXME\s0 word in the source files. +.IP "\(bu" 4 +The source code should really be reviewed by somebody else, too. +.IP "\(bu" 4 +More testing is needed, I have done only some basic tests (see +test/testtsa). +.SH "AUTHOR" +.IX Header "AUTHOR" +Zoltan Glozik , OpenTSA project (http://www.opentsa.org) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fItsget\fR\|(1), \fIopenssl\fR\|(1), \fIreq\fR\|(1), +\&\fIx509\fR\|(1), \fIca\fR\|(1), \fIgenrsa\fR\|(1), +\&\fIconfig\fR\|(5) diff --git a/secure/usr.bin/openssl/man/tsget.1 b/secure/usr.bin/openssl/man/tsget.1 new file mode 100644 index 0000000000..9e097bf864 --- /dev/null +++ b/secure/usr.bin/openssl/man/tsget.1 @@ -0,0 +1,311 @@ +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "TSGET 1" +.TH TSGET 1 "2010-06-01" "1.0.0a" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +tsget \- Time Stamping HTTP/HTTPS client +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBtsget\fR +\&\fB\-h\fR server_url +[\fB\-e\fR extension] +[\fB\-o\fR output] +[\fB\-v\fR] +[\fB\-d\fR] +[\fB\-k\fR private_key.pem] +[\fB\-p\fR key_password] +[\fB\-c\fR client_cert.pem] +[\fB\-C\fR CA_certs.pem] +[\fB\-P\fR CA_path] +[\fB\-r\fR file:file...] +[\fB\-g\fR EGD_socket] +[request]... +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBtsget\fR command can be used for sending a time stamp request, as +specified in \fB\s-1RFC\s0 3161\fR, to a time stamp server over \s-1HTTP\s0 or \s-1HTTPS\s0 and storing +the time stamp response in a file. This tool cannot be used for creating the +requests and verifying responses, you can use the OpenSSL \fB\f(BIts\fB\|(1)\fR command to +do that. \fBtsget\fR can send several requests to the server without closing +the \s-1TCP\s0 connection if more than one requests are specified on the command +line. +.PP +The tool sends the following \s-1HTTP\s0 request for each time stamp request: +.PP +.Vb 7 +\& POST url HTTP/1.1 +\& User\-Agent: OpenTSA tsget.pl/ +\& Host: : +\& Pragma: no\-cache +\& Content\-Type: application/timestamp\-query +\& Accept: application/timestamp\-reply +\& Content\-Length: length of body +\& +\& ...binary request specified by the user... +.Ve +.PP +\&\fBtsget\fR expects a response of type application/timestamp\-reply, which is +written to a file without any interpretation. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-h\fR server_url" 4 +.IX Item "-h server_url" +The \s-1URL\s0 of the \s-1HTTP/HTTPS\s0 server listening for time stamp requests. +.IP "\fB\-e\fR extension" 4 +.IX Item "-e extension" +If the \fB\-o\fR option is not given this argument specifies the extension of the +output files. The base name of the output file will be the same as those of +the input files. Default extension is '.tsr'. (Optional) +.IP "\fB\-o\fR output" 4 +.IX Item "-o output" +This option can be specified only when just one request is sent to the +server. The time stamp response will be written to the given output file. '\-' +means standard output. In case of multiple time stamp requests or the absence +of this argument the names of the output files will be derived from the names +of the input files and the default or specified extension argument. (Optional) +.IP "\fB\-v\fR" 4 +.IX Item "-v" +The name of the currently processed request is printed on standard +error. (Optional) +.IP "\fB\-d\fR" 4 +.IX Item "-d" +Switches on verbose mode for the underlying \fBcurl\fR library. You can see +detailed debug messages for the connection. (Optional) +.IP "\fB\-k\fR private_key.pem" 4 +.IX Item "-k private_key.pem" +(\s-1HTTPS\s0) In case of certificate-based client authentication over \s-1HTTPS\s0 + must contain the private key of the user. The private key +file can optionally be protected by a passphrase. The \fB\-c\fR option must also +be specified. (Optional) +.IP "\fB\-p\fR key_password" 4 +.IX Item "-p key_password" +(\s-1HTTPS\s0) Specifies the passphrase for the private key specified by the \fB\-k\fR +argument. If this option is omitted and the key is passphrase protected \fBtsget\fR +will ask for it. (Optional) +.IP "\fB\-c\fR client_cert.pem" 4 +.IX Item "-c client_cert.pem" +(\s-1HTTPS\s0) In case of certificate-based client authentication over \s-1HTTPS\s0 + must contain the X.509 certificate of the user. The \fB\-k\fR +option must also be specified. If this option is not specified no +certificate-based client authentication will take place. (Optional) +.IP "\fB\-C\fR CA_certs.pem" 4 +.IX Item "-C CA_certs.pem" +(\s-1HTTPS\s0) The trusted \s-1CA\s0 certificate store. The certificate chain of the peer's +certificate must include one of the \s-1CA\s0 certificates specified in this file. +Either option \fB\-C\fR or option \fB\-P\fR must be given in case of \s-1HTTPS\s0. (Optional) +.IP "\fB\-P\fR CA_path" 4 +.IX Item "-P CA_path" +(\s-1HTTPS\s0) The path containing the trusted \s-1CA\s0 certificates to verify the peer's +certificate. The directory must be prepared with the \fBc_rehash\fR +OpenSSL utility. Either option \fB\-C\fR or option \fB\-P\fR must be given in case of +\&\s-1HTTPS\s0. (Optional) +.IP "\fB\-rand\fR file:file..." 4 +.IX Item "-rand file:file..." +The files containing random data for seeding the random number +generator. Multiple files can be specified, the separator is \fB;\fR for +MS-Windows, \fB,\fR for \s-1VMS\s0 and \fB:\fR for all other platforms. (Optional) +.IP "\fB\-g\fR EGD_socket" 4 +.IX Item "-g EGD_socket" +The name of an \s-1EGD\s0 socket to get random data from. (Optional) +.IP "[request]..." 4 +.IX Item "[request]..." +List of files containing \fB\s-1RFC\s0 3161\fR DER-encoded time stamp requests. If no +requests are specifed only one request will be sent to the server and it will be +read from the standard input. (Optional) +.SH "ENVIRONMENT VARIABLES" +.IX Header "ENVIRONMENT VARIABLES" +The \fB\s-1TSGET\s0\fR environment variable can optionally contain default +arguments. The content of this variable is added to the list of command line +arguments. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The examples below presume that \fBfile1.tsq\fR and \fBfile2.tsq\fR contain valid +time stamp requests, tsa.opentsa.org listens at port 8080 for \s-1HTTP\s0 requests +and at port 8443 for \s-1HTTPS\s0 requests, the \s-1TSA\s0 service is available at the /tsa +absolute path. +.PP +Get a time stamp response for file1.tsq over \s-1HTTP\s0, output is written to +file1.tsr: +.PP +.Vb 1 +\& tsget \-h http://tsa.opentsa.org:8080/tsa file1.tsq +.Ve +.PP +Get a time stamp response for file1.tsq and file2.tsq over \s-1HTTP\s0 showing +progress, output is written to file1.reply and file2.reply respectively: +.PP +.Vb 2 +\& tsget \-h http://tsa.opentsa.org:8080/tsa \-v \-e .reply \e +\& file1.tsq file2.tsq +.Ve +.PP +Create a time stamp request, write it to file3.tsq, send it to the server and +write the response to file3.tsr: +.PP +.Vb 3 +\& openssl ts \-query \-data file3.txt \-cert | tee file3.tsq \e +\& | tsget \-h http://tsa.opentsa.org:8080/tsa \e +\& \-o file3.tsr +.Ve +.PP +Get a time stamp response for file1.tsq over \s-1HTTPS\s0 without client +authentication: +.PP +.Vb 2 +\& tsget \-h https://tsa.opentsa.org:8443/tsa \e +\& \-C cacerts.pem file1.tsq +.Ve +.PP +Get a time stamp response for file1.tsq over \s-1HTTPS\s0 with certificate-based +client authentication (it will ask for the passphrase if client_key.pem is +protected): +.PP +.Vb 2 +\& tsget \-h https://tsa.opentsa.org:8443/tsa \-C cacerts.pem \e +\& \-k client_key.pem \-c client_cert.pem file1.tsq +.Ve +.PP +You can shorten the previous command line if you make use of the \fB\s-1TSGET\s0\fR +environment variable. The following commands do the same as the previous +example: +.PP +.Vb 4 +\& TSGET=\*(Aq\-h https://tsa.opentsa.org:8443/tsa \-C cacerts.pem \e +\& \-k client_key.pem \-c client_cert.pem\*(Aq +\& export TSGET +\& tsget file1.tsq +.Ve +.SH "AUTHOR" +.IX Header "AUTHOR" +Zoltan Glozik , OpenTSA project (http://www.opentsa.org) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), \fIts\fR\|(1), \fIcurl\fR\|(1), +\&\fB\s-1RFC\s0 3161\fR diff --git a/secure/usr.bin/openssl/man/verify.1 b/secure/usr.bin/openssl/man/verify.1 index 2b2f6954f7..538f5d4605 100644 --- a/secure/usr.bin/openssl/man/verify.1 +++ b/secure/usr.bin/openssl/man/verify.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "VERIFY 1" -.TH VERIFY 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH VERIFY 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,6 +137,18 @@ verify \- Utility to verify certificates. [\fB\-CApath directory\fR] [\fB\-CAfile file\fR] [\fB\-purpose purpose\fR] +[\fB\-policy arg\fR] +[\fB\-ignore_critical\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-policy_check\fR] +[\fB\-explicit_policy\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-x509_strict\fR] +[\fB\-extended_crl\fR] +[\fB\-use_deltas\fR] +[\fB\-policy_print\fR] [\fB\-untrusted file\fR] [\fB\-help\fR] [\fB\-issuer_checks\fR] @@ -189,6 +193,55 @@ of the current certificate. This shows why each candidate issuer certificate was rejected. However the presence of rejection messages does not itself imply that anything is wrong: during the normal verify process several rejections may take place. +.IP "\fB\-policy arg\fR" 4 +.IX Item "-policy arg" +Enable policy processing and add \fBarg\fR to the user-initial-policy-set +(see \s-1RFC3280\s0 et al). The policy \fBarg\fR can be an object name an \s-1OID\s0 in numeric +form. This argument can appear more than once. +.IP "\fB\-policy_check\fR" 4 +.IX Item "-policy_check" +Enables certificate policy processing. +.IP "\fB\-explicit_policy\fR" 4 +.IX Item "-explicit_policy" +Set policy variable require-explicit-policy (see \s-1RFC3280\s0 et al). +.IP "\fB\-inhibit_any\fR" 4 +.IX Item "-inhibit_any" +Set policy variable inhibit-any-policy (see \s-1RFC3280\s0 et al). +.IP "\fB\-inhibit_map\fR" 4 +.IX Item "-inhibit_map" +Set policy variable inhibit-policy-mapping (see \s-1RFC3280\s0 et al). +.IP "\fB\-policy_print\fR" 4 +.IX Item "-policy_print" +Print out diagnostics, related to policy checking +.IP "\fB\-crl_check\fR" 4 +.IX Item "-crl_check" +Checks end entity certificate validity by attempting to lookup a valid \s-1CRL\s0. +If a valid \s-1CRL\s0 cannot be found an error occurs. +.IP "\fB\-crl_check_all\fR" 4 +.IX Item "-crl_check_all" +Checks the validity of \fBall\fR certificates in the chain by attempting +to lookup valid CRLs. +.IP "\fB\-ignore_critical\fR" 4 +.IX Item "-ignore_critical" +Normally if an unhandled critical extension is present which is not +supported by OpenSSL the certificate is rejected (as required by +\&\s-1RFC3280\s0 et al). If this option is set critical extensions are +ignored. +.IP "\fB\-x509_strict\fR" 4 +.IX Item "-x509_strict" +Disable workarounds for broken certificates which have to be disabled +for strict X.509 compliance. +.IP "\fB\-extended_crl\fR" 4 +.IX Item "-extended_crl" +Enable extended \s-1CRL\s0 features such as indirect CRLs and alternate \s-1CRL\s0 +signing keys. +.IP "\fB\-use_deltas\fR" 4 +.IX Item "-use_deltas" +Enable support for delta CRLs. +.IP "\fB\-check_ss_sig\fR" 4 +.IX Item "-check_ss_sig" +Verify the signature on the self-signed root \s-1CA\s0. This is disabled by default +because it doesn't add any security. .IP "\fB\-\fR" 4 .IX Item "-" marks the last option. All arguments following this are assumed to be @@ -281,11 +334,11 @@ as \*(L"unused\*(R". the operation was successful. .IP "\fB2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate\fR" 4 .IX Item "2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate" -the issuer certificate could not be found: this occurs if the issuer certificate -of an untrusted certificate cannot be found. +the issuer certificate of a looked up certificate could not be found. This +normally means the list of trusted certificates is not complete. .IP "\fB3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate \s-1CRL\s0\fR" 4 .IX Item "3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL" -the \s-1CRL\s0 of a certificate could not be found. Unused. +the \s-1CRL\s0 of a certificate could not be found. .IP "\fB4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature\fR" 4 .IX Item "4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature" the certificate signature could not be decrypted. This means that the actual signature value @@ -303,7 +356,7 @@ the public key in the certificate SubjectPublicKeyInfo could not be read. the signature of the certificate is invalid. .IP "\fB8 X509_V_ERR_CRL_SIGNATURE_FAILURE: \s-1CRL\s0 signature failure\fR" 4 .IX Item "8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure" -the signature of the certificate is invalid. Unused. +the signature of the certificate is invalid. .IP "\fB9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid\fR" 4 .IX Item "9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid" the certificate is not yet valid: the notBefore date is after the current time. @@ -312,10 +365,10 @@ the certificate is not yet valid: the notBefore date is after the current time. the certificate has expired: that is the notAfter date is before the current time. .IP "\fB11 X509_V_ERR_CRL_NOT_YET_VALID: \s-1CRL\s0 is not yet valid\fR" 4 .IX Item "11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid" -the \s-1CRL\s0 is not yet valid. Unused. +the \s-1CRL\s0 is not yet valid. .IP "\fB12 X509_V_ERR_CRL_HAS_EXPIRED: \s-1CRL\s0 has expired\fR" 4 .IX Item "12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired" -the \s-1CRL\s0 has expired. Unused. +the \s-1CRL\s0 has expired. .IP "\fB13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field\fR" 4 .IX Item "13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field" the certificate notBefore field contains an invalid time. @@ -324,10 +377,10 @@ the certificate notBefore field contains an invalid time. the certificate notAfter field contains an invalid time. .IP "\fB15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in \s-1CRL\s0's lastUpdate field\fR" 4 .IX Item "15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field" -the \s-1CRL\s0 lastUpdate field contains an invalid time. Unused. +the \s-1CRL\s0 lastUpdate field contains an invalid time. .IP "\fB16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in \s-1CRL\s0's nextUpdate field\fR" 4 .IX Item "16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field" -the \s-1CRL\s0 nextUpdate field contains an invalid time. Unused. +the \s-1CRL\s0 nextUpdate field contains an invalid time. .IP "\fB17 X509_V_ERR_OUT_OF_MEM: out of memory\fR" 4 .IX Item "17 X509_V_ERR_OUT_OF_MEM: out of memory" an error occurred trying to allocate memory. This should never happen. @@ -341,8 +394,8 @@ the certificate chain could be built up using the untrusted certificates but the be found locally. .IP "\fB20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate\fR" 4 .IX Item "20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate" -the issuer certificate of a locally looked up certificate could not be found. This normally means -the list of trusted certificates is not complete. +the issuer certificate could not be found: this occurs if the issuer +certificate of an untrusted certificate cannot be found. .IP "\fB21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate\fR" 4 .IX Item "21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate" no signatures could be verified because the chain contains only one certificate and it is not @@ -352,7 +405,7 @@ self signed. the certificate chain length is greater than the supplied maximum depth. Unused. .IP "\fB23 X509_V_ERR_CERT_REVOKED: certificate revoked\fR" 4 .IX Item "23 X509_V_ERR_CERT_REVOKED: certificate revoked" -the certificate has been revoked. Unused. +the certificate has been revoked. .IP "\fB24 X509_V_ERR_INVALID_CA: invalid \s-1CA\s0 certificate\fR" 4 .IX Item "24 X509_V_ERR_INVALID_CA: invalid CA certificate" a \s-1CA\s0 certificate is invalid. Either it is not a \s-1CA\s0 or its extensions are not consistent @@ -401,6 +454,10 @@ the certificates in the file will be recognised. .PP Previous versions of OpenSSL assume certificates with matching subject name are identical and mishandled them. +.PP +Previous versions of this documentation swapped the meaning of the +\&\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT\fR and +\&\fB20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY\fR error codes. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIx509\fR\|(1) diff --git a/secure/usr.bin/openssl/man/version.1 b/secure/usr.bin/openssl/man/version.1 index 3ff95ec4ae..497395a1be 100644 --- a/secure/usr.bin/openssl/man/version.1 +++ b/secure/usr.bin/openssl/man/version.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "VERSION 1" -.TH VERSION 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH VERSION 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/x509.1 b/secure/usr.bin/openssl/man/x509.1 index c1dfb91dea..ee8324d475 100644 --- a/secure/usr.bin/openssl/man/x509.1 +++ b/secure/usr.bin/openssl/man/x509.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509 1" -.TH X509 1 "2010-02-27" "0.9.8m" "OpenSSL" +.TH X509 1 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -157,6 +149,7 @@ x509 \- Certificate display and signing utility [\fB\-issuer\fR] [\fB\-nameopt option\fR] [\fB\-email\fR] +[\fB\-ocsp_uri\fR] [\fB\-startdate\fR] [\fB\-enddate\fR] [\fB\-purpose\fR] @@ -198,7 +191,7 @@ Since there are a large number of options they will split up into various sections. .SH "OPTIONS" .IX Header "OPTIONS" -.Sh "\s-1INPUT\s0, \s-1OUTPUT\s0 \s-1AND\s0 \s-1GENERAL\s0 \s-1PURPOSE\s0 \s-1OPTIONS\s0" +.SS "\s-1INPUT\s0, \s-1OUTPUT\s0 \s-1AND\s0 \s-1GENERAL\s0 \s-1PURPOSE\s0 \s-1OPTIONS\s0" .IX Subsection "INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS" .IP "\fB\-inform DER|PEM|NET\fR" 4 .IX Item "-inform DER|PEM|NET" @@ -228,11 +221,11 @@ specified then \s-1SHA1\s0 is used. If the key being used to sign with is a \s-1 then this option has no effect: \s-1SHA1\s0 is always used with \s-1DSA\s0 keys. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" -specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR +specifying an engine (by its unique \fBid\fR string) will cause \fBx509\fR to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. -.Sh "\s-1DISPLAY\s0 \s-1OPTIONS\s0" +.SS "\s-1DISPLAY\s0 \s-1OPTIONS\s0" .IX Subsection "DISPLAY OPTIONS" Note: the \fB\-alias\fR and \fB\-purpose\fR options are also display options but are described in the \fB\s-1TRUST\s0 \s-1SETTINGS\s0\fR section. @@ -268,6 +261,14 @@ outputs the \*(L"hash\*(R" of the certificate issuer name. .IP "\fB\-hash\fR" 4 .IX Item "-hash" synonym for \*(L"\-subject_hash\*(R" for backward compatibility reasons. +.IP "\fB\-subject_hash_old\fR" 4 +.IX Item "-subject_hash_old" +outputs the \*(L"hash\*(R" of the certificate subject name using the older algorithm +as used by OpenSSL versions before 1.0.0. +.IP "\fB\-issuer_hash_old\fR" 4 +.IX Item "-issuer_hash_old" +outputs the \*(L"hash\*(R" of the certificate issuer name using the older algorithm +as used by OpenSSL versions before 1.0.0. .IP "\fB\-subject\fR" 4 .IX Item "-subject" outputs the subject name. @@ -283,6 +284,9 @@ set multiple options. See the \fB\s-1NAME\s0 \s-1OPTIONS\s0\fR section for more .IP "\fB\-email\fR" 4 .IX Item "-email" outputs the email address(es) if any. +.IP "\fB\-ocsp_uri\fR" 4 +.IX Item "-ocsp_uri" +outputs the \s-1OCSP\s0 responder address(es) if any. .IP "\fB\-startdate\fR" 4 .IX Item "-startdate" prints out the start date of the certificate, that is the notBefore date. @@ -299,7 +303,7 @@ prints out the digest of the \s-1DER\s0 encoded version of the whole certificate .IP "\fB\-C\fR" 4 .IX Item "-C" this outputs the certificate in the form of a C source file. -.Sh "\s-1TRUST\s0 \s-1SETTINGS\s0" +.SS "\s-1TRUST\s0 \s-1SETTINGS\s0" .IX Subsection "TRUST SETTINGS" Please note these options are currently experimental and may well change. .PP @@ -356,7 +360,7 @@ option. this option performs tests on the certificate extensions and outputs the results. For a more complete description see the \fB\s-1CERTIFICATE\s0 \&\s-1EXTENSIONS\s0\fR section. -.Sh "\s-1SIGNING\s0 \s-1OPTIONS\s0" +.SS "\s-1SIGNING\s0 \s-1OPTIONS\s0" .IX Subsection "SIGNING OPTIONS" The \fBx509\fR utility can be used to sign certificates and requests: it can thus behave like a \*(L"mini \s-1CA\s0\*(R". @@ -447,8 +451,10 @@ no extensions are added to the certificate. the section to add certificate extensions from. If this option is not specified then the extensions should either be contained in the unnamed (default) section or the default section should contain a variable called -\&\*(L"extensions\*(R" which contains the section to use. -.Sh "\s-1NAME\s0 \s-1OPTIONS\s0" +\&\*(L"extensions\*(R" which contains the section to use. See the +\&\fIx509v3_config\fR\|(5) manual page for details of the +extension section format. +.SS "\s-1NAME\s0 \s-1OPTIONS\s0" .IX Subsection "NAME OPTIONS" The \fBnameopt\fR command line switch determines how the subject and issuer names are displayed. If no \fBnameopt\fR switch is present the default \*(L"oneline\*(R" @@ -559,7 +565,7 @@ align field values for a more readable output. Only usable with .IX Item "space_eq" places spaces round the \fB=\fR character which follows the field name. -.Sh "\s-1TEXT\s0 \s-1OPTIONS\s0" +.SS "\s-1TEXT\s0 \s-1OPTIONS\s0" .IX Subsection "TEXT OPTIONS" As well as customising the name output format, it is also possible to customise the actual fields printed using the \fBcertopt\fR options when @@ -852,7 +858,14 @@ OpenSSL 0.9.5 and later. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIreq\fR\|(1), \fIca\fR\|(1), \fIgenrsa\fR\|(1), -\&\fIgendsa\fR\|(1), \fIverify\fR\|(1) +\&\fIgendsa\fR\|(1), \fIverify\fR\|(1), +\&\fIx509v3_config\fR\|(5) .SH "HISTORY" .IX Header "HISTORY" Before OpenSSL 0.9.8, the default digest for \s-1RSA\s0 keys was \s-1MD5\s0. +.PP +The hash algorithm used in the \fB\-subject_hash\fR and \fB\-issuer_hash\fR options +before OpenSSL 1.0.0 was based on the deprecated \s-1MD5\s0 algorithm and the encoding +of the distinguished name. In OpenSSL 1.0.0 and later it is based on a +canonical version of the \s-1DN\s0 using \s-1SHA1\s0. This means that any directories using +the old form must have their links rebuilt using \fBc_rehash\fR or similar. diff --git a/secure/usr.bin/openssl/man/x509v3_config.5 b/secure/usr.bin/openssl/man/x509v3_config.5 index edecbca8b6..a995cfc8e9 100644 --- a/secure/usr.bin/openssl/man/x509v3_config.5 +++ b/secure/usr.bin/openssl/man/x509v3_config.5 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -53,7 +45,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -132,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509V3_CONFIG 5" -.TH X509V3_CONFIG 5 "2010-02-27" "0.9.8m" "OpenSSL" +.TH X509V3_CONFIG 5 "2010-06-01" "1.0.0a" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -193,11 +185,11 @@ use is defined by the extension code itself: check out the certificate policies extension for an example. .PP If an extension type is unsupported then the \fIarbitrary\fR extension syntax -must be used, see the \s-1ARBITRART\s0 \s-1EXTENSIONS\s0 section for more details. +must be used, see the \s-1ARBITRARY\s0 \s-1EXTENSIONS\s0 section for more details. .SH "STANDARD EXTENSIONS" .IX Header "STANDARD EXTENSIONS" The following sections describe each supported extension in detail. -.Sh "Basic Constraints." +.SS "Basic Constraints." .IX Subsection "Basic Constraints." This is a multi valued extension which indicates whether a certificate is a \s-1CA\s0 certificate. The first (mandatory) name is \fB\s-1CA\s0\fR followed by \fB\s-1TRUE\s0\fR or @@ -222,7 +214,7 @@ with \s-1CA\s0 set to \s-1FALSE\s0 for end entity certificates. The pathlen parameter indicates the maximum number of CAs that can appear below this one in a chain. So if you have a \s-1CA\s0 with a pathlen of zero it can only be used to sign end user certificates and not further CAs. -.Sh "Key Usage." +.SS "Key Usage." .IX Subsection "Key Usage." Key usage is a multi valued extension consisting of a list of names of the permitted key usages. @@ -238,7 +230,7 @@ Examples: \& \& keyUsage=critical, keyCertSign .Ve -.Sh "Extended Key Usage." +.SS "Extended Key Usage." .IX Subsection "Extended Key Usage." This extensions consists of a list of usages indicating purposes for which the certificate public key can be used for, @@ -269,7 +261,7 @@ Examples: \& extendedKeyUsage=critical,codeSigning,1.2.3.4 \& extendedKeyUsage=nsSGC,msSGC .Ve -.Sh "Subject Key Identifier." +.SS "Subject Key Identifier." .IX Subsection "Subject Key Identifier." This is really a string extension and can take two possible values. Either the word \fBhash\fR which will automatically follow the guidelines in \s-1RFC3280\s0 @@ -281,7 +273,7 @@ Example: .Vb 1 \& subjectKeyIdentifier=hash .Ve -.Sh "Authority Key Identifier." +.SS "Authority Key Identifier." .IX Subsection "Authority Key Identifier." The authority key identifier extension permits two options. keyid and issuer: both can take the optional value \*(L"always\*(R". @@ -299,7 +291,7 @@ Example: .Vb 1 \& authorityKeyIdentifier=keyid,issuer .Ve -.Sh "Subject Alternative Name." +.SS "Subject Alternative Name." .IX Subsection "Subject Alternative Name." The subject alternative name extension allows various literal values to be included in the configuration file. These include \fBemail\fR (an email address) @@ -319,7 +311,7 @@ preceeding the name with a \fB+\fR character. .PP otherName can include arbitrary data associated with an \s-1OID:\s0 the value should be the \s-1OID\s0 followed by a semicolon and the content in standard -\&\fIASN1_generate_nconf()\fR format. +\&\fIASN1_generate_nconf\fR\|(3) format. .PP Examples: .PP @@ -338,7 +330,7 @@ Examples: \& OU=My Unit \& CN=My Name .Ve -.Sh "Issuer Alternative Name." +.SS "Issuer Alternative Name." .IX Subsection "Issuer Alternative Name." The issuer alternative name option supports all the literal options of subject alternative name. It does \fBnot\fR support the email:copy option because @@ -351,7 +343,7 @@ Example: .Vb 1 \& issuserAltName = issuer:copy .Ve -.Sh "Authority Info Access." +.SS "Authority Info Access." .IX Subsection "Authority Info Access." The authority information access extension gives details about how to access certain information relating to the \s-1CA\s0. Its syntax is accessOID;location @@ -365,25 +357,87 @@ Example: \& authorityInfoAccess = OCSP;URI:http://ocsp.my.host/ \& authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html .Ve -.Sh "\s-1CRL\s0 distribution points." +.SS "\s-1CRL\s0 distribution points." .IX Subsection "CRL distribution points." -This is a multi-valued extension that supports all the literal options of -subject alternative name. Of the few software packages that currently interpret -this extension most only interpret the \s-1URI\s0 option. +This is a multi-valued extension whose options can be either in name:value pair +using the same form as subject alternative name or a single value representing +a section name containing all the distribution point fields. .PP -Currently each option will set a new DistributionPoint with the fullName -field set to the given value. +For a name:value pair a new DistributionPoint with the fullName field set to +the given value both the cRLissuer and reasons fields are omitted in this case. .PP -Other fields like cRLissuer and reasons cannot currently be set or displayed: -at this time no examples were available that used these fields. +In the single option case the section indicated contains values for each +field. In this section: .PP -Examples: +If the name is \*(L"fullname\*(R" the value field should contain the full name +of the distribution point in the same format as subject alternative name. +.PP +If the name is \*(L"relativename\*(R" then the value field should contain a section +name whose contents represent a \s-1DN\s0 fragment to be placed in this field. +.PP +The name \*(L"CRLIssuer\*(R" if present should contain a value for this field in +subject alternative name format. +.PP +If the name is \*(L"reasons\*(R" the value field should consist of a comma +separated field containing the reasons. Valid reasons are: \*(L"keyCompromise\*(R", +\&\*(L"CACompromise\*(R", \*(L"affiliationChanged\*(R", \*(L"superseded\*(R", \*(L"cessationOfOperation\*(R", +\&\*(L"certificateHold\*(R", \*(L"privilegeWithdrawn\*(R" and \*(L"AACompromise\*(R". +.PP +Simple examples: .PP .Vb 2 \& crlDistributionPoints=URI:http://myhost.com/myca.crl \& crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl .Ve -.Sh "Certificate Policies." +.PP +Full distribution point example: +.PP +.Vb 1 +\& crlDistributionPoints=crldp1_section +\& +\& [crldp1_section] +\& +\& fullname=URI:http://myhost.com/myca.crl +\& CRLissuer=dirName:issuer_sect +\& reasons=keyCompromise, CACompromise +\& +\& [issuer_sect] +\& C=UK +\& O=Organisation +\& CN=Some Name +.Ve +.SS "Issuing Distribution Point" +.IX Subsection "Issuing Distribution Point" +This extension should only appear in CRLs. It is a multi valued extension +whose syntax is similar to the \*(L"section\*(R" pointed to by the \s-1CRL\s0 distribution +points extension with a few differences. +.PP +The names \*(L"reasons\*(R" and \*(L"CRLissuer\*(R" are not recognized. +.PP +The name \*(L"onlysomereasons\*(R" is accepted which sets this field. The value is +in the same format as the \s-1CRL\s0 distribution point \*(L"reasons\*(R" field. +.PP +The names \*(L"onlyuser\*(R", \*(L"onlyCA\*(R", \*(L"onlyAA\*(R" and \*(L"indirectCRL\*(R" are also accepted +the values should be a boolean value (\s-1TRUE\s0 or \s-1FALSE\s0) to indicate the value of +the corresponding field. +.PP +Example: +.PP +.Vb 1 +\& issuingDistributionPoint=critical, @idp_section +\& +\& [idp_section] +\& +\& fullname=URI:http://myhost.com/myca.crl +\& indirectCRL=TRUE +\& onlysomereasons=keyCompromise, CACompromise +\& +\& [issuer_sect] +\& C=UK +\& O=Organisation +\& CN=Some Name +.Ve +.SS "Certificate Policies." .IX Subsection "Certificate Policies." This is a \fIraw\fR extension. All the fields of this extension can be set by using the appropriate syntax. @@ -443,7 +497,7 @@ Example: The \fBia5org\fR option changes the type of the \fIorganization\fR field. In \s-1RFC2459\s0 it can only be of type DisplayText. In \s-1RFC3280\s0 IA5Strring is also permissible. Some software (for example some versions of \s-1MSIE\s0) may require ia5org. -.Sh "Policy Constraints" +.SS "Policy Constraints" .IX Subsection "Policy Constraints" This is a multi-valued extension which consisting of the names \&\fBrequireExplicitPolicy\fR or \fBinhibitPolicyMapping\fR and a non negative intger @@ -454,7 +508,7 @@ Example: .Vb 1 \& policyConstraints = requireExplicitPolicy:3 .Ve -.Sh "Inhibit Any Policy" +.SS "Inhibit Any Policy" .IX Subsection "Inhibit Any Policy" This is a string extension whose value must be a non negative integer. .PP @@ -463,7 +517,7 @@ Example: .Vb 1 \& inhibitAnyPolicy = 2 .Ve -.Sh "Name Constraints" +.SS "Name Constraints" .IX Subsection "Name Constraints" The name constraints extension is a multi-valued extension. The name should begin with the word \fBpermitted\fR or \fBexcluded\fR followed by a \fB;\fR. The rest of @@ -479,12 +533,22 @@ Examples: \& nameConstraints=permitted;email:.somedomain.com \& \& nameConstraints=excluded;email:.com +\&issuingDistributionPoint = idp_section +.Ve +.SS "\s-1OCSP\s0 No Check" +.IX Subsection "OCSP No Check" +The \s-1OCSP\s0 No Check extension is a string extension but its value is ignored. +.PP +Example: +.PP +.Vb 1 +\& noCheck = ignored .Ve .SH "DEPRECATED EXTENSIONS" .IX Header "DEPRECATED EXTENSIONS" The following extensions are non standard, Netscape specific and largely obsolete. Their use in new applications is discouraged. -.Sh "Netscape String extensions." +.SS "Netscape String extensions." .IX Subsection "Netscape String extensions." Netscape Comment (\fBnsComment\fR) is a string extension containing a comment which will be displayed when the certificate is viewed in some browsers. @@ -498,7 +562,7 @@ Example: Other supported extensions in this category are: \fBnsBaseUrl\fR, \&\fBnsRevocationUrl\fR, \fBnsCaRevocationUrl\fR, \fBnsRenewalUrl\fR, \fBnsCaPolicyUrl\fR and \fBnsSslServerName\fR. -.Sh "Netscape Certificate Type" +.SS "Netscape Certificate Type" .IX Subsection "Netscape Certificate Type" This is a multi-valued extensions which consists of a list of flags to be included. It was used to indicate the purposes for which a certificate could @@ -517,7 +581,8 @@ the data is formatted correctly for the given extension type. There are two ways to encode arbitrary extensions. .PP The first way is to use the word \s-1ASN1\s0 followed by the extension content -using the same syntax as \fIASN1_generate_nconf()\fR. For example: +using the same syntax as \fIASN1_generate_nconf\fR\|(3). +For example: .PP .Vb 1 \& 1.2.3.4=critical,ASN1:UTF8String:Some random data @@ -606,4 +671,5 @@ The \fBdirectoryName\fR and \fBotherName\fR option as well as the \fB\s-1ASN1\s0 for arbitrary extensions was added in OpenSSL 0.9.8 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIreq\fR\|(1), \fIca\fR\|(1), \fIx509\fR\|(1) +\&\fIreq\fR\|(1), \fIca\fR\|(1), \fIx509\fR\|(1), +\&\fIASN1_generate_nconf\fR\|(3) diff --git a/usr.sbin/sendmail/Makefile b/usr.sbin/sendmail/Makefile index dfcc1abe1c..9b8d8d8774 100644 --- a/usr.sbin/sendmail/Makefile +++ b/usr.sbin/sendmail/Makefile @@ -21,7 +21,7 @@ SRCS= alias.c arpadate.c bf.c collect.c conf.c control.c \ ratectrl.c readcf.c recipient.c savemail.c sasl.c sfsasl.c \ shmticklib.c sm_resolve.c srvrsmtp.c stab.c stats.c sysexits.c \ timers.c tls.c trace.c udb.c usersmtp.c util.c version.c ${PATCHES} -WARNS?= 2 +WARNS?= 0 BINOWN= root BINGRP= smmsp .ifdef SENDMAIL_SET_USER_ID -- 2.41.0