diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/man1/s_time.pod | 4 | ||||
| -rw-r--r-- | doc/man3/EVP_aes.pod | 9 | ||||
| -rw-r--r-- | doc/man3/RAND_set_rand_method.pod | 6 | ||||
| -rw-r--r-- | doc/man3/X509_check_purpose.pod | 74 |
4 files changed, 87 insertions, 6 deletions
diff --git a/doc/man1/s_time.pod b/doc/man1/s_time.pod index ac32f36bc789..e1a3bef41cfc 100644 --- a/doc/man1/s_time.pod +++ b/doc/man1/s_time.pod @@ -14,7 +14,7 @@ B<openssl> B<s_time> [B<-cert filename>] [B<-key filename>] [B<-CApath directory>] -[B<-cafile filename>] +[B<-CAfile filename>] [B<-no-CAfile>] [B<-no-CApath>] [B<-reuse>] @@ -202,7 +202,7 @@ L<s_client(1)>, L<s_server(1)>, L<ciphers(1)> =head1 COPYRIGHT -Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_aes.pod b/doc/man3/EVP_aes.pod index 4192a9ec369f..6377fc9a21b0 100644 --- a/doc/man3/EVP_aes.pod +++ b/doc/man3/EVP_aes.pod @@ -160,6 +160,13 @@ In particular, XTS-AES-128 (B<EVP_aes_128_xts>) takes input of a 256-bit key to achieve AES 128-bit security, and XTS-AES-256 (B<EVP_aes_256_xts>) takes input of a 512-bit key to achieve AES 256-bit security. +The XTS implementation in OpenSSL does not support streaming. That is there must +only be one L<EVP_EncryptUpdate(3)> call per L<EVP_EncryptInit_ex(3)> call (and +similarly with the "Decrypt" functions). + +The I<iv> parameter to L<EVP_EncryptInit_ex(3)> or L<EVP_DecryptInit_ex(3)> is +the XTS "tweak" value. + =back =head1 RETURN VALUES @@ -176,7 +183,7 @@ L<EVP_CIPHER_meth_new(3)> =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_set_rand_method.pod b/doc/man3/RAND_set_rand_method.pod index b120e712e6f3..1e9360d220dc 100644 --- a/doc/man3/RAND_set_rand_method.pod +++ b/doc/man3/RAND_set_rand_method.pod @@ -33,10 +33,10 @@ RAND_get_rand_method() returns a pointer to the current B<RAND_METHOD>. =head1 THE RAND_METHOD STRUCTURE typedef struct rand_meth_st { - void (*seed)(const void *buf, int num); + int (*seed)(const void *buf, int num); int (*bytes)(unsigned char *buf, int num); void (*cleanup)(void); - void (*add)(const void *buf, int num, int randomness); + int (*add)(const void *buf, int num, double entropy); int (*pseudorand)(unsigned char *buf, int num); int (*status)(void); } RAND_METHOD; @@ -60,7 +60,7 @@ L<RAND(7)> =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_check_purpose.pod b/doc/man3/X509_check_purpose.pod new file mode 100644 index 000000000000..bc38138743cd --- /dev/null +++ b/doc/man3/X509_check_purpose.pod @@ -0,0 +1,74 @@ +=pod + +=head1 NAME + +X509_check_purpose - Check the purpose of a certificate + +=head1 SYNOPSIS + + #include <openssl/x509v3.h> + + int X509_check_purpose(X509 *x, int id, int ca) + +=head1 DESCRIPTION + +This function checks if certificate I<x> was created with the purpose +represented by I<id>. If I<ca> is nonzero, then certificate I<x> is +checked to determine if it's a possible CA with various levels of certainty +possibly returned. + +Below are the potential ID's that can be checked: + + # define X509_PURPOSE_SSL_CLIENT 1 + # define X509_PURPOSE_SSL_SERVER 2 + # define X509_PURPOSE_NS_SSL_SERVER 3 + # define X509_PURPOSE_SMIME_SIGN 4 + # define X509_PURPOSE_SMIME_ENCRYPT 5 + # define X509_PURPOSE_CRL_SIGN 6 + # define X509_PURPOSE_ANY 7 + # define X509_PURPOSE_OCSP_HELPER 8 + # define X509_PURPOSE_TIMESTAMP_SIGN 9 + +=head1 RETURN VALUES + +For non-CA checks + +=over 4 + +=item -1 an error condition has occured + +=item E<32>1 if the certificate was created to perform the purpose represented by I<id> + +=item E<32>0 if the certificate was not created to perform the purpose represented by I<id> + +=back + +For CA checks the below integers could be returned with the following meanings: + +=over 4 + +=item -1 an error condition has occured + +=item E<32>0 not a CA or does not have the purpose represented by I<id> + +=item E<32>1 is a CA. + +=item E<32>2 Only possible in old versions of openSSL when basicConstraints are absent. + New versions will not return this value. May be a CA + +=item E<32>3 basicConstraints absent but self signed V1. + +=item E<32>4 basicConstraints absent but keyUsage present and keyCertSign asserted. + +=item E<32>5 legacy Netscape specific CA Flags present + +=back + +=head1 COPYRIGHT + +Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. +Licensed under the Apache License 2.0 (the "License"). You may not use this +file except in compliance with the License. You can obtain a copy in the file +LICENSE in the source distribution or at L<https://www.openssl.org/source/license.html>. + +=cut |