aboutsummaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2021-02-16 19:54:02 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2021-02-16 19:54:02 +0000
commit4f55bd5321b72491d4eff396e4928e9ab0706735 (patch)
tree46adf486ba58f712ebd071b5d2dbeda04c45833b /doc
parentc25134eb4f5842c16f8f372a1e28849794d70883 (diff)
downloadsrc-4f55bd5321b72491d4eff396e4928e9ab0706735.tar.gz
src-4f55bd5321b72491d4eff396e4928e9ab0706735.zip
Import OpenSSL 1.1.1j.vendor/openssl/1.1.1j
Diffstat (limited to 'doc')
-rw-r--r--doc/man1/ca.pod4
-rw-r--r--doc/man1/cms.pod4
-rw-r--r--doc/man1/crl2pkcs7.pod4
-rw-r--r--doc/man1/dgst.pod4
-rw-r--r--doc/man1/dsa.pod6
-rw-r--r--doc/man1/ec.pod6
-rw-r--r--doc/man1/enc.pod4
-rw-r--r--doc/man1/genpkey.pod4
-rw-r--r--doc/man1/genrsa.pod4
-rw-r--r--doc/man1/pkcs12.pod14
-rw-r--r--doc/man1/pkcs8.pod6
-rw-r--r--doc/man1/pkey.pod6
-rw-r--r--doc/man1/pkeyutl.pod4
-rw-r--r--doc/man1/req.pod6
-rw-r--r--doc/man1/rsa.pod6
-rw-r--r--doc/man1/s_client.pod4
-rw-r--r--doc/man1/s_server.pod4
-rw-r--r--doc/man1/smime.pod4
-rw-r--r--doc/man1/spkac.pod4
-rw-r--r--doc/man1/storeutl.pod4
-rw-r--r--doc/man1/ts.pod4
-rw-r--r--doc/man1/x509.pod4
-rw-r--r--doc/man3/DH_generate_key.pod27
-rw-r--r--doc/man3/OCSP_sendreq_new.pod28
-rw-r--r--doc/man3/OPENSSL_malloc.pod2
-rw-r--r--doc/man3/X509_get_extension_flags.pod11
26 files changed, 107 insertions, 71 deletions
diff --git a/doc/man1/ca.pod b/doc/man1/ca.pod
index 159d9d812565..4380d869eaa7 100644
--- a/doc/man1/ca.pod
+++ b/doc/man1/ca.pod
@@ -163,7 +163,7 @@ self-signed certificate.
=item B<-passin arg>
The key password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-notext>
@@ -759,7 +759,7 @@ L<config(5)>, L<x509v3_config(5)>
=head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/cms.pod b/doc/man1/cms.pod
index 72cd9b5d4e9e..2caf3ef4d156 100644
--- a/doc/man1/cms.pod
+++ b/doc/man1/cms.pod
@@ -465,7 +465,7 @@ or to modify default parameters for ECDH.
=item B<-passin arg>
The private key password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-rand file...>
@@ -735,7 +735,7 @@ The -no_alt_chains option was added in OpenSSL 1.0.2b.
=head1 COPYRIGHT
-Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/crl2pkcs7.pod b/doc/man1/crl2pkcs7.pod
index f58a442b5bc9..3fcb737b7070 100644
--- a/doc/man1/crl2pkcs7.pod
+++ b/doc/man1/crl2pkcs7.pod
@@ -56,7 +56,7 @@ output by default.
Specifies a filename containing one or more certificates in B<PEM> format.
All certificates in the file will be added to the PKCS#7 structure. This
-option can be used more than once to read certificates form multiple
+option can be used more than once to read certificates from multiple
files.
=item B<-nocrl>
@@ -96,7 +96,7 @@ L<pkcs7(1)>
=head1 COPYRIGHT
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/dgst.pod b/doc/man1/dgst.pod
index 4c6034cdd6ce..8d48c9aed6d6 100644
--- a/doc/man1/dgst.pod
+++ b/doc/man1/dgst.pod
@@ -109,7 +109,7 @@ Names and values of these options are algorithm-specific.
=item B<-passin arg>
The private key password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-verify filename>
@@ -241,7 +241,7 @@ The FIPS-related options were removed in OpenSSL 1.1.0.
=head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/dsa.pod b/doc/man1/dsa.pod
index fb6cbf122aec..752c22063e9c 100644
--- a/doc/man1/dsa.pod
+++ b/doc/man1/dsa.pod
@@ -75,7 +75,7 @@ prompted for.
=item B<-passin arg>
The input file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-out filename>
@@ -87,7 +87,7 @@ filename.
=item B<-passout arg>
The output file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea>
@@ -172,7 +172,7 @@ L<genrsa(1)>
=head1 COPYRIGHT
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/ec.pod b/doc/man1/ec.pod
index 4d368e20ae19..41ffc6cb6379 100644
--- a/doc/man1/ec.pod
+++ b/doc/man1/ec.pod
@@ -68,7 +68,7 @@ prompted for.
=item B<-passin arg>
The input file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-out filename>
@@ -80,7 +80,7 @@ filename.
=item B<-passout arg>
The output file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-des|-des3|-idea>
@@ -193,7 +193,7 @@ L<ecparam(1)>, L<dsa(1)>, L<rsa(1)>
=head1 COPYRIGHT
-Copyright 2003-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/enc.pod b/doc/man1/enc.pod
index 7bba89ee0783..3c7b6c42ea2c 100644
--- a/doc/man1/enc.pod
+++ b/doc/man1/enc.pod
@@ -76,7 +76,7 @@ The output filename, standard output by default.
=item B<-pass arg>
The password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-e>
@@ -428,7 +428,7 @@ The B<-list> option was added in OpenSSL 1.1.1e.
=head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/genpkey.pod b/doc/man1/genpkey.pod
index 1ba54d486619..6a681ef3d219 100644
--- a/doc/man1/genpkey.pod
+++ b/doc/man1/genpkey.pod
@@ -44,7 +44,7 @@ This specifies the output format DER or PEM. The default format is PEM.
=item B<-pass arg>
The output file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-I<cipher>>
@@ -325,7 +325,7 @@ The ability to generate X448, ED25519 and ED448 keys was added in OpenSSL 1.1.1.
=head1 COPYRIGHT
-Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/genrsa.pod b/doc/man1/genrsa.pod
index a9c994ffb18a..8bd3799ea926 100644
--- a/doc/man1/genrsa.pod
+++ b/doc/man1/genrsa.pod
@@ -51,7 +51,7 @@ standard output is used.
=item B<-passout arg>
The output file password source. For more information about the format
-of B<arg> see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+of B<arg> see L<openssl(1)/Pass Phrase Options>.
=item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea>
@@ -118,7 +118,7 @@ L<gendsa(1)>
=head1 COPYRIGHT
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/pkcs12.pod b/doc/man1/pkcs12.pod
index fdaf6e49cd1d..ac0397a945a9 100644
--- a/doc/man1/pkcs12.pod
+++ b/doc/man1/pkcs12.pod
@@ -78,14 +78,12 @@ default. They are all written in PEM format.
=item B<-passin arg>
The PKCS#12 file (i.e. input file) password source. For more information about
-the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
-L<openssl(1)>.
+the format of B<arg> see L<openssl(1)/Pass Phrase Options>.
=item B<-passout arg>
Pass phrase source to encrypt any outputted private keys with. For more
-information about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section
-in L<openssl(1)>.
+information about the format of B<arg> see L<openssl(1)/Pass Phrase Options>.
=item B<-password arg>
@@ -206,14 +204,12 @@ displays them.
=item B<-pass arg>, B<-passout arg>
The PKCS#12 file (i.e. output file) password source. For more information about
-the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
-L<openssl(1)>.
+the format of B<arg> see L<openssl(1)/Pass Phrase Options>.
=item B<-passin password>
Pass phrase source to decrypt any input private keys with. For more information
-about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
-L<openssl(1)>.
+about the format of B<arg> see L<openssl(1)/Pass Phrase Options>.
=item B<-chain>
@@ -383,7 +379,7 @@ L<pkcs8(1)>
=head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/pkcs8.pod b/doc/man1/pkcs8.pod
index 9efc8bc11e77..dba75fc8d41d 100644
--- a/doc/man1/pkcs8.pod
+++ b/doc/man1/pkcs8.pod
@@ -75,7 +75,7 @@ prompted for.
=item B<-passin arg>
The input file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-out filename>
@@ -87,7 +87,7 @@ filename.
=item B<-passout arg>
The output file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-iter count>
@@ -309,7 +309,7 @@ The B<-iter> option was added in OpenSSL 1.1.0.
=head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/pkey.pod b/doc/man1/pkey.pod
index 9569fe0e412d..1c29092793fd 100644
--- a/doc/man1/pkey.pod
+++ b/doc/man1/pkey.pod
@@ -57,7 +57,7 @@ prompted for.
=item B<-passin arg>
The input file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-out filename>
@@ -69,7 +69,7 @@ filename.
=item B<-passout password>
The output file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-traditional>
@@ -158,7 +158,7 @@ L<dsa(1)>, L<genrsa(1)>, L<gendsa(1)>
=head1 COPYRIGHT
-Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/pkeyutl.pod b/doc/man1/pkeyutl.pod
index ae24fdc10045..3b350efadd4f 100644
--- a/doc/man1/pkeyutl.pod
+++ b/doc/man1/pkeyutl.pod
@@ -74,7 +74,7 @@ The key format PEM, DER or ENGINE. Default is PEM.
=item B<-passin arg>
The input key password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-peerkey file>
@@ -327,7 +327,7 @@ L<EVP_PKEY_CTX_set_hkdf_md(3)>, L<EVP_PKEY_CTX_set_tls1_prf_md(3)>
=head1 COPYRIGHT
-Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/req.pod b/doc/man1/req.pod
index 730c59079d67..539b843803ed 100644
--- a/doc/man1/req.pod
+++ b/doc/man1/req.pod
@@ -91,7 +91,7 @@ Names and values of these options are algorithm-specific.
=item B<-passin arg>
The input file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-out filename>
@@ -101,7 +101,7 @@ default.
=item B<-passout arg>
The output file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-text>
@@ -695,7 +695,7 @@ L<x509v3_config(5)>
=head1 COPYRIGHT
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/rsa.pod b/doc/man1/rsa.pod
index 37f64616c00f..fddd828b9fc4 100644
--- a/doc/man1/rsa.pod
+++ b/doc/man1/rsa.pod
@@ -75,7 +75,7 @@ prompted for.
=item B<-passin arg>
The input file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-out filename>
@@ -87,7 +87,7 @@ filename.
=item B<-passout password>
The output file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea>
@@ -195,7 +195,7 @@ L<gendsa(1)>
=head1 COPYRIGHT
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod
index 132778b4d907..743b2db2ba43 100644
--- a/doc/man1/s_client.pod
+++ b/doc/man1/s_client.pod
@@ -258,7 +258,7 @@ Extra certificate and private key format respectively.
=item B<-pass arg>
the private key password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-verify depth>
@@ -828,7 +828,7 @@ The B<-name> option was added in OpenSSL 1.1.1.
=head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod
index c78a677abcfc..9fdac4919038 100644
--- a/doc/man1/s_server.pod
+++ b/doc/man1/s_server.pod
@@ -297,7 +297,7 @@ The private format to use: DER or PEM. PEM is the default.
=item B<-pass val>
The private key password source. For more information about the format of B<val>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-dcert infile>, B<-dkey infile>
@@ -845,7 +845,7 @@ The
=head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/smime.pod b/doc/man1/smime.pod
index 7f224fdc5e9d..bf40d04cae4b 100644
--- a/doc/man1/smime.pod
+++ b/doc/man1/smime.pod
@@ -295,7 +295,7 @@ specified, the argument is given to the engine as a key identifier.
=item B<-passin arg>
The private key password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-rand file...>
@@ -514,7 +514,7 @@ The -no_alt_chains option was added in OpenSSL 1.1.0.
=head1 COPYRIGHT
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/spkac.pod b/doc/man1/spkac.pod
index 655f1358074a..87e1b4bbcaa8 100644
--- a/doc/man1/spkac.pod
+++ b/doc/man1/spkac.pod
@@ -60,7 +60,7 @@ The default is PEM.
=item B<-passin password>
The input file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-challenge string>
@@ -145,7 +145,7 @@ L<ca(1)>
=head1 COPYRIGHT
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/storeutl.pod b/doc/man1/storeutl.pod
index a8d82bfb612b..3d2cb60bdc13 100644
--- a/doc/man1/storeutl.pod
+++ b/doc/man1/storeutl.pod
@@ -51,7 +51,7 @@ this option prevents output of the PEM data.
=item B<-passin arg>
the key password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-text>
@@ -123,7 +123,7 @@ The B<openssl> B<storeutl> app was added in OpenSSL 1.1.1.
=head1 COPYRIGHT
-Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/ts.pod b/doc/man1/ts.pod
index ee700a8f6ea4..9e1ffd5d083d 100644
--- a/doc/man1/ts.pod
+++ b/doc/man1/ts.pod
@@ -242,7 +242,7 @@ The name of the file containing a DER encoded timestamp request. (Optional)
=item B<-passin> password_src
Specifies the password source for the private key of the TSA. See
-B<PASS PHRASE ARGUMENTS> in L<openssl(1)>. (Optional)
+L<openssl(1)/Pass Phrase Options>. (Optional)
=item B<-signer> tsa_cert.pem
@@ -665,7 +665,7 @@ L<config(5)>
=head1 COPYRIGHT
-Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/x509.pod b/doc/man1/x509.pod
index 98d285e414b9..3c9b2f2263e3 100644
--- a/doc/man1/x509.pod
+++ b/doc/man1/x509.pod
@@ -376,7 +376,7 @@ Names and values of these options are algorithm-specific.
=item B<-passin arg>
The key password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-clrext>
@@ -932,7 +932,7 @@ the old form must have their links rebuilt using B<c_rehash> or similar.
=head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man3/DH_generate_key.pod b/doc/man3/DH_generate_key.pod
index 297e7fbf47b5..72726661a1d7 100644
--- a/doc/man3/DH_generate_key.pod
+++ b/doc/man3/DH_generate_key.pod
@@ -2,7 +2,8 @@
=head1 NAME
-DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange
+DH_generate_key, DH_compute_key, DH_compute_key_padded - perform
+Diffie-Hellman key exchange
=head1 SYNOPSIS
@@ -10,14 +11,16 @@ DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange
int DH_generate_key(DH *dh);
- int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
+ int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+
+ int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh);
=head1 DESCRIPTION
DH_generate_key() performs the first step of a Diffie-Hellman key
exchange by generating private and public DH values. By calling
-DH_compute_key(), these are combined with the other party's public
-value to compute the shared key.
+DH_compute_key() or DH_compute_key_padded(), these are combined with
+the other party's public value to compute the shared key.
DH_generate_key() expects B<dh> to contain the shared parameters
B<dh-E<gt>p> and B<dh-E<gt>g>. It generates a random private DH value
@@ -28,6 +31,14 @@ published.
DH_compute_key() computes the shared secret from the private DH value
in B<dh> and the other party's public value in B<pub_key> and stores
it in B<key>. B<key> must point to B<DH_size(dh)> bytes of memory.
+The padding style is RFC 5246 (8.1.2) that strips leading zero bytes.
+It is not constant time due to the leading zero bytes being stripped.
+The return value should be considered public.
+
+DH_compute_key_padded() is similar but stores a fixed number of bytes.
+The padding style is NIST SP 800-56A (C.1) that retains leading zero bytes.
+It is constant time due to the leading zero bytes being retained.
+The return value should be considered public.
=head1 RETURN VALUES
@@ -36,15 +47,21 @@ DH_generate_key() returns 1 on success, 0 otherwise.
DH_compute_key() returns the size of the shared secret on success, -1
on error.
+DH_compute_key_padded() returns B<DH_size(dh)> on success, -1 on error.
+
The error codes can be obtained by L<ERR_get_error(3)>.
=head1 SEE ALSO
L<DH_new(3)>, L<ERR_get_error(3)>, L<RAND_bytes(3)>, L<DH_size(3)>
+=head1 HISTORY
+
+DH_compute_key_padded() was added in OpenSSL 1.0.2.
+
=head1 COPYRIGHT
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man3/OCSP_sendreq_new.pod b/doc/man3/OCSP_sendreq_new.pod
index 16d5a21dfcae..65bdde88a2e1 100644
--- a/doc/man3/OCSP_sendreq_new.pod
+++ b/doc/man3/OCSP_sendreq_new.pod
@@ -2,9 +2,15 @@
=head1 NAME
-OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free,
-OCSP_set_max_response_length, OCSP_REQ_CTX_add1_header,
-OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio - OCSP responder query functions
+OCSP_sendreq_new,
+OCSP_sendreq_nbio,
+OCSP_REQ_CTX_free,
+OCSP_set_max_response_length,
+OCSP_REQ_CTX_add1_header,
+OCSP_REQ_CTX_set1_req,
+OCSP_sendreq_bio,
+OCSP_REQ_CTX_i2d
+- OCSP responder query functions
=head1 SYNOPSIS
@@ -26,6 +32,9 @@ OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio - OCSP responder query functions
OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req);
+ int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const char *content_type,
+ const ASN1_ITEM *it, ASN1_VALUE *req);
+
=head1 DESCRIPTION
The function OCSP_sendreq_new() returns an B<OCSP_CTX> structure using the
@@ -51,6 +60,15 @@ additional headers are set.
OCSP_REQ_CTX_set1_req() sets the OCSP request in B<rctx> to B<req>. This
function should be called after any calls to OCSP_REQ_CTX_add1_header().
+OCSP_REQ_CTX_set1_req(rctx, req) is equivalent to the following:
+
+ OCSP_REQ_CTX_i2d(rctx, "application/ocsp-request",
+ ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)req)
+
+OCSP_REQ_CTX_i2d() sets the request context B<rctx> to have the request
+B<req>, which has the ASN.1 type B<it>.
+The B<content_type>, if not NULL, will be included in the HTTP request.
+The function should be called after all other headers have already been added.
OCSP_sendreq_bio() performs an OCSP request using the responder B<io>, the URL
path B<path>, and the OCSP request B<req> with a response header maximum line
@@ -64,8 +82,8 @@ an error occurred.
OCSP_sendreq_nbio() returns B<1> if the operation was completed successfully,
B<-1> if the operation should be retried and B<0> if an error occurred.
-OCSP_REQ_CTX_add1_header() and OCSP_REQ_CTX_set1_req() return B<1> for success
-and B<0> for failure.
+OCSP_REQ_CTX_add1_header(), OCSP_REQ_CTX_set1_req(), and OCSP_REQ_CTX_i2d()
+return B<1> for success and B<0> for failure.
OCSP_sendreq_bio() returns the B<OCSP_RESPONSE> structure sent by the
responder or B<NULL> if an error occurred.
diff --git a/doc/man3/OPENSSL_malloc.pod b/doc/man3/OPENSSL_malloc.pod
index c60e038309a1..9834a8f13147 100644
--- a/doc/man3/OPENSSL_malloc.pod
+++ b/doc/man3/OPENSSL_malloc.pod
@@ -104,7 +104,7 @@ before ultimately calling OPENSSL_free().
OPENSSL_cleanse() fills B<ptr> of size B<len> with a string of 0's.
Use OPENSSL_cleanse() with care if the memory is a mapping of a file.
-If the storage controller uses write compression, then its possible
+If the storage controller uses write compression, then it's possible
that sensitive tail bytes will survive zeroization because the block of
zeros will be compressed. If the storage controller uses wear leveling,
then the old sensitive data will not be overwritten; rather, a block of
diff --git a/doc/man3/X509_get_extension_flags.pod b/doc/man3/X509_get_extension_flags.pod
index 43c9c952c6b7..d958b22a489b 100644
--- a/doc/man3/X509_get_extension_flags.pod
+++ b/doc/man3/X509_get_extension_flags.pod
@@ -78,12 +78,17 @@ The certificate contains an unhandled critical extension.
=item B<EXFLAG_INVALID>
-Some certificate extension values are invalid or inconsistent. The
-certificate should be rejected.
+Some certificate extension values are invalid or inconsistent.
+The certificate should be rejected.
This bit may also be raised after an out-of-memory error while
processing the X509 object, so it may not be related to the processed
ASN1 object itself.
+=item B<EXFLAG_NO_FINGERPRINT>
+
+Failed to compute the internal SHA1 hash value of the certificate.
+This may be due to malloc failure or because no SHA1 implementation was found.
+
=item B<EXFLAG_INVALID_POLICY>
The NID_certificate_policies certificate extension is invalid or
@@ -194,7 +199,7 @@ X509_get_proxy_pathlen() were added in OpenSSL 1.1.0.
=head1 COPYRIGHT
-Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy