diff options
Diffstat (limited to 'doc/man3')
119 files changed, 293 insertions, 238 deletions
diff --git a/doc/man3/ASN1_INTEGER_get_int64.pod b/doc/man3/ASN1_INTEGER_get_int64.pod index d0a6a3c810a1..9b73290742d4 100644 --- a/doc/man3/ASN1_INTEGER_get_int64.pod +++ b/doc/man3/ASN1_INTEGER_get_int64.pod @@ -119,7 +119,7 @@ L<ERR_get_error(3)> ASN1_INTEGER_set_int64(), ASN1_INTEGER_get_int64(), ASN1_ENUMERATED_set_int64() and ASN1_ENUMERATED_get_int64() -were added to OpenSSL 1.1.0. +were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/ASYNC_WAIT_CTX_new.pod b/doc/man3/ASYNC_WAIT_CTX_new.pod index 204280210e04..e4d809c08fd1 100644 --- a/doc/man3/ASYNC_WAIT_CTX_new.pod +++ b/doc/man3/ASYNC_WAIT_CTX_new.pod @@ -127,10 +127,10 @@ L<crypto(7)>, L<ASYNC_start_job(3)> =head1 HISTORY -ASYNC_WAIT_CTX_new, ASYNC_WAIT_CTX_free, ASYNC_WAIT_CTX_set_wait_fd, -ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, -ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd were first added to -OpenSSL 1.1.0. +ASYNC_WAIT_CTX_new(), ASYNC_WAIT_CTX_free(), ASYNC_WAIT_CTX_set_wait_fd(), +ASYNC_WAIT_CTX_get_fd(), ASYNC_WAIT_CTX_get_all_fds(), +ASYNC_WAIT_CTX_get_changed_fds() and ASYNC_WAIT_CTX_clear_fd() +were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/ASYNC_start_job.pod b/doc/man3/ASYNC_start_job.pod index 21b77a96b95e..9bd1044b266a 100644 --- a/doc/man3/ASYNC_start_job.pod +++ b/doc/man3/ASYNC_start_job.pod @@ -317,7 +317,7 @@ L<crypto(7)>, L<ERR_print_errors(3)> ASYNC_init_thread, ASYNC_cleanup_thread, ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, ASYNC_get_wait_ctx(), ASYNC_block_pause(), ASYNC_unblock_pause() and ASYNC_is_capable() were first -added to OpenSSL 1.1.0. +added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/BIO_new_CMS.pod b/doc/man3/BIO_new_CMS.pod index b06c224f7180..f8d4c3bde6ee 100644 --- a/doc/man3/BIO_new_CMS.pod +++ b/doc/man3/BIO_new_CMS.pod @@ -61,7 +61,7 @@ L<CMS_encrypt(3)> =head1 HISTORY -BIO_new_CMS() was added to OpenSSL 1.0.0 +The BIO_new_CMS() function was added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/BN_generate_prime.pod b/doc/man3/BN_generate_prime.pod index b505841832ec..b6e9145106be 100644 --- a/doc/man3/BN_generate_prime.pod +++ b/doc/man3/BN_generate_prime.pod @@ -197,8 +197,8 @@ L<RSA_generate_key(3)>, L<ERR_get_error(3)>, L<RAND_bytes(3)> =head1 HISTORY -BN_GENCB_new(), BN_GENCB_free(), -and BN_GENCB_get_arg() were added in OpenSSL 1.1.0 +The BN_GENCB_new(), BN_GENCB_free(), +and BN_GENCB_get_arg() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/BN_rand.pod b/doc/man3/BN_rand.pod index eb0a6b13862f..90b50ffc311e 100644 --- a/doc/man3/BN_rand.pod +++ b/doc/man3/BN_rand.pod @@ -73,7 +73,8 @@ a future release. =item * -BN_priv_rand() and BN_priv_rand_range() were added in OpenSSL 1.1.1. +The +BN_priv_rand() and BN_priv_rand_range() functions were added in OpenSSL 1.1.1. =back diff --git a/doc/man3/BN_security_bits.pod b/doc/man3/BN_security_bits.pod index 1aed85a71a9c..f6e5857a4eed 100644 --- a/doc/man3/BN_security_bits.pod +++ b/doc/man3/BN_security_bits.pod @@ -33,7 +33,7 @@ function. The symmetric algorithms are not covered neither. =head1 HISTORY -BN_security_bits() was added in OpenSSL 1.1.0. +The BN_security_bits() function was added in OpenSSL 1.1.0. =head1 SEE ALSO diff --git a/doc/man3/BUF_MEM_new.pod b/doc/man3/BUF_MEM_new.pod index 61922502a3f1..0c68f3776f7c 100644 --- a/doc/man3/BUF_MEM_new.pod +++ b/doc/man3/BUF_MEM_new.pod @@ -61,7 +61,7 @@ L<CRYPTO_secure_malloc(3)>. =head1 HISTORY -BUF_MEM_new_ex() was added in OpenSSL 1.1.0. +The BUF_MEM_new_ex() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/CMS_get0_type.pod b/doc/man3/CMS_get0_type.pod index cad8d3f66280..bc38a09bdcbc 100644 --- a/doc/man3/CMS_get0_type.pod +++ b/doc/man3/CMS_get0_type.pod @@ -16,11 +16,12 @@ CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType, CMS_get0_content - =head1 DESCRIPTION CMS_get0_type() returns the content type of a CMS_ContentInfo structure as -and ASN1_OBJECT pointer. An application can then decide how to process the +an ASN1_OBJECT pointer. An application can then decide how to process the CMS_ContentInfo structure based on this value. CMS_set1_eContentType() sets the embedded content type of a CMS_ContentInfo -structure. It should be called with CMS functions with the B<CMS_PARTIAL> +structure. It should be called with CMS functions (such as L<CMS_sign>, L<CMS_encrypt>) +with the B<CMS_PARTIAL> flag and B<before> the structure is finalised, otherwise the results are undefined. @@ -60,7 +61,7 @@ embedded content as it is normally set by higher level functions. =head1 RETURN VALUES -CMS_get0_type() and CMS_get0_eContentType() return and ASN1_OBJECT structure. +CMS_get0_type() and CMS_get0_eContentType() return an ASN1_OBJECT structure. CMS_set1_eContentType() returns 1 for success or 0 if an error occurred. The error can be obtained from ERR_get_error(3). @@ -71,7 +72,7 @@ L<ERR_get_error(3)> =head1 COPYRIGHT -Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/CONF_modules_load_file.pod b/doc/man3/CONF_modules_load_file.pod index ecf294a2c60d..485cf797b12e 100644 --- a/doc/man3/CONF_modules_load_file.pod +++ b/doc/man3/CONF_modules_load_file.pod @@ -28,13 +28,21 @@ reads configuration information from B<cnf>. The following B<flags> are currently recognized: -B<CONF_MFLAGS_IGNORE_ERRORS> if set errors returned by individual +If B<CONF_MFLAGS_IGNORE_ERRORS> is set errors returned by individual configuration modules are ignored. If not set the first module error is considered fatal and no further modules are loaded. Normally any modules errors will add error information to the error queue. If B<CONF_MFLAGS_SILENT> is set no error information is added. +If B<CONF_MFLAGS_IGNORE_RETURN_CODES> is set the function unconditionally +returns success. +This is used by default in L<OPENSSL_init_crypto(3)> to ignore any errors in +the default system-wide configuration file, as having all OpenSSL applications +fail to start when there are potentially minor issues in the file is too risky. +Applications calling B<CONF_modules_load_file> explicitly should not generally +set this flag. + If B<CONF_MFLAGS_NO_DSO> is set configuration module loading from DSOs is disabled. @@ -126,7 +134,7 @@ L<config(5)>, L<OPENSSL_config(3)> =head1 COPYRIGHT -Copyright 2004-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/CRYPTO_get_ex_new_index.pod b/doc/man3/CRYPTO_get_ex_new_index.pod index 4d5a2b93a082..b2d33ef90d9e 100644 --- a/doc/man3/CRYPTO_get_ex_new_index.pod +++ b/doc/man3/CRYPTO_get_ex_new_index.pod @@ -100,7 +100,7 @@ to avoid likely double-free crashes. The function B<CRYPTO_free_ex_data> is used to free all exdata attached to a structure. The appropriate type-specific routine must be used. The B<class_index> identifies the structure type, the B<obj> is -be the pointer to the actual structure, and B<r> is a pointer to the +a pointer to the actual structure, and B<r> is a pointer to the structure's exdata field. =head2 Callback Functions @@ -157,7 +157,7 @@ dup_func() should return 0 for failure and 1 for success. =head1 COPYRIGHT -Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/CTLOG_STORE_get0_log_by_id.pod b/doc/man3/CTLOG_STORE_get0_log_by_id.pod index 36063b62e858..86696a559462 100644 --- a/doc/man3/CTLOG_STORE_get0_log_by_id.pod +++ b/doc/man3/CTLOG_STORE_get0_log_by_id.pod @@ -35,7 +35,7 @@ L<CTLOG_STORE_new(3)> =head1 HISTORY -This function was added in OpenSSL 1.1.0. +The CTLOG_STORE_get0_log_by_id() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/DH_size.pod b/doc/man3/DH_size.pod index 3b65d7ea6d6b..3cbdbc67da1c 100644 --- a/doc/man3/DH_size.pod +++ b/doc/man3/DH_size.pod @@ -43,7 +43,7 @@ L<BN_num_bits(3)> =head1 HISTORY -DH_bits() was added in OpenSSL 1.1.0. +The DH_bits() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/DTLS_get_data_mtu.pod b/doc/man3/DTLS_get_data_mtu.pod index ab7147217ac1..81b945f134a6 100644 --- a/doc/man3/DTLS_get_data_mtu.pod +++ b/doc/man3/DTLS_get_data_mtu.pod @@ -22,7 +22,7 @@ Returns the maximum data payload size on success, or 0 on failure. =head1 HISTORY -This function was added in OpenSSL 1.1.1 +The DTLS_get_data_mtu() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/DTLS_set_timer_cb.pod b/doc/man3/DTLS_set_timer_cb.pod index 6e1347213e6f..c5154dca3570 100644 --- a/doc/man3/DTLS_set_timer_cb.pod +++ b/doc/man3/DTLS_set_timer_cb.pod @@ -26,7 +26,7 @@ Returns void. =head1 HISTORY -This function was added in OpenSSL 1.1.1 +The DTLS_set_timer_cb() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/DTLSv1_listen.pod b/doc/man3/DTLSv1_listen.pod index 858e39316105..76be40b68f10 100644 --- a/doc/man3/DTLSv1_listen.pod +++ b/doc/man3/DTLSv1_listen.pod @@ -117,10 +117,10 @@ L<ssl(7)>, L<bio(7)> =head1 HISTORY -SSL_stateless() was first added in OpenSSL 1.1.1. +The SSL_stateless() function was added in OpenSSL 1.1.1. -DTLSv1_listen() return codes were clarified in OpenSSL 1.1.0. The type of "peer" -also changed in OpenSSL 1.1.0. +The DTLSv1_listen() return codes were clarified in OpenSSL 1.1.0. +The type of "peer" also changed in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/EC_GROUP_copy.pod b/doc/man3/EC_GROUP_copy.pod index ee20f9526adc..7bf350062375 100644 --- a/doc/man3/EC_GROUP_copy.pod +++ b/doc/man3/EC_GROUP_copy.pod @@ -89,7 +89,7 @@ named curve form is used and the parameters must have a corresponding named curve NID set. If asn1_flags is B<OPENSSL_EC_EXPLICIT_CURVE> the parameters are explicitly encoded. The functions EC_GROUP_get_asn1_flag and EC_GROUP_set_asn1_flag get and set the status of the asn1_flag for the curve. -Note: B<OPENSSL_EC_EXPLICIT_CURVE> was first added to OpenSSL 1.1.0, for +Note: B<OPENSSL_EC_EXPLICIT_CURVE> was added in OpenSSL 1.1.0, for previous versions of OpenSSL the value 0 must be used instead. Before OpenSSL 1.1.0 the default form was to use explicit parameters (meaning that applications would have to explicitly set the named curve form) in OpenSSL @@ -175,7 +175,7 @@ and EC_GROUP_get_degree return the order, cofactor, curve name (NID), ASN1 flag, specified curve respectively. If there is no curve name associated with a curve then EC_GROUP_get_curve_name will return 0. EC_GROUP_get0_order() returns an internal pointer to the group order. -EC_GROUP_get_order_bits() returns the number of bits in the group order. +EC_GROUP_order_bits() returns the number of bits in the group order. EC_GROUP_get0_cofactor() returns an internal pointer to the group cofactor. EC_GROUP_get0_seed returns a pointer to the seed that was used to generate the parameter b, or NULL if the seed is not diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index 5ecbcc5e8992..37bc10d38056 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -369,15 +369,15 @@ L<EVP_whirlpool(3)> =head1 HISTORY -EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were renamed to -EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1.0. +The EVP_MD_CTX_create() and EVP_MD_CTX_destroy() functions were renamed to +EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1.0, respectively. The link between digests and signing algorithms was fixed in OpenSSL 1.0 and later, so now EVP_sha1() can be used with RSA and DSA. -EVP_dss1() was removed in OpenSSL 1.1.0. +The EVP_dss1() function was removed in OpenSSL 1.1.0. -EVP_MD_CTX_set_pkey_ctx() was added in 1.1.1. +The EVP_MD_CTX_set_pkey_ctx() function was added in 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/EVP_DigestSignInit.pod b/doc/man3/EVP_DigestSignInit.pod index 773de87efac4..7b74a23cbcf2 100644 --- a/doc/man3/EVP_DigestSignInit.pod +++ b/doc/man3/EVP_DigestSignInit.pod @@ -152,7 +152,7 @@ L<SHA1(3)>, L<dgst(1)> =head1 HISTORY EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal() -were first added to OpenSSL 1.0.0. +were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_DigestVerifyInit.pod b/doc/man3/EVP_DigestVerifyInit.pod index e93ac2ef0810..98a0987a3aaa 100644 --- a/doc/man3/EVP_DigestVerifyInit.pod +++ b/doc/man3/EVP_DigestVerifyInit.pod @@ -98,7 +98,7 @@ L<SHA1(3)>, L<dgst(1)> =head1 HISTORY EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal() -were first added to OpenSSL 1.0.0. +were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 5fdbc33ac10f..b43a3e5468ca 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -632,7 +632,7 @@ L<EVP_sm4(3)> =head1 HISTORY -Support for OCB mode was added in OpenSSL 1.1.0 +Support for OCB mode was added in OpenSSL 1.1.0. B<EVP_CIPHER_CTX> was made opaque in OpenSSL 1.1.0. As a result, EVP_CIPHER_CTX_reset() appeared and EVP_CIPHER_CTX_cleanup() diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod index 4982e9205305..75fad0f70ce0 100644 --- a/doc/man3/EVP_PKEY_CTX_ctrl.pod +++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod @@ -359,7 +359,7 @@ B<param_enc> when generating EC parameters or an EC key. The encoding can be B<OPENSSL_EC_EXPLICIT_CURVE> for explicit parameters (the default in versions of OpenSSL before 1.1.0) or B<OPENSSL_EC_NAMED_CURVE> to use named curve form. For maximum compatibility the named curve form should be used. Note: the -B<OPENSSL_EC_NAMED_CURVE> value was only added to OpenSSL 1.1.0; previous +B<OPENSSL_EC_NAMED_CURVE> value was added in OpenSSL 1.1.0; previous versions should use 0 instead. =head2 ECDH parameters @@ -439,8 +439,9 @@ L<EVP_PKEY_keygen(3)> =head1 HISTORY +The EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id() and EVP_PKEY_CTX_get1_id_len() -macros were added in 1.1.1, other functions were first added to OpenSSL 1.0.0. +macros were added in 1.1.1, other functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_CTX_new.pod b/doc/man3/EVP_PKEY_CTX_new.pod index eff94cd94364..f01fc9752297 100644 --- a/doc/man3/EVP_PKEY_CTX_new.pod +++ b/doc/man3/EVP_PKEY_CTX_new.pod @@ -48,7 +48,7 @@ L<EVP_PKEY_new(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_asn1_get_count.pod b/doc/man3/EVP_PKEY_asn1_get_count.pod index 9ad2daed4f5b..cd99e4d75786 100644 --- a/doc/man3/EVP_PKEY_asn1_get_count.pod +++ b/doc/man3/EVP_PKEY_asn1_get_count.pod @@ -48,7 +48,7 @@ engine that implements it. EVP_PKEY_asn1_get0_info() returns the public key ID, base public key ID (both NIDs), any flags, the method description and PEM type string -associated with the public key ASN.1 method B<*ameth>. +associated with the public key ASN.1 method B<*ameth>. EVP_PKEY_asn1_count(), EVP_PKEY_asn1_get0(), EVP_PKEY_asn1_find() and EVP_PKEY_asn1_find_str() are not thread safe, but as long as all @@ -70,7 +70,7 @@ L<EVP_PKEY_asn1_new(3)>, L<EVP_PKEY_asn1_add0(3)> =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_decrypt.pod b/doc/man3/EVP_PKEY_decrypt.pod index 2a691a61773b..2e3d266541a6 100644 --- a/doc/man3/EVP_PKEY_decrypt.pod +++ b/doc/man3/EVP_PKEY_decrypt.pod @@ -91,7 +91,7 @@ L<EVP_PKEY_derive(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_derive.pod b/doc/man3/EVP_PKEY_derive.pod index 8cd0b54740d4..a74065e31f3b 100644 --- a/doc/man3/EVP_PKEY_derive.pod +++ b/doc/man3/EVP_PKEY_derive.pod @@ -89,7 +89,7 @@ L<EVP_PKEY_verify_recover(3)>, =head1 HISTORY -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_encrypt.pod b/doc/man3/EVP_PKEY_encrypt.pod index 4e9a34e740f3..371891046473 100644 --- a/doc/man3/EVP_PKEY_encrypt.pod +++ b/doc/man3/EVP_PKEY_encrypt.pod @@ -96,7 +96,7 @@ L<EVP_PKEY_derive(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_get_default_digest_nid.pod b/doc/man3/EVP_PKEY_get_default_digest_nid.pod index da76677044c2..ed52e9696c9f 100644 --- a/doc/man3/EVP_PKEY_get_default_digest_nid.pod +++ b/doc/man3/EVP_PKEY_get_default_digest_nid.pod @@ -37,7 +37,7 @@ L<EVP_PKEY_verify_recover(3)>, =head1 HISTORY -This function was first added to OpenSSL 1.0.0. +This function was added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_keygen.pod b/doc/man3/EVP_PKEY_keygen.pod index 0b86eaaaa3db..83cebe7ce2f4 100644 --- a/doc/man3/EVP_PKEY_keygen.pod +++ b/doc/man3/EVP_PKEY_keygen.pod @@ -189,7 +189,7 @@ L<EVP_PKEY_derive(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. EVP_PKEY_check(), EVP_PKEY_public_check() and EVP_PKEY_param_check() were added in OpenSSL 1.1.1. diff --git a/doc/man3/EVP_PKEY_new.pod b/doc/man3/EVP_PKEY_new.pod index a3532a359632..ebe20986dba1 100644 --- a/doc/man3/EVP_PKEY_new.pod +++ b/doc/man3/EVP_PKEY_new.pod @@ -114,12 +114,15 @@ L<EVP_PKEY_set1_EC_KEY> =head1 HISTORY -EVP_PKEY_new() and EVP_PKEY_free() exist in all versions of OpenSSL. +The +EVP_PKEY_new() and EVP_PKEY_free() functions exist in all versions of OpenSSL. -EVP_PKEY_up_ref() was first added to OpenSSL 1.1.0. +The EVP_PKEY_up_ref() function was added in OpenSSL 1.1.0. + +The EVP_PKEY_new_raw_private_key(), EVP_PKEY_new_raw_public_key(), EVP_PKEY_new_CMAC_key(), EVP_PKEY_new_raw_private_key() and -EVP_PKEY_get_raw_public_key() were first added to OpenSSL 1.1.1. +EVP_PKEY_get_raw_public_key() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_print_private.pod b/doc/man3/EVP_PKEY_print_private.pod index 3ebd086a1c19..e0750c7eedbb 100644 --- a/doc/man3/EVP_PKEY_print_private.pod +++ b/doc/man3/EVP_PKEY_print_private.pod @@ -47,7 +47,7 @@ L<EVP_PKEY_keygen(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_sign.pod b/doc/man3/EVP_PKEY_sign.pod index bdebf0b9241f..1672831ff015 100644 --- a/doc/man3/EVP_PKEY_sign.pod +++ b/doc/man3/EVP_PKEY_sign.pod @@ -101,7 +101,7 @@ L<EVP_PKEY_derive(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_verify.pod b/doc/man3/EVP_PKEY_verify.pod index 57d7f8cf86f8..cdbb80b99df8 100644 --- a/doc/man3/EVP_PKEY_verify.pod +++ b/doc/man3/EVP_PKEY_verify.pod @@ -89,7 +89,7 @@ L<EVP_PKEY_derive(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_verify_recover.pod b/doc/man3/EVP_PKEY_verify_recover.pod index 85d76f84ac37..251360656167 100644 --- a/doc/man3/EVP_PKEY_verify_recover.pod +++ b/doc/man3/EVP_PKEY_verify_recover.pod @@ -100,7 +100,7 @@ L<EVP_PKEY_derive(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.0. +These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_SignInit.pod b/doc/man3/EVP_SignInit.pod index 12e67f8cbf86..86fec82fb007 100644 --- a/doc/man3/EVP_SignInit.pod +++ b/doc/man3/EVP_SignInit.pod @@ -17,7 +17,7 @@ functions void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); - int EVP_PKEY_size(EVP_PKEY *pkey); + int EVP_PKEY_size(const EVP_PKEY *pkey); int EVP_PKEY_security_bits(const EVP_PKEY *pkey); =head1 DESCRIPTION diff --git a/doc/man3/HMAC.pod b/doc/man3/HMAC.pod index c480a9c9ebef..65386a7baa31 100644 --- a/doc/man3/HMAC.pod +++ b/doc/man3/HMAC.pod @@ -91,7 +91,7 @@ because reuse of an existing key with a different digest is not supported. HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash function B<evp_md> and the key B<key> which is B<key_len> bytes -long. +long. HMAC_Update() can be called repeatedly with chunks of the message to be authenticated (B<len> bytes at B<data>). @@ -147,7 +147,7 @@ OpenSSL before version 1.0.0. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OPENSSL_init_crypto.pod b/doc/man3/OPENSSL_init_crypto.pod index a259539f0552..c7823e32d6df 100644 --- a/doc/man3/OPENSSL_init_crypto.pod +++ b/doc/man3/OPENSSL_init_crypto.pod @@ -2,10 +2,11 @@ =head1 NAME -OPENSSL_INIT_new, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_free, -OPENSSL_init_crypto, OPENSSL_cleanup, -OPENSSL_atexit, OPENSSL_thread_stop - OpenSSL -initialisation and deinitialisation functions +OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename, +OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags, +OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit, +OPENSSL_thread_stop - OpenSSL initialisation +and deinitialisation functions =head1 SYNOPSIS @@ -17,6 +18,10 @@ initialisation and deinitialisation functions void OPENSSL_thread_stop(void); OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); + int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init, + const char* filename); + int OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init, + unsigned long flags); int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init, const char* name); void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init); @@ -33,7 +38,7 @@ As of version 1.1.0 OpenSSL will automatically allocate all resources that it needs so no explicit initialisation is required. Similarly it will also automatically deinitialise as required. -However, there way be situations when explicit initialisation is desirable or +However, there may be situations when explicit initialisation is desirable or needed, for example when some non-default initialisation is required. The function OPENSSL_init_crypto() can be used for this purpose for libcrypto (see also L<OPENSSL_init_ssl(3)> for the libssl @@ -96,7 +101,7 @@ B<OPENSSL_INIT_ADD_ALL_DIGESTS> will be ignored. With this option an OpenSSL configuration file will be automatically loaded and used by calling OPENSSL_config(). This is not a default option for libcrypto. -From OpenSSL 1.1.1 this is a default option for libssl (see +As of OpenSSL 1.1.1 this is a default option for libssl (see L<OPENSSL_init_ssl(3)> for further details about libssl initialisation). See the description of OPENSSL_INIT_new(), below. @@ -157,6 +162,13 @@ engines. This not a default option. With this option the library will register its fork handlers. See OPENSSL_fork_prepare(3) for details. +=item OPENSSL_INIT_NO_ATEXIT + +By default OpenSSL will attempt to clean itself up when the process exits via an +"atexit" handler. Using this option suppresses that behaviour. This means that +the application will have to clean up OpenSSL explicitly using +OPENSSL_cleanup(). + =back Multiple options may be combined together in a single call to @@ -196,12 +208,22 @@ the library when the thread exits. This should only be called directly if resources should be freed at an earlier time, or under the circumstances described in the NOTES section below. -The B<OPENSSL_INIT_LOAD_CONFIG> flag will load a default configuration -file. For optional configuration file settings, an B<OPENSSL_INIT_SETTINGS> -must be created and used. -The routines OPENSSL_init_new() and OPENSSL_INIT_set_config_appname() can -be used to allocate the object and set the application name, and then the -object can be released with OPENSSL_INIT_free() when done. +The B<OPENSSL_INIT_LOAD_CONFIG> flag will load a configuration file, as with +L<CONF_modules_load_file(3)> with NULL filename and application name and the +B<CONF_MFLAGS_IGNORE_MISSING_FILE>, B<CONF_MFLAGS_IGNORE_RETURN_CODES> and +B<CONF_MFLAGS_DEFAULT_SECTION> flags. +The filename, application name, and flags can be customized by providing a +non-null B<OPENSSL_INIT_SETTINGS> object. +The object can be allocated via B<OPENSSL_init_new()>. +The B<OPENSSL_INIT_set_config_filename()> function can be used to specify a +non-default filename, which is copied and need not refer to persistent storage. +Similarly, OPENSSL_INIT_set_config_appname() can be used to specify a +non-default application name. +Finally, OPENSSL_INIT_set_file_flags can be used to specify non-default flags. +If the B<CONF_MFLAGS_IGNORE_RETURN_CODES> flag is not included, any errors in +the configuration file will cause an error return from B<OPENSSL_init_crypto> +or indirectly L<OPENSSL_init_ssl(3)>. +The object can be released with OPENSSL_INIT_free() when done. =head1 NOTES @@ -242,7 +264,7 @@ and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OPENSSL_malloc.pod b/doc/man3/OPENSSL_malloc.pod index 049a12556ae7..2d678c951f0a 100644 --- a/doc/man3/OPENSSL_malloc.pod +++ b/doc/man3/OPENSSL_malloc.pod @@ -90,10 +90,8 @@ generally macro's that add the standard C B<__FILE__> and B<__LINE__> parameters and call a lower-level B<CRYPTO_xxx> API. Some functions do not add those parameters, but exist for consistency. -OPENSSL_malloc_init() sets the lower-level memory allocation functions -to their default implementation. -It is generally not necessary to call this, except perhaps in certain -shared-library situations. +OPENSSL_malloc_init() does nothing and does not need to be called. It is +included for compatibility with older versions of OpenSSL. OPENSSL_malloc(), OPENSSL_realloc(), and OPENSSL_free() are like the C malloc(), realloc(), and free() functions. @@ -247,7 +245,7 @@ only, say, the malloc() implementation is outright dangerous.> =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OPENSSL_secure_malloc.pod b/doc/man3/OPENSSL_secure_malloc.pod index 5a01c8246933..6c395383513b 100644 --- a/doc/man3/OPENSSL_secure_malloc.pod +++ b/doc/man3/OPENSSL_secure_malloc.pod @@ -120,7 +120,7 @@ L<BN_new(3)> =head1 HISTORY -OPENSSL_secure_clear_free() was added in OpenSSL 1.1.0g. +The OPENSSL_secure_clear_free() function was added in OpenSSL 1.1.0g. =head1 COPYRIGHT diff --git a/doc/man3/OSSL_STORE_INFO.pod b/doc/man3/OSSL_STORE_INFO.pod index 20d41ac534e7..4c68986c56b2 100644 --- a/doc/man3/OSSL_STORE_INFO.pod +++ b/doc/man3/OSSL_STORE_INFO.pod @@ -190,7 +190,7 @@ OSSL_STORE_INFO_get0_CERT(), OSSL_STORE_INFO_get0_CRL(), OSSL_STORE_INFO_type_string(), OSSL_STORE_INFO_free(), OSSL_STORE_INFO_new_NAME(), OSSL_STORE_INFO_new_PARAMS(), OSSL_STORE_INFO_new_PKEY(), OSSL_STORE_INFO_new_CERT() and OSSL_STORE_INFO_new_CRL() -were added to OpenSSL 1.1.1. +were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/OSSL_STORE_LOADER.pod b/doc/man3/OSSL_STORE_LOADER.pod index 87c135a1275b..150375411452 100644 --- a/doc/man3/OSSL_STORE_LOADER.pod +++ b/doc/man3/OSSL_STORE_LOADER.pod @@ -250,7 +250,7 @@ OSSL_STORE_LOADER_set_eof(), OSSL_STORE_LOADER_set_close(), OSSL_STORE_LOADER_free(), OSSL_STORE_register_loader(), OSSL_STORE_unregister_loader(), OSSL_STORE_open_fn(), OSSL_STORE_ctrl_fn(), OSSL_STORE_load_fn(), OSSL_STORE_eof_fn() and OSSL_STORE_close_fn() -were added to OpenSSL 1.1.1. +were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/OSSL_STORE_SEARCH.pod b/doc/man3/OSSL_STORE_SEARCH.pod index 6d36a190ae5a..0c2dd2bc24c5 100644 --- a/doc/man3/OSSL_STORE_SEARCH.pod +++ b/doc/man3/OSSL_STORE_SEARCH.pod @@ -179,7 +179,7 @@ OSSL_STORE_SEARCH_get0_name(), OSSL_STORE_SEARCH_get0_serial(), OSSL_STORE_SEARCH_get0_bytes(), and OSSL_STORE_SEARCH_get0_string() -were added to OpenSSL 1.1.1. +were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/OSSL_STORE_expect.pod b/doc/man3/OSSL_STORE_expect.pod index e3f06b55be71..154472a76b51 100644 --- a/doc/man3/OSSL_STORE_expect.pod +++ b/doc/man3/OSSL_STORE_expect.pod @@ -65,7 +65,7 @@ L<OSSL_STORE_load(3)> =head1 HISTORY OSSL_STORE_expect(), OSSL_STORE_supports_search() and OSSL_STORE_find() -were added to OpenSSL 1.1.1. +were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/OSSL_STORE_open.pod b/doc/man3/OSSL_STORE_open.pod index b1467f4100a7..1e8ebf7ce1ce 100644 --- a/doc/man3/OSSL_STORE_open.pod +++ b/doc/man3/OSSL_STORE_open.pod @@ -147,7 +147,7 @@ L<passphrase-encoding(7)> OSSL_STORE_CTX(), OSSL_STORE_post_process_info_fn(), OSSL_STORE_open(), OSSL_STORE_ctrl(), OSSL_STORE_load(), OSSL_STORE_eof() and OSSL_STORE_close() -were added to OpenSSL 1.1.1. +were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/PEM_read_bio_ex.pod b/doc/man3/PEM_read_bio_ex.pod index e171bff2453a..a16b0ede5a9c 100644 --- a/doc/man3/PEM_read_bio_ex.pod +++ b/doc/man3/PEM_read_bio_ex.pod @@ -56,7 +56,7 @@ L<PEM(3)> =head1 HISTORY -PEM_read_bio_ex() was added in OpenSSL 1.1.1. +The PEM_read_bio_ex() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/PEM_write_bio_CMS_stream.pod b/doc/man3/PEM_write_bio_CMS_stream.pod index c73fafd44bdc..bc3ee167e0c4 100644 --- a/doc/man3/PEM_write_bio_CMS_stream.pod +++ b/doc/man3/PEM_write_bio_CMS_stream.pod @@ -36,7 +36,7 @@ L<i2d_CMS_bio_stream(3)> =head1 HISTORY -PEM_write_bio_CMS_stream() was added to OpenSSL 1.0.0 +The PEM_write_bio_CMS_stream() function was added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/PEM_write_bio_PKCS7_stream.pod b/doc/man3/PEM_write_bio_PKCS7_stream.pod index 77f97aaa2bbc..32b7ef2ef754 100644 --- a/doc/man3/PEM_write_bio_PKCS7_stream.pod +++ b/doc/man3/PEM_write_bio_PKCS7_stream.pod @@ -35,7 +35,7 @@ L<i2d_PKCS7_bio_stream(3)> =head1 HISTORY -PEM_write_bio_PKCS7_stream() was added to OpenSSL 1.0.0 +The PEM_write_bio_PKCS7_stream() function was added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/PKCS12_parse.pod b/doc/man3/PKCS12_parse.pod index 747a36f5ed04..208644c019bf 100644 --- a/doc/man3/PKCS12_parse.pod +++ b/doc/man3/PKCS12_parse.pod @@ -8,7 +8,8 @@ PKCS12_parse - parse a PKCS#12 structure #include <openssl/pkcs12.h> -int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); + int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca); =head1 DESCRIPTION diff --git a/doc/man3/PKCS7_sign.pod b/doc/man3/PKCS7_sign.pod index c1df5f19a070..6fd54777d1f1 100644 --- a/doc/man3/PKCS7_sign.pod +++ b/doc/man3/PKCS7_sign.pod @@ -108,9 +108,9 @@ L<ERR_get_error(3)>, L<PKCS7_verify(3)> =head1 HISTORY The B<PKCS7_PARTIAL> flag, and the ability for B<certs>, B<signcert>, -and B<pkey> parameters to be B<NULL> to be was added in OpenSSL 1.0.0 +and B<pkey> parameters to be B<NULL> were added in OpenSSL 1.0.0. -The B<PKCS7_STREAM> flag was added in OpenSSL 1.0.0 +The B<PKCS7_STREAM> flag was added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/PKCS7_sign_add_signer.pod b/doc/man3/PKCS7_sign_add_signer.pod index 2bc6c40bd2ea..d4a27a2f6194 100644 --- a/doc/man3/PKCS7_sign_add_signer.pod +++ b/doc/man3/PKCS7_sign_add_signer.pod @@ -83,7 +83,7 @@ L<PKCS7_final(3)>, =head1 HISTORY -PPKCS7_sign_add_signer() was added to OpenSSL 1.0.0 +The PPKCS7_sign_add_signer() function was added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/RAND_bytes.pod b/doc/man3/RAND_bytes.pod index fca1ad6961de..f257e050065f 100644 --- a/doc/man3/RAND_bytes.pod +++ b/doc/man3/RAND_bytes.pod @@ -53,7 +53,7 @@ RAND_pseudo_bytes() was deprecated in OpenSSL 1.1.0; use RAND_bytes() instead. =item * -RAND_priv_bytes() was added in OpenSSL 1.1.1. +The RAND_priv_bytes() function was added in OpenSSL 1.1.1. =back diff --git a/doc/man3/RIPEMD160_Init.pod b/doc/man3/RIPEMD160_Init.pod index 77ac4fbc122f..d3cdf930d88e 100644 --- a/doc/man3/RIPEMD160_Init.pod +++ b/doc/man3/RIPEMD160_Init.pod @@ -13,7 +13,7 @@ RIPEMD-160 hash function unsigned char *md); int RIPEMD160_Init(RIPEMD160_CTX *c); - int RIPEMD160_Update(RIPEMD_CTX *c, const void *data, unsigned long len); + int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len); int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); =head1 DESCRIPTION @@ -61,7 +61,7 @@ L<EVP_DigestInit(3)> =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RSA_get0_key.pod b/doc/man3/RSA_get0_key.pod index cb7d0f66db10..358c2de256f9 100644 --- a/doc/man3/RSA_get0_key.pod +++ b/doc/man3/RSA_get0_key.pod @@ -157,6 +157,7 @@ L<RSA_new(3)>, L<RSA_size(3)> =head1 HISTORY +The RSA_get_multi_prime_extra_count(), RSA_get0_multi_prime_factors(), RSA_get0_multi_prime_crt_params(), RSA_set0_multi_prime_params(), and RSA_get_version() functions were added in OpenSSL 1.1.1. diff --git a/doc/man3/RSA_padding_add_PKCS1_type_1.pod b/doc/man3/RSA_padding_add_PKCS1_type_1.pod index 93911cac97d6..9ea2634c0346 100644 --- a/doc/man3/RSA_padding_add_PKCS1_type_1.pod +++ b/doc/man3/RSA_padding_add_PKCS1_type_1.pod @@ -110,7 +110,12 @@ L<ERR_get_error(3)>. The RSA_padding_check_PKCS1_type_2() padding check leaks timing information which can potentially be used to mount a Bleichenbacher padding oracle attack. This is an inherent weakness in the PKCS #1 -v1.5 padding design. Prefer PKCS1_OAEP padding. +v1.5 padding design. Prefer PKCS1_OAEP padding. Otherwise it can +be recommended to pass zero-padded B<f>, so that B<fl> equals to +B<rsa_len>, and if fixed by protocol, B<tlen> being set to the +expected length. In such case leakage would be minimal, it would +take attacker's ability to observe memory access pattern with byte +granilarity as it occurs, post-factum timing analysis won't do. =head1 SEE ALSO diff --git a/doc/man3/RSA_size.pod b/doc/man3/RSA_size.pod index 022620078a7c..99498650866f 100644 --- a/doc/man3/RSA_size.pod +++ b/doc/man3/RSA_size.pod @@ -41,7 +41,7 @@ L<BN_num_bits(3)> =head1 HISTORY -RSA_bits() was added in OpenSSL 1.1.0. +The RSA_bits() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CIPHER_get_name.pod b/doc/man3/SSL_CIPHER_get_name.pod index af59b58946cc..4c12c5ed20d0 100644 --- a/doc/man3/SSL_CIPHER_get_name.pod +++ b/doc/man3/SSL_CIPHER_get_name.pod @@ -179,19 +179,19 @@ protocol-specific ID. =head1 HISTORY -SSL_CIPHER_get_version() was updated to always return the correct protocol -string in OpenSSL 1.1.0. +The SSL_CIPHER_get_version() function was updated to always return the +correct protocol string in OpenSSL 1.1.0. -SSL_CIPHER_description() was changed to return B<NULL> on error, +The SSL_CIPHER_description() function was changed to return B<NULL> on error, rather than a fixed string, in OpenSSL 1.1.0. -SSL_CIPHER_get_handshake_digest() was added in OpenSSL 1.1.1. +The SSL_CIPHER_get_handshake_digest() function was added in OpenSSL 1.1.1. -SSL_CIPHER_standard_name() was globally available in OpenSSL 1.1.1. Before -OpenSSL 1.1.1, tracing (B<enable-ssl-trace> argument to Configure) was +The SSL_CIPHER_standard_name() function was globally available in OpenSSL 1.1.1. + Before OpenSSL 1.1.1, tracing (B<enable-ssl-trace> argument to Configure) was required to enable this function. -OPENSSL_cipher_name() was added in OpenSSL 1.1.1. +The OPENSSL_cipher_name() function was added in OpenSSL 1.1.1. =head1 SEE ALSO diff --git a/doc/man3/SSL_COMP_add_compression_method.pod b/doc/man3/SSL_COMP_add_compression_method.pod index 1dc8eb149947..76c036e5ce44 100644 --- a/doc/man3/SSL_COMP_add_compression_method.pod +++ b/doc/man3/SSL_COMP_add_compression_method.pod @@ -91,9 +91,8 @@ L<ssl(7)> =head1 HISTORY -SSL_COMP_free_compression_methods() was deprecated in OpenSSL 1.1.0; -do not use it. -SSL_COMP_get0_name() and SSL_comp_get_id() were added in OpenSSL 1.1.0d. +The SSL_COMP_free_compression_methods() function was deprecated in OpenSSL 1.1.0. +The SSL_COMP_get0_name() and SSL_comp_get_id() functions were added in OpenSSL 1.1.0d. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CONF_CTX_new.pod b/doc/man3/SSL_CONF_CTX_new.pod index 79f0bbc7dd5f..df5492f79ba8 100644 --- a/doc/man3/SSL_CONF_CTX_new.pod +++ b/doc/man3/SSL_CONF_CTX_new.pod @@ -36,7 +36,7 @@ L<SSL_CONF_cmd_argv(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.2 +These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CONF_CTX_set1_prefix.pod b/doc/man3/SSL_CONF_CTX_set1_prefix.pod index d98647025470..b2eff5bf519f 100644 --- a/doc/man3/SSL_CONF_CTX_set1_prefix.pod +++ b/doc/man3/SSL_CONF_CTX_set1_prefix.pod @@ -44,7 +44,7 @@ L<SSL_CONF_cmd_argv(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.2 +These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CONF_CTX_set_flags.pod b/doc/man3/SSL_CONF_CTX_set_flags.pod index 766d984626a9..d6f6ff589758 100644 --- a/doc/man3/SSL_CONF_CTX_set_flags.pod +++ b/doc/man3/SSL_CONF_CTX_set_flags.pod @@ -70,7 +70,7 @@ L<SSL_CONF_cmd_argv(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.2 +These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod b/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod index 7e4120f7ce57..3b001d1686f4 100644 --- a/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod +++ b/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod @@ -42,7 +42,7 @@ L<SSL_CONF_cmd_argv(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.2 +These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index b399bcf4990c..a74e7284f9de 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -308,11 +308,6 @@ Attempts to pad TLSv1.3 records so that they are a multiple of B<value> in length on send. A B<value> of 0 or 1 turns off padding. Otherwise, the B<value> must be >1 or <=16384. -=item B<NoRenegotiation> - -Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting -B<SSL_OP_NO_RENEGOTIATION>. - =item B<SignatureAlgorithms> This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. @@ -456,6 +451,9 @@ Only used by servers. B<NoResumptionOnRenegotiation>: set B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> flag. Only used by servers. +B<NoRenegotiation>: disables all attempts at renegotiation in TLSv1.2 and +earlier, same as setting B<SSL_OP_NO_RENEGOTIATION>. + B<UnsafeLegacyRenegotiation>: permits the use of unsafe legacy renegotiation. Equivalent to B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>. @@ -670,12 +668,12 @@ L<SSL_CTX_set_options(3)> =head1 HISTORY -SSL_CONF_cmd() was first added to OpenSSL 1.0.2 +The SSL_CONF_cmd() function was added in OpenSSL 1.0.2. -B<SSL_OP_NO_SSL2> doesn't have effect since 1.1.0, but the macro is retained -for backwards compatibility. +The B<SSL_OP_NO_SSL2> option doesn't have effect since 1.1.0, but the macro +is retained for backwards compatibility. -B<SSL_CONF_TYPE_NONE> was first added to OpenSSL 1.1.0. In earlier versions of +The B<SSL_CONF_TYPE_NONE> was added in OpenSSL 1.1.0. In earlier versions of OpenSSL passing a command which didn't take an argument would return B<SSL_CONF_TYPE_UNKNOWN>. @@ -685,7 +683,7 @@ B<AllowNoDHEKEX> and B<PrioritizeChaCha> were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CONF_cmd_argv.pod b/doc/man3/SSL_CONF_cmd_argv.pod index 567fa5a5084f..130814803d86 100644 --- a/doc/man3/SSL_CONF_cmd_argv.pod +++ b/doc/man3/SSL_CONF_cmd_argv.pod @@ -37,7 +37,7 @@ L<SSL_CONF_cmd(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.2 +These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CTX_add1_chain_cert.pod b/doc/man3/SSL_CTX_add1_chain_cert.pod index 24730024f857..8fe8a7d5e18e 100644 --- a/doc/man3/SSL_CTX_add1_chain_cert.pod +++ b/doc/man3/SSL_CTX_add1_chain_cert.pod @@ -144,7 +144,7 @@ L<SSL_CTX_add_extra_chain_cert(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.2. +These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CTX_config.pod b/doc/man3/SSL_CTX_config.pod index 5b2aed76c283..90d86746cec1 100644 --- a/doc/man3/SSL_CTX_config.pod +++ b/doc/man3/SSL_CTX_config.pod @@ -77,7 +77,7 @@ L<CONF_modules_load_file(3)> =head1 HISTORY -SSL_CTX_config() and SSL_config() were first added to OpenSSL 1.1.0 +The SSL_CTX_config() and SSL_config() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CTX_dane_enable.pod b/doc/man3/SSL_CTX_dane_enable.pod index d767bb296e83..d1b3c1aad7d3 100644 --- a/doc/man3/SSL_CTX_dane_enable.pod +++ b/doc/man3/SSL_CTX_dane_enable.pod @@ -368,7 +368,7 @@ L<EVP_PKEY_free(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.1.0. +These functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CTX_get0_param.pod b/doc/man3/SSL_CTX_get0_param.pod index 6b9373745880..8b99dc330ad9 100644 --- a/doc/man3/SSL_CTX_get0_param.pod +++ b/doc/man3/SSL_CTX_get0_param.pod @@ -50,7 +50,7 @@ L<X509_VERIFY_PARAM_set_flags(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.2. +These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CTX_set0_CA_list.pod b/doc/man3/SSL_CTX_set0_CA_list.pod index d7ed89775b2e..b483f83b7182 100644 --- a/doc/man3/SSL_CTX_set0_CA_list.pod +++ b/doc/man3/SSL_CTX_set0_CA_list.pod @@ -101,7 +101,7 @@ set CA names using the "client CA list" functions and then get them using the used on the server side then the "client CA list" functions take precedence. Typically, on the server side, the "client CA list " functions should be used in preference. As noted above in most cases it is not necessary to set CA names on -the client side. +the client side. SSL_CTX_set0_CA_list() sets the list of CAs to be sent to the peer to B<name_list>. Ownership of B<name_list> is transferred to B<ctx> and @@ -178,7 +178,7 @@ L<SSL_CTX_load_verify_locations(3)> =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set1_curves.pod b/doc/man3/SSL_CTX_set1_curves.pod index 7dca0e0161d9..6c3d4fc9e912 100644 --- a/doc/man3/SSL_CTX_set1_curves.pod +++ b/doc/man3/SSL_CTX_set1_curves.pod @@ -97,8 +97,8 @@ L<SSL_CTX_add_extra_chain_cert(3)> =head1 HISTORY -The curve functions were first added to OpenSSL 1.0.2. The equivalent group -functions were first added to OpenSSL 1.1.1. +The curve functions were added in OpenSSL 1.0.2. The equivalent group +functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CTX_set1_verify_cert_store.pod b/doc/man3/SSL_CTX_set1_verify_cert_store.pod index bfe8b70af902..b42f2a499f13 100644 --- a/doc/man3/SSL_CTX_set1_verify_cert_store.pod +++ b/doc/man3/SSL_CTX_set1_verify_cert_store.pod @@ -86,7 +86,7 @@ L<SSL_build_cert_chain(3)> =head1 HISTORY -These functions were first added to OpenSSL 1.0.2. +These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CTX_set_ctlog_list_file.pod b/doc/man3/SSL_CTX_set_ctlog_list_file.pod index 275831ab1550..5fb0feb45183 100644 --- a/doc/man3/SSL_CTX_set_ctlog_list_file.pod +++ b/doc/man3/SSL_CTX_set_ctlog_list_file.pod @@ -24,7 +24,7 @@ See L<CTLOG_STORE_new(3)> for the file format. =head1 NOTES These functions will not clear the existing CT log list - it will be appended -to. To replace the existing list, use L<SSL_CTX_set0_ctlog_store> first. +to. To replace the existing list, use L<SSL_CTX_set0_ctlog_store> first. If an error occurs whilst parsing a particular log entry in the file, that log entry will be skipped. @@ -43,7 +43,7 @@ L<CTLOG_STORE_new(3)> =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_default_passwd_cb.pod b/doc/man3/SSL_CTX_set_default_passwd_cb.pod index c7bdc9b92a04..999a70c8c366 100644 --- a/doc/man3/SSL_CTX_set_default_passwd_cb.pod +++ b/doc/man3/SSL_CTX_set_default_passwd_cb.pod @@ -94,7 +94,7 @@ truncated. SSL_CTX_get_default_passwd_cb(), SSL_CTX_get_default_passwd_cb_userdata(), SSL_set_default_passwd_cb() and SSL_set_default_passwd_cb_userdata() were -first added to OpenSSL 1.1.0 +added in OpenSSL 1.1.0. =head1 SEE ALSO diff --git a/doc/man3/SSL_CTX_set_info_callback.pod b/doc/man3/SSL_CTX_set_info_callback.pod index f01ca66fce7c..01b03f9a59ae 100644 --- a/doc/man3/SSL_CTX_set_info_callback.pod +++ b/doc/man3/SSL_CTX_set_info_callback.pod @@ -92,17 +92,13 @@ Callback has been called due to an alert being sent or received. =item SSL_CB_HANDSHAKE_START -Callback has been called because a new handshake is started. In TLSv1.3 this is -also used for the start of post-handshake message exchanges such as for the -exchange of session tickets, or for key updates. It also occurs when resuming a -handshake following a pause to handle early data. +Callback has been called because a new handshake is started. It also occurs when +resuming a handshake following a pause to handle early data. -=item SSL_CB_HANDSHAKE_DONE 0x20 +=item SSL_CB_HANDSHAKE_DONE -Callback has been called because a handshake is finished. In TLSv1.3 this is -also used at the end of an exchange of post-handshake messages such as for -session tickets or key updates. It also occurs if the handshake is paused to -allow the exchange of early data. +Callback has been called because a handshake is finished. It also occurs if the +handshake is paused to allow the exchange of early data. =back @@ -160,7 +156,7 @@ L<SSL_alert_type_string(3)> =head1 COPYRIGHT -Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_mode.pod b/doc/man3/SSL_CTX_set_mode.pod index 8f8edcf05420..387d1ec1ef04 100644 --- a/doc/man3/SSL_CTX_set_mode.pod +++ b/doc/man3/SSL_CTX_set_mode.pod @@ -105,6 +105,15 @@ Enable asynchronous processing. TLS I/O operations may indicate a retry with SSL_ERROR_WANT_ASYNC with this mode set if an asynchronous capable engine is used to perform cryptographic operations. See L<SSL_get_error(3)>. +=item SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG + +Older versions of OpenSSL had a bug in the computation of the label length +used for computing the endpoint-pair shared secret. The bug was that the +terminating zero was included in the length of the label. Setting this option +enables this behaviour to allow interoperability with such broken +implementations. Please note that setting this option breaks interoperability +with correct implementations. This option only applies to DTLS over SCTP. + =back All modes are off by default except for SSL_MODE_AUTO_RETRY which is on by @@ -124,11 +133,11 @@ L<SSL_write(3)>, L<SSL_get_error(3)> =head1 HISTORY -SSL_MODE_ASYNC was first added to OpenSSL 1.1.0. +SSL_MODE_ASYNC was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_msg_callback.pod b/doc/man3/SSL_CTX_set_msg_callback.pod index bbc78b64b9c5..8cf77cc553a1 100644 --- a/doc/man3/SSL_CTX_set_msg_callback.pod +++ b/doc/man3/SSL_CTX_set_msg_callback.pod @@ -128,8 +128,7 @@ L<ssl(7)>, L<SSL_new(3)> =head1 HISTORY -The pseudo content type B<SSL3_RT_INNER_CONTENT_TYPE> was added in OpenSSL -1.1.1. +The pseudo content type B<SSL3_RT_INNER_CONTENT_TYPE> was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CTX_set_num_tickets.pod b/doc/man3/SSL_CTX_set_num_tickets.pod index b6b0e3ebee74..ad13ed15f406 100644 --- a/doc/man3/SSL_CTX_set_num_tickets.pod +++ b/doc/man3/SSL_CTX_set_num_tickets.pod @@ -20,10 +20,10 @@ SSL_CTX_get_num_tickets =head1 DESCRIPTION SSL_CTX_set_num_tickets() and SSL_set_num_tickets() can be called for a server -application and set the number of session tickets that will be sent to the -client after a full handshake. Set the desired value (which could be 0) in the -B<num_tickets> argument. Typically these functions should be called before the -start of the handshake. +application and set the number of TLSv1.3 session tickets that will be sent to +the client after a full handshake. Set the desired value (which could be 0) in +the B<num_tickets> argument. Typically these functions should be called before +the start of the handshake. The default number of tickets is 2; the default number of tickets sent following a resumption handshake is 1 but this cannot be changed using these functions. diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod index ae5ca1bd5d23..2d840b62cb24 100644 --- a/doc/man3/SSL_CTX_set_options.pod +++ b/doc/man3/SSL_CTX_set_options.pod @@ -361,10 +361,10 @@ L<dhparam(1)> =head1 HISTORY The attempt to always try to use secure renegotiation was added in -Openssl 0.9.8m. +OpenSSL 0.9.8m. -B<SSL_OP_PRIORITIZE_CHACHA> and B<SSL_OP_NO_RENEGOTIATION> were added in -OpenSSL 1.1.1. +The B<SSL_OP_PRIORITIZE_CHACHA> and B<SSL_OP_NO_RENEGOTIATION> options +were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CTX_set_record_padding_callback.pod b/doc/man3/SSL_CTX_set_record_padding_callback.pod index d0b2e30f2571..13e56f0c57f6 100644 --- a/doc/man3/SSL_CTX_set_record_padding_callback.pod +++ b/doc/man3/SSL_CTX_set_record_padding_callback.pod @@ -19,10 +19,10 @@ SSL_set_block_padding - install callback to specify TLS 1.3 record padding void SSL_set_record_padding_callback(SSL *ssl, size_t (*cb)(SSL *s, int type, size_t len, void *arg)); void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); - void *SSL_CTX_get_record_padding_callback_arg(SSL_CTX *ctx); + void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); - void *SSL_get_record_padding_callback_arg(SSL *ssl); + void *SSL_get_record_padding_callback_arg(const SSL *ssl); int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); int SSL_set_block_padding(SSL *ssl, size_t block_size); @@ -86,7 +86,7 @@ The record padding API was added for TLS 1.3 support in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_security_level.pod b/doc/man3/SSL_CTX_set_security_level.pod index 8baaaffec5c8..0cb6c1f52a22 100644 --- a/doc/man3/SSL_CTX_set_security_level.pod +++ b/doc/man3/SSL_CTX_set_security_level.pod @@ -176,7 +176,7 @@ data pointer or NULL if the ex data is not set. =head1 HISTORY -These functions were first added to OpenSSL 1.1.0 +These functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CTX_set_session_ticket_cb.pod b/doc/man3/SSL_CTX_set_session_ticket_cb.pod index 8f98c6f1c99e..f3dfb62c231c 100644 --- a/doc/man3/SSL_CTX_set_session_ticket_cb.pod +++ b/doc/man3/SSL_CTX_set_session_ticket_cb.pod @@ -177,8 +177,8 @@ L<SSL_get_session(3)> =head1 HISTORY -SSL_CTX_set_session_ticket_cb(), SSSL_SESSION_set1_ticket_appdata() and -SSL_SESSION_get_ticket_appdata() were added to OpenSSL 1.1.1. +The SSL_CTX_set_session_ticket_cb(), SSSL_SESSION_set1_ticket_appdata() +and SSL_SESSION_get_ticket_appdata() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CTX_set_split_send_fragment.pod b/doc/man3/SSL_CTX_set_split_send_fragment.pod index ef5e7cda35a2..877b4aecd949 100644 --- a/doc/man3/SSL_CTX_set_split_send_fragment.pod +++ b/doc/man3/SSL_CTX_set_split_send_fragment.pod @@ -169,8 +169,8 @@ SSL_CTX_set_split_send_fragment(), SSL_set_split_send_fragment(), SSL_CTX_set_default_read_buffer_len() and SSL_set_default_read_buffer_len() functions were added in OpenSSL 1.1.0. -SSL_CTX_set_tlsext_max_fragment_length(), SSL_set_tlsext_max_fragment_length() -and SSL_SESSION_get_max_fragment_length() were added in OpenSSL 1.1.1. +The SSL_CTX_set_tlsext_max_fragment_length(), SSL_set_tlsext_max_fragment_length() +and SSL_SESSION_get_max_fragment_length() functions were added in OpenSSL 1.1.1. =head1 SEE ALSO diff --git a/doc/man3/SSL_CTX_set_ssl_version.pod b/doc/man3/SSL_CTX_set_ssl_version.pod index 901c057f453a..6c132756f2ca 100644 --- a/doc/man3/SSL_CTX_set_ssl_version.pod +++ b/doc/man3/SSL_CTX_set_ssl_version.pod @@ -11,7 +11,7 @@ SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *method); int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); - const SSL_METHOD *SSL_get_ssl_method(SSL *ssl); + const SSL_METHOD *SSL_get_ssl_method(const SSL *ssl); =head1 DESCRIPTION @@ -60,7 +60,7 @@ L<SSL_set_connect_state(3)> =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_tlsext_status_cb.pod b/doc/man3/SSL_CTX_set_tlsext_status_cb.pod index d6c04eced8ce..cb40a9dbcbcb 100644 --- a/doc/man3/SSL_CTX_set_tlsext_status_cb.pod +++ b/doc/man3/SSL_CTX_set_tlsext_status_cb.pod @@ -108,8 +108,8 @@ side if the client requested OCSP stapling. Otherwise -1 is returned. =head1 HISTORY -SSL_get_tlsext_status_type(), SSL_CTX_get_tlsext_status_type() and -SSL_CTX_set_tlsext_status_type() were added in OpenSSL 1.1.0. +The SSL_get_tlsext_status_type(), SSL_CTX_get_tlsext_status_type() +and SSL_CTX_set_tlsext_status_type() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod index 9b448db664e1..7a4bb3427027 100644 --- a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod +++ b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod @@ -38,7 +38,7 @@ ticket information or it starts a full TLS handshake to create a new session ticket. Before the callback function is started I<ctx> and I<hctx> have been -initialised with EVP_CIPHER_CTX_init and HMAC_CTX_init respectively. +initialised with L<EVP_CIPHER_CTX_reset(3)> and L<HMAC_CTX_reset(3)> respectively. For new sessions tickets, when the client doesn't present a session ticket, or an attempted retrieval of the ticket failed, or a renew option was indicated, diff --git a/doc/man3/SSL_SESSION_free.pod b/doc/man3/SSL_SESSION_free.pod index 87a1cab1b462..9a3bf3ec988e 100644 --- a/doc/man3/SSL_SESSION_free.pod +++ b/doc/man3/SSL_SESSION_free.pod @@ -73,7 +73,7 @@ L<d2i_SSL_SESSION(3)> =head1 HISTORY -SSL_SESSION_dup() was added in OpenSSL 1.1.1. +The SSL_SESSION_dup() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/SSL_SESSION_get0_cipher.pod b/doc/man3/SSL_SESSION_get0_cipher.pod index 60f66a2d2b9d..5ef754c4a841 100644 --- a/doc/man3/SSL_SESSION_get0_cipher.pod +++ b/doc/man3/SSL_SESSION_get0_cipher.pod @@ -43,8 +43,8 @@ L<SSL_CTX_set_psk_use_session_callback(3)> =head1 HISTORY -SSL_SESSION_get0_cipher() was first added to OpenSSL 1.1.0. -SSL_SESSION_set_cipher() was first added to OpenSSL 1.1.1. +The SSL_SESSION_get0_cipher() function was added in OpenSSL 1.1.0. +The SSL_SESSION_set_cipher() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/SSL_SESSION_get0_hostname.pod b/doc/man3/SSL_SESSION_get0_hostname.pod index c35c89279520..989c997882ca 100644 --- a/doc/man3/SSL_SESSION_get0_hostname.pod +++ b/doc/man3/SSL_SESSION_get0_hostname.pod @@ -59,8 +59,8 @@ L<SSL_SESSION_free(3)> =head1 HISTORY -SSL_SESSION_set1_hostname(), SSL_SESSION_get0_alpn_selected() and -SSL_SESSION_set1_alpn_selected() were added in OpenSSL 1.1.1. +The SSL_SESSION_set1_hostname(), SSL_SESSION_get0_alpn_selected() and +SSL_SESSION_set1_alpn_selected() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/SSL_SESSION_get0_id_context.pod b/doc/man3/SSL_SESSION_get0_id_context.pod index 69619a72b434..99b21bd126e9 100644 --- a/doc/man3/SSL_SESSION_get0_id_context.pod +++ b/doc/man3/SSL_SESSION_get0_id_context.pod @@ -42,7 +42,7 @@ L<SSL_set_session_id_context(3)> =head1 HISTORY -SSL_SESSION_get0_id_context() was first added to OpenSSL 1.1.0 +The SSL_SESSION_get0_id_context() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/SSL_SESSION_get_protocol_version.pod b/doc/man3/SSL_SESSION_get_protocol_version.pod index 84c9ac173b5c..961ed3e923c7 100644 --- a/doc/man3/SSL_SESSION_get_protocol_version.pod +++ b/doc/man3/SSL_SESSION_get_protocol_version.pod @@ -41,8 +41,8 @@ L<SSL_CTX_set_psk_use_session_callback(3)> =head1 HISTORY -SSL_SESSION_get_protocol_version() was first added to OpenSSL 1.1.0. -SSL_SESSION_set_protocol_version() was first added to OpenSSL 1.1.1. +The SSL_SESSION_get_protocol_version() function was added in OpenSSL 1.1.0. +The SSL_SESSION_set_protocol_version() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/SSL_SESSION_has_ticket.pod b/doc/man3/SSL_SESSION_has_ticket.pod index 7197382369de..6fb41b75cb60 100644 --- a/doc/man3/SSL_SESSION_has_ticket.pod +++ b/doc/man3/SSL_SESSION_has_ticket.pod @@ -44,8 +44,8 @@ L<SSL_SESSION_free(3)> =head1 HISTORY -SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint and -SSL_SESSION_get0_ticket were added in OpenSSL 1.1.0. +The SSL_SESSION_has_ticket(), SSL_SESSION_get_ticket_lifetime_hint() +and SSL_SESSION_get0_ticket() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/SSL_SESSION_is_resumable.pod b/doc/man3/SSL_SESSION_is_resumable.pod index 729479a99b48..8e47eee09ac7 100644 --- a/doc/man3/SSL_SESSION_is_resumable.pod +++ b/doc/man3/SSL_SESSION_is_resumable.pod @@ -30,7 +30,7 @@ L<SSL_CTX_sess_set_new_cb(3)> =head1 HISTORY -SSL_SESSION_is_resumable() was first added to OpenSSL 1.1.1 +The SSL_SESSION_is_resumable() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/SSL_SESSION_set1_id.pod b/doc/man3/SSL_SESSION_set1_id.pod index f0b131d6a1f6..deafdf1ea579 100644 --- a/doc/man3/SSL_SESSION_set1_id.pod +++ b/doc/man3/SSL_SESSION_set1_id.pod @@ -36,7 +36,7 @@ L<ssl(7)> =head1 HISTORY -SSL_SESSION_set1_id() was first added to OpenSSL 1.1.0 +The SSL_SESSION_set1_id() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/SSL_export_keying_material.pod b/doc/man3/SSL_export_keying_material.pod index abebf911fc32..c6b9229cbf16 100644 --- a/doc/man3/SSL_export_keying_material.pod +++ b/doc/man3/SSL_export_keying_material.pod @@ -59,7 +59,8 @@ B<label> and should be B<llen> bytes long. Typically this will be a value from the IANA Exporter Label Registry (L<https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels>). Alternatively labels beginning with "EXPERIMENTAL" are permitted by the standard -to be used without registration. +to be used without registration. TLSv1.3 imposes a maximum label length of +249 bytes. Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and above. Attempting to use it in SSLv3 will result in an error. @@ -72,7 +73,7 @@ SSL_export_keying_material_early() returns 0 on failure or 1 on success. =head1 HISTORY -SSL_export_keying_material_early() was first added in OpenSSL 1.1.1. +The SSL_export_keying_material_early() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/SSL_extension_supported.pod b/doc/man3/SSL_extension_supported.pod index 51ff6beeb513..df23ac6551ba 100644 --- a/doc/man3/SSL_extension_supported.pod +++ b/doc/man3/SSL_extension_supported.pod @@ -277,7 +277,7 @@ internally by OpenSSL and 0 otherwise. =head1 HISTORY -The function SSL_CTX_add_custom_ext() was added in OpenSSL 1.1.1. +The SSL_CTX_add_custom_ext() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/SSL_get_all_async_fds.pod b/doc/man3/SSL_get_all_async_fds.pod index fd4515db5561..5b17f091e353 100644 --- a/doc/man3/SSL_get_all_async_fds.pod +++ b/doc/man3/SSL_get_all_async_fds.pod @@ -73,8 +73,8 @@ L<SSL_get_error(3)>, L<SSL_CTX_set_mode(3)> =head1 HISTORY -SSL_waiting_for_async(), SSL_get_all_async_fds() and SSL_get_changed_async_fds() -were first added to OpenSSL 1.1.0. +The SSL_waiting_for_async(), SSL_get_all_async_fds() +and SSL_get_changed_async_fds() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/SSL_get_error.pod b/doc/man3/SSL_get_error.pod index b3ab50568731..5a7a4b7058ef 100644 --- a/doc/man3/SSL_get_error.pod +++ b/doc/man3/SSL_get_error.pod @@ -138,17 +138,20 @@ Details depend on the application. =item SSL_ERROR_SYSCALL -Some non-recoverable I/O error occurred. -The OpenSSL error queue may contain more information on the error. -For socket I/O on Unix systems, consult B<errno> for details. +Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may +contain more information on the error. For socket I/O on Unix systems, consult +B<errno> for details. If this error occurs then no further I/O operations should +be performed on the connection and SSL_shutdown() must not be called. This value can also be returned for other errors, check the error queue for details. =item SSL_ERROR_SSL -A failure in the SSL library occurred, usually a protocol error. The -OpenSSL error queue contains more information on the error. +A non-recoverable, fatal error in the SSL library occurred, usually a protocol +error. The OpenSSL error queue contains more information on the error. If this +error occurs then no further I/O operations should be performed on the +connection and SSL_shutdown() must not be called. =back @@ -158,8 +161,8 @@ L<ssl(7)> =head1 HISTORY -SSL_ERROR_WANT_ASYNC was added in OpenSSL 1.1.0. -SSL_ERROR_WANT_CLIENT_HELLO_CB was added in OpenSSL 1.1.1. +The SSL_ERROR_WANT_ASYNC error code was added in OpenSSL 1.1.0. +The SSL_ERROR_WANT_CLIENT_HELLO_CB error code was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/SSL_get_version.pod b/doc/man3/SSL_get_version.pod index b0aaba3a59d7..5507ff3f3de9 100644 --- a/doc/man3/SSL_get_version.pod +++ b/doc/man3/SSL_get_version.pod @@ -97,7 +97,7 @@ L<ssl(7)> =head1 HISTORY -SSL_is_dtls() was added in OpenSSL 1.1.0. +The SSL_is_dtls() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/SSL_key_update.pod b/doc/man3/SSL_key_update.pod index 7772b70bc69e..068ace597836 100644 --- a/doc/man3/SSL_key_update.pod +++ b/doc/man3/SSL_key_update.pod @@ -14,11 +14,11 @@ SSL_renegotiate_pending #include <openssl/ssl.h> int SSL_key_update(SSL *s, int updatetype); - int SSL_get_key_update_type(SSL *s); + int SSL_get_key_update_type(const SSL *s); int SSL_renegotiate(SSL *s); int SSL_renegotiate_abbreviated(SSL *s); - int SSL_renegotiate_pending(SSL *s); + int SSL_renegotiate_pending(const SSL *s); =head1 DESCRIPTION @@ -100,7 +100,7 @@ OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_read.pod b/doc/man3/SSL_read.pod index e671b8eb794a..1410a0228c30 100644 --- a/doc/man3/SSL_read.pod +++ b/doc/man3/SSL_read.pod @@ -128,7 +128,7 @@ You should instead call SSL_get_error() to find out if it's retryable. =head1 HISTORY -SSL_read_ex() and SSL_peek_ex() were added in OpenSSL 1.1.1. +The SSL_read_ex() and SSL_peek_ex() functions were added in OpenSSL 1.1.1. =head1 SEE ALSO diff --git a/doc/man3/SSL_read_early_data.pod b/doc/man3/SSL_read_early_data.pod index 9769aa72e4a0..c51fe1359dc3 100644 --- a/doc/man3/SSL_read_early_data.pod +++ b/doc/man3/SSL_read_early_data.pod @@ -93,7 +93,7 @@ the server. A client uses the function SSL_write_early_data() to send early data. This function is similar to the L<SSL_write_ex(3)> function, but with the following differences. See L<SSL_write_ex(3)> for information on how to write bytes to -the underlying connection, and how to handle any errors that may arise. This +the underlying connection, and how to handle any errors that may arise. This page describes the differences between SSL_write_early_data() and L<SSL_write_ex(3)>. @@ -364,7 +364,7 @@ All of the functions described above were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_set1_host.pod b/doc/man3/SSL_set1_host.pod index 3ca3c6b0136b..a2c9f133eed3 100644 --- a/doc/man3/SSL_set1_host.pod +++ b/doc/man3/SSL_set1_host.pod @@ -104,7 +104,7 @@ L<SSL_dane_enable(3)>. =head1 HISTORY -These functions were first added to OpenSSL 1.1.0. +These functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/SSL_shutdown.pod b/doc/man3/SSL_shutdown.pod index 0a3d6d370d8b..551fff6308b6 100644 --- a/doc/man3/SSL_shutdown.pod +++ b/doc/man3/SSL_shutdown.pod @@ -22,6 +22,10 @@ Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and a currently open session is considered closed and good and will be kept in the session cache for further reuse. +Note that SSL_shutdown() must not be called if a previous fatal error has +occurred on a connection i.e. if SSL_get_error() has returned SSL_ERROR_SYSCALL +or SSL_ERROR_SSL. + The shutdown procedure consists of two steps: sending of the close_notify shutdown alert, and reception of the peer's close_notify shutdown alert. The order of those two steps depends on the application. diff --git a/doc/man3/SSL_want.pod b/doc/man3/SSL_want.pod index ef4b2183e08d..6840ccbfb626 100644 --- a/doc/man3/SSL_want.pod +++ b/doc/man3/SSL_want.pod @@ -101,7 +101,8 @@ L<ssl(7)>, L<SSL_get_error(3)> =head1 HISTORY -SSL_want_client_hello_cb() and SSL_CLIENT_HELLO_CB were added in OpenSSL 1.1.1. +The SSL_want_client_hello_cb() function and the SSL_CLIENT_HELLO_CB return value +were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/SSL_write.pod b/doc/man3/SSL_write.pod index 4dffd1fefc8a..3956f1def387 100644 --- a/doc/man3/SSL_write.pod +++ b/doc/man3/SSL_write.pod @@ -106,7 +106,7 @@ You should instead call SSL_get_error() to find out if it's retryable. =head1 HISTORY -SSL_write_ex() was added in OpenSSL 1.1.1. +The SSL_write_ex() function was added in OpenSSL 1.1.1. =head1 SEE ALSO diff --git a/doc/man3/UI_create_method.pod b/doc/man3/UI_create_method.pod index aefd41dac396..a01e1012dcf9 100644 --- a/doc/man3/UI_create_method.pod +++ b/doc/man3/UI_create_method.pod @@ -205,9 +205,8 @@ L<UI(3)>, L<CRYPTO_get_ex_data(3)>, L<UI_STRING(3)> =head1 HISTORY -UI_method_set_data_duplicator(), UI_method_get_data_duplicator() and -UI_method_get_data_destructor() -were added in OpenSSL 1.1.1. +The UI_method_set_data_duplicator(), UI_method_get_data_duplicator() +and UI_method_get_data_destructor() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/UI_new.pod b/doc/man3/UI_new.pod index dd1b80ec635d..3042b13f1f1a 100644 --- a/doc/man3/UI_new.pod +++ b/doc/man3/UI_new.pod @@ -233,14 +233,13 @@ UI_process() returns 0 on success or a negative value on error. UI_ctrl() returns a mask on success or -1 on error. -UI_get_default_method(), UI_get_method(), UI_Openssl(), UI_null() and +UI_get_default_method(), UI_get_method(), UI_OpenSSL(), UI_null() and UI_set_method() return either a valid B<UI_METHOD> structure or NULL respectively. =head1 HISTORY -UI_dup_user_data() -was added in OpenSSL 1.1.1. +The UI_dup_user_data() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/X509_NAME_ENTRY_get_object.pod b/doc/man3/X509_NAME_ENTRY_get_object.pod index 5de1b88b9945..74f1a96d07ef 100644 --- a/doc/man3/X509_NAME_ENTRY_get_object.pod +++ b/doc/man3/X509_NAME_ENTRY_get_object.pod @@ -51,9 +51,6 @@ X509_NAME_ENTRY_get_object() and X509_NAME_ENTRY_get_data() can be used to examine an B<X509_NAME_ENTRY> function as returned by X509_NAME_get_entry() for example. -X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID(), -and X509_NAME_ENTRY_create_by_OBJ() create and return an - X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_OBJ(), X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_set_data() are seldom used in practice because B<X509_NAME_ENTRY> structures diff --git a/doc/man3/X509_STORE_CTX_new.pod b/doc/man3/X509_STORE_CTX_new.pod index 2828ed75d2a9..472db508bc4e 100644 --- a/doc/man3/X509_STORE_CTX_new.pod +++ b/doc/man3/X509_STORE_CTX_new.pod @@ -159,8 +159,8 @@ L<X509_VERIFY_PARAM_set_flags(3)> =head1 HISTORY -X509_STORE_CTX_set0_crls() was first added to OpenSSL 1.0.0 -X509_STORE_CTX_get_num_untrusted() was first added to OpenSSL 1.1.0 +The X509_STORE_CTX_set0_crls() function was added in OpenSSL 1.0.0. +The X509_STORE_CTX_get_num_untrusted() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/X509_STORE_CTX_set_verify_cb.pod b/doc/man3/X509_STORE_CTX_set_verify_cb.pod index 5688ab79a77e..647ed2f17401 100644 --- a/doc/man3/X509_STORE_CTX_set_verify_cb.pod +++ b/doc/man3/X509_STORE_CTX_set_verify_cb.pod @@ -192,12 +192,13 @@ L<X509_STORE_CTX_get_ex_new_index(3)> =head1 HISTORY +The X509_STORE_CTX_get_get_issuer(), X509_STORE_CTX_get_check_issued(), X509_STORE_CTX_get_check_revocation(), X509_STORE_CTX_get_get_crl(), X509_STORE_CTX_get_check_crl(), X509_STORE_CTX_get_cert_crl(), X509_STORE_CTX_get_check_policy(), X509_STORE_CTX_get_lookup_certs(), X509_STORE_CTX_get_lookup_crls() -and X509_STORE_CTX_get_cleanup() were added in OpenSSL 1.1.0. +and X509_STORE_CTX_get_cleanup() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/X509_STORE_new.pod b/doc/man3/X509_STORE_new.pod index f7a5c81416b3..b3bc96e20b59 100644 --- a/doc/man3/X509_STORE_new.pod +++ b/doc/man3/X509_STORE_new.pod @@ -44,7 +44,7 @@ L<X509_STORE_get0_param(3)> =head1 HISTORY The X509_STORE_up_ref(), X509_STORE_lock() and X509_STORE_unlock() -functions were added in OpenSSL 1.1.0 +functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/X509_STORE_set_verify_cb_func.pod b/doc/man3/X509_STORE_set_verify_cb_func.pod index 12a464674191..d16881edd83d 100644 --- a/doc/man3/X509_STORE_set_verify_cb_func.pod +++ b/doc/man3/X509_STORE_set_verify_cb_func.pod @@ -237,8 +237,9 @@ L<CMS_verify(3)> =head1 HISTORY -X509_STORE_set_verify_cb() was added to OpenSSL 1.0.0. +The X509_STORE_set_verify_cb() function was added in OpenSSL 1.0.0. +The functions X509_STORE_set_verify_cb(), X509_STORE_get_verify_cb(), X509_STORE_set_verify(), X509_STORE_CTX_get_verify(), X509_STORE_set_get_issuer(), X509_STORE_get_get_issuer(), @@ -250,8 +251,8 @@ X509_STORE_set_cert_crl(), X509_STORE_get_cert_crl(), X509_STORE_set_check_policy(), X509_STORE_get_check_policy(), X509_STORE_set_lookup_certs(), X509_STORE_get_lookup_certs(), X509_STORE_set_lookup_crls(), X509_STORE_get_lookup_crls(), -X509_STORE_set_cleanup() and X509_STORE_get_cleanup() were added in -OpenSSL 1.1.0. +X509_STORE_set_cleanup() and X509_STORE_get_cleanup() +were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod index 9b64e0a915a2..f45467cacecc 100644 --- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod @@ -368,11 +368,11 @@ L<x509(1)> =head1 HISTORY -The B<X509_V_FLAG_NO_ALT_CHAINS> flag was added in OpenSSL 1.1.0 -The flag B<X509_V_FLAG_CB_ISSUER_CHECK> was deprecated in -OpenSSL 1.1.0, and has no effect. +The B<X509_V_FLAG_NO_ALT_CHAINS> flag was added in OpenSSL 1.1.0. +The flag B<X509_V_FLAG_CB_ISSUER_CHECK> was deprecated in OpenSSL 1.1.0 +and has no effect. -X509_VERIFY_PARAM_get_hostflags() was added in OpenSSL 1.1.0i. +The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i. =head1 COPYRIGHT diff --git a/doc/man3/X509_get0_signature.pod b/doc/man3/X509_get0_signature.pod index f63c5a5b689e..4133bc37a9af 100644 --- a/doc/man3/X509_get0_signature.pod +++ b/doc/man3/X509_get0_signature.pod @@ -109,12 +109,14 @@ L<X509_verify_cert(3)> =head1 HISTORY -X509_get0_signature() and X509_get_signature_nid() were first added to -OpenSSL 1.0.2. +The +X509_get0_signature() and X509_get_signature_nid() functions were +added in OpenSSL 1.0.2. +The X509_REQ_get0_signature(), X509_REQ_get_signature_nid(), -X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were first added -to OpenSSL 1.1.0. +X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were +added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/X509_get_serialNumber.pod b/doc/man3/X509_get_serialNumber.pod index 2e81c623969e..684adb7578b9 100644 --- a/doc/man3/X509_get_serialNumber.pod +++ b/doc/man3/X509_get_serialNumber.pod @@ -56,8 +56,9 @@ L<X509_verify_cert(3)> =head1 HISTORY -X509_get_serialNumber() and X509_set_serialNumber() are available in -all versions of OpenSSL. X509_get0_serialNumber() was added in OpenSSL 1.1.0. +The X509_get_serialNumber() and X509_set_serialNumber() functions are +available in all versions of OpenSSL. +The X509_get0_serialNumber() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/doc/man3/X509_get_subject_name.pod b/doc/man3/X509_get_subject_name.pod index 2107c1d0905e..7c4a499225ec 100644 --- a/doc/man3/X509_get_subject_name.pod +++ b/doc/man3/X509_get_subject_name.pod @@ -53,8 +53,8 @@ and X509_CRL_set_issuer_name() return 1 for success and 0 for failure. X509_REQ_get_subject_name() is a function in OpenSSL 1.1.0 and a macro in earlier versions. -X509_CRL_get_issuer() is a function in OpenSSL 1.1.0. It was first added -to OpenSSL 1.0.0 as a macro. +X509_CRL_get_issuer() is a function in OpenSSL 1.1.0. It was previously +added in OpenSSL 1.0.0 as a macro. =head1 SEE ALSO diff --git a/doc/man3/X509_sign.pod b/doc/man3/X509_sign.pod index 994fd438811a..8794c57e8d57 100644 --- a/doc/man3/X509_sign.pod +++ b/doc/man3/X509_sign.pod @@ -81,11 +81,11 @@ L<X509_verify_cert(3)> =head1 HISTORY -X509_sign(), X509_REQ_sign() and X509_CRL_sign() are available in all -versions of OpenSSL. +The X509_sign(), X509_REQ_sign() and X509_CRL_sign() functions are +available in all versions of OpenSSL. -X509_sign_ctx(), X509_REQ_sign_ctx() and X509_CRL_sign_ctx() were first added -to OpenSSL 1.0.1. +The X509_sign_ctx(), X509_REQ_sign_ctx() +and X509_CRL_sign_ctx() functions were added OpenSSL 1.0.1. =head1 COPYRIGHT diff --git a/doc/man3/d2i_PrivateKey.pod b/doc/man3/d2i_PrivateKey.pod index 13415d5488e8..4e3f20f8b324 100644 --- a/doc/man3/d2i_PrivateKey.pod +++ b/doc/man3/d2i_PrivateKey.pod @@ -50,15 +50,19 @@ If the B<*a> is not NULL when calling d2i_PrivateKey() or d2i_AutoPrivateKey() (i.e. an existing structure is being reused) and the key format is PKCS#8 then B<*a> will be freed and replaced on a successful call. +To decode a key with type B<EVP_PKEY_EC>, d2i_PublicKey() requires B<*a> to be +a non-NULL EVP_PKEY structure assigned an EC_KEY structure referencing the proper +EC_GROUP. + =head1 RETURN VALUES -d2i_PrivateKey() and d2i_AutoPrivateKey() return a valid B<EVP_KEY> structure -or B<NULL> if an error occurs. The error code can be obtained by calling -L<ERR_get_error(3)>. +The d2i_PrivateKey(), d2i_AutoPrivateKey(), d2i_PrivateKey_bio(), d2i_PrivateKey_fp(), +and d2i_PublicKey() functions return a valid B<EVP_KEY> structure or B<NULL> if an +error occurs. The error code can be obtained by calling L<ERR_get_error(3)>. -i2d_PrivateKey() returns the number of bytes successfully encoded or a -negative value if an error occurs. The error code can be obtained by calling -L<ERR_get_error(3)>. +i2d_PrivateKey() and i2d_PublicKey() return the number of bytes successfully +encoded or a negative value if an error occurs. The error code can be obtained +by calling L<ERR_get_error(3)>. =head1 SEE ALSO @@ -67,7 +71,7 @@ L<d2i_PKCS8PrivateKey_bio(3)> =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/i2d_CMS_bio_stream.pod b/doc/man3/i2d_CMS_bio_stream.pod index ece7a4800eee..dd2bd213f1e1 100644 --- a/doc/man3/i2d_CMS_bio_stream.pod +++ b/doc/man3/i2d_CMS_bio_stream.pod @@ -39,7 +39,7 @@ L<PEM_write_bio_CMS_stream(3)> =head1 HISTORY -i2d_CMS_bio_stream() was added to OpenSSL 1.0.0 +The i2d_CMS_bio_stream() function was added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/i2d_PKCS7_bio_stream.pod b/doc/man3/i2d_PKCS7_bio_stream.pod index b42940a83cfa..a33aa08f2d32 100644 --- a/doc/man3/i2d_PKCS7_bio_stream.pod +++ b/doc/man3/i2d_PKCS7_bio_stream.pod @@ -39,7 +39,7 @@ L<PEM_write_bio_PKCS7_stream(3)> =head1 HISTORY -i2d_PKCS7_bio_stream() was added to OpenSSL 1.0.0 +The i2d_PKCS7_bio_stream() function was added in OpenSSL 1.0.0. =head1 COPYRIGHT |