diff options
Diffstat (limited to 'secure/lib/libcrypto/man/man3')
607 files changed, 52527 insertions, 10537 deletions
diff --git a/secure/lib/libcrypto/man/man3/ADMISSIONS.3 b/secure/lib/libcrypto/man/man3/ADMISSIONS.3 index 381f7f13d0e6..1c20e00e6b67 100644 --- a/secure/lib/libcrypto/man/man3/ADMISSIONS.3 +++ b/secure/lib/libcrypto/man/man3/ADMISSIONS.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,45 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ADMISSIONS 3" -.TH ADMISSIONS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "ADMISSIONS 3ossl" +.TH ADMISSIONS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ADMISSIONS, ADMISSIONS_get0_admissionAuthority, ADMISSIONS_get0_namingAuthority, ADMISSIONS_get0_professionInfos, ADMISSIONS_set0_admissionAuthority, ADMISSIONS_set0_namingAuthority, ADMISSIONS_set0_professionInfos, ADMISSION_SYNTAX, ADMISSION_SYNTAX_get0_admissionAuthority, ADMISSION_SYNTAX_get0_contentsOfAdmissions, ADMISSION_SYNTAX_set0_admissionAuthority, ADMISSION_SYNTAX_set0_contentsOfAdmissions, NAMING_AUTHORITY, NAMING_AUTHORITY_get0_authorityId, NAMING_AUTHORITY_get0_authorityURL, NAMING_AUTHORITY_get0_authorityText, NAMING_AUTHORITY_set0_authorityId, NAMING_AUTHORITY_set0_authorityURL, NAMING_AUTHORITY_set0_authorityText, PROFESSION_INFO, PROFESSION_INFOS, PROFESSION_INFO_get0_addProfessionInfo, PROFESSION_INFO_get0_namingAuthority, PROFESSION_INFO_get0_professionItems, PROFESSION_INFO_get0_professionOIDs, PROFESSION_INFO_get0_registrationNumber, PROFESSION_INFO_set0_addProfessionInfo, PROFESSION_INFO_set0_namingAuthority, PROFESSION_INFO_set0_professionItems, PROFESSION_INFO_set0_professionOIDs, PROFESSION_INFO_set0_registrationNumber \&\- Accessors and settors for ADMISSION_SYNTAX +ADMISSIONS, +ADMISSIONS_get0_admissionAuthority, +ADMISSIONS_get0_namingAuthority, +ADMISSIONS_get0_professionInfos, +ADMISSIONS_set0_admissionAuthority, +ADMISSIONS_set0_namingAuthority, +ADMISSIONS_set0_professionInfos, +ADMISSION_SYNTAX, +ADMISSION_SYNTAX_get0_admissionAuthority, +ADMISSION_SYNTAX_get0_contentsOfAdmissions, +ADMISSION_SYNTAX_set0_admissionAuthority, +ADMISSION_SYNTAX_set0_contentsOfAdmissions, +NAMING_AUTHORITY, +NAMING_AUTHORITY_get0_authorityId, +NAMING_AUTHORITY_get0_authorityURL, +NAMING_AUTHORITY_get0_authorityText, +NAMING_AUTHORITY_set0_authorityId, +NAMING_AUTHORITY_set0_authorityURL, +NAMING_AUTHORITY_set0_authorityText, +PROFESSION_INFO, +PROFESSION_INFOS, +PROFESSION_INFO_get0_addProfessionInfo, +PROFESSION_INFO_get0_namingAuthority, +PROFESSION_INFO_get0_professionItems, +PROFESSION_INFO_get0_professionOIDs, +PROFESSION_INFO_get0_registrationNumber, +PROFESSION_INFO_set0_addProfessionInfo, +PROFESSION_INFO_set0_namingAuthority, +PROFESSION_INFO_set0_professionItems, +PROFESSION_INFO_set0_professionOIDs, +PROFESSION_INFO_set0_registrationNumber +\&\- Accessors and settors for ADMISSION_SYNTAX .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 5 @@ -272,9 +301,9 @@ structure and must not be freed. \&\fBd2i_X509\fR\|(3), .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ASN1_EXTERN_FUNCS.3 b/secure/lib/libcrypto/man/man3/ASN1_EXTERN_FUNCS.3 new file mode 100644 index 000000000000..b78e25eafad1 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ASN1_EXTERN_FUNCS.3 @@ -0,0 +1,297 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_EXTERN_FUNCS 3ossl" +.TH ASN1_EXTERN_FUNCS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_EXTERN_FUNCS, ASN1_ex_d2i, ASN1_ex_d2i_ex, ASN1_ex_i2d, ASN1_ex_new_func, +ASN1_ex_new_ex_func, ASN1_ex_free_func, ASN1_ex_print_func, +IMPLEMENT_EXTERN_ASN1 +\&\- ASN.1 external function support +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/asn1t.h> +\& +\& typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, +\& const ASN1_ITEM *it, int tag, int aclass, char opt, +\& ASN1_TLC *ctx); +\& typedef int ASN1_ex_d2i_ex(ASN1_VALUE **pval, const unsigned char **in, long len, +\& const ASN1_ITEM *it, int tag, int aclass, char opt, +\& ASN1_TLC *ctx, OSSL_LIB_CTX *libctx, +\& const char *propq); +\& typedef int ASN1_ex_i2d(const ASN1_VALUE **pval, unsigned char **out, +\& const ASN1_ITEM *it, int tag, int aclass); +\& typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it); +\& typedef int ASN1_ex_new_ex_func(ASN1_VALUE **pval, const ASN1_ITEM *it, +\& OSSL_LIB_CTX *libctx, const char *propq); +\& typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it); +\& typedef int ASN1_ex_print_func(BIO *out, const ASN1_VALUE **pval, +\& int indent, const char *fname, +\& const ASN1_PCTX *pctx); +\& +\& struct ASN1_EXTERN_FUNCS_st { +\& void *app_data; +\& ASN1_ex_new_func *asn1_ex_new; +\& ASN1_ex_free_func *asn1_ex_free; +\& ASN1_ex_free_func *asn1_ex_clear; +\& ASN1_ex_d2i *asn1_ex_d2i; +\& ASN1_ex_i2d *asn1_ex_i2d; +\& ASN1_ex_print_func *asn1_ex_print; +\& ASN1_ex_new_ex_func *asn1_ex_new_ex; +\& ASN1_ex_d2i_ex *asn1_ex_d2i_ex; +\& }; +\& typedef struct ASN1_EXTERN_FUNCS_st ASN1_EXTERN_FUNCS; +\& +\& #define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1ASN.1\s0 data structures templates are typically defined in OpenSSL using a series +of macros such as \s-1\fBASN1_SEQUENCE\s0()\fR, \s-1\fBASN1_SEQUENCE_END\s0()\fR and so on. Instead +templates can also be defined based entirely on external functions. These +external functions are called to perform operations such as creating a new +\&\fB\s-1ASN1_VALUE\s0\fR or converting an \fB\s-1ASN1_VALUE\s0\fR to or from \s-1DER\s0 encoding. +.PP +The macro \s-1\fBIMPLEMENT_EXTERN_ASN1\s0()\fR can be used to create such an externally +defined structure. The name of the structure should be supplied in the \fIsname\fR +parameter. The tag for the structure (e.g. typically \fBV_ASN1_SEQUENCE\fR) should +be supplied in the \fItag\fR parameter. Finally a pointer to an +\&\fB\s-1ASN1_EXTERN_FUNCS\s0\fR structure should be supplied in the \fIfptrs\fR parameter. +.PP +The \fB\s-1ASN1_EXTERN_FUNCS\s0\fR structure has the following entries. +.IP "\fIapp_data\fR" 4 +.IX Item "app_data" +A pointer to arbitrary application specific data. +.IP "\fIasn1_ex_new\fR" 4 +.IX Item "asn1_ex_new" +A \*(L"new\*(R" function responsible for constructing a new \fB\s-1ASN1_VALUE\s0\fR object. The +newly constructed value should be stored in \fI*pval\fR. The \fIit\fR parameter is a +pointer to the \fB\s-1ASN1_ITEM\s0\fR template object created via the +\&\s-1\fBIMPLEMENT_EXTERN_ASN1\s0()\fR macro. +.Sp +Returns a positive value on success or 0 on error. +.IP "\fIasn1_ex_free\fR" 4 +.IX Item "asn1_ex_free" +A \*(L"free\*(R" function responsible for freeing the \fB\s-1ASN1_VALUE\s0\fR passed in \fI*pval\fR +that was previously allocated via a \*(L"new\*(R" function. The \fIit\fR parameter is a +pointer to the \fB\s-1ASN1_ITEM\s0\fR template object created via the +\&\s-1\fBIMPLEMENT_EXTERN_ASN1\s0()\fR macro. +.IP "\fIasn1_ex_clear\fR" 4 +.IX Item "asn1_ex_clear" +A \*(L"clear\*(R" function responsible for clearing any data in the \fB\s-1ASN1_VALUE\s0\fR passed +in \fI*pval\fR and making it suitable for reuse. The \fIit\fR parameter is a pointer +to the \fB\s-1ASN1_ITEM\s0\fR template object created via the \s-1\fBIMPLEMENT_EXTERN_ASN1\s0()\fR +macro. +.IP "\fIasn1_ex_d2i\fR" 4 +.IX Item "asn1_ex_d2i" +A \*(L"d2i\*(R" function responsible for converting \s-1DER\s0 data with the tag \fItag\fR and +class \fIclass\fR into an \fB\s-1ASN1_VALUE\s0\fR. If \fI*pval\fR is non-NULL then the +\&\fB\s-1ASN_VALUE\s0\fR it points to should be reused. Otherwise a new \fB\s-1ASN1_VALUE\s0\fR +should be allocated and stored in \fI*pval\fR. \fI*in\fR points to the \s-1DER\s0 data to be +decoded and \fIlen\fR is the length of that data. After decoding \fI*in\fR should be +updated to point at the next byte after the decoded data. If the \fB\s-1ASN1_VALUE\s0\fR +is considered optional in this context then \fIopt\fR will be nonzero. Otherwise +it will be zero. The \fIit\fR parameter is a pointer to the \fB\s-1ASN1_ITEM\s0\fR template +object created via the \s-1\fBIMPLEMENT_EXTERN_ASN1\s0()\fR macro. A pointer to the current +\&\fB\s-1ASN1_TLC\s0\fR context (which may be required for other \s-1ASN1\s0 function calls) is +passed in the \fIctx\fR parameter. +.Sp +The \fIasn1_ex_d2i\fR entry may be \s-1NULL\s0 if \fIasn1_ex_d2i_ex\fR has been specified +instead. +.Sp +Returns <= 0 on error or a positive value on success. +.IP "\fIasn1_ex_i2d\fR" 4 +.IX Item "asn1_ex_i2d" +An \*(L"i2d\*(R" function responsible for converting an \fB\s-1ASN1_VALUE\s0\fR into \s-1DER\s0 encoding. +On entry \fI*pval\fR will contain the \fB\s-1ASN1_VALUE\s0\fR to be encoded. If default +tagging is to be used then \fItag\fR will be \-1 on entry. Otherwise if implicit +tagging should be used then \fItag\fR and \fIaclass\fR will be the tag and associated +class. +.Sp +If \fIout\fR is not \s-1NULL\s0 then this function should write the \s-1DER\s0 encoded data to +the buffer in \fI*out\fR, and then increment \fI*out\fR to point to immediately after +the data just written. +.Sp +If \fIout\fR is \s-1NULL\s0 then no data should be written but the length calculated and +returned as if it were. +.Sp +The \fIasn1_ex_i2d\fR entry may be \s-1NULL\s0 if \fIasn1_ex_i2d_ex\fR has been specified +instead. +.Sp +The return value should be negative if a fatal error occurred, or 0 if a +non-fatal error occurred. Otherwise it should return the length of the encoded +data. +.IP "\fIasn1_ex_print\fR" 4 +.IX Item "asn1_ex_print" +A \*(L"print\*(R" function. \fIout\fR is the \s-1BIO\s0 to print the output to. \fI*pval\fR is the +\&\fB\s-1ASN1_VALUE\s0\fR to be printed. \fIindent\fR is the number of spaces of indenting to +be printed before any data is printed. \fIfname\fR is currently unused and is +always "". \fIpctx\fR is a pointer to the \fB\s-1ASN1_PCTX\s0\fR for the print operation. +.Sp +Returns 0 on error or a positive value on success. If the return value is 2 then +an additional newline will be printed after the data printed by this function. +.IP "\fIasn1_ex_new_ex\fR" 4 +.IX Item "asn1_ex_new_ex" +This is the same as \fIasn1_ex_new\fR except that it is additionally passed the +\&\s-1OSSL_LIB_CTX\s0 to be used in \fIlibctx\fR and any property query string to be used +for algorithm fetching in the \fIpropq\fR parameter. See +\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further details. If \fIasn1_ex_new_ex\fR is +non \s-1NULL,\s0 then it will always be called in preference to \fIasn1_ex_new\fR. +.IP "\fIasn1_ex_d2i_ex\fR" 4 +.IX Item "asn1_ex_d2i_ex" +This is the same as \fIasn1_ex_d2i\fR except that it is additionally passed the +\&\s-1OSSL_LIB_CTX\s0 to be used in \fIlibctx\fR and any property query string to be used +for algorithm fetching in the \fIpropq\fR parameter. See +\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further details. If \fIasn1_ex_d2i_ex\fR is +non \s-1NULL,\s0 then it will always be called in preference to \fIasn1_ex_d2i\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Return values for the various callbacks are as described above. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBASN1_item_new_ex\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIasn1_ex_new_ex\fR and \fIasn1_ex_d2i_ex\fR callbacks were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ASN1_INTEGER_get_int64.3 b/secure/lib/libcrypto/man/man3/ASN1_INTEGER_get_int64.3 index 8b500bffe149..8f57a9bd7b53 100644 --- a/secure/lib/libcrypto/man/man3/ASN1_INTEGER_get_int64.3 +++ b/secure/lib/libcrypto/man/man3/ASN1_INTEGER_get_int64.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ASN1_INTEGER_GET_INT64 3" -.TH ASN1_INTEGER_GET_INT64 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "ASN1_INTEGER_GET_INT64 3ossl" +.TH ASN1_INTEGER_GET_INT64 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ASN1_INTEGER_get_uint64, ASN1_INTEGER_set_uint64, ASN1_INTEGER_get_int64, ASN1_INTEGER_get, ASN1_INTEGER_set_int64, ASN1_INTEGER_set, BN_to_ASN1_INTEGER, ASN1_INTEGER_to_BN, ASN1_ENUMERATED_get_int64, ASN1_ENUMERATED_get, ASN1_ENUMERATED_set_int64, ASN1_ENUMERATED_set, BN_to_ASN1_ENUMERATED, ASN1_ENUMERATED_to_BN \&\- ASN.1 INTEGER and ENUMERATED utilities +ASN1_INTEGER_get_uint64, ASN1_INTEGER_set_uint64, +ASN1_INTEGER_get_int64, ASN1_INTEGER_get, ASN1_INTEGER_set_int64, ASN1_INTEGER_set, BN_to_ASN1_INTEGER, ASN1_INTEGER_to_BN, ASN1_ENUMERATED_get_int64, ASN1_ENUMERATED_get, ASN1_ENUMERATED_set_int64, ASN1_ENUMERATED_set, BN_to_ASN1_ENUMERATED, ASN1_ENUMERATED_to_BN +\&\- ASN.1 INTEGER and ENUMERATED utilities .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -149,7 +149,7 @@ ASN1_INTEGER_get_uint64, ASN1_INTEGER_set_uint64, ASN1_INTEGER_get_int64, ASN1_I \& long ASN1_INTEGER_get(const ASN1_INTEGER *a); \& \& int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); -\& int ASN1_INTEGER_set(const ASN1_INTEGER *a, long v); +\& int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); \& \& int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a); \& int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r); @@ -163,8 +163,8 @@ ASN1_INTEGER_get_uint64, ASN1_INTEGER_set_uint64, ASN1_INTEGER_get_int64, ASN1_I \& int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r); \& int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); \& -\& ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai); -\& BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn); +\& ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai); +\& BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -172,7 +172,7 @@ These functions convert to and from \fB\s-1ASN1_INTEGER\s0\fR and \fB\s-1ASN1_EN structures. .PP \&\fBASN1_INTEGER_get_int64()\fR converts an \fB\s-1ASN1_INTEGER\s0\fR into an \fBint64_t\fR type -If successful it returns 1 and sets \fB*pr\fR to the value of \fBa\fR. If it fails +If successful it returns 1 and sets \fI*pr\fR to the value of \fIa\fR. If it fails (due to invalid type or the value being too big to fit into an \fBint64_t\fR type) it returns 0. .PP @@ -180,26 +180,26 @@ it returns 0. converts to a \fBuint64_t\fR type and an error is returned if the passed integer is negative. .PP -\&\fBASN1_INTEGER_get()\fR also returns the value of \fBa\fR but it returns 0 if \fBa\fR is +\&\fBASN1_INTEGER_get()\fR also returns the value of \fIa\fR but it returns 0 if \fIa\fR is \&\s-1NULL\s0 and \-1 on error (which is ambiguous because \-1 is a legitimate value for an \fB\s-1ASN1_INTEGER\s0\fR). New applications should use \fBASN1_INTEGER_get_int64()\fR instead. .PP -\&\fBASN1_INTEGER_set_int64()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the -\&\fBint64_t\fR value \fBr\fR. +\&\fBASN1_INTEGER_set_int64()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fIa\fR to the +\&\fBint64_t\fR value \fIr\fR. .PP -\&\fBASN1_INTEGER_set_uint64()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the -\&\fBuint64_t\fR value \fBr\fR. +\&\fBASN1_INTEGER_set_uint64()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fIa\fR to the +\&\fBuint64_t\fR value \fIr\fR. .PP -\&\fBASN1_INTEGER_set()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the \fBlong\fR value -\&\fBv\fR. +\&\fBASN1_INTEGER_set()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fIa\fR to the \fIlong\fR value +\&\fIv\fR. .PP -\&\fBBN_to_ASN1_INTEGER()\fR converts \fB\s-1BIGNUM\s0\fR \fBbn\fR to an \fB\s-1ASN1_INTEGER\s0\fR. If \fBai\fR -is \s-1NULL\s0 a new \fB\s-1ASN1_INTEGER\s0\fR structure is returned. If \fBai\fR is not \s-1NULL\s0 then +\&\fBBN_to_ASN1_INTEGER()\fR converts \fB\s-1BIGNUM\s0\fR \fIbn\fR to an \fB\s-1ASN1_INTEGER\s0\fR. If \fIai\fR +is \s-1NULL\s0 a new \fB\s-1ASN1_INTEGER\s0\fR structure is returned. If \fIai\fR is not \s-1NULL\s0 then the existing structure will be used instead. .PP -\&\fBASN1_INTEGER_to_BN()\fR converts \s-1ASN1_INTEGER\s0 \fBai\fR into a \fB\s-1BIGNUM\s0\fR. If \fBbn\fR is -\&\s-1NULL\s0 a new \fB\s-1BIGNUM\s0\fR structure is returned. If \fBbn\fR is not \s-1NULL\s0 then the +\&\fBASN1_INTEGER_to_BN()\fR converts \s-1ASN1_INTEGER\s0 \fIai\fR into a \fB\s-1BIGNUM\s0\fR. If \fIbn\fR is +\&\s-1NULL\s0 a new \fB\s-1BIGNUM\s0\fR structure is returned. If \fIbn\fR is not \s-1NULL\s0 then the existing structure will be used instead. .PP \&\fBASN1_ENUMERATED_get_int64()\fR, \fBASN1_ENUMERATED_set_int64()\fR, @@ -207,8 +207,8 @@ existing structure will be used instead. behave in an identical way to their \s-1ASN1_INTEGER\s0 counterparts except they operate on an \fB\s-1ASN1_ENUMERATED\s0\fR value. .PP -\&\fBASN1_ENUMERATED_get()\fR returns the value of \fBa\fR in a similar way to -\&\fBASN1_INTEGER_get()\fR but it returns \fB0xffffffffL\fR if the value of \fBa\fR will not +\&\fBASN1_ENUMERATED_get()\fR returns the value of \fIa\fR in a similar way to +\&\fBASN1_INTEGER_get()\fR but it returns \fB0xffffffffL\fR if the value of \fIa\fR will not fit in a long type. New applications should use \fBASN1_ENUMERATED_get_int64()\fR instead. .SH "NOTES" @@ -252,9 +252,9 @@ of \s-1NULL\s0 if an error occurs. They can fail if the passed type is incorrect were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ASN1_INTEGER_new.3 b/secure/lib/libcrypto/man/man3/ASN1_INTEGER_new.3 new file mode 100644 index 000000000000..ecc1b8e221b2 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ASN1_INTEGER_new.3 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_INTEGER_NEW 3ossl" +.TH ASN1_INTEGER_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_INTEGER_new, ASN1_INTEGER_free \- ASN1_INTEGER allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/asn1.h> +\& +\& ASN1_INTEGER *ASN1_INTEGER_new(void); +\& void ASN1_INTEGER_free(ASN1_INTEGER *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBASN1_INTEGER_new()\fR returns an allocated \fB\s-1ASN1_INTEGER\s0\fR structure. +.PP +\&\fBASN1_INTEGER_free()\fR frees up a single \fB\s-1ASN1_INTEGER\s0\fR object. +.PP +\&\fB\s-1ASN1_INTEGER\s0\fR structure representing the \s-1ASN.1 INTEGER\s0 type +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_INTEGER_new()\fR return a valid \fB\s-1ASN1_INTEGER\s0\fR structure or \s-1NULL\s0 +if an error occurred. +.PP +\&\fBASN1_INTEGER_free()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ASN1_ITEM_lookup.3 b/secure/lib/libcrypto/man/man3/ASN1_ITEM_lookup.3 index 6b1b68172c5f..bad8a53f3b4d 100644 --- a/secure/lib/libcrypto/man/man3/ASN1_ITEM_lookup.3 +++ b/secure/lib/libcrypto/man/man3/ASN1_ITEM_lookup.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ASN1_ITEM_LOOKUP 3" -.TH ASN1_ITEM_LOOKUP 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "ASN1_ITEM_LOOKUP 3ossl" +.TH ASN1_ITEM_LOOKUP 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,14 +148,14 @@ ASN1_ITEM_lookup, ASN1_ITEM_get \- lookup ASN.1 structures .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBASN1_ITEM_lookup()\fR returns the \fB\s-1ASN1_ITEM\s0 name\fR. +\&\fBASN1_ITEM_lookup()\fR returns the \fB\s-1ASN1_ITEM\s0\fR named \fIname\fR. .PP -\&\fBASN1_ITEM_get()\fR returns the \fB\s-1ASN1_ITEM\s0\fR with index \fBi\fR. This function -returns \fB\s-1NULL\s0\fR if the index \fBi\fR is out of range. +\&\fBASN1_ITEM_get()\fR returns the \fB\s-1ASN1_ITEM\s0\fR with index \fIi\fR. This function +returns \s-1NULL\s0 if the index \fIi\fR is out of range. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBASN1_ITEM_lookup()\fR and \fBASN1_ITEM_get()\fR return a valid \fB\s-1ASN1_ITEM\s0\fR structure -or \fB\s-1NULL\s0\fR if an error occurred. +or \s-1NULL\s0 if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) @@ -165,7 +163,7 @@ or \fB\s-1NULL\s0\fR if an error occurred. .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ASN1_OBJECT_new.3 b/secure/lib/libcrypto/man/man3/ASN1_OBJECT_new.3 index 31f91295fbe8..aa8514b09699 100644 --- a/secure/lib/libcrypto/man/man3/ASN1_OBJECT_new.3 +++ b/secure/lib/libcrypto/man/man3/ASN1_OBJECT_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ASN1_OBJECT_NEW 3" -.TH ASN1_OBJECT_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "ASN1_OBJECT_NEW 3ossl" +.TH ASN1_OBJECT_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,21 +148,21 @@ ASN1_OBJECT_new, ASN1_OBJECT_free \- object allocation functions .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \s-1ASN1_OBJECT\s0 allocation routines, allocate and free an -\&\s-1ASN1_OBJECT\s0 structure, which represents an \s-1ASN1 OBJECT IDENTIFIER.\s0 +The \fB\s-1ASN1_OBJECT\s0\fR allocation routines, allocate and free an +\&\fB\s-1ASN1_OBJECT\s0\fR structure, which represents an \s-1ASN1 OBJECT IDENTIFIER.\s0 .PP -\&\fBASN1_OBJECT_new()\fR allocates and initializes an \s-1ASN1_OBJECT\s0 structure. +\&\fBASN1_OBJECT_new()\fR allocates and initializes an \fB\s-1ASN1_OBJECT\s0\fR structure. .PP -\&\fBASN1_OBJECT_free()\fR frees up the \fB\s-1ASN1_OBJECT\s0\fR structure \fBa\fR. -If \fBa\fR is \s-1NULL,\s0 nothing is done. +\&\fBASN1_OBJECT_free()\fR frees up the \fB\s-1ASN1_OBJECT\s0\fR structure \fIa\fR. +If \fIa\fR is \s-1NULL,\s0 nothing is done. .SH "NOTES" .IX Header "NOTES" -Although \fBASN1_OBJECT_new()\fR allocates a new \s-1ASN1_OBJECT\s0 structure it +Although \fBASN1_OBJECT_new()\fR allocates a new \fB\s-1ASN1_OBJECT\s0\fR structure it is almost never used in applications. The \s-1ASN1\s0 object utility functions such as \fBOBJ_nid2obj()\fR are used instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If the allocation fails, \fBASN1_OBJECT_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +If the allocation fails, \fBASN1_OBJECT_new()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns a pointer to the newly allocated structure. .PP @@ -176,7 +174,7 @@ Otherwise it returns a pointer to the newly allocated structure. .IX Header "COPYRIGHT" Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ASN1_STRING_TABLE_add.3 b/secure/lib/libcrypto/man/man3/ASN1_STRING_TABLE_add.3 index 6298ca67c832..a9a8808c0d2f 100644 --- a/secure/lib/libcrypto/man/man3/ASN1_STRING_TABLE_add.3 +++ b/secure/lib/libcrypto/man/man3/ASN1_STRING_TABLE_add.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ASN1_STRING_TABLE_ADD 3" -.TH ASN1_STRING_TABLE_ADD 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "ASN1_STRING_TABLE_ADD 3ossl" +.TH ASN1_STRING_TABLE_ADD 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ASN1_STRING_TABLE, ASN1_STRING_TABLE_add, ASN1_STRING_TABLE_get, ASN1_STRING_TABLE_cleanup \- ASN1_STRING_TABLE manipulation functions +ASN1_STRING_TABLE, ASN1_STRING_TABLE_add, ASN1_STRING_TABLE_get, +ASN1_STRING_TABLE_cleanup \- ASN1_STRING_TABLE manipulation functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -149,7 +148,7 @@ ASN1_STRING_TABLE, ASN1_STRING_TABLE_add, ASN1_STRING_TABLE_get, ASN1_STRING_TAB \& \& int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize, \& unsigned long mask, unsigned long flags); -\& ASN1_STRING_TABLE * ASN1_STRING_TABLE_get(int nid); +\& ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); \& void ASN1_STRING_TABLE_cleanup(void); .Ve .SH "DESCRIPTION" @@ -161,16 +160,16 @@ ASN1_STRING_TABLE, ASN1_STRING_TABLE_add, ASN1_STRING_TABLE_get, ASN1_STRING_TAB .SS "Functions" .IX Subsection "Functions" \&\fBASN1_STRING_TABLE_add()\fR adds a new \fB\s-1ASN1_STRING_TABLE\s0\fR item into the -local \s-1ASN1\s0 string table based on the \fBnid\fR along with other parameters. +local \s-1ASN1\s0 string table based on the \fInid\fR along with other parameters. .PP If the item is already in the table, fields of \fB\s-1ASN1_STRING_TABLE\s0\fR are -updated (depending on the values of those parameters, e.g., \fBminsize\fR -and \fBmaxsize\fR >= 0, \fBmask\fR and \fBflags\fR != 0). If the \fBnid\fR is standard, +updated (depending on the values of those parameters, e.g., \fIminsize\fR +and \fImaxsize\fR >= 0, \fImask\fR and \fIflags\fR != 0). If the \fInid\fR is standard, a copy of the standard \fB\s-1ASN1_STRING_TABLE\s0\fR is created and updated with other parameters. .PP \&\fBASN1_STRING_TABLE_get()\fR searches for an \fB\s-1ASN1_STRING_TABLE\s0\fR item based -on \fBnid\fR. It will search the local table first, then the standard one. +on \fInid\fR. It will search the local table first, then the standard one. .PP \&\fBASN1_STRING_TABLE_cleanup()\fR frees all \fB\s-1ASN1_STRING_TABLE\s0\fR items added by \fBASN1_STRING_TABLE_add()\fR. @@ -179,7 +178,7 @@ by \fBASN1_STRING_TABLE_add()\fR. \&\fBASN1_STRING_TABLE_add()\fR returns 1 on success, 0 if an error occurred. .PP \&\fBASN1_STRING_TABLE_get()\fR returns a valid \fB\s-1ASN1_STRING_TABLE\s0\fR structure -or \fB\s-1NULL\s0\fR if nothing is found. +or \s-1NULL\s0 if nothing is found. .PP \&\fBASN1_STRING_TABLE_cleanup()\fR does not return a value. .SH "SEE ALSO" @@ -187,9 +186,9 @@ or \fB\s-1NULL\s0\fR if nothing is found. \&\fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ASN1_STRING_length.3 b/secure/lib/libcrypto/man/man3/ASN1_STRING_length.3 index 338add400fe8..e8a6e1feee84 100644 --- a/secure/lib/libcrypto/man/man3/ASN1_STRING_length.3 +++ b/secure/lib/libcrypto/man/man3/ASN1_STRING_length.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,24 +130,26 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ASN1_STRING_LENGTH 3" -.TH ASN1_STRING_LENGTH 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "ASN1_STRING_LENGTH 3ossl" +.TH ASN1_STRING_LENGTH 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length, ASN1_STRING_type, ASN1_STRING_get0_data, ASN1_STRING_data, ASN1_STRING_to_UTF8 \- ASN1_STRING utility functions +ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length, +ASN1_STRING_type, ASN1_STRING_get0_data, ASN1_STRING_data, +ASN1_STRING_to_UTF8 \- ASN1_STRING utility functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/asn1.h> \& \& int ASN1_STRING_length(ASN1_STRING *x); -\& const unsigned char * ASN1_STRING_get0_data(const ASN1_STRING *x); -\& unsigned char * ASN1_STRING_data(ASN1_STRING *x); +\& const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x); +\& unsigned char *ASN1_STRING_data(ASN1_STRING *x); \& -\& ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a); +\& ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a); \& \& int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b); \& @@ -163,9 +163,9 @@ ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length, ASN1_STRI .IX Header "DESCRIPTION" These functions allow an \fB\s-1ASN1_STRING\s0\fR structure to be manipulated. .PP -\&\fBASN1_STRING_length()\fR returns the length of the content of \fBx\fR. +\&\fBASN1_STRING_length()\fR returns the length of the content of \fIx\fR. .PP -\&\fBASN1_STRING_get0_data()\fR returns an internal pointer to the data of \fBx\fR. +\&\fBASN1_STRING_get0_data()\fR returns an internal pointer to the data of \fIx\fR. Since this is an internal pointer it should \fBnot\fR be freed or modified in any way. .PP @@ -173,21 +173,21 @@ modified in any way. returned value is not constant. This function is deprecated: applications should use \fBASN1_STRING_get0_data()\fR instead. .PP -\&\fBASN1_STRING_dup()\fR returns a copy of the structure \fBa\fR. +\&\fBASN1_STRING_dup()\fR returns a copy of the structure \fIa\fR. .PP -\&\fBASN1_STRING_cmp()\fR compares \fBa\fR and \fBb\fR returning 0 if the two +\&\fBASN1_STRING_cmp()\fR compares \fIa\fR and \fIb\fR returning 0 if the two are identical. The string types and content are compared. .PP -\&\fBASN1_STRING_set()\fR sets the data of string \fBstr\fR to the buffer -\&\fBdata\fR or length \fBlen\fR. The supplied data is copied. If \fBlen\fR +\&\fBASN1_STRING_set()\fR sets the data of string \fIstr\fR to the buffer +\&\fIdata\fR or length \fIlen\fR. The supplied data is copied. If \fIlen\fR is \-1 then the length is determined by strlen(data). .PP -\&\fBASN1_STRING_type()\fR returns the type of \fBx\fR, using standard constants +\&\fBASN1_STRING_type()\fR returns the type of \fIx\fR, using standard constants such as \fBV_ASN1_OCTET_STRING\fR. .PP -\&\fBASN1_STRING_to_UTF8()\fR converts the string \fBin\fR to \s-1UTF8\s0 format, the -converted data is allocated in a buffer in \fB*out\fR. The length of -\&\fBout\fR is returned or a negative error code. The buffer \fB*out\fR +\&\fBASN1_STRING_to_UTF8()\fR converts the string \fIin\fR to \s-1UTF8\s0 format, the +converted data is allocated in a buffer in \fI*out\fR. The length of +\&\fIout\fR is returned or a negative error code. The buffer \fI*out\fR should be freed using \fBOPENSSL_free()\fR. .SH "NOTES" .IX Header "NOTES" @@ -212,22 +212,22 @@ Similar care should be take to ensure the data is in the correct format when calling \fBASN1_STRING_set()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBASN1_STRING_length()\fR returns the length of the content of \fBx\fR. +\&\fBASN1_STRING_length()\fR returns the length of the content of \fIx\fR. .PP \&\fBASN1_STRING_get0_data()\fR and \fBASN1_STRING_data()\fR return an internal pointer to -the data of \fBx\fR. +the data of \fIx\fR. .PP -\&\fBASN1_STRING_dup()\fR returns a valid \fB\s-1ASN1_STRING\s0\fR structure or \fB\s-1NULL\s0\fR if an +\&\fBASN1_STRING_dup()\fR returns a valid \fB\s-1ASN1_STRING\s0\fR structure or \s-1NULL\s0 if an error occurred. .PP \&\fBASN1_STRING_cmp()\fR returns an integer greater than, equal to, or less than 0, -according to whether \fBa\fR is greater than, equal to, or less than \fBb\fR. +according to whether \fIa\fR is greater than, equal to, or less than \fIb\fR. .PP \&\fBASN1_STRING_set()\fR returns 1 on success or 0 on error. .PP -\&\fBASN1_STRING_type()\fR returns the type of \fBx\fR. +\&\fBASN1_STRING_type()\fR returns the type of \fIx\fR. .PP -\&\fBASN1_STRING_to_UTF8()\fR returns the number of bytes in output string \fBout\fR or a +\&\fBASN1_STRING_to_UTF8()\fR returns the number of bytes in output string \fIout\fR or a negative value if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" @@ -236,7 +236,7 @@ negative value if an error occurred. .IX Header "COPYRIGHT" Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ASN1_STRING_new.3 b/secure/lib/libcrypto/man/man3/ASN1_STRING_new.3 index 44f312b33b77..a10c04d6026d 100644 --- a/secure/lib/libcrypto/man/man3/ASN1_STRING_new.3 +++ b/secure/lib/libcrypto/man/man3/ASN1_STRING_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,21 +130,22 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ASN1_STRING_NEW 3" -.TH ASN1_STRING_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "ASN1_STRING_NEW 3ossl" +.TH ASN1_STRING_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free \- ASN1_STRING allocation functions +ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free \- +ASN1_STRING allocation functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/asn1.h> \& -\& ASN1_STRING * ASN1_STRING_new(void); -\& ASN1_STRING * ASN1_STRING_type_new(int type); +\& ASN1_STRING *ASN1_STRING_new(void); +\& ASN1_STRING *ASN1_STRING_type_new(int type); \& void ASN1_STRING_free(ASN1_STRING *a); .Ve .SH "DESCRIPTION" @@ -155,18 +154,18 @@ ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free \- ASN1_STRING allocatio is undefined. .PP \&\fBASN1_STRING_type_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure of -type \fBtype\fR. +type \fItype\fR. .PP -\&\fBASN1_STRING_free()\fR frees up \fBa\fR. -If \fBa\fR is \s-1NULL\s0 nothing is done. +\&\fBASN1_STRING_free()\fR frees up \fIa\fR. +If \fIa\fR is \s-1NULL\s0 nothing is done. .SH "NOTES" .IX Header "NOTES" Other string types call the \fB\s-1ASN1_STRING\s0\fR functions. For example -\&\fBASN1_OCTET_STRING_new()\fR calls ASN1_STRING_type(V_ASN1_OCTET_STRING). +\&\fBASN1_OCTET_STRING_new()\fR calls ASN1_STRING_type_new(V_ASN1_OCTET_STRING). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBASN1_STRING_new()\fR and \fBASN1_STRING_type_new()\fR return a valid -\&\s-1ASN1_STRING\s0 structure or \fB\s-1NULL\s0\fR if an error occurred. +\&\fB\s-1ASN1_STRING\s0\fR structure or \s-1NULL\s0 if an error occurred. .PP \&\fBASN1_STRING_free()\fR does not return a value. .SH "SEE ALSO" @@ -174,9 +173,9 @@ Other string types call the \fB\s-1ASN1_STRING\s0\fR functions. For example \&\fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ASN1_STRING_print_ex.3 b/secure/lib/libcrypto/man/man3/ASN1_STRING_print_ex.3 index 7fe66710e91b..844daeb5662d 100644 --- a/secure/lib/libcrypto/man/man3/ASN1_STRING_print_ex.3 +++ b/secure/lib/libcrypto/man/man3/ASN1_STRING_print_ex.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ASN1_STRING_PRINT_EX 3" -.TH ASN1_STRING_PRINT_EX 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "ASN1_STRING_PRINT_EX 3ossl" +.TH ASN1_STRING_PRINT_EX 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ASN1_tag2str, ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp, ASN1_STRING_print \&\- ASN1_STRING output routines +ASN1_tag2str, ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp, ASN1_STRING_print +\&\- ASN1_STRING output routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -156,15 +155,15 @@ ASN1_tag2str, ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp, ASN1_STRING_print \ These functions output an \fB\s-1ASN1_STRING\s0\fR structure. \fB\s-1ASN1_STRING\s0\fR is used to represent all the \s-1ASN1\s0 string types. .PP -\&\fBASN1_STRING_print_ex()\fR outputs \fBstr\fR to \fBout\fR, the format is determined by -the options \fBflags\fR. \fBASN1_STRING_print_ex_fp()\fR is identical except it outputs -to \fBfp\fR instead. +\&\fBASN1_STRING_print_ex()\fR outputs \fIstr\fR to \fIout\fR, the format is determined by +the options \fIflags\fR. \fBASN1_STRING_print_ex_fp()\fR is identical except it outputs +to \fIfp\fR instead. .PP -\&\fBASN1_STRING_print()\fR prints \fBstr\fR to \fBout\fR but using a different format to +\&\fBASN1_STRING_print()\fR prints \fIstr\fR to \fIout\fR but using a different format to \&\fBASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR, LF\s0) with '.'. .PP -\&\fBASN1_tag2str()\fR returns a human-readable name of the specified \s-1ASN.1\s0 \fBtag\fR. +\&\fBASN1_tag2str()\fR returns a human-readable name of the specified \s-1ASN.1\s0 \fItag\fR. .SH "NOTES" .IX Header "NOTES" \&\fBASN1_STRING_print()\fR is a deprecated function which should be avoided; use @@ -173,7 +172,7 @@ with '.'. Although there are a large number of options frequently \fB\s-1ASN1_STRFLGS_RFC2253\s0\fR is suitable, or on \s-1UTF8\s0 terminals \fB\s-1ASN1_STRFLGS_RFC2253 &\s0 ~ASN1_STRFLGS_ESC_MSB\fR. .PP -The complete set of supported options for \fBflags\fR is listed below. +The complete set of supported options for \fIflags\fR is listed below. .PP Various characters can be escaped. If \fB\s-1ASN1_STRFLGS_ESC_2253\s0\fR is set the characters determined by \s-1RFC2253\s0 are escaped. If \fB\s-1ASN1_STRFLGS_ESC_CTRL\s0\fR is set control @@ -230,7 +229,7 @@ characters written or \-1 if an error occurred. .PP \&\fBASN1_STRING_print()\fR returns 1 on success or 0 on error. .PP -\&\fBASN1_tag2str()\fR returns a human-readable name of the specified \s-1ASN.1\s0 \fBtag\fR. +\&\fBASN1_tag2str()\fR returns a human-readable name of the specified \s-1ASN.1\s0 \fItag\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_NAME_print_ex\fR\|(3), @@ -239,7 +238,7 @@ characters written or \-1 if an error occurred. .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ASN1_TIME_set.3 b/secure/lib/libcrypto/man/man3/ASN1_TIME_set.3 index cf5dba59e50c..8529522d18c3 100644 --- a/secure/lib/libcrypto/man/man3/ASN1_TIME_set.3 +++ b/secure/lib/libcrypto/man/man3/ASN1_TIME_set.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,26 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ASN1_TIME_SET 3" -.TH ASN1_TIME_SET 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "ASN1_TIME_SET 3ossl" +.TH ASN1_TIME_SET 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ASN1_TIME_set, ASN1_UTCTIME_set, ASN1_GENERALIZEDTIME_set, ASN1_TIME_adj, ASN1_UTCTIME_adj, ASN1_GENERALIZEDTIME_adj, ASN1_TIME_check, ASN1_UTCTIME_check, ASN1_GENERALIZEDTIME_check, ASN1_TIME_set_string, ASN1_UTCTIME_set_string, ASN1_GENERALIZEDTIME_set_string, ASN1_TIME_set_string_X509, ASN1_TIME_normalize, ASN1_TIME_to_tm, ASN1_TIME_print, ASN1_UTCTIME_print, ASN1_GENERALIZEDTIME_print, ASN1_TIME_diff, ASN1_TIME_cmp_time_t, ASN1_UTCTIME_cmp_time_t, ASN1_TIME_compare, ASN1_TIME_to_generalizedtime \- ASN.1 Time functions +ASN1_TIME_set, ASN1_UTCTIME_set, ASN1_GENERALIZEDTIME_set, +ASN1_TIME_adj, ASN1_UTCTIME_adj, ASN1_GENERALIZEDTIME_adj, +ASN1_TIME_check, ASN1_UTCTIME_check, ASN1_GENERALIZEDTIME_check, +ASN1_TIME_set_string, ASN1_UTCTIME_set_string, ASN1_GENERALIZEDTIME_set_string, +ASN1_TIME_set_string_X509, +ASN1_TIME_normalize, +ASN1_TIME_to_tm, +ASN1_TIME_print, ASN1_TIME_print_ex, ASN1_UTCTIME_print, ASN1_GENERALIZEDTIME_print, +ASN1_TIME_diff, +ASN1_TIME_cmp_time_t, ASN1_UTCTIME_cmp_time_t, +ASN1_TIME_compare, +ASN1_TIME_to_generalizedtime, +ASN1_TIME_dup, ASN1_UTCTIME_dup, ASN1_GENERALIZEDTIME_dup \- ASN.1 Time functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 4 @@ -169,6 +179,7 @@ ASN1_TIME_set, ASN1_UTCTIME_set, ASN1_GENERALIZEDTIME_set, ASN1_TIME_adj, ASN1_U \& int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *t); \& \& int ASN1_TIME_print(BIO *b, const ASN1_TIME *s); +\& int ASN1_TIME_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags); \& int ASN1_UTCTIME_print(BIO *b, const ASN1_UTCTIME *s); \& int ASN1_GENERALIZEDTIME_print(BIO *b, const ASN1_GENERALIZEDTIME *s); \& @@ -183,136 +194,154 @@ ASN1_TIME_set, ASN1_UTCTIME_set, ASN1_GENERALIZEDTIME_set, ASN1_TIME_adj, ASN1_U \& \& ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, \& ASN1_GENERALIZEDTIME **out); +\& +\& ASN1_TIME *ASN1_TIME_dup(const ASN1_TIME *t); +\& ASN1_UTCTIME *ASN1_UTCTIME_dup(const ASN1_UTCTIME *t); +\& ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_dup(const ASN1_GENERALIZEDTIME *t); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBASN1_TIME_set()\fR, \fBASN1_UTCTIME_set()\fR and \fBASN1_GENERALIZEDTIME_set()\fR -functions set the structure \fBs\fR to the time represented by the time_t -value \fBt\fR. If \fBs\fR is \s-1NULL\s0 a new time structure is allocated and returned. +functions set the structure \fIs\fR to the time represented by the time_t +value \fIt\fR. If \fIs\fR is \s-1NULL\s0 a new time structure is allocated and returned. .PP The \fBASN1_TIME_adj()\fR, \fBASN1_UTCTIME_adj()\fR and \fBASN1_GENERALIZEDTIME_adj()\fR -functions set the time structure \fBs\fR to the time represented -by the time \fBoffset_day\fR and \fBoffset_sec\fR after the time_t value \fBt\fR. -The values of \fBoffset_day\fR or \fBoffset_sec\fR can be negative to set a -time before \fBt\fR. The \fBoffset_sec\fR value can also exceed the number of -seconds in a day. If \fBs\fR is \s-1NULL\s0 a new structure is allocated +functions set the time structure \fIs\fR to the time represented +by the time \fIoffset_day\fR and \fIoffset_sec\fR after the time_t value \fIt\fR. +The values of \fIoffset_day\fR or \fIoffset_sec\fR can be negative to set a +time before \fIt\fR. The \fIoffset_sec\fR value can also exceed the number of +seconds in a day. If \fIs\fR is \s-1NULL\s0 a new structure is allocated and returned. .PP The \fBASN1_TIME_set_string()\fR, \fBASN1_UTCTIME_set_string()\fR and -\&\fBASN1_GENERALIZEDTIME_set_string()\fR functions set the time structure \fBs\fR -to the time represented by string \fBstr\fR which must be in appropriate \s-1ASN.1\s0 -time format (for example \s-1YYMMDDHHMMSSZ\s0 or \s-1YYYYMMDDHHMMSSZ\s0). If \fBs\fR is \s-1NULL\s0 -this function performs a format check on \fBstr\fR only. The string \fBstr\fR -is copied into \fBs\fR. -.PP -\&\fBASN1_TIME_set_string_X509()\fR sets \s-1ASN1_TIME\s0 structure \fBs\fR to the time -represented by string \fBstr\fR which must be in appropriate time format +\&\fBASN1_GENERALIZEDTIME_set_string()\fR functions set the time structure \fIs\fR +to the time represented by string \fIstr\fR which must be in appropriate \s-1ASN.1\s0 +time format (for example \s-1YYMMDDHHMMSSZ\s0 or \s-1YYYYMMDDHHMMSSZ\s0). If \fIs\fR is \s-1NULL\s0 +this function performs a format check on \fIstr\fR only. The string \fIstr\fR +is copied into \fIs\fR. +.PP +\&\fBASN1_TIME_set_string_X509()\fR sets \fB\s-1ASN1_TIME\s0\fR structure \fIs\fR to the time +represented by string \fIstr\fR which must be in appropriate time format that \s-1RFC 5280\s0 requires, which means it only allows \s-1YYMMDDHHMMSSZ\s0 and \&\s-1YYYYMMDDHHMMSSZ\s0 (leap second is rejected), all other \s-1ASN.1\s0 time format -are not allowed. If \fBs\fR is \s-1NULL\s0 this function performs a format check -on \fBstr\fR only. +are not allowed. If \fIs\fR is \s-1NULL\s0 this function performs a format check +on \fIstr\fR only. .PP -The \fBASN1_TIME_normalize()\fR function converts an \s-1ASN1_GENERALIZEDTIME\s0 or -\&\s-1ASN1_UTCTIME\s0 into a time value that can be used in a certificate. It +The \fBASN1_TIME_normalize()\fR function converts an \fB\s-1ASN1_GENERALIZEDTIME\s0\fR or +\&\fB\s-1ASN1_UTCTIME\s0\fR into a time value that can be used in a certificate. It should be used after the \fBASN1_TIME_set_string()\fR functions and before \&\fBASN1_TIME_print()\fR functions to get consistent (i.e. \s-1GMT\s0) results. .PP The \fBASN1_TIME_check()\fR, \fBASN1_UTCTIME_check()\fR and \fBASN1_GENERALIZEDTIME_check()\fR -functions check the syntax of the time structure \fBs\fR. +functions check the syntax of the time structure \fIs\fR. .PP The \fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR -functions print the time structure \fBs\fR to \s-1BIO\s0 \fBb\fR in human readable +functions print the time structure \fIs\fR to \s-1BIO\s0 \fIb\fR in human readable format. It will be of the format \s-1MMM DD HH:MM:SS YYYY\s0 [\s-1GMT\s0], for example -\&\*(L"Feb 3 00:55:52 2015 \s-1GMT\*(R"\s0 it does not include a newline. If the time -structure has invalid format it prints out \*(L"Bad time value\*(R" and returns -an error. The output for generalized time may include a fractional part +\&\*(L"Feb 3 00:55:52 2015 \s-1GMT\*(R",\s0 which does not include a newline. +If the time structure has invalid format it prints out \*(L"Bad time value\*(R" and +returns an error. The output for generalized time may include a fractional part following the second. .PP -\&\fBASN1_TIME_to_tm()\fR converts the time \fBs\fR to the standard \fBtm\fR structure. -If \fBs\fR is \s-1NULL,\s0 then the current time is converted. The output time is \s-1GMT.\s0 -The \fBtm_sec\fR, \fBtm_min\fR, \fBtm_hour\fR, \fBtm_mday\fR, \fBtm_wday\fR, \fBtm_yday\fR, -\&\fBtm_mon\fR and \fBtm_year\fR fields of \fBtm\fR structure are set to proper values, -whereas all other fields are set to 0. If \fBtm\fR is \s-1NULL\s0 this function performs -a format check on \fBs\fR only. If \fBs\fR is in Generalized format with fractional +\&\fBASN1_TIME_print_ex()\fR provides \fIflags\fR to specify the output format of the +datetime. This can be either \fB\s-1ASN1_DTFLGS_RFC822\s0\fR or \fB\s-1ASN1_DTFLGS_ISO8601\s0\fR. +.PP +\&\fBASN1_TIME_to_tm()\fR converts the time \fIs\fR to the standard \fItm\fR structure. +If \fIs\fR is \s-1NULL,\s0 then the current time is converted. The output time is \s-1GMT.\s0 +The \fItm_sec\fR, \fItm_min\fR, \fItm_hour\fR, \fItm_mday\fR, \fItm_wday\fR, \fItm_yday\fR, +\&\fItm_mon\fR and \fItm_year\fR fields of \fItm\fR structure are set to proper values, +whereas all other fields are set to 0. If \fItm\fR is \s-1NULL\s0 this function performs +a format check on \fIs\fR only. If \fIs\fR is in Generalized format with fractional seconds, e.g. \s-1YYYYMMDDHHMMSS.SSSZ,\s0 the fractional seconds will be lost while -converting \fBs\fR to \fBtm\fR structure. -.PP -\&\fBASN1_TIME_diff()\fR sets \fB*pday\fR and \fB*psec\fR to the time difference between -\&\fBfrom\fR and \fBto\fR. If \fBto\fR represents a time later than \fBfrom\fR then -one or both (depending on the time difference) of \fB*pday\fR and \fB*psec\fR -will be positive. If \fBto\fR represents a time earlier than \fBfrom\fR then -one or both of \fB*pday\fR and \fB*psec\fR will be negative. If \fBto\fR and \fBfrom\fR -represent the same time then \fB*pday\fR and \fB*psec\fR will both be zero. -If both \fB*pday\fR and \fB*psec\fR are nonzero they will always have the same -sign. The value of \fB*psec\fR will always be less than the number of seconds -in a day. If \fBfrom\fR or \fBto\fR is \s-1NULL\s0 the current time is used. +converting \fIs\fR to \fItm\fR structure. +.PP +\&\fBASN1_TIME_diff()\fR sets \fI*pday\fR and \fI*psec\fR to the time difference between +\&\fIfrom\fR and \fIto\fR. If \fIto\fR represents a time later than \fIfrom\fR then +one or both (depending on the time difference) of \fI*pday\fR and \fI*psec\fR +will be positive. If \fIto\fR represents a time earlier than \fIfrom\fR then +one or both of \fI*pday\fR and \fI*psec\fR will be negative. If \fIto\fR and \fIfrom\fR +represent the same time then \fI*pday\fR and \fI*psec\fR will both be zero. +If both \fI*pday\fR and \fI*psec\fR are nonzero they will always have the same +sign. The value of \fI*psec\fR will always be less than the number of seconds +in a day. If \fIfrom\fR or \fIto\fR is \s-1NULL\s0 the current time is used. .PP The \fBASN1_TIME_cmp_time_t()\fR and \fBASN1_UTCTIME_cmp_time_t()\fR functions compare -the two times represented by the time structure \fBs\fR and the time_t \fBt\fR. +the two times represented by the time structure \fIs\fR and the time_t \fIt\fR. .PP The \fBASN1_TIME_compare()\fR function compares the two times represented by the -time structures \fBa\fR and \fBb\fR. +time structures \fIa\fR and \fIb\fR. .PP -The \fBASN1_TIME_to_generalizedtime()\fR function converts an \s-1ASN1_TIME\s0 to an -\&\s-1ASN1_GENERALIZEDTIME,\s0 regardless of year. If either \fBout\fR or -\&\fB*out\fR are \s-1NULL,\s0 then a new object is allocated and must be freed after use. +The \fBASN1_TIME_to_generalizedtime()\fR function converts an \fB\s-1ASN1_TIME\s0\fR to an +\&\fB\s-1ASN1_GENERALIZEDTIME\s0\fR, regardless of year. If either \fIout\fR or +\&\fI*out\fR are \s-1NULL,\s0 then a new object is allocated and must be freed after use. +.PP +The \fBASN1_TIME_dup()\fR, \fBASN1_UTCTIME_dup()\fR and \fBASN1_GENERALIZEDTIME_dup()\fR functions +duplicate the time structure \fIt\fR and return the duplicated result +correspondingly. .SH "NOTES" .IX Header "NOTES" -The \s-1ASN1_TIME\s0 structure corresponds to the \s-1ASN.1\s0 structure \fBTime\fR +The \fB\s-1ASN1_TIME\s0\fR structure corresponds to the \s-1ASN.1\s0 structure \fBTime\fR defined in \s-1RFC5280\s0 et al. The time setting functions obey the rules outlined in \s-1RFC5280:\s0 if the date can be represented by UTCTime it is used, else GeneralizedTime is used. .PP -The \s-1ASN1_TIME, ASN1_UTCTIME\s0 and \s-1ASN1_GENERALIZEDTIME\s0 structures are represented -as an \s-1ASN1_STRING\s0 internally and can be freed up using \fBASN1_STRING_free()\fR. +The \fB\s-1ASN1_TIME\s0\fR, \fB\s-1ASN1_UTCTIME\s0\fR and \fB\s-1ASN1_GENERALIZEDTIME\s0\fR structures are +represented as an \fB\s-1ASN1_STRING\s0\fR internally and can be freed up using +\&\fBASN1_STRING_free()\fR. .PP -The \s-1ASN1_TIME\s0 structure can represent years from 0000 to 9999 but no attempt +The \fB\s-1ASN1_TIME\s0\fR structure can represent years from 0000 to 9999 but no attempt is made to correct ancient calendar changes (for example from Julian to Gregorian calendars). .PP -\&\s-1ASN1_UTCTIME\s0 is limited to a year range of 1950 through 2049. +\&\fB\s-1ASN1_UTCTIME\s0\fR is limited to a year range of 1950 through 2049. .PP Some applications add offset times directly to a time_t value and pass the results to \fBASN1_TIME_set()\fR (or equivalent). This can cause problems as the time_t value can overflow on some systems resulting in unexpected results. New applications should use \fBASN1_TIME_adj()\fR instead and pass the offset value -in the \fBoffset_sec\fR and \fBoffset_day\fR parameters instead of directly +in the \fIoffset_sec\fR and \fIoffset_day\fR parameters instead of directly manipulating a time_t value. .PP -\&\fBASN1_TIME_adj()\fR may change the type from \s-1ASN1_GENERALIZEDTIME\s0 to \s-1ASN1_UTCTIME,\s0 -or vice versa, based on the resulting year. The \fBASN1_GENERALIZEDTIME_adj()\fR and -\&\fBASN1_UTCTIME_adj()\fR functions will not modify the type of the return structure. +\&\fBASN1_TIME_adj()\fR may change the type from \fB\s-1ASN1_GENERALIZEDTIME\s0\fR to +\&\fB\s-1ASN1_UTCTIME\s0\fR, or vice versa, based on the resulting year. +\&\fBASN1_GENERALIZEDTIME_adj()\fR and \fBASN1_UTCTIME_adj()\fR will not modify the type +of the return structure. .PP -It is recommended that functions starting with \s-1ASN1_TIME\s0 be used instead of -those starting with \s-1ASN1_UTCTIME\s0 or \s-1ASN1_GENERALIZEDTIME.\s0 The functions -starting with \s-1ASN1_UTCTIME\s0 and \s-1ASN1_GENERALIZEDTIME\s0 act only on that specific -time format. The functions starting with \s-1ASN1_TIME\s0 will operate on either -format. +It is recommended that functions starting with \fB\s-1ASN1_TIME\s0\fR be used instead of +those starting with \fB\s-1ASN1_UTCTIME\s0\fR or \fB\s-1ASN1_GENERALIZEDTIME\s0\fR. The functions +starting with \fB\s-1ASN1_UTCTIME\s0\fR and \fB\s-1ASN1_GENERALIZEDTIME\s0\fR act only on that +specific time format. The functions starting with \fB\s-1ASN1_TIME\s0\fR will operate on +either format. .SH "BUGS" .IX Header "BUGS" -\&\fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR -do not print out the timezone: it either prints out \*(L"\s-1GMT\*(R"\s0 or nothing. But all +\&\fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR do +not print out the timezone: it either prints out \*(L"\s-1GMT\*(R"\s0 or nothing. But all certificates complying with \s-1RFC5280\s0 et al use \s-1GMT\s0 anyway. .PP +\&\fBASN1_TIME_print()\fR, \fBASN1_TIME_print_ex()\fR, \fBASN1_UTCTIME_print()\fR and +\&\fBASN1_GENERALIZEDTIME_print()\fR do not distinguish if they fail because +of an I/O error or invalid time format. +.PP Use the \fBASN1_TIME_normalize()\fR function to normalize the time value before printing to get \s-1GMT\s0 results. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBASN1_TIME_set()\fR, \fBASN1_UTCTIME_set()\fR, \fBASN1_GENERALIZEDTIME_set()\fR, \fBASN1_TIME_adj()\fR, -ASN1_UTCTIME_adj and ASN1_GENERALIZEDTIME_set return a pointer to a time structure -or \s-1NULL\s0 if an error occurred. +\&\fBASN1_TIME_set()\fR, \fBASN1_UTCTIME_set()\fR, \fBASN1_GENERALIZEDTIME_set()\fR, +\&\fBASN1_TIME_adj()\fR, \fBASN1_UTCTIME_adj()\fR and \fBASN1_GENERALIZEDTIME_set()\fR return +a pointer to a time structure or \s-1NULL\s0 if an error occurred. .PP -\&\fBASN1_TIME_set_string()\fR, \fBASN1_UTCTIME_set_string()\fR, \fBASN1_GENERALIZEDTIME_set_string()\fR -\&\fBASN1_TIME_set_string_X509()\fR return 1 if the time value is successfully set and 0 otherwise. +\&\fBASN1_TIME_set_string()\fR, \fBASN1_UTCTIME_set_string()\fR, +\&\fBASN1_GENERALIZEDTIME_set_string()\fR and \fBASN1_TIME_set_string_X509()\fR return +1 if the time value is successfully set and 0 otherwise. .PP \&\fBASN1_TIME_normalize()\fR returns 1 on success, and 0 on error. .PP \&\fBASN1_TIME_check()\fR, ASN1_UTCTIME_check and \fBASN1_GENERALIZEDTIME_check()\fR return 1 if the structure is syntactically correct and 0 otherwise. .PP -\&\fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR return 1 -if the time is successfully printed out and 0 if an error occurred (I/O error or -invalid time format). +\&\fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR +return 1 if the time is successfully printed out and +0 if an I/O error occurred an error occurred (I/O error or invalid time format). .PP \&\fBASN1_TIME_to_tm()\fR returns 1 if the time is successfully parsed and 0 if an error occurred (invalid time format). @@ -320,14 +349,18 @@ error occurred (invalid time format). \&\fBASN1_TIME_diff()\fR returns 1 for success and 0 for failure. It can fail if the passed-in time structure has invalid syntax, for example. .PP -\&\fBASN1_TIME_cmp_time_t()\fR and \fBASN1_UTCTIME_cmp_time_t()\fR return \-1 if \fBs\fR is -before \fBt\fR, 0 if \fBs\fR equals \fBt\fR, or 1 if \fBs\fR is after \fBt\fR. \-2 is returned +\&\fBASN1_TIME_cmp_time_t()\fR and \fBASN1_UTCTIME_cmp_time_t()\fR return \-1 if \fIs\fR is +before \fIt\fR, 0 if \fIs\fR equals \fIt\fR, or 1 if \fIs\fR is after \fIt\fR. \-2 is returned on error. .PP -\&\fBASN1_TIME_compare()\fR returns \-1 if \fBa\fR is before \fBb\fR, 0 if \fBa\fR equals \fBb\fR, or 1 if \fBa\fR is after \fBb\fR. \-2 is returned on error. +\&\fBASN1_TIME_compare()\fR returns \-1 if \fIa\fR is before \fIb\fR, 0 if \fIa\fR equals \fIb\fR, +or 1 if \fIa\fR is after \fIb\fR. \-2 is returned on error. +.PP +\&\fBASN1_TIME_to_generalizedtime()\fR returns a pointer to the appropriate time +structure on success or \s-1NULL\s0 if an error occurred. .PP -\&\fBASN1_TIME_to_generalizedtime()\fR returns a pointer to -the appropriate time structure on success or \s-1NULL\s0 if an error occurred. +\&\fBASN1_TIME_dup()\fR, \fBASN1_UTCTIME_dup()\fR and \fBASN1_GENERALIZEDTIME_dup()\fR return a +pointer to a time structure or \s-1NULL\s0 if an error occurred. .SH "EXAMPLES" .IX Header "EXAMPLES" Set a time structure to one hour after the current time and print it out: @@ -372,9 +405,9 @@ The \fBASN1_TIME_cmp_time_t()\fR function was added in OpenSSL 1.1.1. The \fBASN1_TIME_compare()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ASN1_TYPE_get.3 b/secure/lib/libcrypto/man/man3/ASN1_TYPE_get.3 index ff48bf27e8e2..c85eb62faf53 100644 --- a/secure/lib/libcrypto/man/man3/ASN1_TYPE_get.3 +++ b/secure/lib/libcrypto/man/man3/ASN1_TYPE_get.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ASN1_TYPE_GET 3" -.TH ASN1_TYPE_GET 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "ASN1_TYPE_GET 3ossl" +.TH ASN1_TYPE_GET 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ASN1_TYPE_get, ASN1_TYPE_set, ASN1_TYPE_set1, ASN1_TYPE_cmp, ASN1_TYPE_unpack_sequence, ASN1_TYPE_pack_sequence \- ASN1_TYPE utility functions +ASN1_TYPE_get, ASN1_TYPE_set, ASN1_TYPE_set1, ASN1_TYPE_cmp, ASN1_TYPE_unpack_sequence, ASN1_TYPE_pack_sequence \- ASN1_TYPE utility +functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -156,43 +155,44 @@ ASN1_TYPE_get, ASN1_TYPE_set, ASN1_TYPE_set1, ASN1_TYPE_cmp, ASN1_TYPE_unpack_se .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -These functions allow an \s-1ASN1_TYPE\s0 structure to be manipulated. The -\&\s-1ASN1_TYPE\s0 structure can contain any \s-1ASN.1\s0 type or constructed type +These functions allow an \fB\s-1ASN1_TYPE\s0\fR structure to be manipulated. The +\&\fB\s-1ASN1_TYPE\s0\fR structure can contain any \s-1ASN.1\s0 type or constructed type such as a \s-1SEQUENCE:\s0 it is effectively equivalent to the \s-1ASN.1 ANY\s0 type. .PP -\&\fBASN1_TYPE_get()\fR returns the type of \fBa\fR. +\&\fBASN1_TYPE_get()\fR returns the type of \fIa\fR or 0 if it fails. .PP -\&\fBASN1_TYPE_set()\fR sets the value of \fBa\fR to \fBtype\fR and \fBvalue\fR. This -function uses the pointer \fBvalue\fR internally so it must \fBnot\fR be freed +\&\fBASN1_TYPE_set()\fR sets the value of \fIa\fR to \fItype\fR and \fIvalue\fR. This +function uses the pointer \fIvalue\fR internally so it must \fBnot\fR be freed up after the call. .PP -\&\fBASN1_TYPE_set1()\fR sets the value of \fBa\fR to \fBtype\fR a copy of \fBvalue\fR. +\&\fBASN1_TYPE_set1()\fR sets the value of \fIa\fR to \fItype\fR a copy of \fIvalue\fR. .PP -\&\fBASN1_TYPE_cmp()\fR compares \s-1ASN.1\s0 types \fBa\fR and \fBb\fR and returns 0 if +\&\fBASN1_TYPE_cmp()\fR compares \s-1ASN.1\s0 types \fIa\fR and \fIb\fR and returns 0 if they are identical and nonzero otherwise. .PP \&\fBASN1_TYPE_unpack_sequence()\fR attempts to parse the \s-1SEQUENCE\s0 present in -\&\fBt\fR using the \s-1ASN.1\s0 structure \fBit\fR. If successful it returns a pointer -to the \s-1ASN.1\s0 structure corresponding to \fBit\fR which must be freed by the +\&\fIt\fR using the \s-1ASN.1\s0 structure \fIit\fR. If successful it returns a pointer +to the \s-1ASN.1\s0 structure corresponding to \fIit\fR which must be freed by the caller. If it fails it return \s-1NULL.\s0 .PP -\&\fBASN1_TYPE_pack_sequence()\fR attempts to encode the \s-1ASN.1\s0 structure \fBs\fR -corresponding to \fBit\fR into an \s-1ASN1_TYPE.\s0 If successful the encoded -\&\s-1ASN1_TYPE\s0 is returned. If \fBt\fR and \fB*t\fR are not \s-1NULL\s0 the encoded type -is written to \fBt\fR overwriting any existing data. If \fBt\fR is not \s-1NULL\s0 -but \fB*t\fR is \s-1NULL\s0 the returned \s-1ASN1_TYPE\s0 is written to \fB*t\fR. +\&\fBASN1_TYPE_pack_sequence()\fR attempts to encode the \s-1ASN.1\s0 structure \fIs\fR +corresponding to \fIit\fR into an \fB\s-1ASN1_TYPE\s0\fR. If successful the encoded +\&\fB\s-1ASN1_TYPE\s0\fR is returned. If \fIt\fR and \fI*t\fR are not \s-1NULL\s0 the encoded type +is written to \fIt\fR overwriting any existing data. If \fIt\fR is not \s-1NULL\s0 +but \fI*t\fR is \s-1NULL\s0 the returned \fB\s-1ASN1_TYPE\s0\fR is written to \fI*t\fR. .SH "NOTES" .IX Header "NOTES" -The type and meaning of the \fBvalue\fR parameter for \fBASN1_TYPE_set()\fR and -\&\fBASN1_TYPE_set1()\fR is determined by the \fBtype\fR parameter. -If \fBtype\fR is V_ASN1_NULL \fBvalue\fR is ignored. If \fBtype\fR is V_ASN1_BOOLEAN -then the boolean is set to \s-1TRUE\s0 if \fBvalue\fR is not \s-1NULL.\s0 If \fBtype\fR is -V_ASN1_OBJECT then value is an \s-1ASN1_OBJECT\s0 structure. Otherwise \fBtype\fR -is and \s-1ASN1_STRING\s0 structure. If \fBtype\fR corresponds to a primitive type -(or a string type) then the contents of the \s-1ASN1_STRING\s0 contain the content -octets of the type. If \fBtype\fR corresponds to a constructed type or -a tagged type (V_ASN1_SEQUENCE, V_ASN1_SET or V_ASN1_OTHER) then the -\&\s-1ASN1_STRING\s0 contains the entire \s-1ASN.1\s0 encoding verbatim (including tag and +The type and meaning of the \fIvalue\fR parameter for \fBASN1_TYPE_set()\fR and +\&\fBASN1_TYPE_set1()\fR is determined by the \fItype\fR parameter. +If \fItype\fR is \fBV_ASN1_NULL\fR \fIvalue\fR is ignored. If \fItype\fR is +\&\fBV_ASN1_BOOLEAN\fR +then the boolean is set to \s-1TRUE\s0 if \fIvalue\fR is not \s-1NULL.\s0 If \fItype\fR is +\&\fBV_ASN1_OBJECT\fR then value is an \fB\s-1ASN1_OBJECT\s0\fR structure. Otherwise \fItype\fR +is and \fB\s-1ASN1_STRING\s0\fR structure. If \fItype\fR corresponds to a primitive type +(or a string type) then the contents of the \fB\s-1ASN1_STRING\s0\fR contain the content +octets of the type. If \fItype\fR corresponds to a constructed type or +a tagged type (\fBV_ASN1_SEQUENCE\fR, \fBV_ASN1_SET\fR or \fBV_ASN1_OTHER\fR) then the +\&\fB\s-1ASN1_STRING\s0\fR contains the entire \s-1ASN.1\s0 encoding verbatim (including tag and length octets). .PP \&\fBASN1_TYPE_cmp()\fR may not return zero if two types are equivalent but have @@ -208,7 +208,7 @@ unparsable type which returns \s-1NULL\s0) for types which do \fBnot\fR match. S applications should handle the case of two absent values separately. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBASN1_TYPE_get()\fR returns the type of the \s-1ASN1_TYPE\s0 argument. +\&\fBASN1_TYPE_get()\fR returns the type of the \fB\s-1ASN1_TYPE\s0\fR argument. .PP \&\fBASN1_TYPE_set()\fR does not return a value. .PP @@ -219,13 +219,13 @@ applications should handle the case of two absent values separately. \&\fBASN1_TYPE_unpack_sequence()\fR returns a pointer to an \s-1ASN.1\s0 structure or \&\s-1NULL\s0 on failure. .PP -\&\fBASN1_TYPE_pack_sequence()\fR return an \s-1ASN1_TYPE\s0 structure if it succeeds or +\&\fBASN1_TYPE_pack_sequence()\fR return an \fB\s-1ASN1_TYPE\s0\fR structure if it succeeds or \&\s-1NULL\s0 on failure. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ASN1_aux_cb.3 b/secure/lib/libcrypto/man/man3/ASN1_aux_cb.3 new file mode 100644 index 000000000000..347d5ebcc502 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ASN1_aux_cb.3 @@ -0,0 +1,366 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_AUX_CB 3ossl" +.TH ASN1_AUX_CB 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_AUX, ASN1_PRINT_ARG, ASN1_STREAM_ARG, ASN1_aux_cb, ASN1_aux_const_cb +\&\- ASN.1 auxiliary data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/asn1t.h> +\& +\& struct ASN1_AUX_st { +\& void *app_data; +\& int flags; +\& int ref_offset; /* Offset of reference value */ +\& int ref_lock; /* Offset to an CRYPTO_RWLOCK */ +\& ASN1_aux_cb *asn1_cb; +\& int enc_offset; /* Offset of ASN1_ENCODING structure */ +\& ASN1_aux_const_cb *asn1_const_cb; /* for ASN1_OP_I2D_ and ASN1_OP_PRINT_ */ +\& }; +\& typedef struct ASN1_AUX_st ASN1_AUX; +\& +\& struct ASN1_PRINT_ARG_st { +\& BIO *out; +\& int indent; +\& const ASN1_PCTX *pctx; +\& }; +\& typedef struct ASN1_PRINT_ARG_st ASN1_PRINT_ARG; +\& +\& struct ASN1_STREAM_ARG_st { +\& BIO *out; +\& BIO *ndef_bio; +\& unsigned char **boundary; +\& }; +\& typedef struct ASN1_STREAM_ARG_st ASN1_STREAM_ARG; +\& +\& typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it, +\& void *exarg); +\& typedef int ASN1_aux_const_cb(int operation, const ASN1_VALUE **in, +\& const ASN1_ITEM *it, void *exarg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1ASN.1\s0 data structures can be associated with an \fB\s-1ASN1_AUX\s0\fR object to supply +additional information about the \s-1ASN.1\s0 structure. An \fB\s-1ASN1_AUX\s0\fR structure is +associated with the structure during the definition of the \s-1ASN.1\s0 template. For +example an \fB\s-1ASN1_AUX\s0\fR structure will be associated by using one of the various +\&\s-1ASN.1\s0 template definition macros that supply auxiliary information such as +\&\fBASN1_SEQUENCE_enc()\fR, \fBASN1_SEQUENCE_ref()\fR, \fBASN1_SEQUENCE_cb_const_cb()\fR, +\&\fBASN1_SEQUENCE_const_cb()\fR, \fBASN1_SEQUENCE_cb()\fR or \fBASN1_NDEF_SEQUENCE_cb()\fR. +.PP +An \fB\s-1ASN1_AUX\s0\fR structure contains the following information. +.IP "\fIapp_data\fR" 4 +.IX Item "app_data" +Arbitrary application data +.IP "\fIflags\fR" 4 +.IX Item "flags" +Flags which indicate the auxiliarly functionality supported. +.Sp +The \fB\s-1ASN1_AFLG_REFCOUNT\s0\fR flag indicates that objects support reference counting. +.Sp +The \fB\s-1ASN1_AFLG_ENCODING\s0\fR flag indicates that the original encoding of the +object will be saved. +.Sp +The \fB\s-1ASN1_AFLG_BROKEN\s0\fR flag is a work around for broken encoders where the +sequence length value may not be correct. This should generally not be used. +.Sp +The \fB\s-1ASN1_AFLG_CONST_CB\s0\fR flag indicates that the \*(L"const\*(R" form of the +\&\fB\s-1ASN1_AUX\s0\fR callback should be used in preference to the non-const form. +.IP "\fIref_offset\fR" 4 +.IX Item "ref_offset" +If the \fB\s-1ASN1_AFLG_REFCOUNT\s0\fR flag is set then this value is assumed to be an +offset into the \fB\s-1ASN1_VALUE\s0\fR structure where a \fB\s-1CRYPTO_REF_COUNT\s0\fR may be +found for the purposes of reference counting. +.IP "\fIref_lock\fR" 4 +.IX Item "ref_lock" +If the \fB\s-1ASN1_AFLG_REFCOUNT\s0\fR flag is set then this value is assumed to be an +offset into the \fB\s-1ASN1_VALUE\s0\fR structure where a \fB\s-1CRYPTO_RWLOCK\s0\fR may be +found for the purposes of reference counting. +.IP "\fIasn1_cb\fR" 4 +.IX Item "asn1_cb" +A callback that will be invoked at various points during the processing of +the the \fB\s-1ASN1_VALLUE\s0\fR. See below for further details. +.IP "\fIenc_offset\fR" 4 +.IX Item "enc_offset" +Offset into the \fB\s-1ASN1_VALUE\s0\fR object where the original encoding of the object +will be saved if the \fB\s-1ASN1_AFLG_ENCODING\s0\fR flag has been set. +.IP "\fIasn1_const_cb\fR" 4 +.IX Item "asn1_const_cb" +A callback that will be invoked at various points during the processing of +the the \fB\s-1ASN1_VALLUE\s0\fR. This is used in preference to the \fIasn1_cb\fR callback if +the \fB\s-1ASN1_AFLG_CONST_CB\s0\fR flag is set. See below for further details. +.PP +During the processing of an \fB\s-1ASN1_VALUE\s0\fR object the callbacks set via +\&\fIasn1_cb\fR or \fIasn1_const_cb\fR will be invoked as a result of various events +indicated via the \fIoperation\fR parameter. The value of \fI*in\fR will be the +\&\fB\s-1ASN1_VALUE\s0\fR object being processed based on the template in \fIit\fR. An +additional operation specific parameter may be passed in \fIexarg\fR. The currently +supported operations are as follows. The callbacks should return a positive +value on success or zero on error, unless otherwise noted below. +.IP "\fB\s-1ASN1_OP_NEW_PRE\s0\fR" 4 +.IX Item "ASN1_OP_NEW_PRE" +Invoked when processing a \fB\s-1CHOICE\s0\fR, \fB\s-1SEQUENCE\s0\fR or \fB\s-1NDEF_SEQUENCE\s0\fR structure +prior to an \fB\s-1ASN1_VALUE\s0\fR object being allocated. The callback may allocate the +\&\fB\s-1ASN1_VALUE\s0\fR itself and store it in \fI*pval\fR. If it does so it should return 2 +from the callback. On error it should return 0. +.IP "\fB\s-1ASN1_OP_NEW_POST\s0\fR" 4 +.IX Item "ASN1_OP_NEW_POST" +Invoked when processing a \fB\s-1CHOICE\s0\fR, \fB\s-1SEQUENCE\s0\fR or \fB\s-1NDEF_SEQUENCE\s0\fR structure +after an \fB\s-1ASN1_VALUE\s0\fR object has been allocated. The allocated object is in +\&\fI*pval\fR. +.IP "\fB\s-1ASN1_OP_FREE_PRE\s0\fR" 4 +.IX Item "ASN1_OP_FREE_PRE" +Invoked when processing a \fB\s-1CHOICE\s0\fR, \fB\s-1SEQUENCE\s0\fR or \fB\s-1NDEF_SEQUENCE\s0\fR structure +immediately before an \fB\s-1ASN1_VALUE\s0\fR is freed. If the callback originally +constructed the \fB\s-1ASN1_VALUE\s0\fR via \fB\s-1ASN1_OP_NEW_PRE\s0\fR then it should free it at +this point and return 2 from the callback. Otherwise it should return 1 for +success or 0 on error. +.IP "\fB\s-1ASN1_OP_FREE_POST\s0\fR" 4 +.IX Item "ASN1_OP_FREE_POST" +Invoked when processing a \fB\s-1CHOICE\s0\fR, \fB\s-1SEQUENCE\s0\fR or \fB\s-1NDEF_SEQUENCE\s0\fR structure +immediately after \fB\s-1ASN1_VALUE\s0\fR sub-structures are freed. +.IP "\fB\s-1ASN1_OP_D2I_PRE\s0\fR" 4 +.IX Item "ASN1_OP_D2I_PRE" +Invoked when processing a \fB\s-1CHOICE\s0\fR, \fB\s-1SEQUENCE\s0\fR or \fB\s-1NDEF_SEQUENCE\s0\fR structure +immediately before a \*(L"d2i\*(R" operation for the \fB\s-1ASN1_VALUE\s0\fR. +.IP "\fB\s-1ASN1_OP_D2I_POST\s0\fR" 4 +.IX Item "ASN1_OP_D2I_POST" +Invoked when processing a \fB\s-1CHOICE\s0\fR, \fB\s-1SEQUENCE\s0\fR or \fB\s-1NDEF_SEQUENCE\s0\fR structure +immediately after a \*(L"d2i\*(R" operation for the \fB\s-1ASN1_VALUE\s0\fR. +.IP "\fB\s-1ASN1_OP_I2D_PRE\s0\fR" 4 +.IX Item "ASN1_OP_I2D_PRE" +Invoked when processing a \fB\s-1CHOICE\s0\fR, \fB\s-1SEQUENCE\s0\fR or \fB\s-1NDEF_SEQUENCE\s0\fR structure +immediately before a \*(L"i2d\*(R" operation for the \fB\s-1ASN1_VALUE\s0\fR. +.IP "\fB\s-1ASN1_OP_I2D_POST\s0\fR" 4 +.IX Item "ASN1_OP_I2D_POST" +Invoked when processing a \fB\s-1CHOICE\s0\fR, \fB\s-1SEQUENCE\s0\fR or \fB\s-1NDEF_SEQUENCE\s0\fR structure +immediately after a \*(L"i2d\*(R" operation for the \fB\s-1ASN1_VALUE\s0\fR. +.IP "\fB\s-1ASN1_OP_PRINT_PRE\s0\fR" 4 +.IX Item "ASN1_OP_PRINT_PRE" +Invoked when processing a \fB\s-1SEQUENCE\s0\fR or \fB\s-1NDEF_SEQUENCE\s0\fR structure immediately +before printing the \fB\s-1ASN1_VALUE\s0\fR. The \fIexarg\fR argument will be a pointer to an +\&\fB\s-1ASN1_PRINT_ARG\s0\fR structure (see below). +.IP "\fB\s-1ASN1_OP_PRINT_POST\s0\fR" 4 +.IX Item "ASN1_OP_PRINT_POST" +Invoked when processing a \fB\s-1SEQUENCE\s0\fR or \fB\s-1NDEF_SEQUENCE\s0\fR structure immediately +after printing the \fB\s-1ASN1_VALUE\s0\fR. The \fIexarg\fR argument will be a pointer to an +\&\fB\s-1ASN1_PRINT_ARG\s0\fR structure (see below). +.IP "\fB\s-1ASN1_OP_STREAM_PRE\s0\fR" 4 +.IX Item "ASN1_OP_STREAM_PRE" +Invoked immediately prior to streaming the \fB\s-1ASN1_VALUE\s0\fR data using indefinite +length encoding. The \fIexarg\fR argument will be a pointer to a \fB\s-1ASN1_STREAM_ARG\s0\fR +structure (see below). +.IP "\fB\s-1ASN1_OP_STREAM_POST\s0\fR" 4 +.IX Item "ASN1_OP_STREAM_POST" +Invoked immediately after streaming the \fB\s-1ASN1_VALUE\s0\fR data using indefinite +length encoding. The \fIexarg\fR argument will be a pointer to a \fB\s-1ASN1_STREAM_ARG\s0\fR +structure (see below). +.IP "\fB\s-1ASN1_OP_DETACHED_PRE\s0\fR" 4 +.IX Item "ASN1_OP_DETACHED_PRE" +Invoked immediately prior to processing the \fB\s-1ASN1_VALUE\s0\fR data as a \*(L"detached\*(R" +value (as used in \s-1CMS\s0 and \s-1PKCS7\s0). The \fIexarg\fR argument will be a pointer to a +\&\fB\s-1ASN1_STREAM_ARG\s0\fR structure (see below). +.IP "\fB\s-1ASN1_OP_DETACHED_POST\s0\fR" 4 +.IX Item "ASN1_OP_DETACHED_POST" +Invoked immediately after processing the \fB\s-1ASN1_VALUE\s0\fR data as a \*(L"detached\*(R" +value (as used in \s-1CMS\s0 and \s-1PKCS7\s0). The \fIexarg\fR argument will be a pointer to a +\&\fB\s-1ASN1_STREAM_ARG\s0\fR structure (see below). +.IP "\fB\s-1ASN1_OP_DUP_PRE\s0\fR" 4 +.IX Item "ASN1_OP_DUP_PRE" +Invoked immediate prior to an \s-1ASN1_VALUE\s0 being duplicated via a call to +\&\fBASN1_item_dup()\fR. +.IP "\fB\s-1ASN1_OP_DUP_POST\s0\fR" 4 +.IX Item "ASN1_OP_DUP_POST" +Invoked immediate after to an \s-1ASN1_VALUE\s0 has been duplicated via a call to +\&\fBASN1_item_dup()\fR. +.IP "\fB\s-1ASN1_OP_GET0_LIBCTX\s0\fR" 4 +.IX Item "ASN1_OP_GET0_LIBCTX" +Invoked in order to obtain the \fB\s-1OSSL_LIB_CTX\s0\fR associated with an \fB\s-1ASN1_VALUE\s0\fR +if any. A pointer to an \fB\s-1OSSL_LIB_CTX\s0\fR should be stored in \fI*exarg\fR if such +a value exists. +.IP "\fB\s-1ASN1_OP_GET0_PROPQ\s0\fR" 4 +.IX Item "ASN1_OP_GET0_PROPQ" +Invoked in order to obtain the property query string associated with an +\&\fB\s-1ASN1_VALUE\s0\fR if any. A pointer to the property query string should be stored in +\&\fI*exarg\fR if such a value exists. +.PP +An \fB\s-1ASN1_PRINT_ARG\s0\fR object is used during processing of \fB\s-1ASN1_OP_PRINT_PRE\s0\fR +and \fB\s-1ASN1_OP_PRINT_POST\s0\fR callback operations. It contains the following +information. +.IP "\fIout\fR" 4 +.IX Item "out" +The \fB\s-1BIO\s0\fR being used to print the data out. +.IP "\fIndef_bio\fR" 4 +.IX Item "ndef_bio" +The current number of indent spaces that should be used for printing this data. +.IP "\fIpctx\fR" 4 +.IX Item "pctx" +The context for the \fB\s-1ASN1_PCTX\s0\fR operation. +.PP +An \fB\s-1ASN1_STREAM_ARG\s0\fR object is used during processing of \fB\s-1ASN1_OP_STREAM_PRE\s0\fR, +\&\fB\s-1ASN1_OP_STREAM_POST\s0\fR, \fB\s-1ASN1_OP_DETACHED_PRE\s0\fR and \fB\s-1ASN1_OP_DETACHED_POST\s0\fR +callback operations. It contains the following information. +.IP "\fIout\fR" 4 +.IX Item "out" +The \fB\s-1BIO\s0\fR to stream through +.IP "\fIndef_bio\fR" 4 +.IX Item "ndef_bio" +The \fB\s-1BIO\s0\fR with filters appended +.IP "\fIboundary\fR" 4 +.IX Item "boundary" +The streaming I/O boundary. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The callbacks return 0 on error and a positive value on success. Some operations +require specific positive success values as noted above. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBASN1_item_new_ex\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBASN1_aux_const_cb()\fR callback and the \fB\s-1ASN1_OP_GET0_LIBCTX\s0\fR and +\&\fB\s-1ASN1_OP_GET0_PROPQ\s0\fR operation types were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2021\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ASN1_generate_nconf.3 b/secure/lib/libcrypto/man/man3/ASN1_generate_nconf.3 index 90cd7a428a90..0cbbcef69a96 100644 --- a/secure/lib/libcrypto/man/man3/ASN1_generate_nconf.3 +++ b/secure/lib/libcrypto/man/man3/ASN1_generate_nconf.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,14 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ASN1_GENERATE_NCONF 3" -.TH ASN1_GENERATE_NCONF 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "ASN1_GENERATE_NCONF 3ossl" +.TH ASN1_GENERATE_NCONF 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ASN1_generate_nconf, ASN1_generate_v3 \- ASN1 generation functions +ASN1_generate_nconf, ASN1_generate_v3 \- ASN1 string generation functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -153,40 +151,41 @@ ASN1_generate_nconf, ASN1_generate_v3 \- ASN1 generation functions These functions generate the \s-1ASN1\s0 encoding of a string in an \fB\s-1ASN1_TYPE\s0\fR structure. .PP -\&\fBstr\fR contains the string to encode \fBnconf\fR or \fBcnf\fR contains +\&\fIstr\fR contains the string to encode. \fInconf\fR or \fIcnf\fR contains the optional configuration information where additional strings -will be read from. \fBnconf\fR will typically come from a config -file whereas \fBcnf\fR is obtained from an \fBX509V3_CTX\fR structure +will be read from. \fInconf\fR will typically come from a config +file whereas \fIcnf\fR is obtained from an \fBX509V3_CTX\fR structure, which will typically be used by X509 v3 certificate extension -functions. \fBcnf\fR or \fBnconf\fR can be set to \fB\s-1NULL\s0\fR if no additional +functions. \fIcnf\fR or \fInconf\fR can be set to \s-1NULL\s0 if no additional configuration will be used. .SH "GENERATION STRING FORMAT" .IX Header "GENERATION STRING FORMAT" -The actual data encoded is determined by the string \fBstr\fR and +The actual data encoded is determined by the string \fIstr\fR and the configuration information. The general format of the string is: -.IP "\fB[modifier,]type[:value]\fR" 4 +.IP "[\fImodifier\fR,]\fItype\fR[:\fIvalue\fR]" 4 .IX Item "[modifier,]type[:value]" .PP That is zero or more comma separated modifiers followed by a type -followed by an optional colon and a value. The formats of \fBtype\fR, -\&\fBvalue\fR and \fBmodifier\fR are explained below. +followed by an optional colon and a value. The formats of \fItype\fR, +\&\fIvalue\fR and \fImodifier\fR are explained below. .SS "Supported Types" .IX Subsection "Supported Types" -The supported types are listed below. Unless otherwise specified -only the \fB\s-1ASCII\s0\fR format is permissible. +The supported types are listed below. +Case is not significant in the type names. +Unless otherwise specified only the \fB\s-1ASCII\s0\fR format is permissible. .IP "\fB\s-1BOOLEAN\s0\fR, \fB\s-1BOOL\s0\fR" 4 .IX Item "BOOLEAN, BOOL" -This encodes a boolean type. The \fBvalue\fR string is mandatory and +This encodes a boolean type. The \fIvalue\fR string is mandatory and should be \fB\s-1TRUE\s0\fR or \fB\s-1FALSE\s0\fR. Additionally \fB\s-1TRUE\s0\fR, \fBtrue\fR, \fBY\fR, \&\fBy\fR, \fB\s-1YES\s0\fR, \fByes\fR, \fB\s-1FALSE\s0\fR, \fBfalse\fR, \fBN\fR, \fBn\fR, \fB\s-1NO\s0\fR and \fBno\fR are acceptable. .IP "\fB\s-1NULL\s0\fR" 4 .IX Item "NULL" -Encode the \fB\s-1NULL\s0\fR type, the \fBvalue\fR string must not be present. +Encode the \fB\s-1NULL\s0\fR type, the \fIvalue\fR string must not be present. .IP "\fB\s-1INTEGER\s0\fR, \fB\s-1INT\s0\fR" 4 .IX Item "INTEGER, INT" -Encodes an \s-1ASN1\s0 \fB\s-1INTEGER\s0\fR type. The \fBvalue\fR string represents +Encodes an \s-1ASN1\s0 \fB\s-1INTEGER\s0\fR type. The \fIvalue\fR string represents the value of the integer, it can be prefaced by a minus sign and is normally interpreted as a decimal value unless the prefix \fB0x\fR is included. @@ -196,7 +195,7 @@ Encodes the \s-1ASN1\s0 \fB\s-1ENUMERATED\s0\fR type, it is otherwise identical \&\fB\s-1INTEGER\s0\fR. .IP "\fB\s-1OBJECT\s0\fR, \fB\s-1OID\s0\fR" 4 .IX Item "OBJECT, OID" -Encodes an \s-1ASN1\s0 \fB\s-1OBJECT IDENTIFIER\s0\fR, the \fBvalue\fR string can be +Encodes an \s-1ASN1\s0 \fB\s-1OBJECT IDENTIFIER\s0\fR, the \fIvalue\fR string can be a short name, a long name or numerical format. .IP "\fB\s-1UTCTIME\s0\fR, \fB\s-1UTC\s0\fR" 4 .IX Item "UTCTIME, UTC" @@ -208,27 +207,27 @@ Encodes an \s-1ASN1\s0 \fBGeneralizedTime\fR structure, the value should be in the format \fB\s-1YYYYMMDDHHMMSSZ\s0\fR. .IP "\fB\s-1OCTETSTRING\s0\fR, \fB\s-1OCT\s0\fR" 4 .IX Item "OCTETSTRING, OCT" -Encodes an \s-1ASN1\s0 \fB\s-1OCTET STRING\s0\fR. \fBvalue\fR represents the contents +Encodes an \s-1ASN1\s0 \fB\s-1OCTET STRING\s0\fR. \fIvalue\fR represents the contents of this structure, the format strings \fB\s-1ASCII\s0\fR and \fB\s-1HEX\s0\fR can be -used to specify the format of \fBvalue\fR. +used to specify the format of \fIvalue\fR. .IP "\fB\s-1BITSTRING\s0\fR, \fB\s-1BITSTR\s0\fR" 4 .IX Item "BITSTRING, BITSTR" -Encodes an \s-1ASN1\s0 \fB\s-1BIT STRING\s0\fR. \fBvalue\fR represents the contents +Encodes an \s-1ASN1\s0 \fB\s-1BIT STRING\s0\fR. \fIvalue\fR represents the contents of this structure, the format strings \fB\s-1ASCII\s0\fR, \fB\s-1HEX\s0\fR and \fB\s-1BITLIST\s0\fR -can be used to specify the format of \fBvalue\fR. +can be used to specify the format of \fIvalue\fR. .Sp If the format is anything other than \fB\s-1BITLIST\s0\fR the number of unused bits is set to zero. .IP "\fB\s-1UNIVERSALSTRING\s0\fR, \fB\s-1UNIV\s0\fR, \fB\s-1IA5\s0\fR, \fB\s-1IA5STRING\s0\fR, \fB\s-1UTF8\s0\fR, \fBUTF8String\fR, \fB\s-1BMP\s0\fR, \fB\s-1BMPSTRING\s0\fR, \fB\s-1VISIBLESTRING\s0\fR, \fB\s-1VISIBLE\s0\fR, \fB\s-1PRINTABLESTRING\s0\fR, \fB\s-1PRINTABLE\s0\fR, \fBT61\fR, \fBT61STRING\fR, \fB\s-1TELETEXSTRING\s0\fR, \fBGeneralString\fR, \fB\s-1NUMERICSTRING\s0\fR, \fB\s-1NUMERIC\s0\fR" 4 .IX Item "UNIVERSALSTRING, UNIV, IA5, IA5STRING, UTF8, UTF8String, BMP, BMPSTRING, VISIBLESTRING, VISIBLE, PRINTABLESTRING, PRINTABLE, T61, T61STRING, TELETEXSTRING, GeneralString, NUMERICSTRING, NUMERIC" -These encode the corresponding string types. \fBvalue\fR represents the +These encode the corresponding string types. \fIvalue\fR represents the contents of this structure. The format can be \fB\s-1ASCII\s0\fR or \fB\s-1UTF8\s0\fR. .IP "\fB\s-1SEQUENCE\s0\fR, \fB\s-1SEQ\s0\fR, \fB\s-1SET\s0\fR" 4 .IX Item "SEQUENCE, SEQ, SET" -Formats the result as an \s-1ASN1\s0 \fB\s-1SEQUENCE\s0\fR or \fB\s-1SET\s0\fR type. \fBvalue\fR +Formats the result as an \s-1ASN1\s0 \fB\s-1SEQUENCE\s0\fR or \fB\s-1SET\s0\fR type. \fIvalue\fR should be a section name which will contain the contents. The field names in the section are ignored and the values are in the -generated string format. If \fBvalue\fR is absent then an empty \s-1SEQUENCE\s0 +generated string format. If \fIvalue\fR is absent then an empty \s-1SEQUENCE\s0 will be encoded. .SS "Modifiers" .IX Subsection "Modifiers" @@ -267,7 +266,7 @@ bits are zero. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBASN1_generate_nconf()\fR and \fBASN1_generate_v3()\fR return the encoded -data as an \fB\s-1ASN1_TYPE\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. +data as an \fB\s-1ASN1_TYPE\s0\fR structure or \s-1NULL\s0 if an error occurred. .PP The error codes that can be obtained by \fBERR_get_error\fR\|(3). .SH "EXAMPLES" @@ -373,9 +372,9 @@ structure: \&\fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2002\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ASN1_item_d2i_bio.3 b/secure/lib/libcrypto/man/man3/ASN1_item_d2i_bio.3 new file mode 100644 index 000000000000..7e2c1e13e3e7 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ASN1_item_d2i_bio.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_ITEM_D2I_BIO 3ossl" +.TH ASN1_ITEM_D2I_BIO 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_item_d2i_ex, ASN1_item_d2i, ASN1_item_d2i_bio_ex, ASN1_item_d2i_bio, +ASN1_item_d2i_fp_ex, ASN1_item_d2i_fp, ASN1_item_i2d_mem_bio +\&\- decode and encode DER\-encoded ASN.1 structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/asn1.h> +\& +\& ASN1_VALUE *ASN1_item_d2i_ex(ASN1_VALUE **pval, const unsigned char **in, +\& long len, const ASN1_ITEM *it, +\& OSSL_LIB_CTX *libctx, const char *propq); +\& ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, const unsigned char **in, +\& long len, const ASN1_ITEM *it); +\& +\& void *ASN1_item_d2i_bio_ex(const ASN1_ITEM *it, BIO *in, void *x, +\& OSSL_LIB_CTX *libctx, const char *propq); +\& void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x); +\& +\& void *ASN1_item_d2i_fp_ex(const ASN1_ITEM *it, FILE *in, void *x, +\& OSSL_LIB_CTX *libctx, const char *propq); +\& void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); +\& +\& BIO *ASN1_item_i2d_mem_bio(const ASN1_ITEM *it, const ASN1_VALUE *val); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBASN1_item_d2i_ex()\fR decodes the contents of the data stored in \fI*in\fR of length +\&\fIlen\fR which must be a DER-encoded \s-1ASN.1\s0 structure, using the \s-1ASN.1\s0 template +\&\fIit\fR. It places the result in \fI*pval\fR unless \fIpval\fR is \s-1NULL.\s0 If \fI*pval\fR is +non-NULL on entry then the \fB\s-1ASN1_VALUE\s0\fR present there will be reused. Otherwise +a new \fB\s-1ASN1_VALUE\s0\fR will be allocated. If any algorithm fetches are required +during the process then they will use the \fB\s-1OSSL_LIB_CTX\s0\fRprovided in the +\&\fIlibctx\fR parameter and the property query string in \fIpropq\fR. See +\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for more information about algorithm fetching. +On exit \fI*in\fR will be updated to point to the next byte in the buffer after the +decoded structure. +.PP +\&\fBASN1_item_d2i()\fR is the same as \fBASN1_item_d2i_ex()\fR except that the default +\&\s-1OSSL_LIB_CTX\s0 is used (i.e. \s-1NULL\s0) and with a \s-1NULL\s0 property query string. +.PP +\&\fBASN1_item_d2i_bio_ex()\fR decodes the contents of its input \s-1BIO\s0 \fIin\fR, +which must be a DER-encoded \s-1ASN.1\s0 structure, using the \s-1ASN.1\s0 template \fIit\fR +and places the result in \fI*pval\fR unless \fIpval\fR is \s-1NULL.\s0 +If \fIin\fR is \s-1NULL\s0 it returns \s-1NULL,\s0 else a pointer to the parsed structure. If any +algorithm fetches are required during the process then they will use the +\&\fB\s-1OSSL_LIB_CTX\s0\fR provided in the \fIlibctx\fR parameter and the property query +string in \fIpropq\fR. See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for more information +about algorithm fetching. +.PP +\&\fBASN1_item_d2i_bio()\fR is the same as \fBASN1_item_d2i_bio_ex()\fR except that the +default \fB\s-1OSSL_LIB_CTX\s0\fR is used (i.e. \s-1NULL\s0) and with a \s-1NULL\s0 property query +string. +.PP +\&\fBASN1_item_d2i_fp_ex()\fR is the same as \fBASN1_item_d2i_bio_ex()\fR except that a \s-1FILE\s0 +pointer is provided instead of a \s-1BIO.\s0 +.PP +\&\fBASN1_item_d2i_fp()\fR is the same as \fBASN1_item_d2i_fp_ex()\fR except that the +default \fB\s-1OSSL_LIB_CTX\s0\fR is used (i.e. \s-1NULL\s0) and with a \s-1NULL\s0 property query +string. +.PP +\&\fBASN1_item_i2d_mem_bio()\fR encodes the given \s-1ASN.1\s0 value \fIval\fR +using the \s-1ASN.1\s0 template \fIit\fR and returns the result in a memory \s-1BIO.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_item_d2i_bio()\fR returns a pointer to an \fB\s-1ASN1_VALUE\s0\fR or \s-1NULL.\s0 +.PP +\&\fBASN1_item_i2d_mem_bio()\fR returns a pointer to a memory \s-1BIO\s0 or \s-1NULL\s0 on error. +.SH "HISTORY" +.IX Header "HISTORY" +The functions \fBASN1_item_d2i_ex()\fR, \fBASN1_item_d2i_bio_ex()\fR, \fBASN1_item_d2i_fp_ex()\fR +and \fBASN1_item_i2d_mem_bio()\fR were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ASN1_item_new.3 b/secure/lib/libcrypto/man/man3/ASN1_item_new.3 new file mode 100644 index 000000000000..cdbfaa0b7fd5 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ASN1_item_new.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_ITEM_NEW 3ossl" +.TH ASN1_ITEM_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_item_new_ex, ASN1_item_new +\&\- create new ASN.1 values +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/asn1.h> +\& +\& ASN1_VALUE *ASN1_item_new_ex(const ASN1_ITEM *it, OSSL_LIB_CTX *libctx, +\& const char *propq); +\& ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBASN1_item_new_ex()\fR creates a new \fB\s-1ASN1_VALUE\s0\fR structure based on the +\&\fB\s-1ASN1_ITEM\s0\fR template given in the \fIit\fR parameter. If any algorithm fetches are +required during the process then they will use the \fB\s-1OSSL_LIB_CTX\s0\fR provided in +the \fIlibctx\fR parameter and the property query string in \fIpropq\fR. See +\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for more information about algorithm fetching. +.PP +\&\fBASN1_item_new()\fR is the same as \fBASN1_item_new_ex()\fR except that the default +\&\fB\s-1OSSL_LIB_CTX\s0\fR is used (i.e. \s-1NULL\s0) and with a \s-1NULL\s0 property query string. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_item_new_ex()\fR and \fBASN1_item_new()\fR return a pointer to the newly created +\&\fB\s-1ASN1_VALUE\s0\fR or \s-1NULL\s0 on error. +.SH "HISTORY" +.IX Header "HISTORY" +The function \fBASN1_item_new_ex()\fR was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ASN1_item_sign.3 b/secure/lib/libcrypto/man/man3/ASN1_item_sign.3 new file mode 100644 index 000000000000..913c5d2516d3 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ASN1_item_sign.3 @@ -0,0 +1,355 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_ITEM_SIGN 3ossl" +.TH ASN1_ITEM_SIGN 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_item_sign, ASN1_item_sign_ex, ASN1_item_sign_ctx, +ASN1_item_verify, ASN1_item_verify_ex, ASN1_item_verify_ctx \- +ASN1 sign and verify +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509.h> +\& +\& int ASN1_item_sign_ex(const ASN1_ITEM *it, X509_ALGOR *algor1, +\& X509_ALGOR *algor2, ASN1_BIT_STRING *signature, +\& const void *data, const ASN1_OCTET_STRING *id, +\& EVP_PKEY *pkey, const EVP_MD *md, OSSL_LIB_CTX *libctx, +\& const char *propq); +\& +\& int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, +\& ASN1_BIT_STRING *signature, const void *data, +\& EVP_PKEY *pkey, const EVP_MD *md); +\& +\& int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, +\& X509_ALGOR *algor2, ASN1_BIT_STRING *signature, +\& const void *data, EVP_MD_CTX *ctx); +\& +\& int ASN1_item_verify_ex(const ASN1_ITEM *it, const X509_ALGOR *alg, +\& const ASN1_BIT_STRING *signature, const void *data, +\& const ASN1_OCTET_STRING *id, EVP_PKEY *pkey, +\& OSSL_LIB_CTX *libctx, const char *propq); +\& +\& int ASN1_item_verify(const ASN1_ITEM *it, const X509_ALGOR *alg, +\& const ASN1_BIT_STRING *signature, const void *data, +\& EVP_PKEY *pkey); +\& +\& int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg, +\& const ASN1_BIT_STRING *signature, const void *data, +\& EVP_MD_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBASN1_item_sign_ex()\fR is used to sign arbitrary \s-1ASN1\s0 data using a data object +\&\fIdata\fR, the \s-1ASN.1\s0 structure \fIit\fR, private key \fIpkey\fR and message digest \fImd\fR. +The data that is signed is formed by taking the data object in \fIdata\fR and +converting it to der format using the \s-1ASN.1\s0 structure \fIit\fR. +The \fIdata\fR that will be signed, and a structure containing the signature may +both have a copy of the \fBX509_ALGOR\fR. The \fBASN1_item_sign_ex()\fR function will +write the correct \fBX509_ALGOR\fR to the structs based on the algorithms and +parameters that have been set up. If one of \fIalgor1\fR or \fIalgor2\fR points to the +\&\fBX509_ALGOR\fR of the \fIdata\fR to be signed, then that \fBX509_ALGOR\fR will first be +written before the signature is generated. +Examples of valid values that can be used by the \s-1ASN.1\s0 structure \fIit\fR are +ASN1_ITEM_rptr(X509_CINF), ASN1_ITEM_rptr(X509_REQ_INFO) and +ASN1_ITEM_rptr(X509_CRL_INFO). +The \fB\s-1OSSL_LIB_CTX\s0\fR specified in \fIlibctx\fR and the property query string +specified in \fIprops\fR are used when searching for algorithms in providers. +The generated signature is set into \fIsignature\fR. +The optional parameter \fIid\fR can be \s-1NULL,\s0 but can be set for special key types. +See \fBEVP_PKEY_CTX_set1_id()\fR for further info. The output parameters <algor1> and +\&\fIalgor2\fR are ignored if they are \s-1NULL.\s0 +.PP +\&\fBASN1_item_sign()\fR is similar to \fBASN1_item_sign_ex()\fR but uses default values of +\&\s-1NULL\s0 for the \fIid\fR, \fIlibctx\fR and \fIpropq\fR. +.PP +\&\fBASN1_item_sign_ctx()\fR is similar to \fBASN1_item_sign()\fR but uses the parameters +contained in digest context \fIctx\fR. +.PP +\&\fBASN1_item_verify_ex()\fR is used to verify the signature \fIsignature\fR of internal +data \fIdata\fR using the public key \fIpkey\fR and algorithm identifier \fIalg\fR. +The data that is verified is formed by taking the data object in \fIdata\fR and +converting it to der format using the \s-1ASN.1\s0 structure \fIit\fR. +The \fB\s-1OSSL_LIB_CTX\s0\fR specified in \fIlibctx\fR and the property query string +specified in \fIprops\fR are used when searching for algorithms in providers. +The optional parameter \fIid\fR can be \s-1NULL,\s0 but can be set for special key types. +See \fBEVP_PKEY_CTX_set1_id()\fR for further info. +.PP +\&\fBASN1_item_verify()\fR is similar to \fBASN1_item_verify_ex()\fR but uses default values of +\&\s-1NULL\s0 for the \fIid\fR, \fIlibctx\fR and \fIpropq\fR. +.PP +\&\fBASN1_item_verify_ctx()\fR is similar to \fBASN1_item_verify()\fR but uses the parameters +contained in digest context \fIctx\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All sign functions return the size of the signature in bytes for success and +zero for failure. +.PP +All verify functions return 1 if the signature is valid and 0 if the signature +check fails. If the signature could not be checked at all because it was +ill-formed or some other error occurred then \-1 is returned. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +In the following example a 'MyObject' object is signed using the key contained +in an \s-1EVP_MD_CTX.\s0 The signature is written to MyObject.signature. The object is +then output in \s-1DER\s0 format and then loaded back in and verified. +.PP +.Vb 2 +\& #include <openssl/x509.h> +\& #include <openssl/asn1t.h> +\& +\& /* An object used to store the ASN1 data fields that will be signed */ +\& typedef struct MySignInfoObject_st +\& { +\& ASN1_INTEGER *version; +\& X509_ALGOR sig_alg; +\& } MySignInfoObject; +\& +\& DECLARE_ASN1_FUNCTIONS(MySignInfoObject) +\& /* +\& * A higher level object containing the ASN1 fields, signature alg and +\& * output signature. +\& */ +\& typedef struct MyObject_st +\& { +\& MySignInfoObject info; +\& X509_ALGOR sig_alg; +\& ASN1_BIT_STRING *signature; +\& } MyObject; +\& +\& DECLARE_ASN1_FUNCTIONS(MyObject) +\& +\& /* The ASN1 definition of MySignInfoObject */ +\& ASN1_SEQUENCE_cb(MySignInfoObject, NULL) = { +\& ASN1_SIMPLE(MySignInfoObject, version, ASN1_INTEGER) +\& ASN1_EMBED(MySignInfoObject, sig_alg, X509_ALGOR), +\& } ASN1_SEQUENCE_END_cb(MySignInfoObject, MySignInfoObject) +\& +\& /* new, free, d2i & i2d functions for MySignInfoObject */ +\& IMPLEMENT_ASN1_FUNCTIONS(MySignInfoObject) +\& +\& /* The ASN1 definition of MyObject */ +\& ASN1_SEQUENCE_cb(MyObject, NULL) = { +\& ASN1_EMBED(MyObject, info, MySignInfoObject), +\& ASN1_EMBED(MyObject, sig_alg, X509_ALGOR), +\& ASN1_SIMPLE(MyObject, signature, ASN1_BIT_STRING) +\& } ASN1_SEQUENCE_END_cb(MyObject, MyObject) +\& +\& /* new, free, d2i & i2d functions for MyObject */ +\& IMPLEMENT_ASN1_FUNCTIONS(MyObject) +\& +\& int test_asn1_item_sign_verify(const char *mdname, EVP_PKEY *pkey, long version) +\& { +\& int ret = 0; +\& unsigned char *obj_der = NULL; +\& const unsigned char *p = NULL; +\& MyObject *obj = NULL, *loaded_obj = NULL; +\& const ASN1_ITEM *it = ASN1_ITEM_rptr(MySignInfoObject); +\& EVP_MD_CTX *sctx = NULL, *vctx = NULL; +\& int len; +\& +\& /* Create MyObject and set its version */ +\& obj = MyObject_new(); +\& if (obj == NULL) +\& goto err; +\& if (!ASN1_INTEGER_set(obj\->info.version, version)) +\& goto err; +\& +\& /* Set the key and digest used for signing */ +\& sctx = EVP_MD_CTX_new(); +\& if (sctx == NULL +\& || !EVP_DigestSignInit_ex(sctx, NULL, mdname, NULL, NULL, pkey)) +\& goto err; +\& +\& /* +\& * it contains the mapping between ASN.1 data and an object MySignInfoObject +\& * obj\->info is the \*(AqMySignInfoObject\*(Aq object that will be +\& * converted into DER data and then signed. +\& * obj\->signature will contain the output signature. +\& * obj\->sig_alg is filled with the private key\*(Aqs signing algorithm id. +\& * obj\->info.sig_alg is another copy of the signing algorithm id that sits +\& * within MyObject. +\& */ +\& len = ASN1_item_sign_ctx(it, &obj\->sig_alg, &obj\->info.sig_alg, +\& obj\->signature, &obj\->info, sctx); +\& if (len <= 0 +\& || X509_ALGOR_cmp(&obj\->sig_alg, &obj\->info.sig_alg) != 0) +\& goto err; +\& +\& /* Output MyObject in der form */ +\& len = i2d_MyObject(obj, &obj_der); +\& if (len <= 0) +\& goto err; +\& +\& /* Set the key and digest used for verifying */ +\& vctx = EVP_MD_CTX_new(); +\& if (vctx == NULL +\& || !EVP_DigestVerifyInit_ex(vctx, NULL, mdname, NULL, NULL, pkey)) +\& goto err; +\& +\& /* Load the der data back into an object */ +\& p = obj_der; +\& loaded_obj = d2i_MyObject(NULL, &p, len); +\& if (loaded_obj == NULL) +\& goto err; +\& /* Verify the loaded object */ +\& ret = ASN1_item_verify_ctx(it, &loaded_obj\->sig_alg, loaded_obj\->signature, +\& &loaded_obj\->info, vctx); +\&err: +\& OPENSSL_free(obj_der); +\& MyObject_free(loaded_obj); +\& MyObject_free(obj); +\& EVP_MD_CTX_free(sctx); +\& EVP_MD_CTX_free(vctx); +\& return ret; +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_sign\fR\|(3), +\&\fBX509_verify\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBASN1_item_sign_ex()\fR and \fBASN1_item_verify_ex()\fR were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ASYNC_WAIT_CTX_new.3 b/secure/lib/libcrypto/man/man3/ASYNC_WAIT_CTX_new.3 index e484f5f6e026..875e7d1ef64b 100644 --- a/secure/lib/libcrypto/man/man3/ASYNC_WAIT_CTX_new.3 +++ b/secure/lib/libcrypto/man/man3/ASYNC_WAIT_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,31 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ASYNC_WAIT_CTX_NEW 3" -.TH ASYNC_WAIT_CTX_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "ASYNC_WAIT_CTX_NEW 3ossl" +.TH ASYNC_WAIT_CTX_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ASYNC_WAIT_CTX_new, ASYNC_WAIT_CTX_free, ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd \- functions to manage waiting for asynchronous jobs to complete +ASYNC_WAIT_CTX_new, ASYNC_WAIT_CTX_free, ASYNC_WAIT_CTX_set_wait_fd, +ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, +ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd, +ASYNC_WAIT_CTX_set_callback, ASYNC_WAIT_CTX_get_callback, +ASYNC_WAIT_CTX_set_status, ASYNC_WAIT_CTX_get_status, ASYNC_callback_fn, +ASYNC_STATUS_UNSUPPORTED, ASYNC_STATUS_ERR, ASYNC_STATUS_OK, +ASYNC_STATUS_EAGAIN +\&\- functions to manage waiting for asynchronous jobs to complete .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/async.h> \& +\& #define ASYNC_STATUS_UNSUPPORTED 0 +\& #define ASYNC_STATUS_ERR 1 +\& #define ASYNC_STATUS_OK 2 +\& #define ASYNC_STATUS_EAGAIN 3 +\& typedef int (*ASYNC_callback_fn)(void *arg); \& ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void); \& void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx); \& int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key, @@ -160,49 +170,57 @@ ASYNC_WAIT_CTX_new, ASYNC_WAIT_CTX_free, ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_ \& size_t *numaddfds, OSSL_ASYNC_FD *delfd, \& size_t *numdelfds); \& int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key); +\& int ASYNC_WAIT_CTX_set_callback(ASYNC_WAIT_CTX *ctx, +\& ASYNC_callback_fn callback, +\& void *callback_arg); +\& int ASYNC_WAIT_CTX_get_callback(ASYNC_WAIT_CTX *ctx, +\& ASYNC_callback_fn *callback, +\& void **callback_arg); +\& int ASYNC_WAIT_CTX_set_status(ASYNC_WAIT_CTX *ctx, int status); +\& int ASYNC_WAIT_CTX_get_status(ASYNC_WAIT_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" For an overview of how asynchronous operations are implemented in OpenSSL see -\&\fBASYNC_start_job\fR\|(3). An \s-1ASYNC_WAIT_CTX\s0 object represents an asynchronous +\&\fBASYNC_start_job\fR\|(3). An \fB\s-1ASYNC_WAIT_CTX\s0\fR object represents an asynchronous \&\*(L"session\*(R", i.e. a related set of crypto operations. For example in \s-1SSL\s0 terms this would have a one-to-one correspondence with an \s-1SSL\s0 connection. .PP -Application code must create an \s-1ASYNC_WAIT_CTX\s0 using the \fBASYNC_WAIT_CTX_new()\fR +Application code must create an \fB\s-1ASYNC_WAIT_CTX\s0\fR using the \fBASYNC_WAIT_CTX_new()\fR function prior to calling \fBASYNC_start_job()\fR (see \fBASYNC_start_job\fR\|(3)). When -the job is started it is associated with the \s-1ASYNC_WAIT_CTX\s0 for the duration of -that job. An \s-1ASYNC_WAIT_CTX\s0 should only be used for one \s-1ASYNC_JOB\s0 at any one -time, but can be reused after an \s-1ASYNC_JOB\s0 has finished for a subsequent -\&\s-1ASYNC_JOB.\s0 When the session is complete (e.g. the \s-1SSL\s0 connection is closed), -application code cleans up with \fBASYNC_WAIT_CTX_free()\fR. +the job is started it is associated with the \fB\s-1ASYNC_WAIT_CTX\s0\fR for the duration +of that job. An \fB\s-1ASYNC_WAIT_CTX\s0\fR should only be used for one \fB\s-1ASYNC_JOB\s0\fR at +any one time, but can be reused after an \fB\s-1ASYNC_JOB\s0\fR has finished for a +subsequent \fB\s-1ASYNC_JOB\s0\fR. When the session is complete (e.g. the \s-1SSL\s0 connection +is closed), application code cleans up with \fBASYNC_WAIT_CTX_free()\fR. .PP -ASYNC_WAIT_CTXs can have \*(L"wait\*(R" file descriptors associated with them. Calling -\&\fBASYNC_WAIT_CTX_get_all_fds()\fR and passing in a pointer to an \s-1ASYNC_WAIT_CTX\s0 in -the \fBctx\fR parameter will return the wait file descriptors associated with that -job in \fB*fd\fR. The number of file descriptors returned will be stored in -\&\fB*numfds\fR. It is the caller's responsibility to ensure that sufficient memory -has been allocated in \fB*fd\fR to receive all the file descriptors. Calling -\&\fBASYNC_WAIT_CTX_get_all_fds()\fR with a \s-1NULL\s0 \fBfd\fR value will return no file -descriptors but will still populate \fB*numfds\fR. Therefore, application code is -typically expected to call this function twice: once to get the number of fds, -and then again when sufficient memory has been allocated. If only one -asynchronous engine is being used then normally this call will only ever return -one fd. If multiple asynchronous engines are being used then more could be -returned. +\&\fB\s-1ASYNC_WAIT_CTX\s0\fRs can have \*(L"wait\*(R" file descriptors associated with them. +Calling \fBASYNC_WAIT_CTX_get_all_fds()\fR and passing in a pointer to an +\&\fB\s-1ASYNC_WAIT_CTX\s0\fR in the \fIctx\fR parameter will return the wait file descriptors +associated with that job in \fI*fd\fR. The number of file descriptors returned will +be stored in \fI*numfds\fR. It is the caller's responsibility to ensure that +sufficient memory has been allocated in \fI*fd\fR to receive all the file +descriptors. Calling \fBASYNC_WAIT_CTX_get_all_fds()\fR with a \s-1NULL\s0 \fIfd\fR value will +return no file descriptors but will still populate \fI*numfds\fR. Therefore, +application code is typically expected to call this function twice: once to get +the number of fds, and then again when sufficient memory has been allocated. If +only one asynchronous engine is being used then normally this call will only +ever return one fd. If multiple asynchronous engines are being used then more +could be returned. .PP The function \fBASYNC_WAIT_CTX_get_changed_fds()\fR can be used to detect if any fds -have changed since the last call time \fBASYNC_start_job()\fR returned an \s-1ASYNC_PAUSE\s0 -result (or since the \s-1ASYNC_WAIT_CTX\s0 was created if no \s-1ASYNC_PAUSE\s0 result has -been received). The \fBnumaddfds\fR and \fBnumdelfds\fR parameters will be populated -with the number of fds added or deleted respectively. \fB*addfd\fR and \fB*delfd\fR +have changed since the last call time \fBASYNC_start_job()\fR returned \fB\s-1ASYNC_PAUSE\s0\fR +(or since the \fB\s-1ASYNC_WAIT_CTX\s0\fR was created if no \fB\s-1ASYNC_PAUSE\s0\fR result has +been received). The \fInumaddfds\fR and \fInumdelfds\fR parameters will be populated +with the number of fds added or deleted respectively. \fI*addfd\fR and \fI*delfd\fR will be populated with the list of added and deleted fds respectively. Similarly to \fBASYNC_WAIT_CTX_get_all_fds()\fR either of these can be \s-1NULL,\s0 but if they are not \&\s-1NULL\s0 then the caller is responsible for ensuring sufficient memory is allocated. .PP -Implementors of async aware code (e.g. engines) are encouraged to return a -stable fd for the lifetime of the \s-1ASYNC_WAIT_CTX\s0 in order to reduce the \*(L"churn\*(R" -of regularly changing fds \- although no guarantees of this are provided to -applications. +Implementers of async aware code (e.g. engines) are encouraged to return a +stable fd for the lifetime of the \fB\s-1ASYNC_WAIT_CTX\s0\fR in order to reduce the +\&\*(L"churn\*(R" of regularly changing fds \- although no guarantees of this are provided +to applications. .PP Applications can wait for the file descriptor to be ready for \*(L"read\*(R" using a system function call such as select or poll (being ready for \*(L"read\*(R" indicates @@ -210,21 +228,21 @@ that the job should be resumed). If no file descriptor is made available then an application will have to periodically \*(L"poll\*(R" the job by attempting to restart it to see if it is ready to continue. .PP -Async aware code (e.g. engines) can get the current \s-1ASYNC_WAIT_CTX\s0 from the job -via \fBASYNC_get_wait_ctx\fR\|(3) and provide a file descriptor to use for waiting -on by calling \fBASYNC_WAIT_CTX_set_wait_fd()\fR. Typically this would be done by an -engine immediately prior to calling \fBASYNC_pause_job()\fR and not by end user code. -An existing association with a file descriptor can be obtained using +Async aware code (e.g. engines) can get the current \fB\s-1ASYNC_WAIT_CTX\s0\fR from the +job via \fBASYNC_get_wait_ctx\fR\|(3) and provide a file descriptor to use for +waiting on by calling \fBASYNC_WAIT_CTX_set_wait_fd()\fR. Typically this would be done +by an engine immediately prior to calling \fBASYNC_pause_job()\fR and not by end user +code. An existing association with a file descriptor can be obtained using \&\fBASYNC_WAIT_CTX_get_fd()\fR and cleared using \fBASYNC_WAIT_CTX_clear_fd()\fR. Both of -these functions requires a \fBkey\fR value which is unique to the async aware +these functions requires a \fIkey\fR value which is unique to the async aware code. This could be any unique value but a good candidate might be the -\&\fB\s-1ENGINE\s0 *\fR for the engine. The \fBcustom_data\fR parameter can be any value, and +\&\fB\s-1ENGINE\s0 *\fR for the engine. The \fIcustom_data\fR parameter can be any value, and will be returned in a subsequent call to \fBASYNC_WAIT_CTX_get_fd()\fR. The \&\fBASYNC_WAIT_CTX_set_wait_fd()\fR function also expects a pointer to a \*(L"cleanup\*(R" routine. This can be \s-1NULL\s0 but if provided will automatically get called when -the \s-1ASYNC_WAIT_CTX\s0 is freed, and gives the engine the opportunity to close the -fd or any other resources. Note: The \*(L"cleanup\*(R" routine does not get called if -the fd is cleared directly via a call to \fBASYNC_WAIT_CTX_clear_fd()\fR. +the \fB\s-1ASYNC_WAIT_CTX\s0\fR is freed, and gives the engine the opportunity to close +the fd or any other resources. Note: The \*(L"cleanup\*(R" routine does not get called +if the fd is cleared directly via a call to \fBASYNC_WAIT_CTX_clear_fd()\fR. .PP An example of typical usage might be an async capable engine. User code would initiate cryptographic operations. The engine would initiate those operations @@ -235,22 +253,74 @@ similar function on the wait file descriptor. The engine can signal to the user code that the job should be resumed by making the wait file descriptor \&\*(L"readable\*(R". Once resumed the engine should clear the wake signal on the wait file descriptor. +.PP +As well as a file descriptor, user code may also be notified via a callback. The +callback and data pointers are stored within the \fB\s-1ASYNC_WAIT_CTX\s0\fR along with an +additional status field that can be used for the notification of retries from an +engine. This additional method can be used when the user thinks that a file +descriptor is too costly in terms of \s-1CPU\s0 cycles or in some context where a file +descriptor is not appropriate. +.PP +\&\fBASYNC_WAIT_CTX_set_callback()\fR sets the callback and the callback argument. The +callback will be called to notify user code when an engine completes a +cryptography operation. It is a requirement that the callback function is small +and nonblocking as it will be run in the context of a polling mechanism or an +interrupt. +.PP +\&\fBASYNC_WAIT_CTX_get_callback()\fR returns the callback set in the \fB\s-1ASYNC_WAIT_CTX\s0\fR +structure. +.PP +\&\fBASYNC_WAIT_CTX_set_status()\fR allows an engine to set the current engine status. +The possible status values are the following: +.IP "\fB\s-1ASYNC_STATUS_UNSUPPORTED\s0\fR" 4 +.IX Item "ASYNC_STATUS_UNSUPPORTED" +The engine does not support the callback mechanism. This is the default value. +The engine must call \fBASYNC_WAIT_CTX_set_status()\fR to set the status to some value +other than \fB\s-1ASYNC_STATUS_UNSUPPORTED\s0\fR if it intends to enable the callback +mechanism. +.IP "\fB\s-1ASYNC_STATUS_ERR\s0\fR" 4 +.IX Item "ASYNC_STATUS_ERR" +The engine has a fatal problem with this request. The user code should clean up +this session. +.IP "\fB\s-1ASYNC_STATUS_OK\s0\fR" 4 +.IX Item "ASYNC_STATUS_OK" +The request has been successfully submitted. +.IP "\fB\s-1ASYNC_STATUS_EAGAIN\s0\fR" 4 +.IX Item "ASYNC_STATUS_EAGAIN" +The engine has some problem which will be recovered soon, such as a buffer is +full, so user code should resume the job. +.PP +\&\fBASYNC_WAIT_CTX_get_status()\fR allows user code to obtain the current status value. +If the status is any value other than \fB\s-1ASYNC_STATUS_OK\s0\fR then the user code +should not expect to receive a callback from the engine even if one has been +set. +.PP +An example of the usage of the callback method might be the following. User +code would initiate cryptographic operations, and the engine code would dispatch +this operation to hardware, and if the dispatch is successful, then the engine +code would call \fBASYNC_pause_job()\fR to return control to the user code. After +that, user code can perform other tasks. When the hardware completes the +operation, normally it is detected by a polling function or an interrupt, as the +user code set a callback by calling \fBASYNC_WAIT_CTX_set_callback()\fR previously, +then the registered callback will be called. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBASYNC_WAIT_CTX_new()\fR returns a pointer to the newly allocated \s-1ASYNC_WAIT_CTX\s0 or -\&\s-1NULL\s0 on error. +\&\fBASYNC_WAIT_CTX_new()\fR returns a pointer to the newly allocated \fB\s-1ASYNC_WAIT_CTX\s0\fR +or \s-1NULL\s0 on error. .PP ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, -ASYNC_WAIT_CTX_get_changed_fds and ASYNC_WAIT_CTX_clear_fd all return 1 on -success or 0 on error. +ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd, +ASYNC_WAIT_CTX_set_callback, ASYNC_WAIT_CTX_get_callback and +ASYNC_WAIT_CTX_set_status all return 1 on success or 0 on error. +\&\fBASYNC_WAIT_CTX_get_status()\fR returns the engine status. .SH "NOTES" .IX Header "NOTES" -On Windows platforms the openssl/async.h header is dependent on some -of the types customarily made available by including windows.h. The +On Windows platforms the \fI<openssl/async.h>\fR header is dependent on some +of the types customarily made available by including \fI<windows.h>\fR. The application developer is likely to require control over when the latter is included, commonly as one of the first included headers. Therefore, it is defined as an application developer's responsibility to include -windows.h prior to async.h. +\&\fI<windows.h>\fR prior to \fI<openssl/async.h>\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \fBASYNC_start_job\fR\|(3) @@ -260,11 +330,15 @@ windows.h prior to async.h. \&\fBASYNC_WAIT_CTX_get_fd()\fR, \fBASYNC_WAIT_CTX_get_all_fds()\fR, \&\fBASYNC_WAIT_CTX_get_changed_fds()\fR and \fBASYNC_WAIT_CTX_clear_fd()\fR were added in OpenSSL 1.1.0. +.PP +\&\fBASYNC_WAIT_CTX_set_callback()\fR, \fBASYNC_WAIT_CTX_get_callback()\fR, +\&\fBASYNC_WAIT_CTX_set_status()\fR, and \fBASYNC_WAIT_CTX_get_status()\fR +were added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ASYNC_start_job.3 b/secure/lib/libcrypto/man/man3/ASYNC_start_job.3 index 14053c60dd35..bc05f0a9e957 100644 --- a/secure/lib/libcrypto/man/man3/ASYNC_start_job.3 +++ b/secure/lib/libcrypto/man/man3/ASYNC_start_job.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,17 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ASYNC_START_JOB 3" -.TH ASYNC_START_JOB 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "ASYNC_START_JOB 3ossl" +.TH ASYNC_START_JOB 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ASYNC_get_wait_ctx, ASYNC_init_thread, ASYNC_cleanup_thread, ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, ASYNC_block_pause, ASYNC_unblock_pause, ASYNC_is_capable \&\- asynchronous job management functions +ASYNC_get_wait_ctx, +ASYNC_init_thread, ASYNC_cleanup_thread, ASYNC_start_job, ASYNC_pause_job, +ASYNC_get_current_job, ASYNC_block_pause, ASYNC_unblock_pause, ASYNC_is_capable +\&\- asynchronous job management functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -161,40 +162,40 @@ ASYNC_get_wait_ctx, ASYNC_init_thread, ASYNC_cleanup_thread, ASYNC_start_job, AS .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -OpenSSL implements asynchronous capabilities through an \s-1ASYNC_JOB.\s0 This +OpenSSL implements asynchronous capabilities through an \fB\s-1ASYNC_JOB\s0\fR. This represents code that can be started and executes until some event occurs. At that point the code can be paused and control returns to user code until some subsequent event indicates that the job can be resumed. .PP -The creation of an \s-1ASYNC_JOB\s0 is a relatively expensive operation. Therefore, for -efficiency reasons, jobs can be created up front and reused many times. They are -held in a pool until they are needed, at which point they are removed from the -pool, used, and then returned to the pool when the job completes. If the user -application is multi-threaded, then \fBASYNC_init_thread()\fR may be called for each -thread that will initiate asynchronous jobs. Before +The creation of an \fB\s-1ASYNC_JOB\s0\fR is a relatively expensive operation. Therefore, +for efficiency reasons, jobs can be created up front and reused many times. They +are held in a pool until they are needed, at which point they are removed from +the pool, used, and then returned to the pool when the job completes. If the +user application is multi-threaded, then \fBASYNC_init_thread()\fR may be called for +each thread that will initiate asynchronous jobs. Before user code exits per-thread resources need to be cleaned up. This will normally occur automatically (see \fBOPENSSL_init_crypto\fR\|(3)) but may be explicitly initiated by using \fBASYNC_cleanup_thread()\fR. No asynchronous jobs must be outstanding for the thread when \fBASYNC_cleanup_thread()\fR is called. Failing to ensure this will result in memory leaks. .PP -The \fBmax_size\fR argument limits the number of ASYNC_JOBs that will be held in -the pool. If \fBmax_size\fR is set to 0 then no upper limit is set. When an -\&\s-1ASYNC_JOB\s0 is needed but there are none available in the pool already then one -will be automatically created, as long as the total of ASYNC_JOBs managed by the -pool does not exceed \fBmax_size\fR. When the pool is first initialised -\&\fBinit_size\fR ASYNC_JOBs will be created immediately. If \fBASYNC_init_thread()\fR is -not called before the pool is first used then it will be called automatically -with a \fBmax_size\fR of 0 (no upper limit) and an \fBinit_size\fR of 0 (no ASYNC_JOBs -created up front). +The \fImax_size\fR argument limits the number of \fB\s-1ASYNC_JOB\s0\fRs that will be held in +the pool. If \fImax_size\fR is set to 0 then no upper limit is set. When an +\&\fB\s-1ASYNC_JOB\s0\fR is needed but there are none available in the pool already then one +will be automatically created, as long as the total of \fB\s-1ASYNC_JOB\s0\fRs managed by +the pool does not exceed \fImax_size\fR. When the pool is first initialised +\&\fIinit_size\fR \fB\s-1ASYNC_JOB\s0\fRs will be created immediately. If \fBASYNC_init_thread()\fR +is not called before the pool is first used then it will be called automatically +with a \fImax_size\fR of 0 (no upper limit) and an \fIinit_size\fR of 0 (no +\&\fB\s-1ASYNC_JOB\s0\fRs created up front). .PP An asynchronous job is started by calling the \fBASYNC_start_job()\fR function. -Initially \fB*job\fR should be \s-1NULL.\s0 \fBctx\fR should point to an \s-1ASYNC_WAIT_CTX\s0 -object created through the \fBASYNC_WAIT_CTX_new\fR\|(3) function. \fBret\fR should +Initially \fI*job\fR should be \s-1NULL.\s0 \fIctx\fR should point to an \fB\s-1ASYNC_WAIT_CTX\s0\fR +object created through the \fBASYNC_WAIT_CTX_new\fR\|(3) function. \fIret\fR should point to a location where the return value of the asynchronous function should -be stored on completion of the job. \fBfunc\fR represents the function that should -be started asynchronously. The data pointed to by \fBargs\fR and of size \fBsize\fR -will be copied and then passed as an argument to \fBfunc\fR when the job starts. +be stored on completion of the job. \fIfunc\fR represents the function that should +be started asynchronously. The data pointed to by \fIargs\fR and of size \fIsize\fR +will be copied and then passed as an argument to \fIfunc\fR when the job starts. ASYNC_start_job will return one of the following values: .IP "\fB\s-1ASYNC_ERR\s0\fR" 4 .IX Item "ASYNC_ERR" @@ -207,48 +208,52 @@ again at a later time. .IP "\fB\s-1ASYNC_PAUSE\s0\fR" 4 .IX Item "ASYNC_PAUSE" The job was successfully started but was \*(L"paused\*(R" before it completed (see -\&\fBASYNC_pause_job()\fR below). A handle to the job is placed in \fB*job\fR. Other work +\&\fBASYNC_pause_job()\fR below). A handle to the job is placed in \fI*job\fR. Other work can be performed (if desired) and the job restarted at a later time. To restart -a job call \fBASYNC_start_job()\fR again passing the job handle in \fB*job\fR. The -\&\fBfunc\fR, \fBargs\fR and \fBsize\fR parameters will be ignored when restarting a job. +a job call \fBASYNC_start_job()\fR again passing the job handle in \fI*job\fR. The +\&\fIfunc\fR, \fIargs\fR and \fIsize\fR parameters will be ignored when restarting a job. When restarting a job \fBASYNC_start_job()\fR \fBmust\fR be called from the same thread that the job was originally started from. .IP "\fB\s-1ASYNC_FINISH\s0\fR" 4 .IX Item "ASYNC_FINISH" -The job completed. \fB*job\fR will be \s-1NULL\s0 and the return value from \fBfunc\fR will -be placed in \fB*ret\fR. +The job completed. \fI*job\fR will be \s-1NULL\s0 and the return value from \fIfunc\fR will +be placed in \fI*ret\fR. .PP At any one time there can be a maximum of one job actively running per thread (you can have many that are paused). \fBASYNC_get_current_job()\fR can be used to get -a pointer to the currently executing \s-1ASYNC_JOB.\s0 If no job is currently executing -then this will return \s-1NULL.\s0 +a pointer to the currently executing \fB\s-1ASYNC_JOB\s0\fR. If no job is currently +executing then this will return \s-1NULL.\s0 .PP If executing within the context of a job (i.e. having been called directly or indirectly by the function \*(L"func\*(R" passed as an argument to \fBASYNC_start_job()\fR) then \fBASYNC_pause_job()\fR will immediately return control to the calling -application with \s-1ASYNC_PAUSE\s0 returned from the \fBASYNC_start_job()\fR call. A -subsequent call to ASYNC_start_job passing in the relevant \s-1ASYNC_JOB\s0 in the -\&\fB*job\fR parameter will resume execution from the \fBASYNC_pause_job()\fR call. If +application with \fB\s-1ASYNC_PAUSE\s0\fR returned from the \fBASYNC_start_job()\fR call. A +subsequent call to ASYNC_start_job passing in the relevant \fB\s-1ASYNC_JOB\s0\fR in the +\&\fI*job\fR parameter will resume execution from the \fBASYNC_pause_job()\fR call. If \&\fBASYNC_pause_job()\fR is called whilst not within the context of a job then no action is taken and \fBASYNC_pause_job()\fR returns immediately. .PP -\&\fBASYNC_get_wait_ctx()\fR can be used to get a pointer to the \s-1ASYNC_WAIT_CTX\s0 -for the \fBjob\fR. ASYNC_WAIT_CTXs can have a \*(L"wait\*(R" file descriptor associated -with them. Applications can wait for the file descriptor to be ready for \*(L"read\*(R" -using a system function call such as select or poll (being ready for \*(L"read\*(R" -indicates that the job should be resumed). If no file descriptor is made -available then an application will have to periodically \*(L"poll\*(R" the job by -attempting to restart it to see if it is ready to continue. +\&\fBASYNC_get_wait_ctx()\fR can be used to get a pointer to the \fB\s-1ASYNC_WAIT_CTX\s0\fR +for the \fIjob\fR. \fB\s-1ASYNC_WAIT_CTX\s0\fRs contain two different ways to notify +applications that a job is ready to be resumed. One is a \*(L"wait\*(R" file +descriptor, and the other is a \*(L"callback\*(R" mechanism. +.PP +The \*(L"wait\*(R" file descriptor associated with \fB\s-1ASYNC_WAIT_CTX\s0\fR is used for +applications to wait for the file descriptor to be ready for \*(L"read\*(R" using a +system function call such as select or poll (being ready for \*(L"read\*(R" indicates +that the job should be resumed). If no file descriptor is made available then +an application will have to periodically \*(L"poll\*(R" the job by attempting to restart +it to see if it is ready to continue. .PP -An example of typical usage might be an async capable engine. User code would -initiate cryptographic operations. The engine would initiate those operations -asynchronously and then call \fBASYNC_WAIT_CTX_set_wait_fd\fR\|(3) followed by -\&\fBASYNC_pause_job()\fR to return control to the user code. The user code can then -perform other tasks or wait for the job to be ready by calling \*(L"select\*(R" or other -similar function on the wait file descriptor. The engine can signal to the user -code that the job should be resumed by making the wait file descriptor -\&\*(L"readable\*(R". Once resumed the engine should clear the wake signal on the wait -file descriptor. +\&\fB\s-1ASYNC_WAIT_CTX\s0\fRs also have a \*(L"callback\*(R" mechanism to notify applications. The +callback is set by an application, and it will be automatically called when an +engine completes a cryptography operation, so that the application can resume +the paused work flow without polling. An engine could be written to look whether +the callback has been set. If it has then it would use the callback mechanism +in preference to the file descriptor notifications. If a callback is not set +then the engine may use file descriptor based notifications. Please note that +not all engines may support the callback mechanism, so the callback may not be +used even if it has been set. See \fBASYNC_WAIT_CTX_new()\fR for more details. .PP The \fBASYNC_block_pause()\fR function will prevent the currently active job from pausing. The block will remain in place until a subsequent call to @@ -256,10 +261,10 @@ pausing. The block will remain in place until a subsequent call to \&\fBASYNC_block_pause()\fR twice then you must call \fBASYNC_unblock_pause()\fR twice in order to re-enable pausing. If these functions are called while there is no currently active job then they have no effect. This functionality can be useful -to avoid deadlock scenarios. For example during the execution of an \s-1ASYNC_JOB\s0 an -application acquires a lock. It then calls some cryptographic function which +to avoid deadlock scenarios. For example during the execution of an \fB\s-1ASYNC_JOB\s0\fR +an application acquires a lock. It then calls some cryptographic function which invokes \fBASYNC_pause_job()\fR. This returns control back to the code that created -the \s-1ASYNC_JOB.\s0 If that code then attempts to acquire the same lock before +the \fB\s-1ASYNC_JOB\s0\fR. If that code then attempts to acquire the same lock before resuming the original job then a deadlock can occur. By calling \&\fBASYNC_block_pause()\fR immediately after acquiring the lock and \&\fBASYNC_unblock_pause()\fR immediately before releasing it then this situation cannot @@ -271,28 +276,28 @@ can be used to detect whether the current platform is async capable or not. .IX Header "RETURN VALUES" ASYNC_init_thread returns 1 on success or 0 otherwise. .PP -ASYNC_start_job returns one of \s-1ASYNC_ERR, ASYNC_NO_JOBS, ASYNC_PAUSE\s0 or -\&\s-1ASYNC_FINISH\s0 as described above. +ASYNC_start_job returns one of \fB\s-1ASYNC_ERR\s0\fR, \fB\s-1ASYNC_NO_JOBS\s0\fR, \fB\s-1ASYNC_PAUSE\s0\fR or +\&\fB\s-1ASYNC_FINISH\s0\fR as described above. .PP ASYNC_pause_job returns 0 if an error occurred or 1 on success. If called when -not within the context of an \s-1ASYNC_JOB\s0 then this is counted as success so 1 is -returned. +not within the context of an \fB\s-1ASYNC_JOB\s0\fR then this is counted as success so 1 +is returned. .PP -ASYNC_get_current_job returns a pointer to the currently executing \s-1ASYNC_JOB\s0 or -\&\s-1NULL\s0 if not within the context of a job. +ASYNC_get_current_job returns a pointer to the currently executing \fB\s-1ASYNC_JOB\s0\fR +or \s-1NULL\s0 if not within the context of a job. .PP -\&\fBASYNC_get_wait_ctx()\fR returns a pointer to the \s-1ASYNC_WAIT_CTX\s0 for the job. +\&\fBASYNC_get_wait_ctx()\fR returns a pointer to the \fB\s-1ASYNC_WAIT_CTX\s0\fR for the job. .PP \&\fBASYNC_is_capable()\fR returns 1 if the current platform is async capable or 0 otherwise. .SH "NOTES" .IX Header "NOTES" -On Windows platforms the openssl/async.h header is dependent on some -of the types customarily made available by including windows.h. The +On Windows platforms the \fI<openssl/async.h>\fR header is dependent on some +of the types customarily made available by including \fI<windows.h>\fR. The application developer is likely to require control over when the latter is included, commonly as one of the first included headers. Therefore, it is defined as an application developer's responsibility to include -windows.h prior to async.h. +\&\fI<windows.h>\fR prior to \fI<openssl/async.h>\fR. .SH "EXAMPLES" .IX Header "EXAMPLES" The following example demonstrates how to use most of the core async APIs: @@ -445,9 +450,9 @@ ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, \fBASYNC_get_wait_ctx() added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BF_encrypt.3 b/secure/lib/libcrypto/man/man3/BF_encrypt.3 index 87f9344f7600..852362bc6428 100644 --- a/secure/lib/libcrypto/man/man3/BF_encrypt.3 +++ b/secure/lib/libcrypto/man/man3/BF_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,26 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BF_ENCRYPT 3" -.TH BF_ENCRYPT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BF_ENCRYPT 3ossl" +.TH BF_ENCRYPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt, BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options \- Blowfish encryption +BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt, +BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options \- Blowfish encryption .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/blowfish.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 \& void BF_set_key(BF_KEY *key, int len, const unsigned char *data); \& \& void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, @@ -165,6 +170,10 @@ BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt, BF_cfb64_enc .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. Applications should +instead use \fBEVP_EncryptInit_ex\fR\|(3), \fBEVP_EncryptUpdate\fR\|(3) and +\&\fBEVP_EncryptFinal_ex\fR\|(3) or the equivalently named decrypt functions. +.PP This library implements the Blowfish cipher, which was invented and described by Counterpane (see http://www.counterpane.com/blowfish.html ). .PP @@ -239,11 +248,14 @@ functions directly. .IX Header "SEE ALSO" \&\fBEVP_EncryptInit\fR\|(3), \&\fBdes_modes\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_ADDR.3 b/secure/lib/libcrypto/man/man3/BIO_ADDR.3 index d9df57161a1b..a6aa0110a7f7 100644 --- a/secure/lib/libcrypto/man/man3/BIO_ADDR.3 +++ b/secure/lib/libcrypto/man/man3/BIO_ADDR.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,17 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_ADDR 3" -.TH BIO_ADDR 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_ADDR 3ossl" +.TH BIO_ADDR 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BIO_ADDR, BIO_ADDR_new, BIO_ADDR_clear, BIO_ADDR_free, BIO_ADDR_rawmake, BIO_ADDR_family, BIO_ADDR_rawaddress, BIO_ADDR_rawport, BIO_ADDR_hostname_string, BIO_ADDR_service_string, BIO_ADDR_path_string \- BIO_ADDR routines +BIO_ADDR, BIO_ADDR_new, BIO_ADDR_clear, BIO_ADDR_free, BIO_ADDR_rawmake, +BIO_ADDR_family, BIO_ADDR_rawaddress, BIO_ADDR_rawport, +BIO_ADDR_hostname_string, BIO_ADDR_service_string, +BIO_ADDR_path_string \- BIO_ADDR routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 2 @@ -184,7 +185,7 @@ therefore ignored) and populates the given \fB\s-1BIO_ADDR\s0\fR with them. In case this creates a \fB\s-1AF_UNIX\s0\fR \fB\s-1BIO_ADDR\s0\fR, \fBwherelen\fR is expected to be the length of the path string (not including the terminating \&\s-1NUL,\s0 such as the result of a call to \fBstrlen()\fR). -\&\fIRead on about the addresses in \*(L"\s-1RAW ADDRESSES\*(R"\s0 below\fR. +Read on about the addresses in \*(L"\s-1RAW ADDRESSES\*(R"\s0 below. .PP \&\fBBIO_ADDR_family()\fR returns the protocol family of the given \&\fB\s-1BIO_ADDR\s0\fR. The possible non-error results are one of the @@ -201,7 +202,7 @@ order, most significant byte first. In case this is a \fB\s-1AF_UNIX\s0\fR \fB\s-1BIO_ADDR\s0\fR, \fBl\fR gets the length of the path string (not including the terminating \s-1NUL,\s0 such as the result of a call to \fBstrlen()\fR). -\&\fIRead on about the addresses in \*(L"\s-1RAW ADDRESSES\*(R"\s0 below\fR. +Read on about the addresses in \*(L"\s-1RAW ADDRESSES\*(R"\s0 below. .PP \&\fBBIO_ADDR_rawport()\fR returns the raw port of the given \fB\s-1BIO_ADDR\s0\fR. The raw port will be in network byte order. @@ -247,7 +248,7 @@ information they should return isn't available. .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_ADDRINFO.3 b/secure/lib/libcrypto/man/man3/BIO_ADDRINFO.3 index 1bf9f4a4d7b6..fcb802beb59d 100644 --- a/secure/lib/libcrypto/man/man3/BIO_ADDRINFO.3 +++ b/secure/lib/libcrypto/man/man3/BIO_ADDRINFO.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,20 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_ADDRINFO 3" -.TH BIO_ADDRINFO 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_ADDRINFO 3ossl" +.TH BIO_ADDRINFO 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BIO_lookup_type, BIO_ADDRINFO, BIO_ADDRINFO_next, BIO_ADDRINFO_free, BIO_ADDRINFO_family, BIO_ADDRINFO_socktype, BIO_ADDRINFO_protocol, BIO_ADDRINFO_address, BIO_lookup_ex, BIO_lookup \&\- BIO_ADDRINFO type and routines +BIO_lookup_type, +BIO_ADDRINFO, BIO_ADDRINFO_next, BIO_ADDRINFO_free, +BIO_ADDRINFO_family, BIO_ADDRINFO_socktype, BIO_ADDRINFO_protocol, +BIO_ADDRINFO_address, +BIO_lookup_ex, +BIO_lookup +\&\- BIO_ADDRINFO type and routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 2 @@ -154,7 +158,7 @@ BIO_lookup_type, BIO_ADDRINFO, BIO_ADDRINFO_next, BIO_ADDRINFO_free, BIO_ADDRINF \& \& int BIO_lookup_ex(const char *host, const char *service, int lookup_type, \& int family, int socktype, int protocol, BIO_ADDRINFO **res); -\& int BIO_lookup(const char *node, const char *service, +\& int BIO_lookup(const char *host, const char *service, \& enum BIO_lookup_type lookup_type, \& int family, int socktype, BIO_ADDRINFO **res); \& @@ -185,8 +189,7 @@ used. \fBres\fR points at a pointer to hold the start of a \fB\s-1BIO_ADDRINFO\s chain. .PP For the family \fB\s-1AF_UNIX\s0\fR, \fBBIO_lookup_ex()\fR will ignore the \fBservice\fR -parameter and expects the \fBnode\fR parameter to hold the path to the -socket file. +parameter and expects the \fBhost\fR parameter to hold the path to the socket file. .PP \&\fBBIO_lookup()\fR does the same as \fBBIO_lookup_ex()\fR but does not provide the ability to select based on the protocol (any protocol may be returned). @@ -231,9 +234,9 @@ explicitly set to \s-1IPPROTO_SCTP.\s0 The same may be true on other platforms. The \fBBIO_lookup_ex()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_connect.3 b/secure/lib/libcrypto/man/man3/BIO_connect.3 index b0451becb4fc..411811a49e15 100644 --- a/secure/lib/libcrypto/man/man3/BIO_connect.3 +++ b/secure/lib/libcrypto/man/man3/BIO_connect.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_CONNECT 3" -.TH BIO_CONNECT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_CONNECT 3ossl" +.TH BIO_CONNECT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BIO_socket, BIO_bind, BIO_connect, BIO_listen, BIO_accept_ex, BIO_closesocket \- BIO socket communication setup routines +BIO_socket, BIO_bind, BIO_connect, BIO_listen, BIO_accept_ex, BIO_closesocket \- BIO +socket communication setup routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -234,7 +233,7 @@ Use the functions described above instead. .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_ctrl.3 b/secure/lib/libcrypto/man/man3/BIO_ctrl.3 index e0266497235b..f7f9863289c6 100644 --- a/secure/lib/libcrypto/man/man3/BIO_ctrl.3 +++ b/secure/lib/libcrypto/man/man3/BIO_ctrl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,19 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_CTRL 3" -.TH BIO_CTRL 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_CTRL 3ossl" +.TH BIO_CTRL 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset, BIO_seek, BIO_tell, BIO_flush, BIO_eof, BIO_set_close, BIO_get_close, BIO_pending, BIO_wpending, BIO_ctrl_pending, BIO_ctrl_wpending, BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb, BIO_get_ktls_send, BIO_get_ktls_recv \&\- BIO control operations +BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset, +BIO_seek, BIO_tell, BIO_flush, BIO_eof, BIO_set_close, BIO_get_close, +BIO_pending, BIO_wpending, BIO_ctrl_pending, BIO_ctrl_wpending, +BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb, BIO_get_ktls_send, +BIO_get_ktls_recv +\&\- BIO control operations .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -214,23 +217,26 @@ sending. Otherwise, it returns zero. receiving. Otherwise, it returns zero. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBIO_reset()\fR normally returns 1 for success and 0 or \-1 for failure. File +\&\fBBIO_reset()\fR normally returns 1 for success and <=0 for failure. File BIOs are an exception, they return 0 for success and \-1 for failure. .PP \&\fBBIO_seek()\fR and \fBBIO_tell()\fR both return the current file position on success and \-1 for failure, except file BIOs which for \fBBIO_seek()\fR always return 0 for success and \-1 for failure. .PP -\&\fBBIO_flush()\fR returns 1 for success and 0 or \-1 for failure. +\&\fBBIO_flush()\fR returns 1 for success and <=0 for failure. .PP -\&\fBBIO_eof()\fR returns 1 if \s-1EOF\s0 has been reached 0 otherwise. +\&\fBBIO_eof()\fR returns 1 if \s-1EOF\s0 has been reached, 0 if not, or negative values for failure. .PP -\&\fBBIO_set_close()\fR always returns 1. +\&\fBBIO_set_close()\fR returns 1 on success or <=0 for failure. .PP -\&\fBBIO_get_close()\fR returns the close flag value: \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 +\&\fBBIO_get_close()\fR returns the close flag value: \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 It also +returns other negative values if an error occurs. .PP \&\fBBIO_pending()\fR, \fBBIO_ctrl_pending()\fR, \fBBIO_wpending()\fR and \fBBIO_ctrl_wpending()\fR -return the amount of pending data. +return the amount of pending data. \fBBIO_pending()\fR and \fBBIO_wpending()\fR return +negative value or 0 on error. \fBBIO_ctrl_pending()\fR and \fBBIO_ctrl_wpending()\fR return +0 on error. .PP \&\fBBIO_get_ktls_send()\fR returns 1 if the \s-1BIO\s0 is using the Kernel \s-1TLS\s0 data-path for sending. Otherwise, it returns zero. @@ -266,15 +272,18 @@ Some of the return values are ambiguous and care should be taken. In particular a return value of 0 can be returned if an operation is not supported, if an error occurred, if \s-1EOF\s0 has not been reached and in the case of \fBBIO_seek()\fR on a file \s-1BIO\s0 for a successful operation. +.PP +In older versions of OpenSSL the \fBBIO_ctrl_pending()\fR and +\&\fBBIO_ctrl_wpending()\fR could return values greater than \s-1INT_MAX\s0 on error. .SH "HISTORY" .IX Header "HISTORY" -The \fBBIO_get_ktls_send()\fR and \fBBIO_get_ktls_recv()\fR functions were added in -OpenSSL 3.0.0. +The \fBBIO_get_ktls_send()\fR and \fBBIO_get_ktls_recv()\fR macros were added in +OpenSSL 3.0. They were modified to never return \-1 in OpenSSL 3.0.4. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_f_base64.3 b/secure/lib/libcrypto/man/man3/BIO_f_base64.3 index c9df007d12db..8dbaf3e81a22 100644 --- a/secure/lib/libcrypto/man/man3/BIO_f_base64.3 +++ b/secure/lib/libcrypto/man/man3/BIO_f_base64.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_F_BASE64 3" -.TH BIO_F_BASE64 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_F_BASE64 3ossl" +.TH BIO_F_BASE64 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -229,7 +227,7 @@ to reliably determine \s-1EOF\s0 (for example a \s-1MIME\s0 boundary). .IX Header "COPYRIGHT" Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_f_buffer.3 b/secure/lib/libcrypto/man/man3/BIO_f_buffer.3 index 71773aa7984e..699d16c9e0d1 100644 --- a/secure/lib/libcrypto/man/man3/BIO_f_buffer.3 +++ b/secure/lib/libcrypto/man/man3/BIO_f_buffer.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,20 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_F_BUFFER 3" -.TH BIO_F_BUFFER 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_F_BUFFER 3ossl" +.TH BIO_F_BUFFER 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BIO_get_buffer_num_lines, BIO_set_read_buffer_size, BIO_set_write_buffer_size, BIO_set_buffer_size, BIO_set_buffer_read_data, BIO_f_buffer \&\- buffering BIO +BIO_get_buffer_num_lines, +BIO_set_read_buffer_size, +BIO_set_write_buffer_size, +BIO_set_buffer_size, +BIO_set_buffer_read_data, +BIO_f_buffer +\&\- buffering BIO .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -203,12 +207,13 @@ source/sink \s-1BIO\s0 is non blocking. .IX Header "RETURN VALUES" \&\fBBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method. .PP -\&\fBBIO_get_buffer_num_lines()\fR returns the number of lines buffered (may be 0). +\&\fBBIO_get_buffer_num_lines()\fR returns the number of lines buffered (may be 0) or +a negative value in case of errors. .PP \&\fBBIO_set_read_buffer_size()\fR, \fBBIO_set_write_buffer_size()\fR and \fBBIO_set_buffer_size()\fR -return 1 if the buffer was successfully resized or 0 for failure. +return 1 if the buffer was successfully resized or <=0 for failure. .PP -\&\fBBIO_set_buffer_read_data()\fR returns 1 if the data was set correctly or 0 if +\&\fBBIO_set_buffer_read_data()\fR returns 1 if the data was set correctly or <=0 if there was an error. .SH "SEE ALSO" .IX Header "SEE ALSO" @@ -219,9 +224,9 @@ there was an error. \&\fBBIO_ctrl\fR\|(3). .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_f_cipher.3 b/secure/lib/libcrypto/man/man3/BIO_f_cipher.3 index 0bfa93ba46e3..416a23792cda 100644 --- a/secure/lib/libcrypto/man/man3/BIO_f_cipher.3 +++ b/secure/lib/libcrypto/man/man3/BIO_f_cipher.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_F_CIPHER 3" -.TH BIO_F_CIPHER 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_F_CIPHER 3ossl" +.TH BIO_F_CIPHER 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -147,10 +145,10 @@ BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx \- ciphe \& #include <openssl/evp.h> \& \& const BIO_METHOD *BIO_f_cipher(void); -\& void BIO_set_cipher(BIO *b, const EVP_CIPHER *cipher, -\& unsigned char *key, unsigned char *iv, int enc); -\& int BIO_get_cipher_status(BIO *b) -\& int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx) +\& int BIO_set_cipher(BIO *b, const EVP_CIPHER *cipher, +\& const unsigned char *key, const unsigned char *iv, int enc); +\& int BIO_get_cipher_status(BIO *b); +\& int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -195,17 +193,17 @@ be achieved by preceding the cipher \s-1BIO\s0 with a buffering \s-1BIO.\s0 .IX Header "RETURN VALUES" \&\fBBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. .PP -\&\fBBIO_set_cipher()\fR does not return a value. +\&\fBBIO_set_cipher()\fR returns 1 for success and 0 for failure. .PP -\&\fBBIO_get_cipher_status()\fR returns 1 for a successful decrypt and 0 +\&\fBBIO_get_cipher_status()\fR returns 1 for a successful decrypt and <=0 for failure. .PP -\&\fBBIO_get_cipher_ctx()\fR currently always returns 1. +\&\fBBIO_get_cipher_ctx()\fR returns 1 for success and <=0 for failure. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_f_md.3 b/secure/lib/libcrypto/man/man3/BIO_f_md.3 index b9f3cb1208d0..41d5027419b9 100644 --- a/secure/lib/libcrypto/man/man3/BIO_f_md.3 +++ b/secure/lib/libcrypto/man/man3/BIO_f_md.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_F_MD 3" -.TH BIO_F_MD 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_F_MD 3ossl" +.TH BIO_F_MD 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -202,7 +200,7 @@ if the standard calls such as \fBBIO_set_md()\fR are not sufficiently flexible. \&\fBBIO_f_md()\fR returns the digest \s-1BIO\s0 method. .PP \&\fBBIO_set_md()\fR, \fBBIO_get_md()\fR and \fBBIO_md_ctx()\fR return 1 for success and -0 for failure. +<=0 for failure. .SH "EXAMPLES" .IX Header "EXAMPLES" The following example creates a \s-1BIO\s0 chain containing an \s-1SHA1\s0 and \s-1MD5\s0 @@ -265,7 +263,7 @@ outputs them. This could be used with the examples above. \& if (!mdtmp) \& break; \& BIO_get_md(mdtmp, &md); -\& printf("%s digest", OBJ_nid2sn(EVP_MD_type(md))); +\& printf("%s digest", OBJ_nid2sn(EVP_MD_get_type(md))); \& mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE); \& for (i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]); \& printf("\en"); @@ -287,9 +285,9 @@ Before OpenSSL 1.0.0., the call to \fBBIO_get_md_ctx()\fR would only work if the \&\s-1BIO\s0 was initialized first. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_f_null.3 b/secure/lib/libcrypto/man/man3/BIO_f_null.3 index bd4c4fee93b5..f709017fcc71 100644 --- a/secure/lib/libcrypto/man/man3/BIO_f_null.3 +++ b/secure/lib/libcrypto/man/man3/BIO_f_null.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_F_NULL 3" -.TH BIO_F_NULL 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_F_NULL 3ossl" +.TH BIO_F_NULL 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -165,7 +163,7 @@ As may be apparent a null filter \s-1BIO\s0 is not particularly useful. .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_f_prefix.3 b/secure/lib/libcrypto/man/man3/BIO_f_prefix.3 new file mode 100644 index 000000000000..107a3e0d1059 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_f_prefix.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_PREFIX 3ossl" +.TH BIO_F_PREFIX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_f_prefix, BIO_set_prefix, BIO_set_indent, BIO_get_indent +\&\- prefix BIO filter +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bio.h> +\& +\& const BIO_METHOD *BIO_f_prefix(void); +\& long BIO_set_prefix(BIO *b, const char *prefix); +\& long BIO_set_indent(BIO *b, long indent); +\& long BIO_get_indent(BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_f_cipher()\fR returns the prefix \s-1BIO\s0 method. This is a filter for +text output, where each line gets automatically prefixed and indented +according to user input. +.PP +The prefix and the indentation are combined. For each line of output +going through this filter, the prefix is output first, then the amount +of additional spaces indicated by the indentation, and then the line +itself. +.PP +By default, there is no prefix, and indentation is set to 0. +.PP +\&\fBBIO_set_prefix()\fR sets the prefix to be used for future lines of +text, using \fIprefix\fR. \fIprefix\fR may be \s-1NULL,\s0 signifying that there +should be no prefix. If \fIprefix\fR isn't \s-1NULL,\s0 this function makes a +copy of it. +.PP +\&\fBBIO_set_indent()\fR sets the indentation to be used for future lines of +text, using \fIindent\fR. Negative values are not allowed. +.PP +\&\fBBIO_get_indent()\fR gets the current indentation. +.SH "NOTES" +.IX Header "NOTES" +\&\fBBIO_set_prefix()\fR, \fBBIO_set_indent()\fR and \fBBIO_get_indent()\fR are +implemented as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_f_prefix()\fR returns the prefix \s-1BIO\s0 method. +.PP +\&\fBBIO_set_prefix()\fR returns 1 if the prefix was correctly set, or <=0 on +failure. +.PP +\&\fBBIO_set_indent()\fR returns 1 if the prefix was correctly set, or <=0 on +failure. +.PP +\&\fBBIO_get_indent()\fR returns the current indentation, or a negative value for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBbio\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_f_readbuffer.3 b/secure/lib/libcrypto/man/man3/BIO_f_readbuffer.3 new file mode 100644 index 000000000000..028edd27a8b0 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_f_readbuffer.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_READBUFFER 3ossl" +.TH BIO_F_READBUFFER 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_f_readbuffer +\&\- read only buffering BIO that supports BIO_tell() and BIO_seek() +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bio.h> +\& +\& const BIO_METHOD *BIO_f_readbuffer(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_f_readbuffer()\fR returns the read buffering \s-1BIO\s0 method. +.PP +This \s-1BIO\s0 filter can be inserted on top of \s-1BIO\s0's that do not support \fBBIO_tell()\fR +or \fBBIO_seek()\fR (e.g. A file \s-1BIO\s0 that uses stdin). +.PP +Data read from a read buffering \s-1BIO\s0 comes from an internal buffer which is +filled from the next \s-1BIO\s0 in the chain. +.PP +\&\fBBIO_gets()\fR is supported for read buffering BIOs. +Writing data to a read buffering \s-1BIO\s0 is not supported. +.PP +Calling \fBBIO_reset()\fR on a read buffering \s-1BIO\s0 does not clear any buffered data. +.SH "NOTES" +.IX Header "NOTES" +Read buffering BIOs implement \fBBIO_read_ex()\fR by using \fBBIO_read_ex()\fR operations +on the next \s-1BIO\s0 (e.g. a file \s-1BIO\s0) in the chain and storing the result in an +internal buffer, from which bytes are given back to the caller as appropriate +for the call. \fBBIO_read_ex()\fR is guaranteed to give the caller the number of bytes +it asks for, unless there's an error or end of communication is reached in the +next \s-1BIO.\s0 The internal buffer can grow to cache the entire contents of the next +\&\s-1BIO\s0 in the chain. \fBBIO_seek()\fR uses the internal buffer, so that it can only seek +into data that is already read. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_f_readbuffer()\fR returns the read buffering \s-1BIO\s0 method. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBbio\fR\|(7), +\&\fBBIO_read\fR\|(3), +\&\fBBIO_gets\fR\|(3), +\&\fBBIO_reset\fR\|(3), +\&\fBBIO_ctrl\fR\|(3). +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_f_ssl.3 b/secure/lib/libcrypto/man/man3/BIO_f_ssl.3 index ffaebe6d5e79..61ae97df6ed5 100644 --- a/secure/lib/libcrypto/man/man3/BIO_f_ssl.3 +++ b/secure/lib/libcrypto/man/man3/BIO_f_ssl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,19 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_F_SSL 3" -.TH BIO_F_SSL 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_F_SSL 3ossl" +.TH BIO_F_SSL 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BIO_do_handshake, BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes, BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl, BIO_new_ssl_connect, BIO_new_buffer_ssl_connect, BIO_ssl_copy_session_id, BIO_ssl_shutdown \- SSL BIO +BIO_do_handshake, +BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, +BIO_set_ssl_renegotiate_bytes, +BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl, +BIO_new_ssl_connect, BIO_new_buffer_ssl_connect, BIO_ssl_copy_session_id, +BIO_ssl_shutdown \- SSL BIO .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 2 @@ -225,12 +228,15 @@ chain and calling \fBSSL_shutdown()\fR on its internal \s-1SSL\s0 pointer. .PP \&\fBBIO_do_handshake()\fR attempts to complete an \s-1SSL\s0 handshake on the -supplied \s-1BIO\s0 and establish the \s-1SSL\s0 connection. It returns 1 -if the connection was established successfully. A zero or negative -value is returned if the connection could not be established, the -call \fBBIO_should_retry()\fR should be used for non blocking connect BIOs -to determine if the call should be retried. If an \s-1SSL\s0 connection has -already been established this call has no effect. +supplied \s-1BIO\s0 and establish the \s-1SSL\s0 connection. +For non-SSL BIOs the connection is done typically at \s-1TCP\s0 level. +If domain name resolution yields multiple \s-1IP\s0 addresses all of them are tried +after \fBconnect()\fR failures. +The function returns 1 if the connection was established successfully. +A zero or negative value is returned if the connection could not be established. +The call \fBBIO_should_retry()\fR should be used for nonblocking connect BIOs +to determine if the call should be retried. +If a connection has already been established this call has no effect. .SH "NOTES" .IX Header "NOTES" \&\s-1SSL\s0 BIOs are exceptional in that if the underlying transport @@ -298,9 +304,6 @@ unencrypted example in \fBBIO_s_connect\fR\|(3). \& exit(1); \& } \& -\& /* Don\*(Aqt want any retries */ -\& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); -\& \& /* XXX We might want to do other things with ssl here */ \& \& /* An empty host part means the loopback address */ @@ -360,7 +363,6 @@ a client and also echoes the request to standard output. \& exit(1); \& } \& -\& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); \& bbio = BIO_new(BIO_f_buffer()); \& sbio = BIO_push(bbio, sbio); \& acpt = BIO_new_accept("4433"); @@ -374,13 +376,22 @@ a client and also echoes the request to standard output. \& BIO_set_accept_bios(acpt, sbio); \& out = BIO_new_fp(stdout, BIO_NOCLOSE); \& -\& /* Setup accept BIO */ +\& /* First call to BIO_do_accept() sets up accept BIO */ \& if (BIO_do_accept(acpt) <= 0) { \& fprintf(stderr, "Error setting up accept BIO\en"); \& ERR_print_errors_fp(stderr); \& exit(1); \& } -\& +.Ve +.PP +/* Second call to \fBBIO_do_accept()\fR waits for incoming connection */ + if (BIO_do_accept(acpt) <= 0) { + fprintf(stderr, \*(L"Error accepting connection\en\*(R"); + ERR_print_errors_fp(stderr); + \fBexit\fR\|(1); + } +.PP +.Vb 3 \& /* We only want one connection so remove and free accept BIO */ \& sbio = BIO_pop(acpt); \& BIO_free_all(acpt); @@ -421,9 +432,9 @@ included workarounds for this bug (e.g. freeing BIOs more than once) should be modified to handle this fix or they may free up an already freed \s-1BIO.\s0 .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_find_type.3 b/secure/lib/libcrypto/man/man3/BIO_find_type.3 index c5b3459fa395..9ab1e9061948 100644 --- a/secure/lib/libcrypto/man/man3/BIO_find_type.3 +++ b/secure/lib/libcrypto/man/man3/BIO_find_type.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_FIND_TYPE 3" -.TH BIO_FIND_TYPE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_FIND_TYPE 3ossl" +.TH BIO_FIND_TYPE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -161,7 +159,7 @@ found. The following general types are defined: \&\fB\s-1BIO_TYPE_DESCRIPTOR\s0\fR, \fB\s-1BIO_TYPE_FILTER\s0\fR, and \fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR. .PP -For a list of the specific types, see the \fBopenssl/bio.h\fR header file. +For a list of the specific types, see the \fI<openssl/bio.h>\fR header file. .PP \&\fBBIO_next()\fR returns the next \s-1BIO\s0 in a chain. It can be used to traverse all BIOs in a chain or used in conjunction with \fBBIO_find_type()\fR to find all BIOs of a @@ -195,9 +193,9 @@ Traverse a chain looking for digest BIOs: .Ve .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_get_data.3 b/secure/lib/libcrypto/man/man3/BIO_get_data.3 index 26e40ae824f1..d13b78316306 100644 --- a/secure/lib/libcrypto/man/man3/BIO_get_data.3 +++ b/secure/lib/libcrypto/man/man3/BIO_get_data.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_GET_DATA 3" -.TH BIO_GET_DATA 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_GET_DATA 3ossl" +.TH BIO_GET_DATA 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BIO_set_data, BIO_get_data, BIO_set_init, BIO_get_init, BIO_set_shutdown, BIO_get_shutdown \- functions for managing BIO state information +BIO_set_data, BIO_get_data, BIO_set_init, BIO_get_init, BIO_set_shutdown, +BIO_get_shutdown \- functions for managing BIO state information .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -181,15 +180,15 @@ associated with this \s-1BIO,\s0 or \s-1NULL\s0 if none has been set. \&\fBBIO_get_shutdown()\fR returns the stat of the \s-1BIO\s0's shutdown (i.e. \s-1BIO_CLOSE\s0) flag. .SH "SEE ALSO" .IX Header "SEE ALSO" -bio, BIO_meth_new +\&\fBbio\fR\|(7), \fBBIO_meth_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The functions described here were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_get_ex_new_index.3 b/secure/lib/libcrypto/man/man3/BIO_get_ex_new_index.3 index 6f37a8847027..8baa4e841bcc 100644 --- a/secure/lib/libcrypto/man/man3/BIO_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/man3/BIO_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,35 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_GET_EX_NEW_INDEX 3" -.TH BIO_GET_EX_NEW_INDEX 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_GET_EX_NEW_INDEX 3ossl" +.TH BIO_GET_EX_NEW_INDEX 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BIO_get_ex_new_index, BIO_set_ex_data, BIO_get_ex_data, ENGINE_get_ex_new_index, ENGINE_set_ex_data, ENGINE_get_ex_data, UI_get_ex_new_index, UI_set_ex_data, UI_get_ex_data, X509_get_ex_new_index, X509_set_ex_data, X509_get_ex_data, X509_STORE_get_ex_new_index, X509_STORE_set_ex_data, X509_STORE_get_ex_data, X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_ex_data, DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data, DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data, ECDH_get_ex_new_index, ECDH_set_ex_data, ECDH_get_ex_data, EC_KEY_get_ex_new_index, EC_KEY_set_ex_data, EC_KEY_get_ex_data, RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data \&\- application\-specific data +BIO_get_ex_new_index, BIO_set_ex_data, BIO_get_ex_data, +BIO_set_app_data, BIO_get_app_data, +DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data, +DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data, +EC_KEY_get_ex_new_index, EC_KEY_set_ex_data, EC_KEY_get_ex_data, +ENGINE_get_ex_new_index, ENGINE_set_ex_data, ENGINE_get_ex_data, +EVP_PKEY_get_ex_new_index, EVP_PKEY_set_ex_data, EVP_PKEY_get_ex_data, +RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data, +RSA_set_app_data, RSA_get_app_data, +SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data, +SSL_set_app_data, SSL_get_app_data, +SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data, +SSL_CTX_set_app_data, SSL_CTX_get_app_data, +SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data, +SSL_SESSION_set_app_data, SSL_SESSION_get_app_data, +UI_get_ex_new_index, UI_set_ex_data, UI_get_ex_data, +UI_set_app_data, UI_get_app_data, +X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_ex_data, +X509_STORE_CTX_set_app_data, X509_STORE_CTX_get_app_data, +X509_STORE_get_ex_new_index, X509_STORE_set_ex_data, X509_STORE_get_ex_data, +X509_get_ex_new_index, X509_set_ex_data, X509_get_ex_data +\&\- application\-specific data .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -152,13 +171,51 @@ BIO_get_ex_new_index, BIO_set_ex_data, BIO_get_ex_data, ENGINE_get_ex_new_index, \& \& int TYPE_set_ex_data(TYPE *d, int idx, void *arg); \& -\& void *TYPE_get_ex_data(TYPE *d, int idx); +\& void *TYPE_get_ex_data(const TYPE *d, int idx); +\& +\& #define TYPE_set_app_data(TYPE *d, void *arg) +\& #define TYPE_get_app_data(TYPE *d) +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 10 +\& int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +\& int DH_set_ex_data(DH *type, int idx, void *arg); +\& void *DH_get_ex_data(DH *type, int idx); +\& int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +\& int DSA_set_ex_data(DSA *type, int idx, void *arg); +\& void *DSA_get_ex_data(DSA *type, int idx); +\& int EC_KEY_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +\& int EC_KEY_set_ex_data(EC_KEY *type, int idx, void *arg); +\& void *EC_KEY_get_ex_data(EC_KEY *type, int idx); +\& int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +\& int RSA_set_ex_data(RSA *type, int idx, void *arg); +\& void *RSA_get_ex_data(RSA *type, int idx); +\& int RSA_set_app_data(RSA *type, void *arg); +\& void *RSA_get_app_data(RSA *type); +\& int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +\& int ENGINE_set_ex_data(ENGINE *type, int idx, void *arg); +\& void *ENGINE_get_ex_data(ENGINE *type, int idx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" In the description here, \fI\s-1TYPE\s0\fR is used a placeholder -for any of the OpenSSL datatypes listed in -\&\fBCRYPTO_get_ex_new_index\fR\|(3). +for any of the OpenSSL datatypes listed in \fBCRYPTO_get_ex_new_index\fR\|(3). +.PP +All functions with a \fI\s-1TYPE\s0\fR of \fB\s-1DH\s0\fR, \fB\s-1DSA\s0\fR, \fB\s-1RSA\s0\fR and \fB\s-1EC_KEY\s0\fR are deprecated. +Applications should instead use \fBEVP_PKEY_set_ex_data()\fR, +\&\fBEVP_PKEY_get_ex_data()\fR and \fBEVP_PKEY_get_ex_new_index()\fR. +.PP +All functions with a \fI\s-1TYPE\s0\fR of \fB\s-1ENGINE\s0\fR are deprecated. +Applications using engines should be replaced by providers. .PP These functions handle application-specific data for OpenSSL data structures. @@ -171,6 +228,14 @@ an offset into the opaque exdata part of the \s-1TYPE\s0 object. .PP \&\fBTYPE_get_ex_data()\fR is a function that calls \fBCRYPTO_get_ex_data()\fR with an offset into the opaque exdata part of the \s-1TYPE\s0 object. +.PP +For compatibility with previous releases, the exdata index of zero is +reserved for \*(L"application data.\*(R" There are two convenience functions for +this. +\&\fBTYPE_set_app_data()\fR is a macro that invokes \fBTYPE_set_ex_data()\fR with +\&\fBidx\fR set to zero. +\&\fBTYPE_get_app_data()\fR is a macro that invokes \fBTYPE_get_ex_data()\fR with +\&\fBidx\fR set to zero. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBTYPE_get_ex_new_index()\fR returns a new index on success or \-1 on error. @@ -181,11 +246,19 @@ an offset into the opaque exdata part of the \s-1TYPE\s0 object. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBCRYPTO_get_ex_new_index\fR\|(3). +.SH "HISTORY" +.IX Header "HISTORY" +The functions \fBDH_get_ex_new_index()\fR, \fBDH_set_ex_data()\fR, \fBDH_get_ex_data()\fR, +\&\fBDSA_get_ex_new_index()\fR, \fBDSA_set_ex_data()\fR, \fBDSA_get_ex_data()\fR, +\&\fBEC_KEY_get_ex_new_index()\fR, \fBEC_KEY_set_ex_data()\fR, \fBEC_KEY_get_ex_data()\fR, +\&\fBENGINE_get_ex_new_index()\fR, \fBENGINE_set_ex_data()\fR, \fBENGINE_get_ex_data()\fR, +\&\fBRSA_get_ex_new_index()\fR, \fBRSA_set_ex_data()\fR, \fBRSA_get_ex_data()\fR, +\&\fBRSA_set_app_data()\fR and \fBRSA_get_app_data()\fR were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_meth_new.3 b/secure/lib/libcrypto/man/man3/BIO_meth_new.3 index 3f48bd01ae94..71464300a24e 100644 --- a/secure/lib/libcrypto/man/man3/BIO_meth_new.3 +++ b/secure/lib/libcrypto/man/man3/BIO_meth_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,21 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_METH_NEW 3" -.TH BIO_METH_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_METH_NEW 3ossl" +.TH BIO_METH_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BIO_get_new_index, BIO_meth_new, BIO_meth_free, BIO_meth_get_read_ex, BIO_meth_set_read_ex, BIO_meth_get_write_ex, BIO_meth_set_write_ex, BIO_meth_get_write, BIO_meth_set_write, BIO_meth_get_read, BIO_meth_set_read, BIO_meth_get_puts, BIO_meth_set_puts, BIO_meth_get_gets, BIO_meth_set_gets, BIO_meth_get_ctrl, BIO_meth_set_ctrl, BIO_meth_get_create, BIO_meth_set_create, BIO_meth_get_destroy, BIO_meth_set_destroy, BIO_meth_get_callback_ctrl, BIO_meth_set_callback_ctrl \- Routines to build up BIO methods +BIO_get_new_index, +BIO_meth_new, BIO_meth_free, BIO_meth_get_read_ex, BIO_meth_set_read_ex, +BIO_meth_get_write_ex, BIO_meth_set_write_ex, BIO_meth_get_write, +BIO_meth_set_write, BIO_meth_get_read, BIO_meth_set_read, BIO_meth_get_puts, +BIO_meth_set_puts, BIO_meth_get_gets, BIO_meth_set_gets, BIO_meth_get_ctrl, +BIO_meth_set_ctrl, BIO_meth_get_create, BIO_meth_set_create, +BIO_meth_get_destroy, BIO_meth_set_destroy, BIO_meth_get_callback_ctrl, +BIO_meth_set_callback_ctrl \- Routines to build up BIO methods .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -190,20 +195,20 @@ BIO_get_new_index, BIO_meth_new, BIO_meth_free, BIO_meth_get_read_ex, BIO_meth_s .IX Header "DESCRIPTION" The \fB\s-1BIO_METHOD\s0\fR type is a structure used for the implementation of new \s-1BIO\s0 types. It provides a set of functions used by OpenSSL for the implementation -of the various \s-1BIO\s0 capabilities. See the bio page for more information. +of the various \s-1BIO\s0 capabilities. See the \fBbio\fR\|(7) page for more information. .PP \&\fBBIO_meth_new()\fR creates a new \fB\s-1BIO_METHOD\s0\fR structure. It should be given a unique integer \fBtype\fR and a string that represents its \fBname\fR. Use \fBBIO_get_new_index()\fR to get the value for \fBtype\fR. .PP The set of -standard OpenSSL provided \s-1BIO\s0 types is provided in \fBbio.h\fR. Some examples -include \fB\s-1BIO_TYPE_BUFFER\s0\fR and \fB\s-1BIO_TYPE_CIPHER\s0\fR. Filter BIOs should have a -type which have the \*(L"filter\*(R" bit set (\fB\s-1BIO_TYPE_FILTER\s0\fR). Source/sink BIOs -should have the \*(L"source/sink\*(R" bit set (\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR). File descriptor -based BIOs (e.g. socket, fd, connect, accept etc) should additionally have the -\&\*(L"descriptor\*(R" bit set (\fB\s-1BIO_TYPE_DESCRIPTOR\s0\fR). See the BIO_find_type page for -more information. +standard OpenSSL provided \s-1BIO\s0 types is provided in \fI<openssl/bio.h>\fR. +Some examples include \fB\s-1BIO_TYPE_BUFFER\s0\fR and \fB\s-1BIO_TYPE_CIPHER\s0\fR. Filter BIOs +should have a type which have the \*(L"filter\*(R" bit set (\fB\s-1BIO_TYPE_FILTER\s0\fR). +Source/sink BIOs should have the \*(L"source/sink\*(R" bit set (\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR). +File descriptor based BIOs (e.g. socket, fd, connect, accept etc) should +additionally have the \*(L"descriptor\*(R" bit set (\fB\s-1BIO_TYPE_DESCRIPTOR\s0\fR). See the +\&\fBBIO_find_type\fR\|(3) page for more information. .PP \&\fBBIO_meth_free()\fR destroys a \fB\s-1BIO_METHOD\s0\fR structure and frees up any memory associated with it. @@ -238,7 +243,7 @@ application calling \fBBIO_gets()\fR. The parameters for the function have the s meaning as for \fBBIO_gets()\fR. .PP \&\fBBIO_meth_get_ctrl()\fR and \fBBIO_meth_set_ctrl()\fR get and set the function used for -processing ctrl messages in the \s-1BIO\s0 respectively. See the BIO_ctrl page for +processing ctrl messages in the \s-1BIO\s0 respectively. See the \fBBIO_ctrl\fR\|(3) page for more information. This function will be called in response to the application calling \fBBIO_ctrl()\fR. The parameters for the function have the same meaning as for \&\fBBIO_ctrl()\fR. @@ -248,7 +253,10 @@ for creating a new instance of the \s-1BIO\s0 respectively. This function will b called in response to the application calling \fBBIO_new()\fR and passing in a pointer to the current \s-1BIO_METHOD.\s0 The \fBBIO_new()\fR function will allocate the memory for the new \s-1BIO,\s0 and a pointer to this newly allocated structure will -be passed as a parameter to the function. +be passed as a parameter to the function. If a create function is set, +\&\fBBIO_new()\fR will not mark the \s-1BIO\s0 as initialised on allocation. +\&\fBBIO_set_init\fR\|(3) must then be called either by the create function, or later, +by a \s-1BIO\s0 ctrl function, once \s-1BIO\s0 initialisation is complete. .PP \&\fBBIO_meth_get_destroy()\fR and \fBBIO_meth_set_destroy()\fR get and set the function used for destroying an instance of a \s-1BIO\s0 respectively. This function will be @@ -274,15 +282,15 @@ The \fBBIO_meth_set\fR functions return 1 on success or 0 on error. The \fBBIO_meth_get\fR functions return the corresponding function pointers. .SH "SEE ALSO" .IX Header "SEE ALSO" -bio, BIO_find_type, BIO_ctrl, BIO_read_ex, BIO_new +\&\fBbio\fR\|(7), \fBBIO_find_type\fR\|(3), \fBBIO_ctrl\fR\|(3), \fBBIO_read_ex\fR\|(3), \fBBIO_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The functions described here were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_new.3 b/secure/lib/libcrypto/man/man3/BIO_new.3 index 5cbd224755b6..4c1feac4ae99 100644 --- a/secure/lib/libcrypto/man/man3/BIO_new.3 +++ b/secure/lib/libcrypto/man/man3/BIO_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,28 +130,35 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_NEW 3" -.TH BIO_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_NEW 3ossl" +.TH BIO_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BIO_new, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all \&\- BIO allocation and freeing functions +BIO_new_ex, BIO_new, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all +\&\- BIO allocation and freeing functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/bio.h> \& -\& BIO * BIO_new(const BIO_METHOD *type); -\& int BIO_up_ref(BIO *a); -\& int BIO_free(BIO *a); -\& void BIO_vfree(BIO *a); -\& void BIO_free_all(BIO *a); +\& BIO *BIO_new_ex(OSSL_LIB_CTX *libctx, const BIO_METHOD *type); +\& BIO *BIO_new(const BIO_METHOD *type); +\& int BIO_up_ref(BIO *a); +\& int BIO_free(BIO *a); +\& void BIO_vfree(BIO *a); +\& void BIO_free_all(BIO *a); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fBBIO_new()\fR function returns a new \s-1BIO\s0 using method \fBtype\fR. +The \fBBIO_new_ex()\fR function returns a new \s-1BIO\s0 using method \fBtype\fR associated with +the library context \fIlibctx\fR (see \s-1\fBOSSL_LIB_CTX\s0\fR\|(3)). The library context may be +\&\s-1NULL\s0 to indicate the default library context. +.PP +The \fBBIO_new()\fR is the same as \fBBIO_new_ex()\fR except the default library context is +always used. .PP \&\fBBIO_up_ref()\fR increments the reference count associated with the \s-1BIO\s0 object. .PP @@ -170,7 +175,7 @@ occurs freeing up an individual \s-1BIO\s0 in the chain. If \fBa\fR is \s-1NULL\s0 nothing is done. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBIO_new()\fR returns a newly created \s-1BIO\s0 or \s-1NULL\s0 if the call fails. +\&\fBBIO_new_ex()\fR and \fBBIO_new()\fR return a newly created \s-1BIO\s0 or \s-1NULL\s0 if the call fails. .PP \&\fBBIO_up_ref()\fR and \fBBIO_free()\fR return 1 for success and 0 for failure. .PP @@ -185,6 +190,8 @@ on it other than the discarded return value. .SH "HISTORY" .IX Header "HISTORY" \&\fBBIO_set()\fR was removed in OpenSSL 1.1.0 as \s-1BIO\s0 type is now opaque. +.PP +\&\fBBIO_new_ex()\fR was added in OpenSSL 3.0. .SH "EXAMPLES" .IX Header "EXAMPLES" Create a memory \s-1BIO:\s0 @@ -194,9 +201,9 @@ Create a memory \s-1BIO:\s0 .Ve .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_new_CMS.3 b/secure/lib/libcrypto/man/man3/BIO_new_CMS.3 index 104a23d7a2d3..59b7a623a1f1 100644 --- a/secure/lib/libcrypto/man/man3/BIO_new_CMS.3 +++ b/secure/lib/libcrypto/man/man3/BIO_new_CMS.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_NEW_CMS 3" -.TH BIO_NEW_CMS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_NEW_CMS 3ossl" +.TH BIO_NEW_CMS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -198,7 +196,7 @@ The \fBBIO_new_CMS()\fR function was added in OpenSSL 1.0.0. .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_parse_hostserv.3 b/secure/lib/libcrypto/man/man3/BIO_parse_hostserv.3 index 38905f6f01db..955bbc79eeab 100644 --- a/secure/lib/libcrypto/man/man3/BIO_parse_hostserv.3 +++ b/secure/lib/libcrypto/man/man3/BIO_parse_hostserv.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_PARSE_HOSTSERV 3" -.TH BIO_PARSE_HOSTSERV 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_PARSE_HOSTSERV 3ossl" +.TH BIO_PARSE_HOSTSERV 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BIO_hostserv_priorities, BIO_parse_hostserv \&\- utility routines to parse a standard host and service string +BIO_hostserv_priorities, +BIO_parse_hostserv +\&\- utility routines to parse a standard host and service string .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -175,7 +175,8 @@ The syntax the \fBBIO_parse_hostserv()\fR recognises is: The host part can be a name or an \s-1IP\s0 address. If it's a IPv6 address, it \s-1MUST\s0 be enclosed in brackets, such as '[::1]'. .PP -The service part can be a service name or its port number. +The service part can be a service name or its port number. A service name +will be mapped to a port number using the system function \fBgetservbyname()\fR. .PP The returned values will depend on the given \fBhostserv\fR string and \fBhostserv_prio\fR, as follows: @@ -204,9 +205,9 @@ and \fBhostserv_prio\fR, as follows: \&\s-1\fBBIO_ADDRINFO\s0\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_printf.3 b/secure/lib/libcrypto/man/man3/BIO_printf.3 index 893b6bcb19a0..3bb8e1c8a1e4 100644 --- a/secure/lib/libcrypto/man/man3/BIO_printf.3 +++ b/secure/lib/libcrypto/man/man3/BIO_printf.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,38 +130,39 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_PRINTF 3" -.TH BIO_PRINTF 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_PRINTF 3ossl" +.TH BIO_PRINTF 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BIO_printf, BIO_vprintf, BIO_snprintf, BIO_vsnprintf \&\- formatted output to a BIO +BIO_printf, BIO_vprintf, BIO_snprintf, BIO_vsnprintf +\&\- formatted output to a BIO .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/bio.h> \& -\& int BIO_printf(BIO *bio, const char *format, ...) -\& int BIO_vprintf(BIO *bio, const char *format, va_list args) +\& int BIO_printf(BIO *bio, const char *format, ...); +\& int BIO_vprintf(BIO *bio, const char *format, va_list args); \& -\& int BIO_snprintf(char *buf, size_t n, const char *format, ...) -\& int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) +\& int BIO_snprintf(char *buf, size_t n, const char *format, ...); +\& int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBBIO_printf()\fR is similar to the standard C \fBprintf()\fR function, except that -the output is sent to the specified \s-1BIO,\s0 \fBbio\fR, rather than standard +the output is sent to the specified \s-1BIO,\s0 \fIbio\fR, rather than standard output. All common format specifiers are supported. .PP \&\fBBIO_vprintf()\fR is similar to the \fBvprintf()\fR function found on many platforms, -the output is sent to the specified \s-1BIO,\s0 \fBbio\fR, rather than standard +the output is sent to the specified \s-1BIO,\s0 \fIbio\fR, rather than standard output. All common format specifiers are supported. The argument -list \fBargs\fR is a stdarg argument list. +list \fIargs\fR is a stdarg argument list. .PP \&\fBBIO_snprintf()\fR is for platforms that do not have the common \fBsnprintf()\fR -function. It is like \fBsprintf()\fR except that the size parameter, \fBn\fR, +function. It is like \fBsprintf()\fR except that the size parameter, \fIn\fR, specifies the size of the output buffer. .PP \&\fBBIO_vsnprintf()\fR is to \fBBIO_snprintf()\fR as \fBBIO_vprintf()\fR is to \fBBIO_printf()\fR. @@ -172,11 +171,17 @@ specifies the size of the output buffer. All functions return the number of bytes written, or \-1 on error. For \fBBIO_snprintf()\fR and \fBBIO_vsnprintf()\fR this includes when the output buffer is too small. +.SH "NOTES" +.IX Header "NOTES" +Except when \fIn\fR is 0, both \fBBIO_snprintf()\fR and \fBBIO_vsnprintf()\fR always +terminate their output with \f(CW\*(Aq\e0\*(Aq\fR. This includes cases where \-1 is +returned, such as when there is insufficient space to output the whole +string. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_push.3 b/secure/lib/libcrypto/man/man3/BIO_push.3 index d8fd0d79dac7..fab0c72af7dd 100644 --- a/secure/lib/libcrypto/man/man3/BIO_push.3 +++ b/secure/lib/libcrypto/man/man3/BIO_push.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_PUSH 3" -.TH BIO_PUSH 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_PUSH 3ossl" +.TH BIO_PUSH 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -219,7 +217,7 @@ Data can be written to and read from \fImd1\fR as before, except that \fImd2\fR will no more be applied. .SH "SEE ALSO" .IX Header "SEE ALSO" -bio +\&\fBbio\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" The \fBBIO_set_next()\fR function was added in OpenSSL 1.1.0. @@ -227,7 +225,7 @@ The \fBBIO_set_next()\fR function was added in OpenSSL 1.1.0. .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_read.3 b/secure/lib/libcrypto/man/man3/BIO_read.3 index 9d827891daeb..563ad4a1cd90 100644 --- a/secure/lib/libcrypto/man/man3/BIO_read.3 +++ b/secure/lib/libcrypto/man/man3/BIO_read.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_READ 3" -.TH BIO_READ 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_READ 3ossl" +.TH BIO_READ 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BIO_read_ex, BIO_write_ex, BIO_read, BIO_write, BIO_gets, BIO_puts \&\- BIO I/O functions +BIO_read_ex, BIO_write_ex, BIO_read, BIO_write, +BIO_gets, BIO_get_line, BIO_puts +\&\- BIO I/O functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -150,42 +150,68 @@ BIO_read_ex, BIO_write_ex, BIO_read, BIO_write, BIO_gets, BIO_puts \&\- BIO I/O \& \& int BIO_read(BIO *b, void *data, int dlen); \& int BIO_gets(BIO *b, char *buf, int size); +\& int BIO_get_line(BIO *b, char *buf, int size); \& int BIO_write(BIO *b, const void *data, int dlen); \& int BIO_puts(BIO *b, const char *buf); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBBIO_read_ex()\fR attempts to read \fBdlen\fR bytes from \s-1BIO\s0 \fBb\fR and places the data -in \fBdata\fR. If any bytes were successfully read then the number of bytes read is -stored in \fB*readbytes\fR. +\&\fBBIO_read_ex()\fR attempts to read \fIdlen\fR bytes from \s-1BIO\s0 \fIb\fR and places the data +in \fIdata\fR. If any bytes were successfully read then the number of bytes read is +stored in \fI*readbytes\fR. .PP -\&\fBBIO_write_ex()\fR attempts to write \fBdlen\fR bytes from \fBdata\fR to \s-1BIO\s0 \fBb\fR. If -successful then the number of bytes written is stored in \fB*written\fR. +\&\fBBIO_write_ex()\fR attempts to write \fIdlen\fR bytes from \fIdata\fR to \s-1BIO\s0 \fIb\fR. +If successful then the number of bytes written is stored in \fI*written\fR +unless \fIwritten\fR is \s-1NULL.\s0 .PP -\&\fBBIO_read()\fR attempts to read \fBlen\fR bytes from \s-1BIO\s0 \fBb\fR and places -the data in \fBbuf\fR. +\&\fBBIO_read()\fR attempts to read \fIlen\fR bytes from \s-1BIO\s0 \fIb\fR and places +the data in \fIbuf\fR. .PP \&\fBBIO_gets()\fR performs the BIOs \*(L"gets\*(R" operation and places the data -in \fBbuf\fR. Usually this operation will attempt to read a line of data -from the \s-1BIO\s0 of maximum length \fBsize\-1\fR. There are exceptions to this, +in \fIbuf\fR. Usually this operation will attempt to read a line of data +from the \s-1BIO\s0 of maximum length \fIsize\-1\fR. There are exceptions to this, however; for example, \fBBIO_gets()\fR on a digest \s-1BIO\s0 will calculate and return the digest and other BIOs may not support \fBBIO_gets()\fR at all. The returned string is always NUL-terminated and the '\en' is preserved if present in the input data. +On binary input there may be \s-1NUL\s0 characters within the string; +in this case the return value (if nonnegative) may give an incorrect length. .PP -\&\fBBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO\s0 \fBb\fR. +\&\fBBIO_get_line()\fR attempts to read from \s-1BIO\s0 \fIb\fR a line of data up to the next '\en' +or the maximum length \fIsize\-1\fR is reached and places the data in \fIbuf\fR. +The returned string is always NUL-terminated and the '\en' is preserved +if present in the input data. +On binary input there may be \s-1NUL\s0 characters within the string; +in this case the return value (if nonnegative) gives the actual length read. +For implementing this, unfortunately the data needs to be read byte-by-byte. .PP -\&\fBBIO_puts()\fR attempts to write a NUL-terminated string \fBbuf\fR to \s-1BIO\s0 \fBb\fR. +\&\fBBIO_write()\fR attempts to write \fIlen\fR bytes from \fIbuf\fR to \s-1BIO\s0 \fIb\fR. +.PP +\&\fBBIO_puts()\fR attempts to write a NUL-terminated string \fIbuf\fR to \s-1BIO\s0 \fIb\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR return 1 if data was successfully read or -written, and 0 otherwise. +\&\fBBIO_read_ex()\fR returns 1 if data was successfully read, and 0 otherwise. +.PP +\&\fBBIO_write_ex()\fR returns 1 if no error was encountered writing data, 0 otherwise. +Requesting to write 0 bytes is not considered an error. +.PP +\&\fBBIO_write()\fR returns \-2 if the \*(L"write\*(R" operation is not implemented by the \s-1BIO\s0 +or \-1 on other errors. +Otherwise it returns the number of bytes written. +This may be 0 if the \s-1BIO\s0 \fIb\fR is \s-1NULL\s0 or \fIdlen <= 0\fR. +.PP +\&\fBBIO_gets()\fR returns \-2 if the \*(L"gets\*(R" operation is not implemented by the \s-1BIO\s0 +or \-1 on other errors. +Otherwise it typically returns the amount of data read, +but depending on the implementation it may return only the length up to +the first \s-1NUL\s0 character contained in the data read. +In any case the trailing \s-1NUL\s0 that is added after the data read +is not included in the length returned. .PP All other functions return either the amount of data successfully read or written (if the return value is positive) or that no data was successfully read or written if the result is 0 or \-1. If the return value is \-2 then -the operation is not implemented in the specific \s-1BIO\s0 type. The trailing -\&\s-1NUL\s0 is not included in the length returned by \fBBIO_gets()\fR. +the operation is not implemented in the specific \s-1BIO\s0 type. .SH "NOTES" .IX Header "NOTES" A 0 or \-1 return is not necessarily an indication of an error. In @@ -206,21 +232,26 @@ a retry instead of blocking. See \fBBIO_should_retry\fR\|(3) for details of how to determine the cause of a retry and other I/O issues. .PP -If the \fBBIO_gets()\fR function is not supported by a \s-1BIO\s0 then it possible to -work around this by adding a buffering \s-1BIO\s0 \fBBIO_f_buffer\fR\|(3) -to the chain. +If the \*(L"gets\*(R" method is not supported by a \s-1BIO\s0 then \fBBIO_get_line()\fR can be used. +It is also possible to make \fBBIO_gets()\fR usable even if the \*(L"gets\*(R" method is not +supported by adding a buffering \s-1BIO\s0 \fBBIO_f_buffer\fR\|(3) to the chain. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBBIO_should_retry\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fBBIO_gets()\fR on 1.1.0 and older when called on \fBBIO_fd()\fR based \s-1BIO\s0 does not +\&\fBBIO_gets()\fR on 1.1.0 and older when called on \fBBIO_fd()\fR based \s-1BIO\s0 did not keep the '\en' at the end of the line in the buffer. +.PP +\&\fBBIO_get_line()\fR was added in OpenSSL 3.0. +.PP +\&\fBBIO_write_ex()\fR returns 1 if the size of the data to write is 0 and the +\&\fIwritten\fR parameter of the function can be \s-1NULL\s0 since OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_s_accept.3 b/secure/lib/libcrypto/man/man3/BIO_s_accept.3 index b950c5491c39..89e7a0d34aff 100644 --- a/secure/lib/libcrypto/man/man3/BIO_s_accept.3 +++ b/secure/lib/libcrypto/man/man3/BIO_s_accept.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,18 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_S_ACCEPT 3" -.TH BIO_S_ACCEPT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_S_ACCEPT 3ossl" +.TH BIO_S_ACCEPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BIO_s_accept, BIO_set_accept_name, BIO_set_accept_port, BIO_get_accept_name, BIO_get_accept_port, BIO_new_accept, BIO_set_nbio_accept, BIO_set_accept_bios, BIO_get_peer_name, BIO_get_peer_port, BIO_get_accept_ip_family, BIO_set_accept_ip_family, BIO_set_bind_mode, BIO_get_bind_mode, BIO_do_accept \- accept BIO +BIO_s_accept, BIO_set_accept_name, BIO_set_accept_port, BIO_get_accept_name, +BIO_get_accept_port, BIO_new_accept, BIO_set_nbio_accept, BIO_set_accept_bios, +BIO_get_peer_name, BIO_get_peer_port, +BIO_get_accept_ip_family, BIO_set_accept_ip_family, +BIO_set_bind_mode, BIO_get_bind_mode, BIO_do_accept \- accept BIO .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -206,10 +208,12 @@ connect BIOs, that is it can be a numerical port string or a string to lookup using \fBgetservbyname()\fR and a string table. .PP \&\fBBIO_set_accept_port()\fR uses the string \fBport\fR to set the accept -port. \*(L"port\*(R" has the same syntax as the port specified in +port of \s-1BIO\s0 \fIb\fR. \*(L"port\*(R" has the same syntax as the port specified in \&\fBBIO_set_conn_port()\fR for connect BIOs, that is it can be a numerical port string or a string to lookup using \fBgetservbyname()\fR and a string table. +If the given port is \f(CW0\fR then a random available port is chosen. +It may be queried using \fBBIO_sock_info()\fR and \fBBIO_ADDR_service_string\fR\|(3). .PP \&\fBBIO_new_accept()\fR combines \fBBIO_new()\fR and \fBBIO_set_accept_name()\fR into a single call: that is it creates a new accept \s-1BIO\s0 with port @@ -225,6 +229,12 @@ buffering or \s-1SSL BIO\s0 is required for each connection. The chain of BIOs must not be freed after this call, they will be automatically freed when the accept \s-1BIO\s0 is freed. .PP +\&\fBBIO_get_accept_ip_family()\fR returns the \s-1IP\s0 family accepted by the \s-1BIO\s0 \fIb\fR, +which may be \fB\s-1BIO_FAMILY_IPV4\s0\fR, \fB\s-1BIO_FAMILY_IPV6\s0\fR, or \fB\s-1BIO_FAMILY_IPANY\s0\fR. +.PP +\&\fBBIO_set_accept_ip_family()\fR sets the \s-1IP\s0 family \fIfamily\fR accepted by \s-1BIO\s0 \fIb\fR. +The default is \fB\s-1BIO_FAMILY_IPANY\s0\fR. +.PP \&\fBBIO_set_bind_mode()\fR and \fBBIO_get_bind_mode()\fR set and retrieve the current bind mode. If \fB\s-1BIO_BIND_NORMAL\s0\fR (the default) is set then another socket cannot be bound to the same port. If @@ -294,16 +304,16 @@ accepted a connection and retry the call. \&\fBBIO_do_accept()\fR, \&\fBBIO_set_accept_name()\fR, \fBBIO_set_accept_port()\fR, \fBBIO_set_nbio_accept()\fR, \&\fBBIO_set_accept_bios()\fR, \fBBIO_set_accept_ip_family()\fR, and \fBBIO_set_bind_mode()\fR -return 1 for success and 0 or \-1 for failure. +return 1 for success and <=0 for failure. .PP \&\fBBIO_get_accept_name()\fR returns the accept name or \s-1NULL\s0 on error. \&\fBBIO_get_peer_name()\fR returns the peer name or \s-1NULL\s0 on error. .PP \&\fBBIO_get_accept_port()\fR returns the accept port as a string or \s-1NULL\s0 on error. \&\fBBIO_get_peer_port()\fR returns the peer port as a string or \s-1NULL\s0 on error. -\&\fBBIO_get_accept_ip_family()\fR returns the \s-1IP\s0 family or \-1 on error. +\&\fBBIO_get_accept_ip_family()\fR returns the \s-1IP\s0 family or <=0 on error. .PP -\&\fBBIO_get_bind_mode()\fR returns the set of \fB\s-1BIO_BIND\s0\fR flags, or \-1 on failure. +\&\fBBIO_get_bind_mode()\fR returns the set of \fB\s-1BIO_BIND\s0\fR flags, or <=0 on failure. .PP \&\fBBIO_new_accept()\fR returns a \s-1BIO\s0 or \s-1NULL\s0 on error. .SH "EXAMPLES" @@ -314,7 +324,7 @@ down each and finally closes both down. .Vb 1 \& BIO *abio, *cbio, *cbio2; \& -\& /* First call to BIO_accept() sets up accept BIO */ +\& /* First call to BIO_do_accept() sets up accept BIO */ \& abio = BIO_new_accept("4444"); \& if (BIO_do_accept(abio) <= 0) { \& fprintf(stderr, "Error setting up accept\en"); @@ -357,9 +367,9 @@ down each and finally closes both down. .Ve .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_s_bio.3 b/secure/lib/libcrypto/man/man3/BIO_s_bio.3 index 6e47caed1a35..f89a1762a5c5 100644 --- a/secure/lib/libcrypto/man/man3/BIO_s_bio.3 +++ b/secure/lib/libcrypto/man/man3/BIO_s_bio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,17 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_S_BIO 3" -.TH BIO_S_BIO 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_S_BIO 3ossl" +.TH BIO_S_BIO 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair, BIO_get_write_guarantee, BIO_ctrl_get_write_guarantee, BIO_get_read_request, BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request \- BIO pair BIO +BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, +BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair, +BIO_get_write_guarantee, BIO_ctrl_get_write_guarantee, BIO_get_read_request, +BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request \- BIO pair BIO .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -323,7 +324,7 @@ the peer might be waiting for the data before being able to continue. .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_s_connect.3 b/secure/lib/libcrypto/man/man3/BIO_s_connect.3 index 34ead201bb97..27e32a87b5c2 100644 --- a/secure/lib/libcrypto/man/man3/BIO_s_connect.3 +++ b/secure/lib/libcrypto/man/man3/BIO_s_connect.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,22 +130,27 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_S_CONNECT 3" -.TH BIO_S_CONNECT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_S_CONNECT 3ossl" +.TH BIO_S_CONNECT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BIO_set_conn_address, BIO_get_conn_address, BIO_s_connect, BIO_new_connect, BIO_set_conn_hostname, BIO_set_conn_port, BIO_set_conn_ip_family, BIO_get_conn_ip_family, BIO_get_conn_hostname, BIO_get_conn_port, BIO_set_nbio, BIO_do_connect \- connect BIO +BIO_s_connect, BIO_new_connect, +BIO_set_conn_hostname, BIO_set_conn_port, +BIO_set_conn_address, BIO_set_conn_ip_family, +BIO_get_conn_hostname, BIO_get_conn_port, +BIO_get_conn_address, BIO_get_conn_ip_family, +BIO_set_nbio, BIO_do_connect \- connect BIO .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/bio.h> \& -\& const BIO_METHOD * BIO_s_connect(void); +\& const BIO_METHOD *BIO_s_connect(void); \& -\& BIO *BIO_new_connect(char *name); +\& BIO *BIO_new_connect(const char *name); \& \& long BIO_set_conn_hostname(BIO *b, char *name); \& long BIO_set_conn_port(BIO *b, char *port); @@ -160,7 +163,7 @@ BIO_set_conn_address, BIO_get_conn_address, BIO_s_connect, BIO_new_connect, BIO_ \& \& long BIO_set_nbio(BIO *b, long n); \& -\& int BIO_do_connect(BIO *b); +\& long BIO_do_connect(BIO *b); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -186,20 +189,18 @@ Calling \fBBIO_reset()\fR on a connect \s-1BIO\s0 will close any active connection and reset the \s-1BIO\s0 into a state where it can connect to the same host again. .PP -\&\fBBIO_get_fd()\fR places the underlying socket in \fBc\fR if it is not \s-1NULL,\s0 -it also returns the socket . If \fBc\fR is not \s-1NULL\s0 it should be of -type (int *). +\&\fBBIO_new_connect()\fR combines \fBBIO_new()\fR and \fBBIO_set_conn_hostname()\fR into +a single call: that is it creates a new connect \s-1BIO\s0 with hostname \fBname\fR. .PP \&\fBBIO_set_conn_hostname()\fR uses the string \fBname\fR to set the hostname. The hostname can be an \s-1IP\s0 address; if the address is an IPv6 one, it -must be enclosed with brackets. The hostname can also include the -port in the form hostname:port. +must be enclosed with brackets \f(CW\*(C`[\*(C'\fR and \f(CW\*(C`]\*(C'\fR. +The hostname can also include the port in the form hostname:port; +see \fBBIO_parse_hostserv\fR\|(3) and \fBBIO_set_conn_port()\fR for details. .PP \&\fBBIO_set_conn_port()\fR sets the port to \fBport\fR. \fBport\fR can be the -numerical form or a string such as \*(L"http\*(R". A string will be looked -up first using \fBgetservbyname()\fR on the host platform but if that -fails a standard table of port names will be used. This internal -list is http, telnet, socks, https, ssl, ftp, and gopher. +numerical form or a service string such as \*(L"http\*(R", which +will be mapped to a port number using the system function \fBgetservbyname()\fR. .PP \&\fBBIO_set_conn_address()\fR sets the address and port information using a \s-1\fBBIO_ADDR\s0\fR\|(3ssl). @@ -224,14 +225,16 @@ is set. Blocking I/O is the default. The call to \fBBIO_set_nbio()\fR should be made before the connection is established because non blocking I/O is set during the connect process. .PP -\&\fBBIO_new_connect()\fR combines \fBBIO_new()\fR and \fBBIO_set_conn_hostname()\fR into -a single call: that is it creates a new connect \s-1BIO\s0 with \fBname\fR. -.PP -\&\fBBIO_do_connect()\fR attempts to connect the supplied \s-1BIO.\s0 It returns 1 -if the connection was established successfully. A zero or negative -value is returned if the connection could not be established, the -call \fBBIO_should_retry()\fR should be used for non blocking connect BIOs +\&\fBBIO_do_connect()\fR attempts to connect the supplied \s-1BIO.\s0 +This performs an \s-1SSL/TLS\s0 handshake as far as supported by the \s-1BIO.\s0 +For non-SSL BIOs the connection is done typically at \s-1TCP\s0 level. +If domain name resolution yields multiple \s-1IP\s0 addresses all of them are tried +after \fBconnect()\fR failures. +The function returns 1 if the connection was established successfully. +A zero or negative value is returned if the connection could not be established. +The call \fBBIO_should_retry()\fR should be used for non blocking connect BIOs to determine if the call should be retried. +If a connection has already been established this call has no effect. .SH "NOTES" .IX Header "NOTES" If blocking I/O is set then a non positive return value from any @@ -270,13 +273,10 @@ the underlying socket has connected and retry the call. .IX Header "RETURN VALUES" \&\fBBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. .PP -\&\fBBIO_get_fd()\fR returns the socket or \-1 if the \s-1BIO\s0 has not -been initialized. -.PP \&\fBBIO_set_conn_address()\fR, \fBBIO_set_conn_port()\fR, and \fBBIO_set_conn_ip_family()\fR -always return 1. +return 1 or <=0 if an error occurs. .PP -\&\fBBIO_set_conn_hostname()\fR returns 1 on success and 0 on failure. +\&\fBBIO_set_conn_hostname()\fR returns 1 on success and <=0 on failure. .PP \&\fBBIO_get_conn_address()\fR returns the address information or \s-1NULL\s0 if none was set. @@ -289,10 +289,10 @@ none was set. \&\fBBIO_get_conn_port()\fR returns a string representing the connected port or \s-1NULL\s0 if not set. .PP -\&\fBBIO_set_nbio()\fR always returns 1. +\&\fBBIO_set_nbio()\fR returns 1 or <=0 if an error occurs. .PP \&\fBBIO_do_connect()\fR returns 1 if the connection was successfully -established and 0 or \-1 if the connection failed. +established and <=0 if the connection failed. .SH "EXAMPLES" .IX Header "EXAMPLES" This is example connects to a webserver on the local host and attempts @@ -322,7 +322,7 @@ to retrieve a page and copy the result to standard output. .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBBIO_ADDR\s0\fR\|(3) +\&\s-1\fBBIO_ADDR\s0\fR\|(3), \fBBIO_parse_hostserv\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBBIO_set_conn_int_port()\fR, \fBBIO_get_conn_int_port()\fR, \fBBIO_set_conn_ip()\fR, and \fBBIO_get_conn_ip()\fR @@ -330,9 +330,9 @@ were removed in OpenSSL 1.1.0. Use \fBBIO_set_conn_address()\fR and \fBBIO_get_conn_address()\fR instead. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_s_core.3 b/secure/lib/libcrypto/man/man3/BIO_s_core.3 new file mode 100644 index 000000000000..38b16b407266 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_s_core.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_CORE 3ossl" +.TH BIO_S_CORE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_core, BIO_new_from_core_bio \- OSSL_CORE_BIO functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bio.h> +\& +\& const BIO_METHOD *BIO_s_core(void); +\& +\& BIO *BIO_new_from_core_bio(OSSL_LIB_CTX *libctx, OSSL_CORE_BIO *corebio); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_s_core()\fR returns the core \s-1BIO\s0 method function. +.PP +A core \s-1BIO\s0 is treated as source/sink \s-1BIO\s0 which communicates to some external +\&\s-1BIO.\s0 This is primarily useful to provider authors. A number of calls from +libcrypto into a provider supply an \s-1OSSL_CORE_BIO\s0 parameter. This represents +a \s-1BIO\s0 within libcrypto, but cannot be used directly by a provider. Instead it +should be wrapped using a \fBBIO_s_core()\fR. +.PP +Once a \s-1BIO\s0 is constructed based on \fBBIO_s_core()\fR, the associated \s-1OSSL_CORE_BIO\s0 +object should be set on it using \fBBIO_set_data\fR\|(3). Note that the \s-1BIO\s0 will only +operate correctly if it is associated with a library context constructed using +\&\fBOSSL_LIB_CTX_new_from_dispatch\fR\|(3). To associate the \s-1BIO\s0 with a library context +construct it using \fBBIO_new_ex\fR\|(3). +.PP +\&\fBBIO_new_from_core_bio()\fR is a convenience function that constructs a new \s-1BIO\s0 +based on \fBBIO_s_core()\fR and that is associated with the given library context. It +then also sets the \s-1OSSL_CORE_BIO\s0 object on the \s-1BIO\s0 using \fBBIO_set_data\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_s_core()\fR return a core \s-1BIO\s0 \fB\s-1BIO_METHOD\s0\fR structure. +.PP +\&\fBBIO_new_from_core_bio()\fR returns a \s-1BIO\s0 structure on success or \s-1NULL\s0 on failure. +A failure will most commonly be because the library context was not constructed +using \fBOSSL_LIB_CTX_new_from_dispatch\fR\|(3). +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBIO_s_core()\fR and \fBBIO_new_from_core_bio()\fR were added in OpenSSL 3.0. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a core \s-1BIO\s0 and write some data to it: +.PP +.Vb 2 +\& int some_function(OSSL_LIB_CTX *libctx, OSSL_CORE_BIO *corebio) { +\& BIO *cbio = BIO_new_from_core_bio(libctx, corebio); +\& +\& if (cbio == NULL) +\& return 0; +\& +\& BIO_puts(cbio, "Hello World\en"); +\& +\& BIO_free(cbio); +\& return 1; +\& } +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2021\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_s_datagram.3 b/secure/lib/libcrypto/man/man3/BIO_s_datagram.3 new file mode 100644 index 000000000000..755d96e08f81 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_s_datagram.3 @@ -0,0 +1,332 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_DATAGRAM 3ossl" +.TH BIO_S_DATAGRAM 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_datagram, BIO_new_dgram, +BIO_ctrl_dgram_connect, +BIO_ctrl_set_connected, +BIO_dgram_recv_timedout, +BIO_dgram_send_timedout, +BIO_dgram_get_peer, +BIO_dgram_set_peer, +BIO_dgram_get_mtu_overhead \- Network BIO with datagram semantics +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bio.h> +\& +\& BIO_METHOD *BIO_s_datagram(void); +\& BIO *BIO_new_dgram(int fd, int close_flag); +\& +\& int BIO_ctrl_dgram_connect(BIO *bio, const BIO_ADDR *peer); +\& int BIO_ctrl_set_connected(BIO *bio, const BIO_ADDR *peer); +\& int BIO_dgram_recv_timedout(BIO *bio); +\& int BIO_dgram_send_timedout(BIO *bio); +\& int BIO_dgram_get_peer(BIO *bio, BIO_ADDR *peer); +\& int BIO_dgram_set_peer(BIO *bio, const BIO_ADDR *peer); +\& int BIO_dgram_get_mtu_overhead(BIO *bio); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_s_datagram()\fR is a \s-1BIO\s0 implementation designed for use with network sockets +which provide datagram semantics, such as \s-1UDP\s0 sockets. It is suitable for use +with DTLSv1. +.PP +Because \fBBIO_s_datagram()\fR has datagram semantics, a single \fBBIO_write()\fR call sends +a single datagram and a single \fBBIO_read()\fR call receives a single datagram. If +the size of the buffer passed to \fBBIO_read()\fR is inadequate, the datagram is +silently truncated. +.PP +When using \fBBIO_s_datagram()\fR, it is important to note that: +.IP "\(bu" 4 +This \s-1BIO\s0 can be used with either a connected or unconnected network socket. A +connected socket is a network socket which has had \fBBIO_connect\fR\|(3) or a +similar OS-specific function called on it. Such a socket can only receive +datagrams from the specified peer. Any other socket is an unconnected socket and +can receive datagrams from any host. +.IP "\(bu" 4 +Despite their naming, +neither \fBBIO_ctrl_dgram_connect()\fR nor \fBBIO_ctrl_set_connected()\fR cause a socket +to become connected. These controls are provided to indicate to the \s-1BIO\s0 how +the underlying socket is configured and how it is to be used; see below. +.IP "\(bu" 4 +Use of \fBBIO_s_datagram()\fR with an unconnected network socket is hazardous hecause +any successful call to \fBBIO_read()\fR results in the peer address used for any +subsequent call to \fBBIO_write()\fR being set to the source address of the datagram +received by that call to \fBBIO_read()\fR. Thus, unless the caller calls +\&\fBBIO_dgram_set_peer()\fR immediately prior to every call to \fBBIO_write()\fR, or never +calls \fBBIO_read()\fR, any host on the network may cause future datagrams written to +be redirected to that host. Therefore, it is recommended that users use +\&\fBBIO_s_dgram()\fR only with a connected socket. An exception is where +\&\fBDTLSv1_listen\fR\|(3) must be used; see \fBDTLSv1_listen\fR\|(3) for further +discussion. +.PP +Various controls are available for configuring the \fBBIO_s_datagram()\fR using +\&\fBBIO_ctrl\fR\|(3): +.IP "BIO_ctrl_dgram_connect (\s-1BIO_CTRL_DGRAM_CONNECT\s0)" 4 +.IX Item "BIO_ctrl_dgram_connect (BIO_CTRL_DGRAM_CONNECT)" +This is equivalent to calling \fBBIO_dgram_set_peer\fR\|(3). +.Sp +Despite its name, this function does not cause the underlying socket to become +connected. +.IP "BIO_ctrl_set_connected (\s-1BIO_CTRL_SET_CONNECTED\s0)" 4 +.IX Item "BIO_ctrl_set_connected (BIO_CTRL_SET_CONNECTED)" +This informs the \fBBIO_s_datagram()\fR whether the underlying socket has been +connected, and therefore how the \fBBIO_s_datagram()\fR should attempt to use the +socket. +.Sp +If the \fIpeer\fR argument is non-NULL, \fBBIO_s_datagram()\fR assumes that the +underlying socket has been connected and will attempt to use the socket using \s-1OS\s0 +APIs which do not specify peer addresses (for example, \fBsend\fR\|(3) and \fBrecv\fR\|(3) or +similar). The \fIpeer\fR argument should specify the peer address to which the socket +is connected. +.Sp +If the \fIpeer\fR argument is \s-1NULL,\s0 \fBBIO_s_datagram()\fR assumes that the underlying +socket is not connected and will attempt to use the socket using an \s-1OS\s0 APIs +which specify peer addresses (for example, \fBsendto\fR\|(3) and \fBrecvfrom\fR\|(3)). +.IP "BIO_dgram_get_peer (\s-1BIO_CTRL_DGRAM_GET_PEER\s0)" 4 +.IX Item "BIO_dgram_get_peer (BIO_CTRL_DGRAM_GET_PEER)" +This outputs a \fB\s-1BIO_ADDR\s0\fR which specifies one of the following values, +whichever happened most recently: +.RS 4 +.IP "\(bu" 4 +The peer address last passed to \fBBIO_dgram_set_peer()\fR, \fBBIO_ctrl_dgram_connect()\fR +or \fBBIO_ctrl_set_connected()\fR. +.IP "\(bu" 4 +The peer address of the datagram last received by a call to \fBBIO_read()\fR. +.RE +.RS 4 +.RE +.IP "BIO_dgram_set_peer (\s-1BIO_CTRL_DGRAM_SET_PEER\s0)" 4 +.IX Item "BIO_dgram_set_peer (BIO_CTRL_DGRAM_SET_PEER)" +Sets the peer address to be used for subsequent writes to this \s-1BIO.\s0 +.Sp +Warning: When used with an unconnected network socket, the value set may be +modified by future calls to \fBBIO_read\fR\|(3), making use of \fBBIO_s_datagram()\fR +hazardous when used with unconnected network sockets; see above. +.IP "BIO_dgram_recv_timeout (\s-1BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP\s0)" 4 +.IX Item "BIO_dgram_recv_timeout (BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP)" +Returns 1 if the last I/O operation performed on the \s-1BIO\s0 (for example, via a +call to \fBBIO_read\fR\|(3)) may have been caused by a receive timeout. +.IP "BIO_dgram_send_timedout (\s-1BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP\s0)" 4 +.IX Item "BIO_dgram_send_timedout (BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP)" +Returns 1 if the last I/O operation performed on the \s-1BIO\s0 (for example, via a +call to \fBBIO_write\fR\|(3)) may have been caused by a send timeout. +.IP "BIO_dgram_get_mtu_overhead (\s-1BIO_CTRL_DGRAM_GET_MTU_OVERHEAD\s0)" 4 +.IX Item "BIO_dgram_get_mtu_overhead (BIO_CTRL_DGRAM_GET_MTU_OVERHEAD)" +Returns a quantity in bytes which is a rough estimate of the number of bytes of +overhead which should typically be added to a datagram payload size in order to +estimate the final size of the Layer 3 (e.g. \s-1IP\s0) packet which will contain the +datagram. In most cases, the maximum datagram payload size which can be +transmitted can be determined by determining the link \s-1MTU\s0 in bytes and +subtracting the value returned by this call. +.Sp +The value returned by this call depends on the network layer protocol being +used. +.Sp +The value returned is not fully reliable because datagram overheads can be +higher in atypical network configurations, for example where IPv6 extension +headers or IPv4 options are used. +.IP "\s-1BIO_CTRL_DGRAM_SET_DONT_FRAG\s0" 4 +.IX Item "BIO_CTRL_DGRAM_SET_DONT_FRAG" +If \fInum\fR is nonzero, configures the underlying network socket to enable Don't +Fragment mode, in which datagrams will be set with the \s-1IP\s0 Don't Fragment (\s-1DF\s0) +bit set. If \fInum\fR is zero, Don't Fragment mode is disabled. +.IP "\s-1BIO_CTRL_DGRAM_QUERY_MTU\s0" 4 +.IX Item "BIO_CTRL_DGRAM_QUERY_MTU" +Queries the \s-1OS\s0 for its assessment of the Path \s-1MTU\s0 for the destination to which +the underlying network socket, and returns that Path \s-1MTU\s0 in bytes. This control +can only be used with a connected socket. +.Sp +This is not supported on all platforms and depends on \s-1OS\s0 support being +available. Returns 0 on failure. +.IP "\s-1BIO_CTRL_DGRAM_MTU_DISCOVER\s0" 4 +.IX Item "BIO_CTRL_DGRAM_MTU_DISCOVER" +This control requests that Path \s-1MTU\s0 discovery be enabled on the underlying +network socket. +.IP "\s-1BIO_CTRL_DGRAM_GET_FALLBACK_MTU\s0" 4 +.IX Item "BIO_CTRL_DGRAM_GET_FALLBACK_MTU" +Returns the estimated minimum size of datagram payload which should always be +supported on the \s-1BIO.\s0 This size is determined by the minimum \s-1MTU\s0 required to be +supported by the applicable underlying network layer. Use of datagrams of this +size may lead to suboptimal performance, but should be routable in all +circumstances. The value returned is the datagram payload size in bytes and does +not include the size of layer 3 or layer 4 protocol headers. +.IP "\s-1BIO_CTRL_DGRAM_MTU_EXCEEDED\s0" 4 +.IX Item "BIO_CTRL_DGRAM_MTU_EXCEEDED" +Returns 1 if the last attempted write to the \s-1BIO\s0 failed due to the size of the +attempted write exceeding the applicable \s-1MTU.\s0 +.IP "\s-1BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT\s0" 4 +.IX Item "BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT" +Accepts a pointer to a \fBstruct timeval\fR. If the time specified is zero, +disables receive timeouts. Otherwise, configures the specified time interval as +the receive timeout for the socket for the purposes of future \fBBIO_read\fR\|(3) +calls. +.IP "\s-1BIO_CTRL_DGRAM_SET_PEEK_MODE\s0" 4 +.IX Item "BIO_CTRL_DGRAM_SET_PEEK_MODE" +If \fBnum\fR is nonzero, enables peek mode; otherwise, disables peek mode. Where +peek mode is enabled, calls to \fBBIO_read\fR\|(3) read datagrams from the underlying +network socket in peek mode, meaning that a future call to \fBBIO_read\fR\|(3) will +yield the same datagram until peek mode is disabled. +.PP +\&\fBBIO_new_dgram()\fR is a helper function which instantiates a \fBBIO_s_datagram()\fR and +sets the \s-1BIO\s0 to use the socket given in \fIfd\fR by calling \fBBIO_set_fd()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_s_datagram()\fR returns a \s-1BIO\s0 method. +.PP +\&\fBBIO_new_dgram()\fR returns a \s-1BIO\s0 on success and \s-1NULL\s0 on failure. +.PP +\&\fBBIO_ctrl_dgram_connect()\fR, \fBBIO_ctrl_set_connected()\fR, +\&\fBBIO_dgram_get_peer()\fR, \fBBIO_dgram_set_peer()\fR return 1 on success and 0 on failure. +.PP +\&\fBBIO_dgram_recv_timedout()\fR and \fBBIO_dgram_send_timedout()\fR return 0 or 1 depending +on the circumstance; see discussion above. +.PP +\&\fBBIO_dgram_get_mtu_overhead()\fR returns a value in bytes. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDTLSv1_listen\fR\|(3), \fBbio\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2022\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_s_fd.3 b/secure/lib/libcrypto/man/man3/BIO_s_fd.3 index 377df4ca5370..a3f040af8093 100644 --- a/secure/lib/libcrypto/man/man3/BIO_s_fd.3 +++ b/secure/lib/libcrypto/man/man3/BIO_s_fd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_S_FD 3" -.TH BIO_S_FD 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_S_FD 3ossl" +.TH BIO_S_FD 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -175,8 +173,8 @@ such as by using \fBlseek(fd, ofs, 0)\fR. \&\fBBIO_set_fd()\fR sets the file descriptor of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close flag to \fBc\fR. .PP -\&\fBBIO_get_fd()\fR places the file descriptor in \fBc\fR if it is not \s-1NULL,\s0 it also -returns the file descriptor. +\&\fBBIO_get_fd()\fR places the file descriptor of \s-1BIO\s0 \fBb\fR in \fBc\fR if it is not \s-1NULL.\s0 +It also returns the file descriptor. .PP \&\fBBIO_new_fd()\fR returns a file descriptor \s-1BIO\s0 using \fBfd\fR and \fBclose_flag\fR. .SH "NOTES" @@ -195,10 +193,10 @@ instead. .IX Header "RETURN VALUES" \&\fBBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. .PP -\&\fBBIO_set_fd()\fR always returns 1. +\&\fBBIO_set_fd()\fR returns 1 on success or <=0 for failure. .PP \&\fBBIO_get_fd()\fR returns the file descriptor or \-1 if the \s-1BIO\s0 has not -been initialized. +been initialized. It also returns zero and negative values if other error occurs. .PP \&\fBBIO_new_fd()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error occurred. @@ -222,9 +220,9 @@ This is a file descriptor \s-1BIO\s0 version of \*(L"Hello World\*(R": \&\fBBIO_set_close\fR\|(3), \fBBIO_get_close\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_s_file.3 b/secure/lib/libcrypto/man/man3/BIO_s_file.3 index a866fbc0b6a8..76ed24a86e46 100644 --- a/secure/lib/libcrypto/man/man3/BIO_s_file.3 +++ b/secure/lib/libcrypto/man/man3/BIO_s_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_S_FILE 3" -.TH BIO_S_FILE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_S_FILE 3ossl" +.TH BIO_S_FILE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp, BIO_read_filename, BIO_write_filename, BIO_append_filename, BIO_rw_filename \- FILE bio +BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp, +BIO_read_filename, BIO_write_filename, BIO_append_filename, +BIO_rw_filename \- FILE bio .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -152,10 +152,10 @@ BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp, BIO_read_filename, \& BIO_set_fp(BIO *b, FILE *fp, int flags); \& BIO_get_fp(BIO *b, FILE **fpp); \& -\& int BIO_read_filename(BIO *b, char *name) -\& int BIO_write_filename(BIO *b, char *name) -\& int BIO_append_filename(BIO *b, char *name) -\& int BIO_rw_filename(BIO *b, char *name) +\& int BIO_read_filename(BIO *b, char *name); +\& int BIO_write_filename(BIO *b, char *name); +\& int BIO_append_filename(BIO *b, char *name); +\& int BIO_rw_filename(BIO *b, char *name); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -220,16 +220,15 @@ lingual environment, encode filenames in \s-1UTF\-8.\s0 \&\fBBIO_new_file()\fR and \fBBIO_new_fp()\fR return a file \s-1BIO\s0 or \s-1NULL\s0 if an error occurred. .PP -\&\fBBIO_set_fp()\fR and \fBBIO_get_fp()\fR return 1 for success or 0 for failure +\&\fBBIO_set_fp()\fR and \fBBIO_get_fp()\fR return 1 for success or <=0 for failure (although the current implementation never return 0). .PP -\&\fBBIO_seek()\fR returns the same value as the underlying \fBfseek()\fR function: -0 for success or \-1 for failure. +\&\fBBIO_seek()\fR returns 0 for success or negative values for failure. .PP -\&\fBBIO_tell()\fR returns the current file position. +\&\fBBIO_tell()\fR returns the current file position or negative values for failure. .PP \&\fBBIO_read_filename()\fR, \fBBIO_write_filename()\fR, \fBBIO_append_filename()\fR and -\&\fBBIO_rw_filename()\fR return 1 for success or 0 for failure. +\&\fBBIO_rw_filename()\fR return 1 for success or <=0 for failure. .SH "EXAMPLES" .IX Header "EXAMPLES" File \s-1BIO\s0 \*(L"hello world\*(R": @@ -249,7 +248,7 @@ Alternative technique: \& bio_out = BIO_new(BIO_s_file()); \& if (bio_out == NULL) \& /* Error */ -\& if (!BIO_set_fp(bio_out, stdout, BIO_NOCLOSE)) +\& if (BIO_set_fp(bio_out, stdout, BIO_NOCLOSE) <= 0) \& /* Error */ \& BIO_printf(bio_out, "Hello World\en"); .Ve @@ -274,7 +273,7 @@ Alternative technique: \& out = BIO_new(BIO_s_file()); \& if (out == NULL) \& /* Error */ -\& if (!BIO_write_filename(out, "filename.txt")) +\& if (BIO_write_filename(out, "filename.txt") <= 0) \& /* Error */ \& BIO_printf(out, "Hello World\en"); \& BIO_free(out); @@ -295,9 +294,9 @@ occurred this differs from other types of \s-1BIO\s0 which will typically return \&\fBBIO_set_close\fR\|(3), \fBBIO_get_close\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_s_mem.3 b/secure/lib/libcrypto/man/man3/BIO_s_mem.3 index e64ff5782602..5809e2963fcc 100644 --- a/secure/lib/libcrypto/man/man3/BIO_s_mem.3 +++ b/secure/lib/libcrypto/man/man3/BIO_s_mem.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_S_MEM 3" -.TH BIO_S_MEM 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_S_MEM 3ossl" +.TH BIO_S_MEM 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BIO_s_secmem, BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf, BIO_get_mem_ptr, BIO_new_mem_buf \- memory BIO +BIO_s_secmem, +BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf, +BIO_get_mem_ptr, BIO_new_mem_buf \- memory BIO .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -148,10 +148,10 @@ BIO_s_secmem, BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_b \& const BIO_METHOD *BIO_s_mem(void); \& const BIO_METHOD *BIO_s_secmem(void); \& -\& BIO_set_mem_eof_return(BIO *b, int v) -\& long BIO_get_mem_data(BIO *b, char **pp) -\& BIO_set_mem_buf(BIO *b, BUF_MEM *bm, int c) -\& BIO_get_mem_ptr(BIO *b, BUF_MEM **pp) +\& BIO_set_mem_eof_return(BIO *b, int v); +\& long BIO_get_mem_data(BIO *b, char **pp); +\& BIO_set_mem_buf(BIO *b, BUF_MEM *bm, int c); +\& BIO_get_mem_ptr(BIO *b, BUF_MEM **pp); \& \& BIO *BIO_new_mem_buf(const void *buf, int len); .Ve @@ -194,6 +194,8 @@ positive return value \fBv\fR should be set to a negative value, typically \-1. .PP \&\fBBIO_get_mem_data()\fR sets *\fBpp\fR to a pointer to the start of the memory BIOs data and returns the total amount of data available. It is implemented as a macro. +Note the pointer returned by this call is informative, no transfer of ownership +of this memory is implied. See notes on \fBBIO_set_close()\fR. .PP \&\fBBIO_set_mem_buf()\fR sets the internal \s-1BUF_MEM\s0 structure to \fBbm\fR and sets the close flag to \fBc\fR, that is \fBc\fR should be either \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 @@ -247,6 +249,10 @@ preceding that write operation cannot be undone. .PP Calling \fBBIO_get_mem_ptr()\fR prior to a \fBBIO_reset()\fR call with \&\s-1BIO_FLAGS_NONCLEAR_RST\s0 set has the same effect as a write operation. +.PP +Calling \fBBIO_set_close()\fR with \s-1BIO_NOCLOSE\s0 orphans the \s-1BUF_MEM\s0 internal to the +\&\s-1BIO,\s0 _not_ its actual data buffer. See the examples section for the proper +method for claiming ownership of the data pointer for a deferred free operation. .SH "BUGS" .IX Header "BUGS" There should be an option to set the maximum size of a memory \s-1BIO.\s0 @@ -287,11 +293,28 @@ Extract the \s-1BUF_MEM\s0 structure from a memory \s-1BIO\s0 and then free up t \& BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */ \& BIO_free(mem); .Ve +.PP +Extract the \s-1BUF_MEM\s0 ptr, claim ownership of the internal data and free the \s-1BIO\s0 +and \s-1BUF_MEM\s0 structure: +.PP +.Vb 2 +\& BUF_MEM *bptr; +\& char *data; +\& +\& BIO_get_mem_data(bio, &data); +\& BIO_get_mem_ptr(bio, &bptr); +\& BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free orphans BUF_MEM */ +\& BIO_free(bio); +\& bptr\->data = NULL; /* Tell BUF_MEM to orphan data */ +\& BUF_MEM_free(bptr); +\& ... +\& free(data); +.Ve .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_s_null.3 b/secure/lib/libcrypto/man/man3/BIO_s_null.3 index 32a9edd2fa26..d2760ab10e27 100644 --- a/secure/lib/libcrypto/man/man3/BIO_s_null.3 +++ b/secure/lib/libcrypto/man/man3/BIO_s_null.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_S_NULL 3" -.TH BIO_S_NULL 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_S_NULL 3ossl" +.TH BIO_S_NULL 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -170,7 +168,7 @@ by adding a null sink \s-1BIO\s0 to the end of the chain .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_s_socket.3 b/secure/lib/libcrypto/man/man3/BIO_s_socket.3 index e981ec0c14a7..1bdebe13b343 100644 --- a/secure/lib/libcrypto/man/man3/BIO_s_socket.3 +++ b/secure/lib/libcrypto/man/man3/BIO_s_socket.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_S_SOCKET 3" -.TH BIO_S_SOCKET 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_S_SOCKET 3ossl" +.TH BIO_S_SOCKET 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -180,7 +178,7 @@ occurred. .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_set_callback.3 b/secure/lib/libcrypto/man/man3/BIO_set_callback.3 index 0d4b34755ad8..a41c22135345 100644 --- a/secure/lib/libcrypto/man/man3/BIO_set_callback.3 +++ b/secure/lib/libcrypto/man/man3/BIO_set_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,17 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_SET_CALLBACK 3" -.TH BIO_SET_CALLBACK 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_SET_CALLBACK 3ossl" +.TH BIO_SET_CALLBACK 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BIO_set_callback_ex, BIO_get_callback_ex, BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg, BIO_debug_callback, BIO_callback_fn_ex, BIO_callback_fn \&\- BIO callback functions +BIO_set_callback_ex, BIO_get_callback_ex, BIO_set_callback, BIO_get_callback, +BIO_set_callback_arg, BIO_get_callback_arg, BIO_debug_callback, +BIO_debug_callback_ex, BIO_callback_fn_ex, BIO_callback_fn +\&\- BIO callback functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -148,17 +149,26 @@ BIO_set_callback_ex, BIO_get_callback_ex, BIO_set_callback, BIO_get_callback, BI \& typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp, \& size_t len, int argi, \& long argl, int ret, size_t *processed); -\& typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi, -\& long argl, long ret); \& \& void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback); \& BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b); \& -\& void BIO_set_callback(BIO *b, BIO_callback_fn cb); -\& BIO_callback_fn BIO_get_callback(BIO *b); \& void BIO_set_callback_arg(BIO *b, char *arg); \& char *BIO_get_callback_arg(const BIO *b); \& +\& long BIO_debug_callback_ex(BIO *bio, int oper, const char *argp, size_t len, +\& int argi, long argl, int ret, size_t *processed); +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 6 +\& typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi, +\& long argl, long ret); +\& void BIO_set_callback(BIO *b, BIO_callback_fn cb); +\& BIO_callback_fn BIO_get_callback(const BIO *b); \& long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, \& long argl, long ret); .Ve @@ -177,12 +187,14 @@ called in preference to any set by \fBBIO_set_callback()\fR. \&\fBBIO_set_callback_arg()\fR and \fBBIO_get_callback_arg()\fR are macros which can be used to set and retrieve an argument for use in the callback. .PP -\&\fBBIO_debug_callback()\fR is a standard debugging callback which prints +\&\fBBIO_debug_callback_ex()\fR is a standard debugging callback which prints out information relating to each \s-1BIO\s0 operation. If the callback argument is set it is interpreted as a \s-1BIO\s0 to send the information -to, otherwise stderr is used. +to, otherwise stderr is used. The \fBBIO_debug_callback()\fR function is the +deprecated version of the same callback for use with the old callback +format \fBBIO_set_callback()\fR function. .PP -\&\fBBIO_callback_fn_ex()\fR is the type of the callback function and \fBBIO_callback_fn()\fR +BIO_callback_fn_ex is the type of the callback function and BIO_callback_fn is the type of the old format callback function. The meaning of each argument is described below: .IP "\fBb\fR" 4 @@ -380,13 +392,19 @@ via a call to \fBBIO_set_callback_arg()\fR. operations. .SH "EXAMPLES" .IX Header "EXAMPLES" -The \fBBIO_debug_callback()\fR function is a good example, its source is +The \fBBIO_debug_callback_ex()\fR function is an example, its source is in crypto/bio/bio_cb.c +.SH "HISTORY" +.IX Header "HISTORY" +The \fBBIO_debug_callback_ex()\fR function was added in OpenSSL 3.0. +.PP +\&\fBBIO_set_callback()\fR, \fBBIO_get_callback()\fR, and \fBBIO_debug_callback()\fR were +deprecated in OpenSSL 3.0. Use the non-deprecated _ex functions instead. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_should_retry.3 b/secure/lib/libcrypto/man/man3/BIO_should_retry.3 index d2c9685a6480..fd4cdf2f39c9 100644 --- a/secure/lib/libcrypto/man/man3/BIO_should_retry.3 +++ b/secure/lib/libcrypto/man/man3/BIO_should_retry.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,17 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BIO_SHOULD_RETRY 3" -.TH BIO_SHOULD_RETRY 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BIO_SHOULD_RETRY 3ossl" +.TH BIO_SHOULD_RETRY 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BIO_should_read, BIO_should_write, BIO_should_io_special, BIO_retry_type, BIO_should_retry, BIO_get_retry_BIO, BIO_get_retry_reason, BIO_set_retry_reason \- BIO retry functions +BIO_should_read, BIO_should_write, +BIO_should_io_special, BIO_retry_type, BIO_should_retry, +BIO_get_retry_BIO, BIO_get_retry_reason, BIO_set_retry_reason \- BIO retry +functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -258,7 +259,7 @@ condition or false if there is no retry condition. \&\fBBIO_get_retry_reason()\fR returns the reason for a special condition. .SH "SEE ALSO" .IX Header "SEE ALSO" -bio +\&\fBbio\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" The \fBBIO_get_retry_reason()\fR and \fBBIO_set_retry_reason()\fR functions were added in @@ -267,7 +268,7 @@ OpenSSL 1.1.0. .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BIO_socket_wait.3 b/secure/lib/libcrypto/man/man3/BIO_socket_wait.3 new file mode 100644 index 000000000000..e12573239aa7 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_socket_wait.3 @@ -0,0 +1,198 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_SOCKET_WAIT 3ossl" +.TH BIO_SOCKET_WAIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_socket_wait, +BIO_wait, +BIO_do_connect_retry +\&\- BIO connection utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bio.h> +\& +\& #ifndef OPENSSL_NO_SOCK +\& int BIO_socket_wait(int fd, int for_read, time_t max_time); +\& #endif +\& int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds); +\& int BIO_do_connect_retry(BIO *bio, int timeout, int nap_milliseconds); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_socket_wait()\fR waits on the socket \fBfd\fR for reading if \fBfor_read\fR is not 0, +else for writing, at most until \fBmax_time\fR. +It succeeds immediately if \fBmax_time\fR == 0 (which means no timeout given). +.PP +\&\fBBIO_wait()\fR waits at most until \fBmax_time\fR on the given (typically socket-based) +\&\fBbio\fR, for reading if \fBbio\fR is supposed to read, else for writing. +It is used by \fBBIO_do_connect_retry()\fR and can be used together \fBBIO_read\fR\|(3). +It succeeds immediately if \fBmax_time\fR == 0 (which means no timeout given). +If sockets are not available it supports polling by succeeding after sleeping +at most the given \fBnap_milliseconds\fR in order to avoid a tight busy loop. +Via \fBnap_milliseconds\fR the caller determines the polling granularity. +.PP +\&\fBBIO_do_connect_retry()\fR connects via the given \fBbio\fR. +It retries \fBBIO_do_connect()\fR as far as needed to reach a definite outcome, +i.e., connection succeeded, timeout has been reached, or an error occurred. +For nonblocking and potentially even non-socket BIOs it polls +every \fBnap_milliseconds\fR and sleeps in between using \fBBIO_wait()\fR. +If \fBnap_milliseconds\fR is < 0 then a default value of 100 ms is used. +If the \fBtimeout\fR parameter is > 0 this indicates the maximum number of seconds +to wait until the connection is established or a definite error occurred. +A value of 0 enables waiting indefinitely (i.e, no timeout), +while a value < 0 means that \fBBIO_do_connect()\fR is tried only once. +The function may, directly or indirectly, invoke \fBERR_clear_error()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_socket_wait()\fR, \fBBIO_wait()\fR, and \fBBIO_do_connect_retry()\fR +return \-1 on error, 0 on timeout, and 1 on success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBIO_do_connect\fR\|(3), \fBBIO_read\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBIO_socket_wait()\fR, \fBBIO_wait()\fR, and \fBBIO_do_connect_retry()\fR +were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BN_BLINDING_new.3 b/secure/lib/libcrypto/man/man3/BN_BLINDING_new.3 index 2025785e2286..56ea0703331f 100644 --- a/secure/lib/libcrypto/man/man3/BN_BLINDING_new.3 +++ b/secure/lib/libcrypto/man/man3/BN_BLINDING_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,18 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BN_BLINDING_NEW 3" -.TH BN_BLINDING_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BN_BLINDING_NEW 3ossl" +.TH BN_BLINDING_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert, BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex, BN_BLINDING_is_current_thread, BN_BLINDING_set_current_thread, BN_BLINDING_lock, BN_BLINDING_unlock, BN_BLINDING_get_flags, BN_BLINDING_set_flags, BN_BLINDING_create_param \- blinding related BIGNUM functions +BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert, +BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex, +BN_BLINDING_is_current_thread, BN_BLINDING_set_current_thread, +BN_BLINDING_lock, BN_BLINDING_unlock, BN_BLINDING_get_flags, +BN_BLINDING_set_flags, BN_BLINDING_create_param \- blinding related BIGNUM functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -159,8 +161,8 @@ BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert, BN_B \& void BN_BLINDING_set_current_thread(BN_BLINDING *b); \& int BN_BLINDING_lock(BN_BLINDING *b); \& int BN_BLINDING_unlock(BN_BLINDING *b); -\& unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); -\& void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); +\& unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b); +\& void BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags); \& BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, \& const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, \& int (*bn_mod_exp)(BIGNUM *r, @@ -246,9 +248,9 @@ parameters or \s-1NULL\s0 on error. deprecates \fBBN_BLINDING_set_thread_id()\fR and \fBBN_BLINDING_get_thread_id()\fR. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2005\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2005\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BN_CTX_new.3 b/secure/lib/libcrypto/man/man3/BN_CTX_new.3 index f272a3a988c7..5fe3a68e0972 100644 --- a/secure/lib/libcrypto/man/man3/BN_CTX_new.3 +++ b/secure/lib/libcrypto/man/man3/BN_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,21 +130,24 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BN_CTX_NEW 3" -.TH BN_CTX_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BN_CTX_NEW 3ossl" +.TH BN_CTX_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BN_CTX_new, BN_CTX_secure_new, BN_CTX_free \- allocate and free BN_CTX structures +BN_CTX_new_ex, BN_CTX_new, BN_CTX_secure_new_ex, BN_CTX_secure_new, BN_CTX_free +\&\- allocate and free BN_CTX structures .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/bn.h> \& +\& BN_CTX *BN_CTX_new_ex(OSSL_LIB_CTX *ctx); \& BN_CTX *BN_CTX_new(void); \& +\& BN_CTX *BN_CTX_secure_new_ex(OSSL_LIB_CTX *ctx); \& BN_CTX *BN_CTX_secure_new(void); \& \& void BN_CTX_free(BN_CTX *c); @@ -158,10 +159,17 @@ library functions. Since dynamic memory allocation to create \fB\s-1BIGNUM\s0\fR is rather expensive when used in conjunction with repeated subroutine calls, the \fB\s-1BN_CTX\s0\fR structure is used. .PP -\&\fBBN_CTX_new()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure. -\&\fBBN_CTX_secure_new()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure +\&\fBBN_CTX_new_ex()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure for the given +library context \fBctx\fR. The <ctx> value may be \s-1NULL\s0 in which case the default +library context will be used. \fBBN_CTX_new()\fR is the same as \fBBN_CTX_new_ex()\fR except +that the default library context is always used. +.PP +\&\fBBN_CTX_secure_new_ex()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure but uses the secure heap (see \fBCRYPTO_secure_malloc\fR\|(3)) to hold the -\&\fB\s-1BIGNUM\s0\fRs. +\&\fB\s-1BIGNUM\s0\fRs for the given library context \fBctx\fR. The <ctx> value may be \s-1NULL\s0 in +which case the default library context will be used. \fBBN_CTX_secure_new()\fR is the +same as \fBBN_CTX_secure_new_ex()\fR except that the default library context is always +used. .PP \&\fBBN_CTX_free()\fR frees the components of the \fB\s-1BN_CTX\s0\fR and the structure itself. Since \fBBN_CTX_start()\fR is required in order to obtain \fB\s-1BIGNUM\s0\fRs from the @@ -205,9 +213,9 @@ replace use of BN_CTX_init with BN_CTX_new instead: \&\fBBN_CTX_init()\fR was removed in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BN_CTX_start.3 b/secure/lib/libcrypto/man/man3/BN_CTX_start.3 index be74a48aa9da..aa87e851e192 100644 --- a/secure/lib/libcrypto/man/man3/BN_CTX_start.3 +++ b/secure/lib/libcrypto/man/man3/BN_CTX_start.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BN_CTX_START 3" -.TH BN_CTX_START 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BN_CTX_START 3ossl" +.TH BN_CTX_START 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -181,9 +179,9 @@ can be obtained by \fBERR_get_error\fR\|(3). \&\fBBN_CTX_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BN_add.3 b/secure/lib/libcrypto/man/man3/BN_add.3 index 12a384cbf9f3..de37c8231ce7 100644 --- a/secure/lib/libcrypto/man/man3/BN_add.3 +++ b/secure/lib/libcrypto/man/man3/BN_add.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BN_ADD 3" -.TH BN_ADD 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BN_ADD 3ossl" +.TH BN_ADD 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_mod_sqrt, BN_exp, BN_mod_exp, BN_gcd \- arithmetic operations on BIGNUMs +BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, +BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_mod_sqrt, BN_exp, BN_mod_exp, BN_gcd \- +arithmetic operations on BIGNUMs .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -264,7 +264,7 @@ The error codes can be obtained by \fBERR_get_error\fR\|(3). .IX Header "COPYRIGHT" Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BN_add_word.3 b/secure/lib/libcrypto/man/man3/BN_add_word.3 index 211176e3757f..6149484f0a3a 100644 --- a/secure/lib/libcrypto/man/man3/BN_add_word.3 +++ b/secure/lib/libcrypto/man/man3/BN_add_word.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BN_ADD_WORD 3" -.TH BN_ADD_WORD 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BN_ADD_WORD 3ossl" +.TH BN_ADD_WORD 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word \- arithmetic functions on BIGNUMs with integers +BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word \- arithmetic +functions on BIGNUMs with integers .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -186,7 +185,7 @@ on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BN_bn2bin.3 b/secure/lib/libcrypto/man/man3/BN_bn2bin.3 index 952828718a32..f68d065f643f 100644 --- a/secure/lib/libcrypto/man/man3/BN_bn2bin.3 +++ b/secure/lib/libcrypto/man/man3/BN_bn2bin.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,17 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BN_BN2BIN 3" -.TH BN_BN2BIN 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BN_BN2BIN 3ossl" +.TH BN_BN2BIN 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BN_bn2binpad, BN_bn2bin, BN_bin2bn, BN_bn2lebinpad, BN_lebin2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn, BN_print, BN_print_fp, BN_bn2mpi, BN_mpi2bn \- format conversions +BN_bn2binpad, +BN_bn2bin, BN_bin2bn, BN_bn2lebinpad, BN_lebin2bn, +BN_bn2nativepad, BN_native2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn, +BN_print, BN_print_fp, BN_bn2mpi, BN_mpi2bn \- format conversions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -152,6 +153,9 @@ BN_bn2binpad, BN_bn2bin, BN_bin2bn, BN_bn2lebinpad, BN_lebin2bn, BN_bn2hex, BN_b \& int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen); \& BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); \& +\& int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen); +\& BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret); +\& \& char *BN_bn2hex(const BIGNUM *a); \& char *BN_bn2dec(const BIGNUM *a); \& int BN_hex2bn(BIGNUM **a, const char *str); @@ -181,6 +185,11 @@ BN_num_bytes(\fBa\fR) an error is returned. \&\fBBN_bn2lebinpad()\fR and \fBBN_lebin2bn()\fR are identical to \fBBN_bn2binpad()\fR and \&\fBBN_bin2bn()\fR except the buffer is in little-endian format. .PP +\&\fBBN_bn2nativepad()\fR and \fBBN_native2bn()\fR are identical to \fBBN_bn2binpad()\fR and +\&\fBBN_bin2bn()\fR except the buffer is in native format, i.e. most significant +byte first on big-endian platforms, and least significant byte first on +little-endian platforms. +.PP \&\fBBN_bn2hex()\fR and \fBBN_bn2dec()\fR return printable strings containing the hexadecimal and decimal encoding of \fBa\fR respectively. For negative numbers, the string is prefaced with a leading '\-'. The string must be @@ -216,10 +225,10 @@ if \fBret\fR is \s-1NULL.\s0 \&\fBBN_bn2bin()\fR returns the length of the big-endian number placed at \fBto\fR. \&\fBBN_bin2bn()\fR returns the \fB\s-1BIGNUM\s0\fR, \s-1NULL\s0 on error. .PP -\&\fBBN_bn2binpad()\fR returns the number of bytes written or \-1 if the supplied +\&\fBBN_bn2binpad()\fR, \fBBN_bn2lebinpad()\fR, and \fBBN_bn2nativepad()\fR return the number of bytes written or \-1 if the supplied buffer is too small. .PP -\&\fBBN_bn2hex()\fR and \fBBN_bn2dec()\fR return a null-terminated string, or \s-1NULL\s0 +\&\fBBN_bn2hex()\fR and \fBBN_bn2dec()\fR return a NUL-terminated string, or \s-1NULL\s0 on error. \fBBN_hex2bn()\fR and \fBBN_dec2bn()\fR return the number of characters used in parsing, or 0 on error, in which case no new \fB\s-1BIGNUM\s0\fR will be created. @@ -237,9 +246,9 @@ The error codes can be obtained by \fBERR_get_error\fR\|(3). \&\fBBN_num_bytes\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BN_cmp.3 b/secure/lib/libcrypto/man/man3/BN_cmp.3 index e958bc603f11..1c459f02eaf8 100644 --- a/secure/lib/libcrypto/man/man3/BN_cmp.3 +++ b/secure/lib/libcrypto/man/man3/BN_cmp.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BN_CMP 3" -.TH BN_CMP 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BN_CMP 3ossl" +.TH BN_CMP 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -178,7 +176,7 @@ Prior to OpenSSL 1.1.0, \fBBN_is_zero()\fR, \fBBN_is_one()\fR, \fBBN_is_word()\f .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BN_copy.3 b/secure/lib/libcrypto/man/man3/BN_copy.3 index caa55c3e5445..5086bab21cc1 100644 --- a/secure/lib/libcrypto/man/man3/BN_copy.3 +++ b/secure/lib/libcrypto/man/man3/BN_copy.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BN_COPY 3" -.TH BN_COPY 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BN_COPY 3ossl" +.TH BN_COPY 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -185,7 +183,7 @@ by \fBERR_get_error\fR\|(3). .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BN_generate_prime.3 b/secure/lib/libcrypto/man/man3/BN_generate_prime.3 index 7173e5c27372..f588873a8ef0 100644 --- a/secure/lib/libcrypto/man/man3/BN_generate_prime.3 +++ b/secure/lib/libcrypto/man/man3/BN_generate_prime.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,26 +130,30 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BN_GENERATE_PRIME 3" -.TH BN_GENERATE_PRIME 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BN_GENERATE_PRIME 3ossl" +.TH BN_GENERATE_PRIME 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BN_generate_prime_ex, BN_is_prime_ex, BN_is_prime_fasttest_ex, BN_GENCB_call, BN_GENCB_new, BN_GENCB_free, BN_GENCB_set_old, BN_GENCB_set, BN_GENCB_get_arg, BN_generate_prime, BN_is_prime, BN_is_prime_fasttest \- generate primes and test for primality +BN_generate_prime_ex2, BN_generate_prime_ex, BN_is_prime_ex, BN_check_prime, +BN_is_prime_fasttest_ex, BN_GENCB_call, BN_GENCB_new, BN_GENCB_free, +BN_GENCB_set_old, BN_GENCB_set, BN_GENCB_get_arg, BN_generate_prime, +BN_is_prime, BN_is_prime_fasttest \- generate primes and test for primality .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/bn.h> \& +\& int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe, +\& const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb, +\& BN_CTX *ctx); +\& \& int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, \& const BIGNUM *rem, BN_GENCB *cb); \& -\& int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); -\& -\& int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, -\& int do_trial_division, BN_GENCB *cb); +\& int BN_check_prime(const BIGNUM *p, BN_CTX *ctx, BN_GENCB *cb); \& \& int BN_GENCB_call(BN_GENCB *cb, int a, int b); \& @@ -168,29 +170,47 @@ BN_generate_prime_ex, BN_is_prime_ex, BN_is_prime_fasttest_ex, BN_GENCB_call, BN \& void *BN_GENCB_get_arg(BN_GENCB *cb); .Ve .PP -Deprecated: +The following functions have been deprecated since OpenSSL 0.9.8, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): .PP -.Vb 4 -\& #if OPENSSL_API_COMPAT < 0x00908000L +.Vb 3 \& BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add, \& BIGNUM *rem, void (*callback)(int, int, void *), \& void *cb_arg); \& -\& int BN_is_prime(const BIGNUM *a, int checks, +\& int BN_is_prime(const BIGNUM *p, int nchecks, \& void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg); \& -\& int BN_is_prime_fasttest(const BIGNUM *a, int checks, +\& int BN_is_prime_fasttest(const BIGNUM *p, int nchecks, \& void (*callback)(int, int, void *), BN_CTX *ctx, \& void *cb_arg, int do_trial_division); -\& #endif +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); +\& +\& int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, +\& int do_trial_division, BN_GENCB *cb); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBBN_generate_prime_ex()\fR generates a pseudo-random prime number of -at least bit length \fBbits\fR. The returned number is probably prime -with a negligible error. If \fBadd\fR is \fB\s-1NULL\s0\fR the returned prime -number will have exact bit length \fBbits\fR with the top most two -bits set. +\&\fBBN_generate_prime_ex2()\fR generates a pseudo-random prime number of +at least bit length \fBbits\fR using the \s-1BN_CTX\s0 provided in \fBctx\fR. The value of +\&\fBctx\fR must not be \s-1NULL.\s0 +.PP +The returned number is probably prime with a negligible error. +The maximum error rate is 2^\-128. +It's 2^\-287 for a 512 bit prime, 2^\-435 for a 1024 bit prime, +2^\-648 for a 2048 bit prime, and lower than 2^\-882 for primes larger +than 2048 bit. +.PP +If \fBadd\fR is \fB\s-1NULL\s0\fR the returned prime number will have exact bit +length \fBbits\fR with the top most two bits set. .PP If \fBret\fR is not \fB\s-1NULL\s0\fR, it will be used to store the number. .PP @@ -222,38 +242,51 @@ It is recommended that \fBadd\fR is a multiple of 4. The random generator must be seeded prior to calling \fBBN_generate_prime_ex()\fR. If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +The random number generator configured for the \s-1OSSL_LIB_CTX\s0 associated with +\&\fBctx\fR will be used. +.PP +\&\fBBN_generate_prime_ex()\fR is the same as \fBBN_generate_prime_ex2()\fR except that no +\&\fBctx\fR parameter is passed. +In this case the random number generator associated with the default \s-1OSSL_LIB_CTX\s0 +will be used. +.PP +\&\fBBN_check_prime()\fR, \fBBN_is_prime_ex()\fR, \fBBN_is_prime_fasttest_ex()\fR, \fBBN_is_prime()\fR +and \fBBN_is_prime_fasttest()\fR test if the number \fBp\fR is prime. +The functions tests until one of the tests shows that \fBp\fR is composite, +or all the tests passed. +If \fBp\fR passes all these tests, it is considered a probable prime. +.PP +The test performed on \fBp\fR are trial division by a number of small primes +and rounds of the of the Miller-Rabin probabilistic primality test. +.PP +The functions do at least 64 rounds of the Miller-Rabin test giving a maximum +false positive rate of 2^\-128. +If the size of \fBp\fR is more than 2048 bits, they do at least 128 rounds +giving a maximum false positive rate of 2^\-256. +.PP +If \fBnchecks\fR is larger than the minimum above (64 or 128), \fBnchecks\fR +rounds of the Miller-Rabin test will be done. .PP -\&\fBBN_is_prime_ex()\fR and \fBBN_is_prime_fasttest_ex()\fR test if the number \fBp\fR is -prime. The following tests are performed until one of them shows that -\&\fBp\fR is composite; if \fBp\fR passes all these tests, it is considered -prime. -.PP -\&\fBBN_is_prime_fasttest_ex()\fR, when called with \fBdo_trial_division == 1\fR, -first attempts trial division by a number of small primes; -if no divisors are found by this test and \fBcb\fR is not \fB\s-1NULL\s0\fR, -\&\fBBN_GENCB_call(cb, 1, \-1)\fR is called. -If \fBdo_trial_division == 0\fR, this test is skipped. -.PP -Both \fBBN_is_prime_ex()\fR and \fBBN_is_prime_fasttest_ex()\fR perform a Miller-Rabin -probabilistic primality test with \fBnchecks\fR iterations. If -\&\fBnchecks == BN_prime_checks\fR, a number of iterations is used that -yields a false positive rate of at most 2^\-64 for random input. -The error rate depends on the size of the prime and goes down for bigger primes. -The rate is 2^\-80 starting at 308 bits, 2^\-112 at 852 bits, 2^\-128 at 1080 bits, -2^\-192 at 3747 bits and 2^\-256 at 6394 bits. -.PP -When the source of the prime is not random or not trusted, the number -of checks needs to be much higher to reach the same level of assurance: -It should equal half of the targeted security level in bits (rounded up to the -next integer if necessary). -For instance, to reach the 128 bit security level, \fBnchecks\fR should be set to -64. -.PP -If \fBcb\fR is not \fB\s-1NULL\s0\fR, \fBBN_GENCB_call(cb, 1, j)\fR is called -after the j\-th iteration (j = 0, 1, ...). \fBctx\fR is a -preallocated \fB\s-1BN_CTX\s0\fR (to save the overhead of allocating and +If \fBdo_trial_division\fR set to \fB0\fR, the trial division will be skipped. +\&\fBBN_is_prime_ex()\fR and \fBBN_is_prime()\fR always skip the trial division. +.PP +\&\fBBN_is_prime_ex()\fR, \fBBN_is_prime_fasttest_ex()\fR, \fBBN_is_prime()\fR +and \fBBN_is_prime_fasttest()\fR are deprecated. +.PP +\&\fBBN_is_prime_fasttest()\fR and \fBBN_is_prime()\fR behave just like +\&\fBBN_is_prime_fasttest_ex()\fR and \fBBN_is_prime_ex()\fR respectively, but with the old +style call back. +.PP +\&\fBctx\fR is a preallocated \fB\s-1BN_CTX\s0\fR (to save the overhead of allocating and freeing the structure in a loop), or \fB\s-1NULL\s0\fR. .PP +If the trial division is done, and no divisors are found and \fBcb\fR +is not \fB\s-1NULL\s0\fR, \fBBN_GENCB_call(cb, 1, \-1)\fR is called. +.PP +After each round of the Miller-Rabin probabilistic primality test, +if \fBcb\fR is not \fB\s-1NULL\s0\fR, \fBBN_GENCB_call(cb, 1, j)\fR is called +with \fBj\fR the iteration (j = 0, 1, ...). +.PP \&\fBBN_GENCB_call()\fR calls the callback function held in the \fB\s-1BN_GENCB\s0\fR structure and passes the ints \fBa\fR and \fBb\fR as arguments. There are two types of \&\fB\s-1BN_GENCB\s0\fR structure that are supported: \*(L"new\*(R" style and \*(L"old\*(R" style. New @@ -287,9 +320,9 @@ can similarly be compared to \fBBN_is_prime_ex()\fR and .IX Header "RETURN VALUES" \&\fBBN_generate_prime_ex()\fR return 1 on success or 0 on error. .PP -\&\fBBN_is_prime_ex()\fR, \fBBN_is_prime_fasttest_ex()\fR, \fBBN_is_prime()\fR and -\&\fBBN_is_prime_fasttest()\fR return 0 if the number is composite, 1 if it is -prime with an error probability of less than 0.25^\fBnchecks\fR, and +\&\fBBN_is_prime_ex()\fR, \fBBN_is_prime_fasttest_ex()\fR, \fBBN_is_prime()\fR, +\&\fBBN_is_prime_fasttest()\fR and BN_check_prime return 0 if the number is composite, +1 if it is prime with an error probability of less than 0.25^\fBnchecks\fR, and \&\-1 on error. .PP \&\fBBN_generate_prime()\fR returns the prime number on success, \fB\s-1NULL\s0\fR otherwise. @@ -329,13 +362,18 @@ Instead applications should create a \s-1BN_GENCB\s0 structure using BN_GENCB_ne \&\s-1\fBRAND\s0\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" +The \fBBN_is_prime_ex()\fR and \fBBN_is_prime_fasttest_ex()\fR functions were +deprecated in OpenSSL 3.0. +.PP The \fBBN_GENCB_new()\fR, \fBBN_GENCB_free()\fR, and \fBBN_GENCB_get_arg()\fR functions were added in OpenSSL 1.1.0. +.PP +\&\fBBN_check_prime()\fR was added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BN_mod_exp_mont.3 b/secure/lib/libcrypto/man/man3/BN_mod_exp_mont.3 new file mode 100644 index 000000000000..ed1f627468fe --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BN_mod_exp_mont.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_MOD_EXP_MONT 3ossl" +.TH BN_MOD_EXP_MONT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_mod_exp_mont, BN_mod_exp_mont_consttime, BN_mod_exp_mont_consttime_x2 \- +Montgomery exponentiation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bn.h> +\& +\& int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, +\& const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont); +\& +\& int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, +\& const BIGNUM *m, BN_CTX *ctx, +\& BN_MONT_CTX *in_mont); +\& +\& int BN_mod_exp_mont_consttime_x2(BIGNUM *rr1, const BIGNUM *a1, +\& const BIGNUM *p1, const BIGNUM *m1, +\& BN_MONT_CTX *in_mont1, BIGNUM *rr2, +\& const BIGNUM *a2, const BIGNUM *p2, +\& const BIGNUM *m2, BN_MONT_CTX *in_mont2, +\& BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_mod_exp_mont()\fR computes \fIa\fR to the \fIp\fR\-th power modulo \fIm\fR (\f(CW\*(C`rr=a^p % m\*(C'\fR) +using Montgomery multiplication. \fIin_mont\fR is a Montgomery context and can be +\&\s-1NULL.\s0 In the case \fIin_mont\fR is \s-1NULL,\s0 it will be initialized within the +function, so you can save time on initialization if you provide it in advance. +.PP +\&\fBBN_mod_exp_mont_consttime()\fR computes \fIa\fR to the \fIp\fR\-th power modulo \fIm\fR +(\f(CW\*(C`rr=a^p % m\*(C'\fR) using Montgomery multiplication. It is a variant of +\&\fBBN_mod_exp_mont\fR\|(3) that uses fixed windows and the special precomputation +memory layout to limit data-dependency to a minimum to protect secret exponents. +It is called automatically when \fBBN_mod_exp_mont\fR\|(3) is called with parameters +\&\fIa\fR, \fIp\fR, \fIm\fR, any of which have \fB\s-1BN_FLG_CONSTTIME\s0\fR flag. +.PP +\&\fBBN_mod_exp_mont_consttime_x2()\fR computes two independent exponentiations \fIa1\fR to +the \fIp1\fR\-th power modulo \fIm1\fR (\f(CW\*(C`rr1=a1^p1 % m1\*(C'\fR) and \fIa2\fR to the \fIp2\fR\-th +power modulo \fIm2\fR (\f(CW\*(C`rr2=a2^p2 % m2\*(C'\fR) using Montgomery multiplication. For some +fixed and equal modulus sizes \fIm1\fR and \fIm2\fR it uses optimizations that allow +to speedup two exponentiations. In all other cases the function reduces to two +calls of \fBBN_mod_exp_mont_consttime\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +For all functions 1 is returned for success, 0 on error. +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBBN_mod_exp_mont\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BN_mod_inverse.3 b/secure/lib/libcrypto/man/man3/BN_mod_inverse.3 index 362fe97851a4..6a73b65ea19c 100644 --- a/secure/lib/libcrypto/man/man3/BN_mod_inverse.3 +++ b/secure/lib/libcrypto/man/man3/BN_mod_inverse.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BN_MOD_INVERSE 3" -.TH BN_MOD_INVERSE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BN_MOD_INVERSE 3ossl" +.TH BN_MOD_INVERSE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -167,7 +165,7 @@ variables. \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBn\fR. .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BN_mod_mul_montgomery.3 b/secure/lib/libcrypto/man/man3/BN_mod_mul_montgomery.3 index 62f0bde5bc8e..344d4170a296 100644 --- a/secure/lib/libcrypto/man/man3/BN_mod_mul_montgomery.3 +++ b/secure/lib/libcrypto/man/man3/BN_mod_mul_montgomery.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BN_MOD_MUL_MONTGOMERY 3" -.TH BN_MOD_MUL_MONTGOMERY 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BN_MOD_MUL_MONTGOMERY 3ossl" +.TH BN_MOD_MUL_MONTGOMERY 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_copy, BN_from_montgomery, BN_to_montgomery \- Montgomery multiplication +BN_mod_mul_montgomery, BN_MONT_CTX_new, +BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_copy, +BN_from_montgomery, BN_to_montgomery \- Montgomery multiplication .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -212,7 +212,7 @@ outside the expected range. .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BN_mod_mul_reciprocal.3 b/secure/lib/libcrypto/man/man3/BN_mod_mul_reciprocal.3 index 1dcba1892c62..11a11444e05b 100644 --- a/secure/lib/libcrypto/man/man3/BN_mod_mul_reciprocal.3 +++ b/secure/lib/libcrypto/man/man3/BN_mod_mul_reciprocal.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BN_MOD_MUL_RECIPROCAL 3" -.TH BN_MOD_MUL_RECIPROCAL 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BN_MOD_MUL_RECIPROCAL 3ossl" +.TH BN_MOD_MUL_RECIPROCAL 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_free, BN_RECP_CTX_set \- modular multiplication using reciprocal +BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new, +BN_RECP_CTX_free, BN_RECP_CTX_set \- modular multiplication using +reciprocal .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -150,10 +150,10 @@ BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_free, BN_RECP_C \& \& int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx); \& -\& int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *a, BN_RECP_CTX *recp, +\& int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, BN_RECP_CTX *recp, \& BN_CTX *ctx); \& -\& int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b, +\& int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, \& BN_RECP_CTX *recp, BN_CTX *ctx); .Ve .SH "DESCRIPTION" @@ -197,9 +197,9 @@ The error codes can be obtained by \fBERR_get_error\fR\|(3). \&\fBBN_RECP_CTX_init()\fR was removed in OpenSSL 1.1.0 .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BN_new.3 b/secure/lib/libcrypto/man/man3/BN_new.3 index 907d4b740e37..e9a51dd7de76 100644 --- a/secure/lib/libcrypto/man/man3/BN_new.3 +++ b/secure/lib/libcrypto/man/man3/BN_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BN_NEW 3" -.TH BN_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BN_NEW 3ossl" +.TH BN_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -187,9 +185,9 @@ by \fBERR_get_error\fR\|(3). \&\fBBN_init()\fR was removed in OpenSSL 1.1.0; use \fBBN_new()\fR instead. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BN_num_bytes.3 b/secure/lib/libcrypto/man/man3/BN_num_bytes.3 index 17616b433e51..98b161728160 100644 --- a/secure/lib/libcrypto/man/man3/BN_num_bytes.3 +++ b/secure/lib/libcrypto/man/man3/BN_num_bytes.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BN_NUM_BYTES 3" -.TH BN_NUM_BYTES 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BN_NUM_BYTES 3ossl" +.TH BN_NUM_BYTES 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -186,7 +184,7 @@ more probability). .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BN_rand.3 b/secure/lib/libcrypto/man/man3/BN_rand.3 index 8a20e690b9c0..b93aac8dd3b6 100644 --- a/secure/lib/libcrypto/man/man3/BN_rand.3 +++ b/secure/lib/libcrypto/man/man3/BN_rand.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,54 +130,83 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BN_RAND 3" -.TH BN_RAND 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BN_RAND 3ossl" +.TH BN_RAND 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BN_rand, BN_priv_rand, BN_pseudo_rand, BN_rand_range, BN_priv_rand_range, BN_pseudo_rand_range \&\- generate pseudo\-random number +BN_rand_ex, BN_rand, BN_priv_rand_ex, BN_priv_rand, BN_pseudo_rand, +BN_rand_range_ex, BN_rand_range, BN_priv_rand_range_ex, BN_priv_rand_range, +BN_pseudo_rand_range +\&\- generate pseudo\-random number .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/bn.h> \& +\& int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, +\& unsigned int strength, BN_CTX *ctx); \& int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); \& +\& int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, +\& unsigned int strength, BN_CTX *ctx); \& int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom); \& -\& int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); -\& -\& int BN_rand_range(BIGNUM *rnd, BIGNUM *range); +\& int BN_rand_range_ex(BIGNUM *rnd, const BIGNUM *range, unsigned int strength, +\& BN_CTX *ctx); +\& int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); \& -\& int BN_priv_rand_range(BIGNUM *rnd, BIGNUM *range); -\& -\& int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range); +\& int BN_priv_rand_range_ex(BIGNUM *rnd, const BIGNUM *range, unsigned int strength, +\& BN_CTX *ctx); +\& int BN_priv_rand_range(BIGNUM *rnd, const BIGNUM *range); +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); +\& int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBBN_rand()\fR generates a cryptographically strong pseudo-random number of -\&\fBbits\fR in length and stores it in \fBrnd\fR. -If \fBbits\fR is less than zero, or too small to -accommodate the requirements specified by the \fBtop\fR and \fBbottom\fR +\&\fBBN_rand_ex()\fR generates a cryptographically strong pseudo-random +number of \fIbits\fR in length and security strength at least \fIstrength\fR bits +using the random number generator for the library context associated with +\&\fIctx\fR. The function stores the generated data in \fIrnd\fR. The parameter \fIctx\fR +may be \s-1NULL\s0 in which case the default library context is used. +If \fIbits\fR is less than zero, or too small to +accommodate the requirements specified by the \fItop\fR and \fIbottom\fR parameters, an error is returned. -The \fBtop\fR parameters specifies +The \fItop\fR parameters specifies requirements on the most significant bit of the generated number. If it is \fB\s-1BN_RAND_TOP_ANY\s0\fR, there is no constraint. If it is \fB\s-1BN_RAND_TOP_ONE\s0\fR, the top bit must be one. If it is \fB\s-1BN_RAND_TOP_TWO\s0\fR, the two most significant bits of the number will be set to 1, so that the product of two such random -numbers will always have 2*\fBbits\fR length. -If \fBbottom\fR is \fB\s-1BN_RAND_BOTTOM_ODD\s0\fR, the number will be odd; if it +numbers will always have 2*\fIbits\fR length. +If \fIbottom\fR is \fB\s-1BN_RAND_BOTTOM_ODD\s0\fR, the number will be odd; if it is \fB\s-1BN_RAND_BOTTOM_ANY\s0\fR it can be odd or even. -If \fBbits\fR is 1 then \fBtop\fR cannot also be \fB\s-1BN_RAND_TOP_TWO\s0\fR. +If \fIbits\fR is 1 then \fItop\fR cannot also be \fB\s-1BN_RAND_TOP_TWO\s0\fR. +.PP +\&\fBBN_rand()\fR is the same as \fBBN_rand_ex()\fR except that the default library context +is always used. .PP -\&\fBBN_rand_range()\fR generates a cryptographically strong pseudo-random -number \fBrnd\fR in the range 0 <= \fBrnd\fR < \fBrange\fR. +\&\fBBN_rand_range_ex()\fR generates a cryptographically strong pseudo-random +number \fIrnd\fR, of security strength at least \fIstrength\fR bits, +in the range 0 <= \fIrnd\fR < \fIrange\fR using the random number +generator for the library context associated with \fIctx\fR. The parameter \fIctx\fR +may be \s-1NULL\s0 in which case the default library context is used. .PP -\&\fBBN_priv_rand()\fR and \fBBN_priv_rand_range()\fR have the same semantics as -\&\fBBN_rand()\fR and \fBBN_rand_range()\fR respectively. They are intended to be +\&\fBBN_rand_range()\fR is the same as \fBBN_rand_range_ex()\fR except that the default +library context is always used. +.PP +\&\fBBN_priv_rand_ex()\fR, \fBBN_priv_rand()\fR, \fBBN_priv_rand_rand_ex()\fR and +\&\fBBN_priv_rand_range()\fR have the same semantics as \fBBN_rand_ex()\fR, \fBBN_rand()\fR, +\&\fBBN_rand_range_ex()\fR and \fBBN_rand_range()\fR respectively. They are intended to be used for generating values that should remain private, and mirror the same difference between \fBRAND_bytes\fR\|(3) and \fBRAND_priv_bytes\fR\|(3). .SH "NOTES" @@ -198,23 +225,26 @@ The error codes can be obtained by \fBERR_get_error\fR\|(3). \&\fBRAND_bytes\fR\|(3), \&\fBRAND_priv_bytes\fR\|(3), \&\s-1\fBRAND\s0\fR\|(7), -\&\s-1\fBRAND_DRBG\s0\fR\|(7) +\&\s-1\fBEVP_RAND\s0\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" .IP "\(bu" 2 Starting with OpenSSL release 1.1.0, \fBBN_pseudo_rand()\fR has been identical to \fBBN_rand()\fR and \fBBN_pseudo_rand_range()\fR has been identical to \&\fBBN_rand_range()\fR. -The \*(L"pseudo\*(R" functions should not be used and may be deprecated in -a future release. +The \fBBN_pseudo_rand()\fR and \fBBN_pseudo_rand_range()\fR functions were +deprecated in OpenSSL 3.0. +.IP "\(bu" 2 +The \fBBN_priv_rand()\fR and \fBBN_priv_rand_range()\fR functions were added in +OpenSSL 1.1.1. .IP "\(bu" 2 -The -\&\fBBN_priv_rand()\fR and \fBBN_priv_rand_range()\fR functions were added in OpenSSL 1.1.1. +The \fBBN_rand_ex()\fR, \fBBN_priv_rand_ex()\fR, \fBBN_rand_range_ex()\fR and +\&\fBBN_priv_rand_range_ex()\fR functions were added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BN_security_bits.3 b/secure/lib/libcrypto/man/man3/BN_security_bits.3 index d93e32729e11..2136603cc338 100644 --- a/secure/lib/libcrypto/man/man3/BN_security_bits.3 +++ b/secure/lib/libcrypto/man/man3/BN_security_bits.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BN_SECURITY_BITS 3" -.TH BN_SECURITY_BITS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BN_SECURITY_BITS 3ossl" +.TH BN_SECURITY_BITS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -175,7 +173,7 @@ The \fBBN_security_bits()\fR function was added in OpenSSL 1.1.0. .IX Header "COPYRIGHT" Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BN_set_bit.3 b/secure/lib/libcrypto/man/man3/BN_set_bit.3 index 85d83ef3b004..7f9ae3bc3749 100644 --- a/secure/lib/libcrypto/man/man3/BN_set_bit.3 +++ b/secure/lib/libcrypto/man/man3/BN_set_bit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BN_SET_BIT 3" -.TH BN_SET_BIT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BN_SET_BIT 3ossl" +.TH BN_SET_BIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift, BN_lshift1, BN_rshift, BN_rshift1 \- bit operations on BIGNUMs +BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift, +BN_lshift1, BN_rshift, BN_rshift1 \- bit operations on BIGNUMs .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -194,7 +193,7 @@ can be obtained by \fBERR_get_error\fR\|(3). .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BN_swap.3 b/secure/lib/libcrypto/man/man3/BN_swap.3 index 019c7d160108..cbd80ec306db 100644 --- a/secure/lib/libcrypto/man/man3/BN_swap.3 +++ b/secure/lib/libcrypto/man/man3/BN_swap.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BN_SWAP 3" -.TH BN_SWAP 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BN_SWAP 3ossl" +.TH BN_SWAP 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -157,7 +155,7 @@ BN_swap \- exchange BIGNUMs .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BN_zero.3 b/secure/lib/libcrypto/man/man3/BN_zero.3 index 5ea26ca1cf3c..d91cf6cc8a8c 100644 --- a/secure/lib/libcrypto/man/man3/BN_zero.3 +++ b/secure/lib/libcrypto/man/man3/BN_zero.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BN_ZERO 3" -.TH BN_ZERO 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BN_ZERO 3ossl" +.TH BN_ZERO 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word \- BIGNUM assignment operations +BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word \- BIGNUM assignment +operations .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -191,7 +190,7 @@ versions returned an int. .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/BUF_MEM_new.3 b/secure/lib/libcrypto/man/man3/BUF_MEM_new.3 index a6f019f826bb..012c0ccaafd8 100644 --- a/secure/lib/libcrypto/man/man3/BUF_MEM_new.3 +++ b/secure/lib/libcrypto/man/man3/BUF_MEM_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "BUF_MEM_NEW 3" -.TH BUF_MEM_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "BUF_MEM_NEW 3ossl" +.TH BUF_MEM_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow, BUF_MEM_grow_clean, BUF_reverse \&\- simple character array structure +BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow, +BUF_MEM_grow_clean, BUF_reverse +\&\- simple character array structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -198,7 +198,7 @@ The \fBBUF_MEM_new_ex()\fR function was added in OpenSSL 1.1.0. .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CMS_EncryptedData_decrypt.3 b/secure/lib/libcrypto/man/man3/CMS_EncryptedData_decrypt.3 new file mode 100644 index 000000000000..132bd36df317 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CMS_EncryptedData_decrypt.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_ENCRYPTEDDATA_DECRYPT 3ossl" +.TH CMS_ENCRYPTEDDATA_DECRYPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_EncryptedData_decrypt +\&\- Decrypt CMS EncryptedData +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/cms.h> +\& +\& int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, +\& const unsigned char *key, size_t keylen, +\& BIO *dcont, BIO *out, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_EncryptedData_decrypt()\fR decrypts a \fIcms\fR EncryptedData object using the +symmetric \fIkey\fR of size \fIkeylen\fR bytes. \fIout\fR is a \s-1BIO\s0 to write the content +to and \fIflags\fR is an optional set of flags. +\&\fIdcont\fR is used in the rare case where the encrypted content is detached. It +will normally be set to \s-1NULL.\s0 +.PP +The following flags can be passed in the \fIflags\fR parameter. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \f(CW\*(C`text/plain\*(C'\fR are deleted +from the content. If the content is not of type \f(CW\*(C`text/plain\*(C'\fR then an error is +returned. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_EncryptedData_decrypt()\fR returns 0 if an error occurred otherwise it +returns 1. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_EncryptedData_encrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CMS_EncryptedData_encrypt.3 b/secure/lib/libcrypto/man/man3/CMS_EncryptedData_encrypt.3 new file mode 100644 index 000000000000..d3532e6d524a --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CMS_EncryptedData_encrypt.3 @@ -0,0 +1,198 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_ENCRYPTEDDATA_ENCRYPT 3ossl" +.TH CMS_ENCRYPTEDDATA_ENCRYPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_EncryptedData_encrypt_ex, CMS_EncryptedData_encrypt +\&\- Create CMS EncryptedData +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/cms.h> +\& +\& CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, +\& const EVP_CIPHER *cipher, +\& const unsigned char *key, +\& size_t keylen, +\& unsigned int flags, +\& OSSL_LIB_CTX *ctx, +\& const char *propq); +\& +\& CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, +\& const EVP_CIPHER *cipher, const unsigned char *key, size_t keylen, +\& unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_EncryptedData_encrypt_ex()\fR creates a \fBCMS_ContentInfo\fR structure +with a type \fBNID_pkcs7_encrypted\fR. \fIin\fR is a \s-1BIO\s0 containing the data to +encrypt using \fIcipher\fR and the encryption key \fIkey\fR of size \fIkeylen\fR bytes. +The library context \fIlibctx\fR and the property query \fIpropq\fR are used when +retrieving algorithms from providers. \fIflags\fR is a set of optional flags. +.PP +The \fIflags\fR field supports the options \fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_STREAM\s0\fR and +\&\fB\s-1CMS_PARTIAL\s0\fR. Internally \fBCMS_final()\fR is called unless \fB\s-1CMS_STREAM\s0\fR and/or +\&\fB\s-1CMS_PARTIAL\s0\fR is specified. +.PP +The algorithm passed in the \fIcipher\fR parameter must support \s-1ASN1\s0 encoding of +its parameters. +.PP +The \fBCMS_ContentInfo\fR structure can be freed using \fBCMS_ContentInfo_free\fR\|(3). +.PP +\&\fBCMS_EncryptedData_encrypt()\fR is similar to \fBCMS_EncryptedData_encrypt_ex()\fR +but uses default values of \s-1NULL\s0 for the library context \fIlibctx\fR and the +property query \fIpropq\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fBCMS_EncryptedData_encrypt_ex()\fR and +\&\fBCMS_EncryptedData_encrypt()\fR return \s-1NULL\s0 and set an error code that can be +obtained by \fBERR_get_error\fR\|(3). Otherwise they return a pointer to the newly +allocated structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_final\fR\|(3), \fBCMS_EncryptedData_decrypt\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBCMS_EncryptedData_encrypt_ex()\fR method was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CMS_EnvelopedData_create.3 b/secure/lib/libcrypto/man/man3/CMS_EnvelopedData_create.3 new file mode 100644 index 000000000000..91876b5bb744 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CMS_EnvelopedData_create.3 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_ENVELOPEDDATA_CREATE 3ossl" +.TH CMS_ENVELOPEDDATA_CREATE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_EnvelopedData_create_ex, CMS_EnvelopedData_create, +CMS_AuthEnvelopedData_create, CMS_AuthEnvelopedData_create_ex +\&\- Create CMS envelope +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/cms.h> +\& +\& CMS_ContentInfo * +\& CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx, +\& const char *propq); +\& CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); +\& +\& CMS_ContentInfo * +\& CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx, +\& const char *propq); +\& CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_EnvelopedData_create_ex()\fR creates a \fBCMS_ContentInfo\fR structure +with a type \fBNID_pkcs7_enveloped\fR. \fIcipher\fR is the symmetric cipher to use. +The library context \fIlibctx\fR and the property query \fIpropq\fR are used when +retrieving algorithms from providers. +.PP +\&\fBCMS_AuthEnvelopedData_create_ex()\fR creates a \fBCMS_ContentInfo\fR +structure with a type \fBNID_id_smime_ct_authEnvelopedData\fR. \fBcipher\fR is the +symmetric \s-1AEAD\s0 cipher to use. Currently only \s-1AES\s0 variants with \s-1GCM\s0 mode are +supported. The library context \fIlibctx\fR and the property query \fIpropq\fR are +used when retrieving algorithms from providers. +.PP +The algorithm passed in the \fIcipher\fR parameter must support \s-1ASN1\s0 encoding of +its parameters. +.PP +The recipients can be added later using \fBCMS_add1_recipient_cert\fR\|(3) or +\&\fBCMS_add0_recipient_key\fR\|(3). +.PP +The \fBCMS_ContentInfo\fR structure needs to be finalized using \fBCMS_final\fR\|(3) +and then freed using \fBCMS_ContentInfo_free\fR\|(3). +.PP +\&\fBCMS_EnvelopedData_create()\fR and CMS_AuthEnvelopedData_create are similar to +\&\fBCMS_EnvelopedData_create_ex()\fR and +\&\fBCMS_AuthEnvelopedData_create_ex()\fR but use default values of \s-1NULL\s0 for +the library context \fIlibctx\fR and the property query \fIpropq\fR. +.SH "NOTES" +.IX Header "NOTES" +Although \fBCMS_EnvelopedData_create()\fR and \fBCMS_AuthEnvelopedData_create()\fR allocate +a new \fBCMS_ContentInfo\fR structure, they are not usually used in applications. +The wrappers \fBCMS_encrypt\fR\|(3) and \fBCMS_decrypt\fR\|(3) are often used instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fBCMS_EnvelopedData_create()\fR and +\&\fBCMS_AuthEnvelopedData_create()\fR return \s-1NULL\s0 and set an error code that can be +obtained by \fBERR_get_error\fR\|(3). Otherwise they return a pointer to the newly +allocated structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_encrypt\fR\|(3), \fBCMS_decrypt\fR\|(3), \fBCMS_final\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBCMS_EnvelopedData_create_ex()\fR method was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CMS_add0_cert.3 b/secure/lib/libcrypto/man/man3/CMS_add0_cert.3 index 5928a9919a67..f7a137c4cc82 100644 --- a/secure/lib/libcrypto/man/man3/CMS_add0_cert.3 +++ b/secure/lib/libcrypto/man/man3/CMS_add0_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "CMS_ADD0_CERT 3" -.TH CMS_ADD0_CERT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "CMS_ADD0_CERT 3ossl" +.TH CMS_ADD0_CERT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_get1_crls \&\- CMS certificate and CRL utility functions +CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_get1_crls +\&\- CMS certificate and CRL utility functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -155,28 +154,38 @@ CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_ge .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBCMS_add0_cert()\fR and \fBCMS_add1_cert()\fR add certificate \fBcert\fR to \fBcms\fR. -must be of type signed data or enveloped data. +\&\fBCMS_add0_cert()\fR and \fBCMS_add1_cert()\fR add certificate \fIcert\fR to \fIcms\fR. +This is used by \fBCMS_sign_ex\fR\|(3) and \fBCMS_sign\fR\|(3) and may be used before +calling \fBCMS_verify\fR\|(3) to help chain building in certificate validation. +\&\fIcms\fR must be of type signed data or (authenticated) enveloped data. +For signed data, such a certificate can be used when signing or verifying +to fill in the signer certificate or to provide an extra \s-1CA\s0 certificate +that may be needed for chain building in certificate validation. +.PP +\&\fBCMS_get1_certs()\fR returns all certificates in \fIcms\fR. .PP -\&\fBCMS_get1_certs()\fR returns all certificates in \fBcms\fR. +\&\fBCMS_add0_crl()\fR and \fBCMS_add1_crl()\fR add \s-1CRL\s0 \fIcrl\fR to \fIcms\fR. +\&\fIcms\fR must be of type signed data or (authenticated) enveloped data. +For signed data, such a \s-1CRL\s0 may be used in certificate validation +with \fBCMS_verify\fR\|(3). +It may be given both for inclusion when signing a \s-1CMS\s0 message +and when verifying a signed \s-1CMS\s0 message. .PP -\&\fBCMS_add0_crl()\fR and \fBCMS_add1_crl()\fR add \s-1CRL\s0 \fBcrl\fR to \fBcms\fR. \fBCMS_get1_crls()\fR -returns any CRLs in \fBcms\fR. +\&\fBCMS_get1_crls()\fR returns all CRLs in \fIcms\fR. .SH "NOTES" .IX Header "NOTES" -The CMS_ContentInfo structure \fBcms\fR must be of type signed data or enveloped +The CMS_ContentInfo structure \fIcms\fR must be of type signed data or enveloped data or an error will be returned. .PP -For signed data certificates and CRLs are added to the \fBcertificates\fR and -\&\fBcrls\fR fields of SignedData structure. For enveloped data they are added to +For signed data certificates and CRLs are added to the \fIcertificates\fR and +\&\fIcrls\fR fields of SignedData structure. For enveloped data they are added to \&\fBOriginatorInfo\fR. .PP -As the \fB0\fR implies \fBCMS_add0_cert()\fR adds \fBcert\fR internally to \fBcms\fR and it -must not be freed up after the call as opposed to \fBCMS_add1_cert()\fR where \fBcert\fR +As the \fI0\fR implies \fBCMS_add0_cert()\fR adds \fIcert\fR internally to \fIcms\fR and it +must not be freed up after the call as opposed to \fBCMS_add1_cert()\fR where \fIcert\fR must be freed up. .PP -The same certificate or \s-1CRL\s0 must not be added to the same cms structure more -than once. +The same certificate must not be added to the same cms structure more than once. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCMS_add0_cert()\fR, \fBCMS_add1_cert()\fR and \fBCMS_add0_crl()\fR and \fBCMS_add1_crl()\fR return @@ -184,17 +193,17 @@ than once. .PP \&\fBCMS_get1_certs()\fR and \fBCMS_get1_crls()\fR return the \s-1STACK\s0 of certificates or CRLs or \s-1NULL\s0 if there are none or an error occurs. The only error which will occur -in practice is if the \fBcms\fR type is invalid. +in practice is if the \fIcms\fR type is invalid. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), -\&\fBCMS_sign\fR\|(3), +\&\fBCMS_sign\fR\|(3), \fBCMS_sign_ex\fR\|(3), \fBCMS_verify\fR\|(3), \&\fBCMS_encrypt\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CMS_add1_recipient_cert.3 b/secure/lib/libcrypto/man/man3/CMS_add1_recipient_cert.3 index 755847599eb1..5eeddb058135 100644 --- a/secure/lib/libcrypto/man/man3/CMS_add1_recipient_cert.3 +++ b/secure/lib/libcrypto/man/man3/CMS_add1_recipient_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,23 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "CMS_ADD1_RECIPIENT_CERT 3" -.TH CMS_ADD1_RECIPIENT_CERT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "CMS_ADD1_RECIPIENT_CERT 3ossl" +.TH CMS_ADD1_RECIPIENT_CERT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -CMS_add1_recipient_cert, CMS_add0_recipient_key \- add recipients to a CMS enveloped data structure +CMS_add1_recipient, CMS_add1_recipient_cert, CMS_add0_recipient_key \- add recipients to a CMS enveloped data structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/cms.h> \& +\& CMS_RecipientInfo *CMS_add1_recipient(CMS_ContentInfo *cms, X509 *recip, +\& EVP_PKEY *originatorPrivKey, +\& X509 *originator, unsigned int flags); +\& \& CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, \& X509 *recip, unsigned int flags); \& @@ -157,6 +159,11 @@ CMS_add1_recipient_cert, CMS_add0_recipient_key \- add recipients to a CMS envel .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +\&\fBCMS_add1_recipient()\fR adds recipient \fBrecip\fR and provides the originator pkey +\&\fBoriginatorPrivKey\fR and originator certificate \fBoriginator\fR to CMS_ContentInfo. +The originator-related fields are relevant only in case when the keyAgreement +method of providing of the shared key is in use. +.PP \&\fBCMS_add1_recipient_cert()\fR adds recipient \fBrecip\fR to CMS_ContentInfo enveloped data structure \fBcms\fR as a KeyTransRecipientInfo structure. .PP @@ -193,11 +200,15 @@ occurs. .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3), \&\fBCMS_final\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBCMS_add1_recipient_cert\fR and \fBCMS_add0_recipient_key\fR were added in +OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CMS_add1_signer.3 b/secure/lib/libcrypto/man/man3/CMS_add1_signer.3 index 54bdb979f18e..0b48ef374818 100644 --- a/secure/lib/libcrypto/man/man3/CMS_add1_signer.3 +++ b/secure/lib/libcrypto/man/man3/CMS_add1_signer.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "CMS_ADD1_SIGNER 3" -.TH CMS_ADD1_SIGNER 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "CMS_ADD1_SIGNER 3ossl" +.TH CMS_ADD1_SIGNER 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -232,7 +230,7 @@ structure just added or \s-1NULL\s0 if an error occurs. .IX Header "COPYRIGHT" Copyright 2014\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CMS_compress.3 b/secure/lib/libcrypto/man/man3/CMS_compress.3 index c5649bb61f63..8099ad52919b 100644 --- a/secure/lib/libcrypto/man/man3/CMS_compress.3 +++ b/secure/lib/libcrypto/man/man3/CMS_compress.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "CMS_COMPRESS 3" -.TH CMS_COMPRESS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "CMS_COMPRESS 3ossl" +.TH CMS_COMPRESS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,8 +151,7 @@ CMS_compress \- create a CMS CompressedData structure is the compression algorithm to use or \fBNID_undef\fR to use the default algorithm (zlib compression). \fBin\fR is the content to be compressed. \&\fBflags\fR is an optional set of flags. -.SH "NOTES" -.IX Header "NOTES" +.PP The only currently supported compression algorithm is zlib using the \s-1NID\s0 NID_zlib_compression. .PP @@ -176,8 +173,7 @@ returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\f The compressed data is included in the CMS_ContentInfo structure, unless \&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in practice and is not supported by \fBSMIME_write_CMS()\fR. -.SH "NOTES" -.IX Header "NOTES" +.PP If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is \&\fBnot\fR complete and outputting its contents via a function that does not properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable @@ -204,7 +200,7 @@ The \fB\s-1CMS_STREAM\s0\fR flag was added in OpenSSL 1.0.0. .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CMS_data_create.3 b/secure/lib/libcrypto/man/man3/CMS_data_create.3 new file mode 100644 index 000000000000..8eaea558903c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CMS_data_create.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_DATA_CREATE 3ossl" +.TH CMS_DATA_CREATE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_data_create_ex, CMS_data_create +\&\- Create CMS Data object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/cms.h> +\& +\& CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags, +\& OSSL_LIB_CTX *libctx, const char *propq); +\& CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_data_create_ex()\fR creates a \fBCMS_ContentInfo\fR structure +with a type \fBNID_pkcs7_data\fR. The data is supplied via the \fIin\fR \s-1BIO.\s0 +The library context \fIlibctx\fR and the property query \fIpropq\fR are used when +retrieving algorithms from providers. The \fIflags\fR field supports the +\&\fB\s-1CMS_STREAM\s0\fR flag. Internally \fBCMS_final()\fR is called unless \fB\s-1CMS_STREAM\s0\fR is +specified. +.PP +The \fBCMS_ContentInfo\fR structure can be freed using \fBCMS_ContentInfo_free\fR\|(3). +.PP +\&\fBCMS_data_create()\fR is similar to \fBCMS_data_create_ex()\fR +but uses default values of \s-1NULL\s0 for the library context \fIlibctx\fR and the +property query \fIpropq\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fBCMS_data_create_ex()\fR and \fBCMS_data_create()\fR +return \s-1NULL\s0 and set an error code that can be obtained by \fBERR_get_error\fR\|(3). +Otherwise they return a pointer to the newly allocated structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_final\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBCMS_data_create_ex()\fR method was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CMS_decrypt.3 b/secure/lib/libcrypto/man/man3/CMS_decrypt.3 index 20f34aed62db..9717fc6152d2 100644 --- a/secure/lib/libcrypto/man/man3/CMS_decrypt.3 +++ b/secure/lib/libcrypto/man/man3/CMS_decrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "CMS_DECRYPT 3" -.TH CMS_DECRYPT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "CMS_DECRYPT 3ossl" +.TH CMS_DECRYPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -CMS_decrypt \- decrypt content from a CMS envelopedData structure +CMS_decrypt, CMS_decrypt_set1_pkey_and_peer, +CMS_decrypt_set1_pkey, CMS_decrypt_set1_password +\&\- decrypt content from a CMS envelopedData structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -147,23 +147,51 @@ CMS_decrypt \- decrypt content from a CMS envelopedData structure \& \& int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, \& BIO *dcont, BIO *out, unsigned int flags); +\& int CMS_decrypt_set1_pkey_and_peer(CMS_ContentInfo *cms, +\& EVP_PKEY *pk, X509 *cert, X509 *peer); +\& int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert); +\& int CMS_decrypt_set1_password(CMS_ContentInfo *cms, +\& unsigned char *pass, ossl_ssize_t passlen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBCMS_decrypt()\fR extracts and decrypts the content from a \s-1CMS\s0 EnvelopedData -structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the -recipient's certificate, \fBout\fR is a \s-1BIO\s0 to write the content to and -\&\fBflags\fR is an optional set of flags. -.PP -The \fBdcont\fR parameter is used in the rare case where the encrypted content +\&\fBCMS_decrypt()\fR extracts the decrypted content from a \s-1CMS\s0 EnvelopedData +or AuthEnvelopedData structure. +It uses \fBCMS_decrypt_set1_pkey()\fR to decrypt the content +with the recipient private key \fIpkey\fR if \fIpkey\fR is not \s-1NULL.\s0 +In this case, it is recommended to provide the associated certificate +in \fIcert\fR \- see the \s-1NOTES\s0 below. +\&\fIout\fR is a \s-1BIO\s0 to write the content to and +\&\fIflags\fR is an optional set of flags. +If \fIpkey\fR is \s-1NULL\s0 the function assumes that decryption was already done +(e.g., using \fBCMS_decrypt_set1_pkey()\fR or \fBCMS_decrypt_set1_password()\fR) and just +provides the content unless \fIcert\fR, \fIdcont\fR, and \fIout\fR are \s-1NULL\s0 as well. +The \fIdcont\fR parameter is used in the rare case where the encrypted content is detached. It will normally be set to \s-1NULL.\s0 +.PP +\&\fBCMS_decrypt_set1_pkey_and_peer()\fR decrypts the CMS_ContentInfo structure \fIcms\fR +using the private key \fIpkey\fR, the corresponding certificate \fIcert\fR, which is +recommended to be supplied but may be \s-1NULL,\s0 +and the (optional) originator certificate \fIpeer\fR. +On success, it also records in \fIcms\fR the decryption key \fIpkey\fR, and this +should be followed by \f(CW\*(C`CMS_decrypt(cms, NULL, NULL, dcont, out, flags)\*(C'\fR. +This call deallocates any decryption key stored in \fIcms\fR. +.PP +\&\fBCMS_decrypt_set1_pkey()\fR is the same as +\&\fBCMS_decrypt_set1_pkey_and_peer()\fR with \fIpeer\fR being \s-1NULL.\s0 +.PP +\&\fBCMS_decrypt_set1_password()\fR decrypts the CMS_ContentInfo structure \fIcms\fR +using the secret \fIpass\fR of length \fIpasslen\fR. +On success, it also records in \fIcms\fR the decryption key used, and this +should be followed by \f(CW\*(C`CMS_decrypt(cms, NULL, NULL, dcont, out, flags)\*(C'\fR. +This call deallocates any decryption key stored in \fIcms\fR. .SH "NOTES" .IX Header "NOTES" Although the recipients certificate is not needed to decrypt the data it is needed to locate the appropriate (of possible several) recipients in the \s-1CMS\s0 structure. .PP -If \fBcert\fR is set to \s-1NULL\s0 all possible recipients are tried. This case however +If \fIcert\fR is set to \s-1NULL\s0 all possible recipients are tried. This case however is problematic. To thwart the \s-1MMA\s0 attack (Bleichenbacher's attack on \&\s-1PKCS\s0 #1 v1.5 \s-1RSA\s0 padding) all recipients are tried whether they succeed or not. If no recipient succeeds then a random symmetric key is used to decrypt @@ -179,34 +207,44 @@ open to attack. .PP It is possible to determine the correct recipient key by other means (for example looking them up in a database) and setting them in the \s-1CMS\s0 structure -in advance using the \s-1CMS\s0 utility functions such as \fBCMS_set1_pkey()\fR. In this -case both \fBcert\fR and \fBpkey\fR should be set to \s-1NULL.\s0 +in advance using the \s-1CMS\s0 utility functions such as \fBCMS_set1_pkey()\fR, +or use \fBCMS_decrypt_set1_password()\fR if the recipient has a symmetric key. +In these cases both \fIcert\fR and \fIpkey\fR should be set to \s-1NULL.\s0 .PP To process KEKRecipientInfo types \fBCMS_set1_key()\fR or \fBCMS_RecipientInfo_set0_key()\fR and \fBCMS_RecipientInfo_decrypt()\fR should be called before \fBCMS_decrypt()\fR and -\&\fBcert\fR and \fBpkey\fR set to \s-1NULL.\s0 +\&\fIcert\fR and \fIpkey\fR set to \s-1NULL.\s0 .PP -The following flags can be passed in the \fBflags\fR parameter. +The following flags can be passed in the \fIflags\fR parameter. .PP -If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted -from the content. If the content is not of type \fBtext/plain\fR then an error is +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \f(CW\*(C`text/plain\*(C'\fR are deleted +from the content. If the content is not of type \f(CW\*(C`text/plain\*(C'\fR then an error is returned. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBCMS_decrypt()\fR returns either 1 for success or 0 for failure. -The error can be obtained from \fBERR_get_error\fR\|(3) +\&\fBCMS_decrypt()\fR, \fBCMS_decrypt_set1_pkey_and_peer()\fR, +\&\fBCMS_decrypt_set1_pkey()\fR, and \fBCMS_decrypt_set1_password()\fR +return either 1 for success or 0 for failure. +The error can be obtained from \fBERR_get_error\fR\|(3). .SH "BUGS" .IX Header "BUGS" +The \fBset1_\fR part of these function names is misleading +and should better read: \fBwith_\fR. +.PP The lack of single pass processing and the need to hold all data in memory as mentioned in \fBCMS_verify()\fR also applies to \fBCMS_decrypt()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_encrypt\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBCMS_decrypt_set1_pkey_and_peer()\fR and \fBCMS_decrypt_set1_password()\fR +were added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CMS_digest_create.3 b/secure/lib/libcrypto/man/man3/CMS_digest_create.3 new file mode 100644 index 000000000000..f9cacb2c01db --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CMS_digest_create.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_DIGEST_CREATE 3ossl" +.TH CMS_DIGEST_CREATE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_digest_create_ex, CMS_digest_create +\&\- Create CMS DigestedData object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/cms.h> +\& +\& CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md, +\& unsigned int flags, OSSL_LIB_CTX *ctx, +\& const char *propq); +\& +\& CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, +\& unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_digest_create_ex()\fR creates a \fBCMS_ContentInfo\fR structure +with a type \fBNID_pkcs7_digest\fR. The data supplied via the \fIin\fR \s-1BIO\s0 is digested +using \fImd\fR. The library context \fIlibctx\fR and the property query \fIpropq\fR are +used when retrieving algorithms from providers. +The \fIflags\fR field supports the \fB\s-1CMS_DETACHED\s0\fR and \fB\s-1CMS_STREAM\s0\fR flags, +Internally \fBCMS_final()\fR is called unless \fB\s-1CMS_STREAM\s0\fR is specified. +.PP +The \fBCMS_ContentInfo\fR structure can be freed using \fBCMS_ContentInfo_free\fR\|(3). +.PP +\&\fBCMS_digest_create()\fR is similar to \fBCMS_digest_create_ex()\fR +but uses default values of \s-1NULL\s0 for the library context \fIlibctx\fR and the +property query \fIpropq\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fBCMS_digest_create_ex()\fR and \fBCMS_digest_create()\fR +return \s-1NULL\s0 and set an error code that can be obtained by \fBERR_get_error\fR\|(3). +Otherwise they return a pointer to the newly allocated structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_final\fR\|(3)> +.SH "HISTORY" +.IX Header "HISTORY" +The \fBCMS_digest_create_ex()\fR method was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CMS_encrypt.3 b/secure/lib/libcrypto/man/man3/CMS_encrypt.3 index 1abcb01b5d85..f874bcbe3079 100644 --- a/secure/lib/libcrypto/man/man3/CMS_encrypt.3 +++ b/secure/lib/libcrypto/man/man3/CMS_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,29 +130,34 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "CMS_ENCRYPT 3" -.TH CMS_ENCRYPT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "CMS_ENCRYPT 3ossl" +.TH CMS_ENCRYPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -CMS_encrypt \- create a CMS envelopedData structure +CMS_encrypt_ex, CMS_encrypt \- create a CMS envelopedData structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/cms.h> \& +\& CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in, +\& const EVP_CIPHER *cipher, unsigned int flags, +\& OSSL_LIB_CTX *libctx, const char *propq); \& CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, \& const EVP_CIPHER *cipher, unsigned int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBCMS_encrypt()\fR creates and returns a \s-1CMS\s0 EnvelopedData structure. \fBcerts\fR -is a list of recipient certificates. \fBin\fR is the content to be encrypted. -\&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags. -.SH "NOTES" -.IX Header "NOTES" +\&\fBCMS_encrypt_ex()\fR creates and returns a \s-1CMS\s0 EnvelopedData or +AuthEnvelopedData structure. \fIcerts\fR is a list of recipient certificates. +\&\fIin\fR is the content to be encrypted. \fIcipher\fR is the symmetric cipher to use. +\&\fIflags\fR is an optional set of flags. The library context \fIlibctx\fR and the +property query \fIpropq\fR are used internally when retrieving algorithms from +providers. +.PP Only certificates carrying \s-1RSA,\s0 Diffie-Hellman or \s-1EC\s0 keys are supported by this function. .PP @@ -162,7 +165,9 @@ function. because most clients will support it. .PP The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of -its parameters. +its parameters. If the cipher mode is \s-1GCM,\s0 then an AuthEnvelopedData structure +containing \s-1MAC\s0 is used. Otherwise an EnvelopedData structure is used. Currently +the \s-1AES\s0 variants with \s-1GCM\s0 mode are the only supported \s-1AEAD\s0 algorithms. .PP Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME envelopedData containing an S/MIME signed message. This can be readily produced @@ -195,8 +200,7 @@ finalization. The data being encrypted is included in the CMS_ContentInfo structure, unless \&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in practice and is not supported by \fBSMIME_write_CMS()\fR. -.SH "NOTES" -.IX Header "NOTES" +.PP If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is \&\fBnot\fR complete and outputting its contents via a function that does not properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable @@ -213,21 +217,27 @@ and \fBCMS_add0_recipient_key()\fR. .PP The parameter \fBcerts\fR may be \s-1NULL\s0 if \fB\s-1CMS_PARTIAL\s0\fR is set and recipients added later using \fBCMS_add1_recipient_cert()\fR or \fBCMS_add0_recipient_key()\fR. +.PP +\&\fBCMS_encrypt()\fR is similar to \fBCMS_encrypt_ex()\fR but uses default values +of \s-1NULL\s0 for the library context \fIlibctx\fR and the property query \fIpropq\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBCMS_encrypt()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error -occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +\&\fBCMS_encrypt_ex()\fR and \fBCMS_encrypt()\fR return either a CMS_ContentInfo +structure or \s-1NULL\s0 if an error occurred. The error can be obtained from +\&\fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" +The function \fBCMS_encrypt_ex()\fR was added in OpenSSL 3.0. +.PP The \fB\s-1CMS_STREAM\s0\fR flag was first supported in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CMS_final.3 b/secure/lib/libcrypto/man/man3/CMS_final.3 index 0dcf79b2ed4b..af179046e93f 100644 --- a/secure/lib/libcrypto/man/man3/CMS_final.3 +++ b/secure/lib/libcrypto/man/man3/CMS_final.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "CMS_FINAL 3" -.TH CMS_FINAL 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "CMS_FINAL 3ossl" +.TH CMS_FINAL 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -169,9 +167,9 @@ I/O functions perform finalisation operations internally. \&\fBCMS_encrypt\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2008\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CMS_get0_RecipientInfos.3 b/secure/lib/libcrypto/man/man3/CMS_get0_RecipientInfos.3 index 29792a445c39..71b6f6b0407d 100644 --- a/secure/lib/libcrypto/man/man3/CMS_get0_RecipientInfos.3 +++ b/secure/lib/libcrypto/man/man3/CMS_get0_RecipientInfos.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,21 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "CMS_GET0_RECIPIENTINFOS 3" -.TH CMS_GET0_RECIPIENTINFOS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "CMS_GET0_RECIPIENTINFOS 3ossl" +.TH CMS_GET0_RECIPIENTINFOS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -CMS_get0_RecipientInfos, CMS_RecipientInfo_type, CMS_RecipientInfo_ktri_get0_signer_id, CMS_RecipientInfo_ktri_cert_cmp, CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id, CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key, CMS_RecipientInfo_decrypt, CMS_RecipientInfo_encrypt \&\- CMS envelopedData RecipientInfo routines +CMS_get0_RecipientInfos, CMS_RecipientInfo_type, +CMS_RecipientInfo_ktri_get0_signer_id, CMS_RecipientInfo_ktri_cert_cmp, +CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id, +CMS_RecipientInfo_kari_set0_pkey_and_peer, +CMS_RecipientInfo_kari_set0_pkey, +CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key, +CMS_RecipientInfo_decrypt, CMS_RecipientInfo_encrypt +\&\- CMS envelopedData RecipientInfo routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -154,7 +159,9 @@ CMS_get0_RecipientInfos, CMS_RecipientInfo_type, CMS_RecipientInfo_ktri_get0_sig \& ASN1_INTEGER **sno); \& int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); \& int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); -\& +\& int CMS_RecipientInfo_kari_set0_pkey_and_peer(CMS_RecipientInfo *ri, +\& EVP_PKEY *pk, X509 *peer); +\& int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk); \& int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg, \& ASN1_OCTET_STRING **pid, \& ASN1_GENERALIZEDTIME **pdate, @@ -190,6 +197,13 @@ It returns zero if the comparison is successful and non zero if not. the CMS_RecipientInfo structure \fBri\fR, which must be of type \&\s-1CMS_RECIPINFO_TRANS.\s0 .PP +\&\fBCMS_RecipientInfo_kari_set0_pkey_and_peer()\fR associates the private key \fBpkey\fR +and peer certificate \fBpeer\fR with the CMS_RecipientInfo structure \fBri\fR, which +must be of type \s-1CMS_RECIPINFO_AGREE.\s0 +.PP +\&\fBCMS_RecipientInfo_kari_set0_pkey()\fR associates the private key \fBpkey\fR with the +CMS_RecipientInfo structure \fBri\fR, which must be of type \s-1CMS_RECIPINFO_AGREE.\s0 +.PP \&\fBCMS_RecipientInfo_kekri_get0_id()\fR retrieves the key information from the CMS_RecipientInfo structure \fBri\fR which must be of type \s-1CMS_RECIPINFO_KEK.\s0 Any of the remaining parameters can be \s-1NULL\s0 if the application is not interested in @@ -255,11 +269,15 @@ Any error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBCMS_RecipientInfo_kari_set0_pkey_and_peer\fR and \fBCMS_RecipientInfo_kari_set0_pkey\fR +were added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CMS_get0_SignerInfos.3 b/secure/lib/libcrypto/man/man3/CMS_get0_SignerInfos.3 index bbe5dcde47ca..e8c4ef8ae2b4 100644 --- a/secure/lib/libcrypto/man/man3/CMS_get0_SignerInfos.3 +++ b/secure/lib/libcrypto/man/man3/CMS_get0_SignerInfos.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,17 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "CMS_GET0_SIGNERINFOS 3" -.TH CMS_GET0_SIGNERINFOS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "CMS_GET0_SIGNERINFOS 3ossl" +.TH CMS_GET0_SIGNERINFOS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -CMS_SignerInfo_set1_signer_cert, CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, CMS_SignerInfo_get0_signature, CMS_SignerInfo_cert_cmp \&\- CMS signedData signer functions +CMS_SignerInfo_set1_signer_cert, +CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, +CMS_SignerInfo_get0_signature, CMS_SignerInfo_cert_cmp +\&\- CMS signedData signer functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -212,7 +213,7 @@ Any error can be obtained from \fBERR_get_error\fR\|(3) .IX Header "COPYRIGHT" Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CMS_get0_type.3 b/secure/lib/libcrypto/man/man3/CMS_get0_type.3 index 21aa2cf16b4e..85829171e0bd 100644 --- a/secure/lib/libcrypto/man/man3/CMS_get0_type.3 +++ b/secure/lib/libcrypto/man/man3/CMS_get0_type.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "CMS_GET0_TYPE 3" -.TH CMS_GET0_TYPE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "CMS_GET0_TYPE 3ossl" +.TH CMS_GET0_TYPE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -157,7 +155,8 @@ an \s-1ASN1_OBJECT\s0 pointer. An application can then decide how to process the CMS_ContentInfo structure based on this value. .PP \&\fBCMS_set1_eContentType()\fR sets the embedded content type of a CMS_ContentInfo -structure. It should be called with \s-1CMS\s0 functions (such as CMS_sign, CMS_encrypt) +structure. It should be called with \s-1CMS\s0 functions (such as \fBCMS_sign\fR\|(3), +\&\fBCMS_encrypt\fR\|(3)) with the \fB\s-1CMS_PARTIAL\s0\fR flag and \fBbefore\fR the structure is finalised, otherwise the results are undefined. @@ -209,9 +208,9 @@ error can be obtained from \fBERR_get_error\fR\|(3). \&\fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2008\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CMS_get1_ReceiptRequest.3 b/secure/lib/libcrypto/man/man3/CMS_get1_ReceiptRequest.3 index f8afc15b0bd9..3066d6f8e951 100644 --- a/secure/lib/libcrypto/man/man3/CMS_get1_ReceiptRequest.3 +++ b/secure/lib/libcrypto/man/man3/CMS_get1_ReceiptRequest.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,23 +130,28 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "CMS_GET1_RECEIPTREQUEST 3" -.TH CMS_GET1_RECEIPTREQUEST 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "CMS_GET1_RECEIPTREQUEST 3ossl" +.TH CMS_GET1_RECEIPTREQUEST 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values \- CMS signed receipt request functions +CMS_ReceiptRequest_create0_ex, CMS_ReceiptRequest_create0, +CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values +\&\- CMS signed receipt request functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/cms.h> \& -\& CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, -\& int allorfirst, -\& STACK_OF(GENERAL_NAMES) *receiptList, -\& STACK_OF(GENERAL_NAMES) *receiptsTo); +\& CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex( +\& unsigned char *id, int idlen, int allorfirst, +\& STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo, +\& OSSL_LIB_CTX *libctx); +\& CMS_ReceiptRequest *CMS_ReceiptRequest_create0( +\& unsigned char *id, int idlen, int allorfirst, +\& STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo); \& int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); \& int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); \& void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid, @@ -158,13 +161,18 @@ CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CM .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBCMS_ReceiptRequest_create0()\fR creates a signed receipt request structure. The -\&\fBsignedContentIdentifier\fR field is set using \fBid\fR and \fBidlen\fR, or it is set -to 32 bytes of pseudo random data if \fBid\fR is \s-1NULL.\s0 If \fBreceiptList\fR is \s-1NULL\s0 -the allOrFirstTier option in \fBreceiptsFrom\fR is used and set to the value of -the \fBallorfirst\fR parameter. If \fBreceiptList\fR is not \s-1NULL\s0 the \fBreceiptList\fR -option in \fBreceiptsFrom\fR is used. The \fBreceiptsTo\fR parameter specifies the -\&\fBreceiptsTo\fR field value. +\&\fBCMS_ReceiptRequest_create0_ex()\fR creates a signed receipt request +structure. The \fBsignedContentIdentifier\fR field is set using \fIid\fR and \fIidlen\fR, +or it is set to 32 bytes of pseudo random data if \fIid\fR is \s-1NULL.\s0 +If \fIreceiptList\fR is \s-1NULL\s0 the allOrFirstTier option in \fIreceiptsFrom\fR is used +and set to the value of the \fIallorfirst\fR parameter. If \fIreceiptList\fR is not +\&\s-1NULL\s0 the \fIreceiptList\fR option in \fIreceiptsFrom\fR is used. The \fIreceiptsTo\fR +parameter specifies the \fIreceiptsTo\fR field value. The library context \fIlibctx\fR +is used to find the public random generator. +.PP +\&\fBCMS_ReceiptRequest_create0()\fR is similar to +\&\fBCMS_ReceiptRequest_create0_ex()\fR but uses default values of \s-1NULL\s0 for the +library context \fIlibctx\fR. .PP The \fBCMS_add1_ReceiptRequest()\fR function adds a signed receipt request \fBrr\fR to SignerInfo structure \fBsi\fR. @@ -186,8 +194,8 @@ corresponding CMS_ContentInfo structure can be successfully verified using \&\fBCMS_verify()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBCMS_ReceiptRequest_create0()\fR returns a signed receipt request structure or -\&\s-1NULL\s0 if an error occurred. +\&\fBCMS_ReceiptRequest_create0_ex()\fR and \fBCMS_ReceiptRequest_create0()\fR return +a signed receipt request structure or \s-1NULL\s0 if an error occurred. .PP \&\fBCMS_add1_ReceiptRequest()\fR returns 1 for success or 0 if an error occurred. .PP @@ -199,11 +207,14 @@ it is present but malformed. \&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), \&\fBCMS_sign_receipt\fR\|(3), \fBCMS_verify\fR\|(3) \&\fBCMS_verify_receipt\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The function \fBCMS_ReceiptRequest_create0_ex()\fR was added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CMS_sign.3 b/secure/lib/libcrypto/man/man3/CMS_sign.3 index e3c7e3c744b8..ae864edd2e2f 100644 --- a/secure/lib/libcrypto/man/man3/CMS_sign.3 +++ b/secure/lib/libcrypto/man/man3/CMS_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,33 +130,42 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "CMS_SIGN 3" -.TH CMS_SIGN 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "CMS_SIGN 3ossl" +.TH CMS_SIGN 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -CMS_sign \- create a CMS SignedData structure +CMS_sign, CMS_sign_ex \- create a CMS SignedData structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/cms.h> \& +\& CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey, +\& STACK_OF(X509) *certs, BIO *data, +\& unsigned int flags, OSSL_LIB_CTX *ctx, +\& const char *propq); \& CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, \& BIO *data, unsigned int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBCMS_sign()\fR creates and returns a \s-1CMS\s0 SignedData structure. \fBsigncert\fR is -the certificate to sign with, \fBpkey\fR is the corresponding private key. -\&\fBcerts\fR is an optional additional set of certificates to include in the \s-1CMS\s0 -structure (for example any intermediate CAs in the chain). Any or all of -these parameters can be \fB\s-1NULL\s0\fR, see \fB\s-1NOTES\s0\fR below. +\&\fBCMS_sign_ex()\fR creates and returns a \s-1CMS\s0 SignedData structure. +\&\fIsigncert\fR is the certificate to sign with, \fIpkey\fR is the corresponding +private key. \fIcerts\fR is an optional additional set of certificates to include +in the \s-1CMS\s0 structure (for example any intermediate CAs in the chain). The +library context \fIlibctx\fR and the property query \fIpropq\fR are used when +retrieving algorithms from providers. Any or all of these parameters can be +\&\fB\s-1NULL\s0\fR, see \fB\s-1NOTES\s0\fR below. .PP The data to be signed is read from \s-1BIO\s0 \fBdata\fR. .PP \&\fBflags\fR is an optional set of flags. +.PP +\&\fBCMS_sign()\fR is similar to \fBCMS_sign_ex()\fR but uses default values of \s-1NULL\s0 +for the library context \fIlibctx\fR and the property query \fIpropq\fR. .SH "NOTES" .IX Header "NOTES" Any of the following flags (ored together) can be passed in the \fBflags\fR @@ -193,7 +200,8 @@ omitted. If present the SMIMECapabilities attribute indicates support for the following algorithms in preference order: 256 bit \s-1AES,\s0 Gost R3411\-94, Gost 28147\-89, 192 bit \s-1AES, 128\s0 bit \s-1AES,\s0 triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 -If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST ENGINE\s0 is +If any of these algorithms is not available then it will not be included: +for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST ENGINE\s0 is not loaded. .PP OpenSSL will by default identify signing certificates using issuer name @@ -231,7 +239,7 @@ The function \fBCMS_sign()\fR is a basic \s-1CMS\s0 signing function whose outpu suitable for many purposes. For finer control of the output format the \&\fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be \fB\s-1NULL\s0\fR and the \&\fB\s-1CMS_PARTIAL\s0\fR flag set. Then one or more signers can be added using the -function \fBCMS_sign_add1_signer()\fR, non default digests can be used and custom +function \fBCMS_add1_signer()\fR, non default digests can be used and custom attributes added. \fBCMS_final()\fR must then be called to finalize the structure if streaming is not enabled. .SH "BUGS" @@ -239,8 +247,9 @@ structure if streaming is not enabled. Some attributes such as counter signatures are not supported. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBCMS_sign()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if an error -occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +\&\fBCMS_sign_ex()\fR and \fBCMS_sign()\fR return either a valid CMS_ContentInfo +structure or \s-1NULL\s0 if an error occurred. The error can be obtained from +\&\fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBCMS_verify\fR\|(3) @@ -248,11 +257,13 @@ occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .IX Header "HISTORY" The \fB\s-1CMS_STREAM\s0\fR flag is only supported for detached data in OpenSSL 0.9.8, it is supported for embedded data in OpenSSL 1.0.0 and later. +.PP +The \fBCMS_sign_ex()\fR method was added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CMS_sign_receipt.3 b/secure/lib/libcrypto/man/man3/CMS_sign_receipt.3 index 49d0f1950c7c..be28f9191f39 100644 --- a/secure/lib/libcrypto/man/man3/CMS_sign_receipt.3 +++ b/secure/lib/libcrypto/man/man3/CMS_sign_receipt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "CMS_SIGN_RECEIPT 3" -.TH CMS_SIGN_RECEIPT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "CMS_SIGN_RECEIPT 3ossl" +.TH CMS_SIGN_RECEIPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -177,7 +175,7 @@ an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CMS_uncompress.3 b/secure/lib/libcrypto/man/man3/CMS_uncompress.3 index b05e7d406c5a..32db144dbedf 100644 --- a/secure/lib/libcrypto/man/man3/CMS_uncompress.3 +++ b/secure/lib/libcrypto/man/man3/CMS_uncompress.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "CMS_UNCOMPRESS 3" -.TH CMS_UNCOMPRESS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "CMS_UNCOMPRESS 3ossl" +.TH CMS_UNCOMPRESS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -183,7 +181,7 @@ mentioned in \fBCMS_verify()\fR also applies to \fBCMS_decompress()\fR. .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CMS_verify.3 b/secure/lib/libcrypto/man/man3/CMS_verify.3 index c1e5ce44d13b..7ec416584bf3 100644 --- a/secure/lib/libcrypto/man/man3/CMS_verify.3 +++ b/secure/lib/libcrypto/man/man3/CMS_verify.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "CMS_VERIFY 3" -.TH CMS_VERIFY 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "CMS_VERIFY 3ossl" +.TH CMS_VERIFY 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,49 +150,57 @@ CMS_verify, CMS_get0_signers \- verify a CMS SignedData structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBCMS_verify()\fR verifies a \s-1CMS\s0 SignedData structure. \fBcms\fR is the CMS_ContentInfo -structure to verify. \fBcerts\fR is a set of certificates in which to search for -the signing certificate(s). \fBstore\fR is a trusted certificate store used for -chain verification. \fBindata\fR is the detached content if the content is not -present in \fBcms\fR. The content is written to \fBout\fR if it is not \s-1NULL.\s0 -.PP -\&\fBflags\fR is an optional set of flags, which can be used to modify the verify -operation. +\&\fBCMS_verify()\fR is very similar to \fBPKCS7_verify\fR\|(3). It verifies a +\&\fB\s-1CMS\s0 SignedData\fR structure contained in a structure of type \fBCMS_ContentInfo\fR. +\&\fIcms\fR points to the \fBCMS_ContentInfo\fR structure to verify. +The optional \fIcerts\fR parameter refers to a set of certificates +in which to search for signing certificates. +\&\fIcms\fR may contain extra untrusted \s-1CA\s0 certificates that may be used for +chain building as well as CRLs that may be used for certificate validation. +\&\fIstore\fR may be \s-1NULL\s0 or point to +the trusted certificate store to use for chain verification. +\&\fIindata\fR refers to the signed data if the content is detached from \fIcms\fR. +Otherwise \fIindata\fR should be \s-1NULL\s0 and the signed data must be in \fIcms\fR. +The content is written to the \s-1BIO\s0 \fIout\fR unless it is \s-1NULL.\s0 +\&\fIflags\fR is an optional set of flags, which can be used to modify the operation. .PP -\&\fBCMS_get0_signers()\fR retrieves the signing certificate(s) from \fBcms\fR, it may only +\&\fBCMS_get0_signers()\fR retrieves the signing certificate(s) from \fIcms\fR, it may only be called after a successful \fBCMS_verify()\fR operation. .SH "VERIFY PROCESS" .IX Header "VERIFY PROCESS" Normally the verify process proceeds as follows. .PP -Initially some sanity checks are performed on \fBcms\fR. The type of \fBcms\fR must +Initially some sanity checks are performed on \fIcms\fR. The type of \fIcms\fR must be SignedData. There must be at least one signature on the data and if -the content is detached \fBindata\fR cannot be \fB\s-1NULL\s0\fR. +the content is detached \fIindata\fR cannot be \s-1NULL.\s0 .PP An attempt is made to locate all the signing certificate(s), first looking in -the \fBcerts\fR parameter (if it is not \s-1NULL\s0) and then looking in any -certificates contained in the \fBcms\fR structure itself. If any signing -certificate cannot be located the operation fails. +the \fIcerts\fR parameter (if it is not \s-1NULL\s0) and then looking in any +certificates contained in the \fIcms\fR structure unless \fB\s-1CMS_NOINTERN\s0\fR is set. +If any signing certificate cannot be located the operation fails. .PP -Each signing certificate is chain verified using the \fBsmimesign\fR purpose and -the supplied trusted certificate store. Any internal certificates in the message -are used as untrusted CAs. If \s-1CRL\s0 checking is enabled in \fBstore\fR any internal -CRLs are used in addition to attempting to look them up in \fBstore\fR. If any -chain verify fails an error code is returned. +Each signing certificate is chain verified using the \fIsmimesign\fR purpose and +using the trusted certificate store \fIstore\fR if supplied. +Any internal certificates in the message, which may have been added using +\&\fBCMS_add1_cert\fR\|(3), are used as untrusted CAs. +If \s-1CRL\s0 checking is enabled in \fIstore\fR and \fB\s-1CMS_NOCRL\s0\fR is not set, +any internal CRLs, which may have been added using \fBCMS_add1_crl\fR\|(3), +are used in addition to attempting to look them up in \fIstore\fR. +If \fIstore\fR is not \s-1NULL\s0 and any chain verify fails an error code is returned. .PP -Finally the signed content is read (and written to \fBout\fR if it is not \s-1NULL\s0) -and the signature's checked. +Finally the signed content is read (and written to \fIout\fR unless it is \s-1NULL\s0) +and the signature is checked. .PP -If all signature's verify correctly then the function is successful. +If all signatures verify correctly then the function is successful. .PP -Any of the following flags (ored together) can be passed in the \fBflags\fR +Any of the following flags (ored together) can be passed in the \fIflags\fR parameter to change the default verify behaviour. .PP If \fB\s-1CMS_NOINTERN\s0\fR is set the certificates in the message itself are not -searched when locating the signing certificate(s). This means that all the -signing certificates must be in the \fBcerts\fR parameter. +searched when locating the signing certificate(s). +This means that all the signing certificates must be in the \fIcerts\fR parameter. .PP -If \fB\s-1CMS_NOCRL\s0\fR is set and \s-1CRL\s0 checking is enabled in \fBstore\fR then any +If \fB\s-1CMS_NOCRL\s0\fR is set and \s-1CRL\s0 checking is enabled in \fIstore\fR then any CRLs in the message itself are ignored. .PP If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted @@ -202,30 +208,34 @@ from the content. If the content is not of type \fBtext/plain\fR then an error i returned. .PP If \fB\s-1CMS_NO_SIGNER_CERT_VERIFY\s0\fR is set the signing certificates are not -verified. +chain verified, unless \fB\s-1CMS_CADES\s0\fR flag is also set. .PP If \fB\s-1CMS_NO_ATTR_VERIFY\s0\fR is set the signed attributes signature is not -verified. +verified, unless \s-1CMS_CADES\s0 flag is also set. +.PP +If \fB\s-1CMS_CADES\s0\fR is set, each signer certificate is checked against the +\&\s-1ESS\s0 signingCertificate or \s-1ESS\s0 signingCertificateV2 extension +that is required in the signed attributes of the signature. .PP If \fB\s-1CMS_NO_CONTENT_VERIFY\s0\fR is set then the content digest is not checked. .SH "NOTES" .IX Header "NOTES" One application of \fB\s-1CMS_NOINTERN\s0\fR is to only accept messages signed by a small number of certificates. The acceptable certificates would be passed -in the \fBcerts\fR parameter. In this case if the signer is not one of the -certificates supplied in \fBcerts\fR then the verify will fail because the +in the \fIcerts\fR parameter. In this case if the signer certificate is not one +of the certificates supplied in \fIcerts\fR then the verify will fail because the signer cannot be found. .PP In some cases the standard techniques for looking up and validating certificates are not appropriate: for example an application may wish to lookup certificates in a database or perform customised verification. This -can be achieved by setting and verifying the signers certificates manually +can be achieved by setting and verifying the signer certificates manually using the signed data utility functions. .PP Care should be taken when modifying the default verify behaviour, for example setting \fB\s-1CMS_NO_CONTENT_VERIFY\s0\fR will totally disable all content verification and any modified content will be considered valid. This combination is however -useful if one merely wishes to write the content to \fBout\fR and its validity +useful if one merely wishes to write the content to \fIout\fR and its validity is not considered important. .PP Chain verification should arguably be performed using the signing time rather @@ -234,28 +244,29 @@ signer it cannot be trusted without additional evidence (such as a trusted timestamp). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBCMS_verify()\fR returns 1 for a successful verification and zero if an error -occurred. +\&\fBCMS_verify()\fR returns 1 for a successful verification and 0 if an error occurred. .PP \&\fBCMS_get0_signers()\fR returns all signers or \s-1NULL\s0 if an error occurred. .PP The error can be obtained from \fBERR_get_error\fR\|(3) .SH "BUGS" .IX Header "BUGS" -The trusted certificate store is not searched for the signing certificate, -this is primarily due to the inadequacies of the current \fBX509_STORE\fR +The trusted certificate store is not searched for the signing certificate. +This is primarily due to the inadequacies of the current \fBX509_STORE\fR functionality. .PP The lack of single pass processing means that the signed content must all be held in memory if it is not detached. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBPKCS7_verify\fR\|(3), \fBCMS_add1_cert\fR\|(3), \fBCMS_add1_crl\fR\|(3), +\&\fBOSSL_ESS_check_signing_certs\fR\|(3), \&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2008\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CMS_verify_receipt.3 b/secure/lib/libcrypto/man/man3/CMS_verify_receipt.3 index 312886dfd09d..f3b2c63af7a1 100644 --- a/secure/lib/libcrypto/man/man3/CMS_verify_receipt.3 +++ b/secure/lib/libcrypto/man/man3/CMS_verify_receipt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "CMS_VERIFY_RECEIPT 3" -.TH CMS_VERIFY_RECEIPT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "CMS_VERIFY_RECEIPT 3ossl" +.TH CMS_VERIFY_RECEIPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -179,7 +177,7 @@ The error can be obtained from \fBERR_get_error\fR\|(3) .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CONF_modules_free.3 b/secure/lib/libcrypto/man/man3/CONF_modules_free.3 index 66b48d027f65..e6d8da160892 100644 --- a/secure/lib/libcrypto/man/man3/CONF_modules_free.3 +++ b/secure/lib/libcrypto/man/man3/CONF_modules_free.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "CONF_MODULES_FREE 3" -.TH CONF_MODULES_FREE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "CONF_MODULES_FREE 3ossl" +.TH CONF_MODULES_FREE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -CONF_modules_free, CONF_modules_finish, CONF_modules_unload \- OpenSSL configuration cleanup functions +CONF_modules_free, CONF_modules_finish, CONF_modules_unload \- +OpenSSL configuration cleanup functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -149,12 +148,12 @@ CONF_modules_free, CONF_modules_finish, CONF_modules_unload \- OpenSSL configura \& void CONF_modules_unload(int all); .Ve .PP -Deprecated: +The following functions have been deprecated since OpenSSL 1.1.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): .PP -.Vb 3 -\& #if OPENSSL_API_COMPAT < 0x10100000L -\& void CONF_modules_free(void) -\& #endif +.Vb 1 +\& void CONF_modules_free(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -168,23 +167,23 @@ to free up any configuration that module may have performed. .PP \&\fBCONF_modules_unload()\fR finishes and unloads configuration modules. If \&\fBall\fR is set to \fB0\fR only modules loaded from DSOs will be unloads. If -\&\fBall\fR is \fB1\fR all modules, including builtin modules will be unloaded. +\&\fBall\fR is \fB1\fR all modules, including built-in modules will be unloaded. .SH "RETURN VALUES" .IX Header "RETURN VALUES" None of the functions return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBconfig\fR\|(5), \fBOPENSSL_config\fR\|(3), -\&\fBCONF_modules_load_file\fR\|(3) +\&\fBCONF_modules_load_file_ex\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBCONF_modules_free()\fR was deprecated in OpenSSL 1.1.0; do not use it. For more information see \fBOPENSSL_init_crypto\fR\|(3). .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CONF_modules_load_file.3 b/secure/lib/libcrypto/man/man3/CONF_modules_load_file.3 index 307a5bbddb31..178b359462d5 100644 --- a/secure/lib/libcrypto/man/man3/CONF_modules_load_file.3 +++ b/secure/lib/libcrypto/man/man3/CONF_modules_load_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,24 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "CONF_MODULES_LOAD_FILE 3" -.TH CONF_MODULES_LOAD_FILE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "CONF_MODULES_LOAD_FILE 3ossl" +.TH CONF_MODULES_LOAD_FILE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -CONF_modules_load_file, CONF_modules_load \- OpenSSL configuration functions +CONF_get1_default_config_file, +CONF_modules_load_file_ex, CONF_modules_load_file, CONF_modules_load +\&\- OpenSSL configuration functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/conf.h> \& +\& char *CONF_get1_default_config_file(void); +\& int CONF_modules_load_file_ex(OSSL_LIB_CTX *libctx, const char *filename, +\& const char *appname, unsigned long flags); \& int CONF_modules_load_file(const char *filename, const char *appname, \& unsigned long flags); \& int CONF_modules_load(const CONF *cnf, const char *appname, @@ -152,11 +155,24 @@ CONF_modules_load_file, CONF_modules_load \- OpenSSL configuration functions .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fBCONF_modules_load_file()\fR configures OpenSSL using file -\&\fBfilename\fR and application name \fBappname\fR. If \fBfilename\fR is \s-1NULL\s0 -the standard OpenSSL configuration file is used. If \fBappname\fR is -\&\s-1NULL\s0 the standard OpenSSL application name \fBopenssl_conf\fR is used. -The behaviour can be customized using \fBflags\fR. +The function \fBCONF_get1_default_config_file()\fR determines the default +configuration file pathname as follows. +If the \fB\s-1OPENSSL_CONF\s0\fR environment variable is set its value is returned. +Else the function returns the path obtained using +\&\fBX509_get_default_cert_area\fR\|(3) with the filename \f(CW"openssl.cnf"\fR appended. +The caller is responsible for freeing any string returned. +.PP +The function \fBCONF_modules_load_file_ex()\fR configures OpenSSL using +library context \fBlibctx\fR file \fBfilename\fR and application name \fBappname\fR. +If \fBfilename\fR is \s-1NULL\s0 the standard OpenSSL configuration file is used +as determined by calling \fBCONF_get1_default_config_file()\fR. +If \fBappname\fR is \s-1NULL\s0 the standard OpenSSL application name \fBopenssl_conf\fR is +used. +The behaviour can be customized using \fBflags\fR. Note that, the error suppressing +can be overridden by \fBconfig_diagnostics\fR as described in \fBconfig\fR\|(5). +.PP +\&\fBCONF_modules_load_file()\fR is the same as \fBCONF_modules_load_file_ex()\fR but +has a \s-1NULL\s0 library context. .PP \&\fBCONF_modules_load()\fR is identical to \fBCONF_modules_load_file()\fR except it reads configuration information from \fBcnf\fR. @@ -176,8 +192,8 @@ returns success. This is used by default in \fBOPENSSL_init_crypto\fR\|(3) to ignore any errors in the default system-wide configuration file, as having all OpenSSL applications fail to start when there are potentially minor issues in the file is too risky. -Applications calling \fBCONF_modules_load_file\fR explicitly should not generally -set this flag. +Applications calling \fBCONF_modules_load_file_ex\fR explicitly should not +generally set this flag. .PP If \fB\s-1CONF_MFLAGS_NO_DSO\s0\fR is set configuration module loading from DSOs is disabled. @@ -189,10 +205,10 @@ return an error. \&\fB\s-1CONF_MFLAGS_DEFAULT_SECTION\s0\fR if set and \fBappname\fR is not \s-1NULL\s0 will use the default section pointed to by \fBopenssl_conf\fR if \fBappname\fR does not exist. .PP -By using \fBCONF_modules_load_file()\fR with appropriate flags an application can -customise application configuration to best suit its needs. In some cases the -use of a configuration file is optional and its absence is not an error: in -this case \fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR would be set. +By using \fBCONF_modules_load_file_ex()\fR with appropriate flags an +application can customise application configuration to best suit its needs. +In some cases the use of a configuration file is optional and its absence is not +an error: in this case \fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR would be set. .PP Errors during configuration may also be handled differently by different applications. For example in some cases an error may simply print out a warning @@ -213,7 +229,7 @@ Load a configuration file and print out any errors and exit (missing file considered fatal): .PP .Vb 5 -\& if (CONF_modules_load_file(NULL, NULL, 0) <= 0) { +\& if (CONF_modules_load_file_ex(libctx, NULL, NULL, 0) <= 0) { \& fprintf(stderr, "FATAL: error loading configuration file\en"); \& ERR_print_errors_fp(stderr); \& exit(1); @@ -224,8 +240,8 @@ Load default configuration file using the section indicated by \*(L"myapp\*(R", tolerate missing files, but exit on other errors: .PP .Vb 6 -\& if (CONF_modules_load_file(NULL, "myapp", -\& CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { +\& if (CONF_modules_load_file_ex(NULL, NULL, "myapp", +\& CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { \& fprintf(stderr, "FATAL: error loading configuration file\en"); \& ERR_print_errors_fp(stderr); \& exit(1); @@ -236,8 +252,8 @@ Load custom configuration file and section, only print warnings on error, missing configuration file ignored: .PP .Vb 5 -\& if (CONF_modules_load_file("/something/app.cnf", "myapp", -\& CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { +\& if (CONF_modules_load_file_ex(NULL, "/something/app.cnf", "myapp", +\& CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { \& fprintf(stderr, "WARNING: error loading configuration file\en"); \& ERR_print_errors_fp(stderr); \& } @@ -255,7 +271,7 @@ Load and parse configuration file manually, custom error handling: \& fprintf(stderr, "Error opening configuration file\en"); \& /* Other missing configuration file behaviour */ \& } else { -\& cnf = NCONF_new(NULL); +\& cnf = NCONF_new_ex(libctx, NULL); \& if (NCONF_load_fp(cnf, fp, &eline) == 0) { \& fprintf(stderr, "Error on line %ld of configuration file\en", eline); \& ERR_print_errors_fp(stderr); @@ -271,12 +287,14 @@ Load and parse configuration file manually, custom error handling: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBconfig\fR\|(5), \fBOPENSSL_config\fR\|(3) +\&\fBconfig\fR\|(5), +\&\fBOPENSSL_config\fR\|(3), +\&\fBNCONF_new_ex\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2004\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CRYPTO_THREAD_run_once.3 b/secure/lib/libcrypto/man/man3/CRYPTO_THREAD_run_once.3 index a8728d6209d6..506a382db1d9 100644 --- a/secure/lib/libcrypto/man/man3/CRYPTO_THREAD_run_once.3 +++ b/secure/lib/libcrypto/man/man3/CRYPTO_THREAD_run_once.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,17 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "CRYPTO_THREAD_RUN_ONCE 3" -.TH CRYPTO_THREAD_RUN_ONCE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "CRYPTO_THREAD_RUN_ONCE 3ossl" +.TH CRYPTO_THREAD_RUN_ONCE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -CRYPTO_THREAD_run_once, CRYPTO_THREAD_lock_new, CRYPTO_THREAD_read_lock, CRYPTO_THREAD_write_lock, CRYPTO_THREAD_unlock, CRYPTO_THREAD_lock_free, CRYPTO_atomic_add \- OpenSSL thread support +CRYPTO_THREAD_run_once, +CRYPTO_THREAD_lock_new, CRYPTO_THREAD_read_lock, CRYPTO_THREAD_write_lock, +CRYPTO_THREAD_unlock, CRYPTO_THREAD_lock_free, +CRYPTO_atomic_add, CRYPTO_atomic_or, CRYPTO_atomic_load \- OpenSSL thread support .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -155,6 +156,9 @@ CRYPTO_THREAD_run_once, CRYPTO_THREAD_lock_new, CRYPTO_THREAD_read_lock, CRYPTO_ \& void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock); \& \& int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock); +\& int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret, +\& CRYPTO_RWLOCK *lock); +\& int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -168,10 +172,10 @@ supported by OpenSSL. The following multi-threading function are provided: .IP "\(bu" 2 \&\fBCRYPTO_THREAD_run_once()\fR can be used to perform one-time initialization. -The \fBonce\fR argument must be a pointer to a static object of type +The \fIonce\fR argument must be a pointer to a static object of type \&\fB\s-1CRYPTO_ONCE\s0\fR that was statically initialized to the value \&\fB\s-1CRYPTO_ONCE_STATIC_INIT\s0\fR. -The \fBinit\fR argument is a pointer to a function that performs the desired +The \fIinit\fR argument is a pointer to a function that performs the desired exactly once initialization. In particular, this can be used to allocate locks in a thread-safe manner, which can then be used with the locking functions below. @@ -179,19 +183,35 @@ which can then be used with the locking functions below. \&\fBCRYPTO_THREAD_lock_new()\fR allocates, initializes and returns a new read/write lock. .IP "\(bu" 2 -\&\fBCRYPTO_THREAD_read_lock()\fR locks the provided \fBlock\fR for reading. +\&\fBCRYPTO_THREAD_read_lock()\fR locks the provided \fIlock\fR for reading. .IP "\(bu" 2 -\&\fBCRYPTO_THREAD_write_lock()\fR locks the provided \fBlock\fR for writing. +\&\fBCRYPTO_THREAD_write_lock()\fR locks the provided \fIlock\fR for writing. .IP "\(bu" 2 -\&\fBCRYPTO_THREAD_unlock()\fR unlocks the previously locked \fBlock\fR. +\&\fBCRYPTO_THREAD_unlock()\fR unlocks the previously locked \fIlock\fR. .IP "\(bu" 2 -\&\fBCRYPTO_THREAD_lock_free()\fR frees the provided \fBlock\fR. +\&\fBCRYPTO_THREAD_lock_free()\fR frees the provided \fIlock\fR. .IP "\(bu" 2 -\&\fBCRYPTO_atomic_add()\fR atomically adds \fBamount\fR to \fBval\fR and returns the -result of the operation in \fBret\fR. \fBlock\fR will be locked, unless atomic +\&\fBCRYPTO_atomic_add()\fR atomically adds \fIamount\fR to \fI*val\fR and returns the +result of the operation in \fI*ret\fR. \fIlock\fR will be locked, unless atomic operations are supported on the specific platform. Because of this, if a variable is modified by \fBCRYPTO_atomic_add()\fR then \fBCRYPTO_atomic_add()\fR must -be the only way that the variable is modified. +be the only way that the variable is modified. If atomic operations are not +supported and \fIlock\fR is \s-1NULL,\s0 then the function will fail. +.IP "\(bu" 2 +\&\fBCRYPTO_atomic_or()\fR performs an atomic bitwise or of \fIop\fR and \fI*val\fR and stores +the result back in \fI*val\fR. It also returns the result of the operation in +\&\fI*ret\fR. \fIlock\fR will be locked, unless atomic operations are supported on the +specific platform. Because of this, if a variable is modified by +\&\fBCRYPTO_atomic_or()\fR or read by \fBCRYPTO_atomic_load()\fR then \fBCRYPTO_atomic_or()\fR must +be the only way that the variable is modified. If atomic operations are not +supported and \fIlock\fR is \s-1NULL,\s0 then the function will fail. +.IP "\(bu" 2 +\&\fBCRYPTO_atomic_load()\fR atomically loads the contents of \fI*val\fR into \fI*ret\fR. +\&\fIlock\fR will be locked, unless atomic operations are supported on the specific +platform. Because of this, if a variable is modified by \fBCRYPTO_atomic_or()\fR or +read by \fBCRYPTO_atomic_load()\fR then \fBCRYPTO_atomic_load()\fR must be the only way that +the variable is read. If atomic operations are not supported and \fIlock\fR is +\&\s-1NULL,\s0 then the function will fail. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBCRYPTO_THREAD_run_once()\fR returns 1 on success, or 0 on error. @@ -204,14 +224,26 @@ The other functions return 1 on success, or 0 on error. .SH "NOTES" .IX Header "NOTES" On Windows platforms the CRYPTO_THREAD_* types and functions in the -openssl/crypto.h header are dependent on some of the types customarily -made available by including windows.h. The application developer is -likely to require control over when the latter is included, commonly as -one of the first included headers. Therefore, it is defined as an -application developer's responsibility to include windows.h prior to -crypto.h where use of CRYPTO_THREAD_* types and functions is required. +\&\fI<openssl/crypto.h>\fR header are dependent on some of the types +customarily made available by including \fI<windows.h>\fR. The application +developer is likely to require control over when the latter is included, +commonly as one of the first included headers. Therefore, it is defined as an +application developer's responsibility to include \fI<windows.h>\fR prior to +\&\fI<openssl/crypto.h>\fR where use of CRYPTO_THREAD_* types and functions is +required. .SH "EXAMPLES" .IX Header "EXAMPLES" +You can find out if OpenSSL was configured with thread support: +.PP +.Vb 6 +\& #include <openssl/opensslconf.h> +\& #if defined(OPENSSL_THREADS) +\& /* thread support enabled */ +\& #else +\& /* no thread support */ +\& #endif +.Ve +.PP This example safely initializes and uses a lock. .PP .Vb 4 @@ -258,26 +290,14 @@ This can only be done at process exit or when a dynamically loaded library is no longer in use and is unloaded. The simplest solution is to just \*(L"leak\*(R" the lock in applications and not repeatedly load/unload shared libraries that allocate locks. -.SH "NOTES" -.IX Header "NOTES" -You can find out if OpenSSL was configured with thread support: -.PP -.Vb 6 -\& #include <openssl/opensslconf.h> -\& #if defined(OPENSSL_THREADS) -\& /* thread support enabled */ -\& #else -\& /* no thread support */ -\& #endif -.Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBcrypto\fR\|(7) +\&\fBcrypto\fR\|(7), \fBopenssl\-threads\fR\|(7). .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CRYPTO_get_ex_new_index.3 b/secure/lib/libcrypto/man/man3/CRYPTO_get_ex_new_index.3 index fb0891cf59bf..697797bd3e6e 100644 --- a/secure/lib/libcrypto/man/man3/CRYPTO_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/man3/CRYPTO_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,18 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "CRYPTO_GET_EX_NEW_INDEX 3" -.TH CRYPTO_GET_EX_NEW_INDEX 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "CRYPTO_GET_EX_NEW_INDEX 3ossl" +.TH CRYPTO_GET_EX_NEW_INDEX 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -CRYPTO_EX_new, CRYPTO_EX_free, CRYPTO_EX_dup, CRYPTO_free_ex_index, CRYPTO_get_ex_new_index, CRYPTO_set_ex_data, CRYPTO_get_ex_data, CRYPTO_free_ex_data, CRYPTO_new_ex_data \&\- functions supporting application\-specific data +CRYPTO_EX_new, CRYPTO_EX_free, CRYPTO_EX_dup, +CRYPTO_free_ex_index, CRYPTO_get_ex_new_index, +CRYPTO_alloc_ex_data, CRYPTO_set_ex_data, CRYPTO_get_ex_data, +CRYPTO_free_ex_data, CRYPTO_new_ex_data +\&\- functions supporting application\-specific data .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -156,13 +158,16 @@ CRYPTO_EX_new, CRYPTO_EX_free, CRYPTO_EX_dup, CRYPTO_free_ex_index, CRYPTO_get_e \& typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, \& int idx, long argl, void *argp); \& typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, -\& void *from_d, int idx, long argl, void *argp); +\& void **from_d, int idx, long argl, void *argp); +\& +\& int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); \& -\& int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) +\& int CRYPTO_alloc_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad, +\& int idx); \& \& int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg); \& -\& void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx); +\& void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *r, int idx); \& \& void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *r); \& @@ -175,13 +180,12 @@ known as \*(L"exdata.\*(R" The specific structures are: .PP .Vb 10 -\& APP \& BIO \& DH -\& DRBG \& DSA \& EC_KEY \& ENGINE +\& EVP_PKEY \& RSA \& SSL \& SSL_CTX @@ -193,8 +197,10 @@ The specific structures are: \& X509_STORE_CTX .Ve .PP -Each is identified by an \fBCRYPTO_EX_INDEX_xxx\fR define in the \fBcrypto.h\fR -header file. In addition, \fB\s-1CRYPTO_EX_INDEX_APP\s0\fR is reserved for +In addition, the \fB\s-1APP\s0\fR name is reserved for use by application code. +.PP +Each is identified by an \fBCRYPTO_EX_INDEX_xxx\fR define in the header file +\&\fI<openssl/crypto.h>\fR. In addition, \fB\s-1CRYPTO_EX_INDEX_APP\s0\fR is reserved for applications to use this facility for their own structures. .PP The \s-1API\s0 described here is used by OpenSSL to manipulate exdata for specific @@ -249,7 +255,8 @@ When a structure is initially allocated (such as \fBRSA_new()\fR) then the that the entire parent, or containing, structure has been set up. The \fBnew_func()\fR is typically used only to allocate memory to store the exdata, and perhaps an \*(L"initialized\*(R" flag within that memory. -The exdata value should be set by calling \fBCRYPTO_set_ex_data()\fR. +The exdata value may be allocated later on with \fBCRYPTO_alloc_ex_data()\fR, +or may be set by calling \fBCRYPTO_set_ex_data()\fR. .PP When a structure is free'd (such as \fBSSL_CTX_free()\fR) then the \&\fBfree_func()\fR is called for every defined index. Again, the state of the @@ -268,10 +275,8 @@ the same callback handles different types of exdata. for \fB\s-1SSL\s0\fR, \fB\s-1SSL_SESSION\s0\fR, \fB\s-1EC_KEY\s0\fR objects and \fB\s-1BIO\s0\fR chains via \&\fBBIO_dup_chain()\fR. The \fBto\fR and \fBfrom\fR parameters are pointers to the destination and source \fB\s-1CRYPTO_EX_DATA\s0\fR structures, -respectively. The \fBfrom_d\fR parameter needs to be cast to a \fBvoid **pptr\fR -as the \s-1API\s0 has currently the wrong signature; that will be changed in a -future version. The \fB*pptr\fR is a pointer to the source exdata. -When the \fBdup_func()\fR returns, the value in \fB*pptr\fR is copied to the +respectively. The \fB*from_d\fR parameter is a pointer to the source exdata. +When the \fBdup_func()\fR returns, the value in \fB*from_d\fR is copied to the destination ex_data. If the pointer contained in \fB*pptr\fR is not modified by the \fBdup_func()\fR, then both \fBto\fR and \fBfrom\fR will point to the same data. The \fBidx\fR, \fBargl\fR and \fBargp\fR parameters are as described for the other @@ -281,18 +286,26 @@ will fail. .IX Header "RETURN VALUES" \&\fBCRYPTO_get_ex_new_index()\fR returns a new index or \-1 on failure. .PP -\&\fBCRYPTO_free_ex_index()\fR and -\&\fBCRYPTO_set_ex_data()\fR return 1 on success or 0 on failure. +\&\fBCRYPTO_free_ex_index()\fR, \fBCRYPTO_alloc_ex_data()\fR and \fBCRYPTO_set_ex_data()\fR +return 1 on success or 0 on failure. .PP \&\fBCRYPTO_get_ex_data()\fR returns the application data or \s-1NULL\s0 on failure; note that \s-1NULL\s0 may be a valid value. .PP \&\fBdup_func()\fR should return 0 for failure and 1 for success. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBCRYPTO_alloc_ex_data()\fR was added in OpenSSL 3.0. +.PP +The signature of the \fBdup_func()\fR callback was changed in OpenSSL 3.0 to use the +type \fBvoid **\fR for \fBfrom_d\fR. Previously this parameter was of type \fBvoid *\fR. +.PP +Support for \s-1ENGINE\s0 \*(L"exdata\*(R" was deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CRYPTO_memcmp.3 b/secure/lib/libcrypto/man/man3/CRYPTO_memcmp.3 index d62f313b341e..64231ded501d 100644 --- a/secure/lib/libcrypto/man/man3/CRYPTO_memcmp.3 +++ b/secure/lib/libcrypto/man/man3/CRYPTO_memcmp.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "CRYPTO_MEMCMP 3" -.TH CRYPTO_MEMCMP 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "CRYPTO_MEMCMP 3ossl" +.TH CRYPTO_MEMCMP 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -163,7 +161,7 @@ Unlike \fBmemcmp\fR\|(2), this function cannot be used to order the two memory r as the return value when they differ is undefined, other than being nonzero. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2019\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/CTLOG_STORE_get0_log_by_id.3 b/secure/lib/libcrypto/man/man3/CTLOG_STORE_get0_log_by_id.3 index c8d148a98d99..1d93253b33ef 100644 --- a/secure/lib/libcrypto/man/man3/CTLOG_STORE_get0_log_by_id.3 +++ b/secure/lib/libcrypto/man/man3/CTLOG_STORE_get0_log_by_id.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "CTLOG_STORE_GET0_LOG_BY_ID 3" -.TH CTLOG_STORE_GET0_LOG_BY_ID 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "CTLOG_STORE_GET0_LOG_BY_ID 3ossl" +.TH CTLOG_STORE_GET0_LOG_BY_ID 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -CTLOG_STORE_get0_log_by_id \- Get a Certificate Transparency log from a CTLOG_STORE +CTLOG_STORE_get0_log_by_id \- +Get a Certificate Transparency log from a CTLOG_STORE .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -173,7 +172,7 @@ The \fBCTLOG_STORE_get0_log_by_id()\fR function was added in OpenSSL 1.1.0. .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CTLOG_STORE_new.3 b/secure/lib/libcrypto/man/man3/CTLOG_STORE_new.3 index fd134a9740de..5cc40e9f3ec8 100644 --- a/secure/lib/libcrypto/man/man3/CTLOG_STORE_new.3 +++ b/secure/lib/libcrypto/man/man3/CTLOG_STORE_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,23 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "CTLOG_STORE_NEW 3" -.TH CTLOG_STORE_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "CTLOG_STORE_NEW 3ossl" +.TH CTLOG_STORE_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -CTLOG_STORE_new, CTLOG_STORE_free, CTLOG_STORE_load_default_file, CTLOG_STORE_load_file \- Create and populate a Certificate Transparency log list +CTLOG_STORE_new_ex, +CTLOG_STORE_new, CTLOG_STORE_free, +CTLOG_STORE_load_default_file, CTLOG_STORE_load_file \- +Create and populate a Certificate Transparency log list .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ct.h> \& +\& CTLOG_STORE *CTLOG_STORE_new_ex(OSSL_LIB_CTX *libctx, const char *propq); \& CTLOG_STORE *CTLOG_STORE_new(void); \& void CTLOG_STORE_free(CTLOG_STORE *store); \& @@ -157,13 +159,19 @@ A \s-1CTLOG_STORE\s0 is a container for a list of CTLOGs (Certificate Transparen logs). The list can be loaded from one or more files and then searched by LogID (see \s-1RFC 6962,\s0 Section 3.2, for the definition of a LogID). .PP -\&\fBCTLOG_STORE_new()\fR creates an empty list of \s-1CT\s0 logs. This is then populated -by \fBCTLOG_STORE_load_default_file()\fR or \fBCTLOG_STORE_load_file()\fR. -\&\fBCTLOG_STORE_load_default_file()\fR loads from the default file, which is named -\&\*(L"ct_log_list.cnf\*(R" in \s-1OPENSSLDIR\s0 (see the output of version). This can be -overridden using an environment variable named \*(L"\s-1CTLOG_FILE\*(R".\s0 -\&\fBCTLOG_STORE_load_file()\fR loads from a caller-specified file path instead. -Both of these functions append any loaded \s-1CT\s0 logs to the \s-1CTLOG_STORE.\s0 +\&\fBCTLOG_STORE_new_ex()\fR creates an empty list of \s-1CT\s0 logs associated with +the library context \fIlibctx\fR and the property query string \fIpropq\fR. +.PP +\&\fBCTLOG_STORE_new()\fR does the same thing as \fBCTLOG_STORE_new_ex()\fR but with +the default library context and property query string. +.PP +The \s-1CTLOG_STORE\s0 is then populated by \fBCTLOG_STORE_load_default_file()\fR or +\&\fBCTLOG_STORE_load_file()\fR. \fBCTLOG_STORE_load_default_file()\fR loads from the default +file, which is named \fIct_log_list.cnf\fR in \s-1OPENSSLDIR\s0 (see the output of +\&\fBopenssl\-version\fR\|(1)). This can be overridden using an environment variable +named \fB\s-1CTLOG_FILE\s0\fR. \fBCTLOG_STORE_load_file()\fR loads from a caller-specified file +path instead. Both of these functions append any loaded \s-1CT\s0 logs to the +\&\s-1CTLOG_STORE.\s0 .PP The expected format of the file is: .PP @@ -198,12 +206,13 @@ all \s-1CT\s0 logs in the file are successfully parsed and loaded, 0 otherwise. \&\fBSSL_CTX_set_ctlog_list_file\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -These functions were added in OpenSSL 1.1.0. +CTLOG_STORE_new_ex was added in OpenSSL 3.0. All other functions were +added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CTLOG_new.3 b/secure/lib/libcrypto/man/man3/CTLOG_new.3 index 59bc23e1deac..c017d003a7f1 100644 --- a/secure/lib/libcrypto/man/man3/CTLOG_new.3 +++ b/secure/lib/libcrypto/man/man3/CTLOG_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,20 +130,29 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "CTLOG_NEW 3" -.TH CTLOG_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "CTLOG_NEW 3ossl" +.TH CTLOG_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -CTLOG_new, CTLOG_new_from_base64, CTLOG_free, CTLOG_get0_name, CTLOG_get0_log_id, CTLOG_get0_public_key \- encapsulates information about a Certificate Transparency log +CTLOG_new_ex, CTLOG_new, CTLOG_new_from_base64, +CTLOG_new_from_base64_ex, CTLOG_free, +CTLOG_get0_name, CTLOG_get0_log_id, CTLOG_get0_public_key \- +encapsulates information about a Certificate Transparency log .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ct.h> \& +\& CTLOG *CTLOG_new_ex(EVP_PKEY *public_key, const char *name, +\& OSSL_LIB_CTX *libctx, const char *propq); \& CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name); +\& +\& int CTLOG_new_from_base64_ex(CTLOG **ct_log, const char *pkey_base64, +\& const char *name, OSSL_LIB_CTX *libctx, +\& const char *propq); \& int CTLOG_new_from_base64(CTLOG ** ct_log, \& const char *pkey_base64, const char *name); \& void CTLOG_free(CTLOG *log); @@ -156,14 +163,24 @@ CTLOG_new, CTLOG_new_from_base64, CTLOG_free, CTLOG_get0_name, CTLOG_get0_log_id .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBCTLOG_new()\fR returns a new \s-1CTLOG\s0 that represents the Certificate Transparency -(\s-1CT\s0) log with the given public key. A name must also be provided that can be -used to help users identify this log. Ownership of the public key is -transferred. +\&\fBCTLOG_new_ex()\fR returns a new \s-1CTLOG\s0 that represents the Certificate +Transparency (\s-1CT\s0) log with the given public key and associates it with the +library context \fIlibctx\fR and property query string \fIpropq\fR. A name must also +be provided that can be used to help users identify this log. Ownership of the +public key is transferred. +.PP +\&\fBCTLOG_new()\fR does the same thing as \fBCTLOG_new_ex()\fR but with the default +library context and the default property query string. +.PP +\&\fBCTLOG_new_from_base64_ex()\fR also creates a new \s-1CTLOG,\s0 but takes the +public key in base64\-encoded \s-1DER\s0 form and sets the ct_log pointer to point to +the new \s-1CTLOG.\s0 The base64 will be decoded and the public key parsed. The \s-1CTLOG\s0 +will be associated with the given library context \fIlibctx\fR and property query +string \fIpropq\fR. .PP -\&\fBCTLOG_new_from_base64()\fR also creates a new \s-1CTLOG,\s0 but takes the public key in -base64\-encoded \s-1DER\s0 form and sets the ct_log pointer to point to the new \s-1CTLOG.\s0 -The base64 will be decoded and the public key parsed. +\&\fBCTLOG_new_from_base64()\fR does the same thing as +\&\fBCTLOG_new_from_base64_ex()\fR except that the default library context and +property query string are used. .PP Regardless of whether \fBCTLOG_new()\fR or \fBCTLOG_new_from_base64()\fR is used, it is the caller's responsibility to pass the \s-1CTLOG\s0 to \fBCTLOG_free()\fR once it is no longer @@ -190,12 +207,13 @@ the string remains with the \s-1CTLOG.\s0 \&\fBct\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" -These functions were added in OpenSSL 1.1.0. +The functions \fBCTLOG_new_ex()\fR and \fBCTLOG_new_from_base64_ex()\fR +were added in OpenSSL 3.0. All other functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/CT_POLICY_EVAL_CTX_new.3 b/secure/lib/libcrypto/man/man3/CT_POLICY_EVAL_CTX_new.3 index 0a721acb3f19..aaf9bb4c73d4 100644 --- a/secure/lib/libcrypto/man/man3/CT_POLICY_EVAL_CTX_new.3 +++ b/secure/lib/libcrypto/man/man3/CT_POLICY_EVAL_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,27 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "CT_POLICY_EVAL_CTX_NEW 3" -.TH CT_POLICY_EVAL_CTX_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "CT_POLICY_EVAL_CTX_NEW 3ossl" +.TH CT_POLICY_EVAL_CTX_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -CT_POLICY_EVAL_CTX_new, CT_POLICY_EVAL_CTX_free, CT_POLICY_EVAL_CTX_get0_cert, CT_POLICY_EVAL_CTX_set1_cert, CT_POLICY_EVAL_CTX_get0_issuer, CT_POLICY_EVAL_CTX_set1_issuer, CT_POLICY_EVAL_CTX_get0_log_store, CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE, CT_POLICY_EVAL_CTX_get_time, CT_POLICY_EVAL_CTX_set_time \- Encapsulates the data required to evaluate whether SCTs meet a Certificate Transparency policy +CT_POLICY_EVAL_CTX_new_ex, +CT_POLICY_EVAL_CTX_new, CT_POLICY_EVAL_CTX_free, +CT_POLICY_EVAL_CTX_get0_cert, CT_POLICY_EVAL_CTX_set1_cert, +CT_POLICY_EVAL_CTX_get0_issuer, CT_POLICY_EVAL_CTX_set1_issuer, +CT_POLICY_EVAL_CTX_get0_log_store, CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE, +CT_POLICY_EVAL_CTX_get_time, CT_POLICY_EVAL_CTX_set_time \- +Encapsulates the data required to evaluate whether SCTs meet a Certificate Transparency policy .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ct.h> \& +\& CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx, +\& const char *propq); \& CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void); \& void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx); \& X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx); @@ -175,8 +181,15 @@ the current time .PP The above requirements are met using the setters described below. .PP -\&\fBCT_POLICY_EVAL_CTX_new()\fR creates an empty policy evaluation context. This -should then be populated using: +\&\fBCT_POLICY_EVAL_CTX_new_ex()\fR creates an empty policy evaluation context +and associates it with the given library context \fIlibctx\fR and property query +string \fIpropq\fR. +.PP +\&\fBCT_POLICY_EVAL_CTX_new()\fR does the same thing as +\&\fBCT_POLICY_EVAL_CTX_new_ex()\fR except that it uses the default library +context and property query string. +.PP +The \s-1CT_POLICY_EVAL_CTX\s0 should then be populated using: .IP "\(bu" 2 \&\fBCT_POLICY_EVAL_CTX_set1_cert()\fR to provide the certificate the SCTs were issued for .Sp @@ -198,7 +211,7 @@ issued in the future. \s-1RFC6962\s0 states that \*(L"\s-1TLS\s0 clients \s-1MUS timestamp is in the future\*(R". By default, this will be set to 5 minutes in the future (e.g. (\fBtime()\fR + 300) * 1000), to allow for clock drift. .Sp -The time should be in milliseconds since the Unix epoch. +The time should be in milliseconds since the Unix Epoch. .PP Each setter has a matching getter for accessing the current value. .PP @@ -212,18 +225,20 @@ certificate (i.e. those in an X.509 extension), but may not be the case for SCTs found in the \s-1TLS SCT\s0 extension or \s-1OCSP\s0 response. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBCT_POLICY_EVAL_CTX_new()\fR will return \s-1NULL\s0 if malloc fails. +\&\fBCT_POLICY_EVAL_CTX_new_ex()\fR and \fBCT_POLICY_EVAL_CTX_new()\fR will return +\&\s-1NULL\s0 if malloc fails. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBct\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" -These functions were added in OpenSSL 1.1.0. +CT_POLICY_EVAL_CTX_new_ex was added in OpenSSL 3.0. All other +functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/DEFINE_STACK_OF.3 b/secure/lib/libcrypto/man/man3/DEFINE_STACK_OF.3 index b56be13a3ead..118c17dc2ff4 100644 --- a/secure/lib/libcrypto/man/man3/DEFINE_STACK_OF.3 +++ b/secure/lib/libcrypto/man/man3/DEFINE_STACK_OF.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,30 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DEFINE_STACK_OF 3" -.TH DEFINE_STACK_OF 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "DEFINE_STACK_OF 3ossl" +.TH DEFINE_STACK_OF 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -DEFINE_STACK_OF, DEFINE_STACK_OF_CONST, DEFINE_SPECIAL_STACK_OF, DEFINE_SPECIAL_STACK_OF_CONST, sk_TYPE_num, sk_TYPE_value, sk_TYPE_new, sk_TYPE_new_null, sk_TYPE_reserve, sk_TYPE_free, sk_TYPE_zero, sk_TYPE_delete, sk_TYPE_delete_ptr, sk_TYPE_push, sk_TYPE_unshift, sk_TYPE_pop, sk_TYPE_shift, sk_TYPE_pop_free, sk_TYPE_insert, sk_TYPE_set, sk_TYPE_find, sk_TYPE_find_ex, sk_TYPE_sort, sk_TYPE_is_sorted, sk_TYPE_dup, sk_TYPE_deep_copy, sk_TYPE_set_cmp_func, sk_TYPE_new_reserve \&\- stack container +DEFINE_STACK_OF, DEFINE_STACK_OF_CONST, DEFINE_SPECIAL_STACK_OF, +DEFINE_SPECIAL_STACK_OF_CONST, +sk_TYPE_num, sk_TYPE_value, sk_TYPE_new, sk_TYPE_new_null, +sk_TYPE_reserve, sk_TYPE_free, sk_TYPE_zero, sk_TYPE_delete, +sk_TYPE_delete_ptr, sk_TYPE_push, sk_TYPE_unshift, sk_TYPE_pop, +sk_TYPE_shift, sk_TYPE_pop_free, sk_TYPE_insert, sk_TYPE_set, +sk_TYPE_find, sk_TYPE_find_ex, sk_TYPE_find_all, sk_TYPE_sort, +sk_TYPE_is_sorted, sk_TYPE_dup, sk_TYPE_deep_copy, sk_TYPE_set_cmp_func, +sk_TYPE_new_reserve, +OPENSSL_sk_deep_copy, OPENSSL_sk_delete, OPENSSL_sk_delete_ptr, +OPENSSL_sk_dup, OPENSSL_sk_find, OPENSSL_sk_find_ex, OPENSSL_sk_find_all, +OPENSSL_sk_free, OPENSSL_sk_insert, OPENSSL_sk_is_sorted, OPENSSL_sk_new, +OPENSSL_sk_new_null, OPENSSL_sk_new_reserve, OPENSSL_sk_num, OPENSSL_sk_pop, +OPENSSL_sk_pop_free, OPENSSL_sk_push, OPENSSL_sk_reserve, OPENSSL_sk_set, +OPENSSL_sk_set_cmp_func, OPENSSL_sk_shift, OPENSSL_sk_sort, +OPENSSL_sk_unshift, OPENSSL_sk_value, OPENSSL_sk_zero +\&\- stack container .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -173,6 +187,7 @@ DEFINE_STACK_OF, DEFINE_STACK_OF_CONST, DEFINE_SPECIAL_STACK_OF, DEFINE_SPECIAL_ \& TYPE *sk_TYPE_set(STACK_OF(TYPE) *sk, int idx, const TYPE *ptr); \& int sk_TYPE_find(STACK_OF(TYPE) *sk, TYPE *ptr); \& int sk_TYPE_find_ex(STACK_OF(TYPE) *sk, TYPE *ptr); +\& int sk_TYPE_find_all(STACK_OF(TYPE) *sk, TYPE *ptr, int *pnum); \& void sk_TYPE_sort(const STACK_OF(TYPE) *sk); \& int sk_TYPE_is_sorted(const STACK_OF(TYPE) *sk); \& STACK_OF(TYPE) *sk_TYPE_dup(const STACK_OF(TYPE) *sk); @@ -188,218 +203,240 @@ DEFINE_STACK_OF, DEFINE_STACK_OF_CONST, DEFINE_SPECIAL_STACK_OF, DEFINE_SPECIAL_ Applications can create and use their own stacks by placing any of the macros described below in a header file. These macros define typesafe inline functions that wrap around the utility \fBOPENSSL_sk_\fR \s-1API.\s0 -In the description here, \fI\s-1TYPE\s0\fR is used -as a placeholder for any of the OpenSSL datatypes, such as \fIX509\fR. -.PP -\&\s-1\fBSTACK_OF\s0()\fR returns the name for a stack of the specified \fB\s-1TYPE\s0\fR. -\&\s-1\fBDEFINE_STACK_OF\s0()\fR creates set of functions for a stack of \fB\s-1TYPE\s0\fR. This -will mean that type \fB\s-1TYPE\s0\fR is stored in each stack, the type is referenced by -\&\s-1STACK_OF\s0(\s-1TYPE\s0) and each function name begins with \fIsk_TYPE_\fR. For example: -.PP -.Vb 1 -\& TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx); -.Ve -.PP +In the description here, \fB\f(BI\s-1TYPE\s0\fB\fR is used +as a placeholder for any of the OpenSSL datatypes, such as \fBX509\fR. +.PP +The \s-1\fBSTACK_OF\s0()\fR macro returns the name for a stack of the specified \fB\f(BI\s-1TYPE\s0\fB\fR. +This is an opaque pointer to a structure declaration. +This can be used in every header file that references the stack. +There are several \fB\s-1DEFINE...\s0\fR macros that create static inline functions +for all of the functions described on this page. +This should normally be used in one source file, and the stack manipulation +is wrapped with application-specific functions. +.PP +\&\s-1\fBDEFINE_STACK_OF\s0()\fR creates set of functions for a stack of \fB\f(BI\s-1TYPE\s0\fB\fR elements. +The type is referenced by +\&\fB\s-1STACK_OF\s0\fR(\fB\f(BI\s-1TYPE\s0\fB\fR) and each function name begins with \fBsk_\f(BI\s-1TYPE\s0\fB_\fR. \&\s-1\fBDEFINE_STACK_OF_CONST\s0()\fR is identical to \s-1\fBDEFINE_STACK_OF\s0()\fR except -each element is constant. For example: +each element is constant. .PP -.Vb 1 +.Vb 4 +\& /* DEFINE_STACK_OF(TYPE) */ +\& TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx); +\& /* DEFINE_STACK_OF_CONST(TYPE) */ \& const TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx); .Ve .PP -\&\s-1\fBDEFINE_SPECIAL_STACK_OF\s0()\fR defines a stack of \fB\s-1TYPE\s0\fR but -each function uses \fB\s-1FUNCNAME\s0\fR in the function name. For example: +\&\s-1\fBDEFINE_SPECIAL_STACK_OF\s0()\fR and \s-1\fBDEFINE_SPECIAL_STACK_OF_CONST\s0()\fR are similar +except \fB\s-1FUNCNAME\s0\fR is used in the function names: .PP -.Vb 1 +.Vb 4 +\& /* DEFINE_SPECIAL_STACK_OF(TYPE, FUNCNAME) */ \& TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx); -.Ve -.PP -\&\s-1\fBDEFINE_SPECIAL_STACK_OF_CONST\s0()\fR is similar except that each element is -constant: -.PP -.Vb 1 +\& /* DEFINE_SPECIAL_STACK_OF(TYPE, FUNCNAME) */ \& const TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx); .Ve .PP -\&\fBsk_TYPE_num()\fR returns the number of elements in \fBsk\fR or \-1 if \fBsk\fR is -\&\fB\s-1NULL\s0\fR. +\&\fBsk_\f(BI\s-1TYPE\s0\fB_num\fR() returns the number of elements in \fIsk\fR or \-1 if \fIsk\fR is +\&\s-1NULL.\s0 .PP -\&\fBsk_TYPE_value()\fR returns element \fBidx\fR in \fBsk\fR, where \fBidx\fR starts at -zero. If \fBidx\fR is out of range then \fB\s-1NULL\s0\fR is returned. +\&\fBsk_\f(BI\s-1TYPE\s0\fB_value\fR() returns element \fIidx\fR in \fIsk\fR, where \fIidx\fR starts at +zero. If \fIidx\fR is out of range then \s-1NULL\s0 is returned. .PP -\&\fBsk_TYPE_new()\fR allocates a new empty stack using comparison function \fBcompare\fR. -If \fBcompare\fR is \fB\s-1NULL\s0\fR then no comparison function is used. This function is -equivalent to sk_TYPE_new_reserve(compare, 0). +\&\fBsk_\f(BI\s-1TYPE\s0\fB_new\fR() allocates a new empty stack using comparison function +\&\fIcompare\fR. If \fIcompare\fR is \s-1NULL\s0 then no comparison function is used. This +function is equivalent to \fBsk_\f(BI\s-1TYPE\s0\fB_new_reserve\fR(\fIcompare\fR, 0). .PP -\&\fBsk_TYPE_new_null()\fR allocates a new empty stack with no comparison function. This -function is equivalent to sk_TYPE_new_reserve(\s-1NULL, 0\s0). +\&\fBsk_\f(BI\s-1TYPE\s0\fB_new_null\fR() allocates a new empty stack with no comparison +function. This function is equivalent to \fBsk_\f(BI\s-1TYPE\s0\fB_new_reserve\fR(\s-1NULL, 0\s0). .PP -\&\fBsk_TYPE_reserve()\fR allocates additional memory in the \fBsk\fR structure -such that the next \fBn\fR calls to \fBsk_TYPE_insert()\fR, \fBsk_TYPE_push()\fR -or \fBsk_TYPE_unshift()\fR will not fail or cause memory to be allocated -or reallocated. If \fBn\fR is zero, any excess space allocated in the -\&\fBsk\fR structure is freed. On error \fBsk\fR is unchanged. +\&\fBsk_\f(BI\s-1TYPE\s0\fB_reserve\fR() allocates additional memory in the \fIsk\fR structure +such that the next \fIn\fR calls to \fBsk_\f(BI\s-1TYPE\s0\fB_insert\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_push\fR() +or \fBsk_\f(BI\s-1TYPE\s0\fB_unshift\fR() will not fail or cause memory to be allocated +or reallocated. If \fIn\fR is zero, any excess space allocated in the +\&\fIsk\fR structure is freed. On error \fIsk\fR is unchanged. .PP -\&\fBsk_TYPE_new_reserve()\fR allocates a new stack. The new stack will have additional -memory allocated to hold \fBn\fR elements if \fBn\fR is positive. The next \fBn\fR calls -to \fBsk_TYPE_insert()\fR, \fBsk_TYPE_push()\fR or \fBsk_TYPE_unshift()\fR will not fail or cause -memory to be allocated or reallocated. If \fBn\fR is zero or less than zero, no -memory is allocated. \fBsk_TYPE_new_reserve()\fR also sets the comparison function -\&\fBcompare\fR to the newly created stack. If \fBcompare\fR is \fB\s-1NULL\s0\fR then no -comparison function is used. +\&\fBsk_\f(BI\s-1TYPE\s0\fB_new_reserve\fR() allocates a new stack. The new stack will have +additional memory allocated to hold \fIn\fR elements if \fIn\fR is positive. +The next \fIn\fR calls to \fBsk_\f(BI\s-1TYPE\s0\fB_insert\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_push\fR() or +\&\fBsk_\f(BI\s-1TYPE\s0\fB_unshift\fR() will not fail or cause memory to be allocated or +reallocated. If \fIn\fR is zero or less than zero, no memory is allocated. +\&\fBsk_\f(BI\s-1TYPE\s0\fB_new_reserve\fR() also sets the comparison function \fIcompare\fR +to the newly created stack. If \fIcompare\fR is \s-1NULL\s0 then no comparison +function is used. .PP -\&\fBsk_TYPE_set_cmp_func()\fR sets the comparison function of \fBsk\fR to \fBcompare\fR. -The previous comparison function is returned or \fB\s-1NULL\s0\fR if there was -no previous comparison function. +\&\fBsk_\f(BI\s-1TYPE\s0\fB_set_cmp_func\fR() sets the comparison function of \fIsk\fR to +\&\fIcompare\fR. The previous comparison function is returned or \s-1NULL\s0 if there +was no previous comparison function. .PP -\&\fBsk_TYPE_free()\fR frees up the \fBsk\fR structure. It does \fBnot\fR free up any -elements of \fBsk\fR. After this call \fBsk\fR is no longer valid. +\&\fBsk_\f(BI\s-1TYPE\s0\fB_free\fR() frees up the \fIsk\fR structure. It does \fInot\fR free up any +elements of \fIsk\fR. After this call \fIsk\fR is no longer valid. .PP -\&\fBsk_TYPE_zero()\fR sets the number of elements in \fBsk\fR to zero. It does not free -\&\fBsk\fR so after this call \fBsk\fR is still valid. +\&\fBsk_\f(BI\s-1TYPE\s0\fB_zero\fR() sets the number of elements in \fIsk\fR to zero. It does not +free \fIsk\fR so after this call \fIsk\fR is still valid. .PP -\&\fBsk_TYPE_pop_free()\fR frees up all elements of \fBsk\fR and \fBsk\fR itself. The +\&\fBsk_\f(BI\s-1TYPE\s0\fB_pop_free\fR() frees up all elements of \fIsk\fR and \fIsk\fR itself. The free function \fBfreefunc()\fR is called on each element to free it. .PP -\&\fBsk_TYPE_delete()\fR deletes element \fBi\fR from \fBsk\fR. It returns the deleted -element or \fB\s-1NULL\s0\fR if \fBi\fR is out of range. +\&\fBsk_\f(BI\s-1TYPE\s0\fB_delete\fR() deletes element \fIi\fR from \fIsk\fR. It returns the deleted +element or \s-1NULL\s0 if \fIi\fR is out of range. .PP -\&\fBsk_TYPE_delete_ptr()\fR deletes element matching \fBptr\fR from \fBsk\fR. It returns -the deleted element or \fB\s-1NULL\s0\fR if no element matching \fBptr\fR was found. +\&\fBsk_\f(BI\s-1TYPE\s0\fB_delete_ptr\fR() deletes element matching \fIptr\fR from \fIsk\fR. It +returns the deleted element or \s-1NULL\s0 if no element matching \fIptr\fR was found. .PP -\&\fBsk_TYPE_insert()\fR inserts \fBptr\fR into \fBsk\fR at position \fBidx\fR. Any existing -elements at or after \fBidx\fR are moved downwards. If \fBidx\fR is out of range -the new element is appended to \fBsk\fR. \fBsk_TYPE_insert()\fR either returns the -number of elements in \fBsk\fR after the new element is inserted or zero if -an error (such as memory allocation failure) occurred. +\&\fBsk_\f(BI\s-1TYPE\s0\fB_insert\fR() inserts \fIptr\fR into \fIsk\fR at position \fIidx\fR. Any +existing elements at or after \fIidx\fR are moved downwards. If \fIidx\fR is out +of range the new element is appended to \fIsk\fR. \fBsk_\f(BI\s-1TYPE\s0\fB_insert\fR() either +returns the number of elements in \fIsk\fR after the new element is inserted or +zero if an error (such as memory allocation failure) occurred. .PP -\&\fBsk_TYPE_push()\fR appends \fBptr\fR to \fBsk\fR it is equivalent to: +\&\fBsk_\f(BI\s-1TYPE\s0\fB_push\fR() appends \fIptr\fR to \fIsk\fR it is equivalent to: .PP .Vb 1 \& sk_TYPE_insert(sk, ptr, \-1); .Ve .PP -\&\fBsk_TYPE_unshift()\fR inserts \fBptr\fR at the start of \fBsk\fR it is equivalent to: +\&\fBsk_\f(BI\s-1TYPE\s0\fB_unshift\fR() inserts \fIptr\fR at the start of \fIsk\fR it is equivalent +to: .PP .Vb 1 \& sk_TYPE_insert(sk, ptr, 0); .Ve .PP -\&\fBsk_TYPE_pop()\fR returns and removes the last element from \fBsk\fR. +\&\fBsk_\f(BI\s-1TYPE\s0\fB_pop\fR() returns and removes the last element from \fIsk\fR. .PP -\&\fBsk_TYPE_shift()\fR returns and removes the first element from \fBsk\fR. +\&\fBsk_\f(BI\s-1TYPE\s0\fB_shift\fR() returns and removes the first element from \fIsk\fR. .PP -\&\fBsk_TYPE_set()\fR sets element \fBidx\fR of \fBsk\fR to \fBptr\fR replacing the current -element. The new element value is returned or \fB\s-1NULL\s0\fR if an error occurred: -this will only happen if \fBsk\fR is \fB\s-1NULL\s0\fR or \fBidx\fR is out of range. +\&\fBsk_\f(BI\s-1TYPE\s0\fB_set\fR() sets element \fIidx\fR of \fIsk\fR to \fIptr\fR replacing the current +element. The new element value is returned or \s-1NULL\s0 if an error occurred: +this will only happen if \fIsk\fR is \s-1NULL\s0 or \fIidx\fR is out of range. .PP -\&\fBsk_TYPE_find()\fR searches \fBsk\fR for the element \fBptr\fR. In the case +\&\fBsk_\f(BI\s-1TYPE\s0\fB_find\fR() searches \fIsk\fR for the element \fIptr\fR. In the case where no comparison function has been specified, the function performs -a linear search for a pointer equal to \fBptr\fR. The index of the first +a linear search for a pointer equal to \fIptr\fR. The index of the first matching element is returned or \fB\-1\fR if there is no match. In the case -where a comparison function has been specified, \fBsk\fR is sorted then -\&\fBsk_TYPE_find()\fR returns the index of a matching element or \fB\-1\fR if there -is no match. Note that, in this case, the matching element returned is -not guaranteed to be the first; the comparison function will usually +where a comparison function has been specified, \fIsk\fR is sorted and +\&\fBsk_\f(BI\s-1TYPE\s0\fB_find\fR() returns the index of a matching element or \fB\-1\fR if there +is no match. Note that, in this case the comparison function will usually compare the values pointed to rather than the pointers themselves and -the order of elements in \fBsk\fR could change. -.PP -\&\fBsk_TYPE_find_ex()\fR operates like \fBsk_TYPE_find()\fR except when a comparison -function has been specified and no matching element is found. Instead -of returning \fB\-1\fR, \fBsk_TYPE_find_ex()\fR returns the index of the element -either before or after the location where \fBptr\fR would be if it were -present in \fBsk\fR. -.PP -\&\fBsk_TYPE_sort()\fR sorts \fBsk\fR using the supplied comparison function. -.PP -\&\fBsk_TYPE_is_sorted()\fR returns \fB1\fR if \fBsk\fR is sorted and \fB0\fR otherwise. -.PP -\&\fBsk_TYPE_dup()\fR returns a copy of \fBsk\fR. Note the pointers in the copy -are identical to the original. -.PP -\&\fBsk_TYPE_deep_copy()\fR returns a new stack where each element has been copied. -Copying is performed by the supplied \fBcopyfunc()\fR and freeing by \fBfreefunc()\fR. The -function \fBfreefunc()\fR is only called if an error occurs. +the order of elements in \fIsk\fR can change. Note that because the stack may be +sorted as the result of a \fBsk_\f(BI\s-1TYPE\s0\fB_find\fR() call, if a lock is being used to +synchronise access to the stack across multiple threads, then that lock must be +a \*(L"write\*(R" lock. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_find_ex\fR() operates like \fBsk_\f(BI\s-1TYPE\s0\fB_find\fR() except when a +comparison function has been specified and no matching element is found. +Instead of returning \fB\-1\fR, \fBsk_\f(BI\s-1TYPE\s0\fB_find_ex\fR() returns the index of the +element either before or after the location where \fIptr\fR would be if it were +present in \fIsk\fR. The function also does not guarantee that the first matching +element in the sorted stack is returned. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_find_all\fR() operates like \fBsk_\f(BI\s-1TYPE\s0\fB_find\fR() but it also +sets the \fI*pnum\fR to number of matching elements in the stack. In case +no comparison function has been specified the \fI*pnum\fR will be always set +to 1 if matching element was found, 0 otherwise. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_sort\fR() sorts \fIsk\fR using the supplied comparison function. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_is_sorted\fR() returns \fB1\fR if \fIsk\fR is sorted and \fB0\fR otherwise. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_dup\fR() returns a shallow copy of \fIsk\fR +or an empty stack if the passed stack is \s-1NULL.\s0 +Note the pointers in the copy are identical to the original. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_deep_copy\fR() returns a new stack where each element has been +copied or an empty stack if the passed stack is \s-1NULL.\s0 +Copying is performed by the supplied \fBcopyfunc()\fR and freeing by \fBfreefunc()\fR. +The function \fBfreefunc()\fR is only called if an error occurs. .SH "NOTES" .IX Header "NOTES" Care should be taken when accessing stacks in multi-threaded environments. -Any operation which increases the size of a stack such as \fBsk_TYPE_insert()\fR or -\&\fBsk_push()\fR can \*(L"grow\*(R" the size of an internal array and cause race conditions -if the same stack is accessed in a different thread. Operations such as -\&\fBsk_find()\fR and \fBsk_sort()\fR can also reorder the stack. +Any operation which increases the size of a stack such as \fBsk_\f(BI\s-1TYPE\s0\fB_insert\fR() +or \fBsk_\f(BI\s-1TYPE\s0\fB_push\fR() can \*(L"grow\*(R" the size of an internal array and cause race +conditions if the same stack is accessed in a different thread. Operations such +as \fBsk_\f(BI\s-1TYPE\s0\fB_find\fR() and \fBsk_\f(BI\s-1TYPE\s0\fB_sort\fR() can also reorder the stack. .PP Any comparison function supplied should use a metric suitable for use in a binary search operation. That is it should return zero, a -positive or negative value if \fBa\fR is equal to, greater than -or less than \fBb\fR respectively. +positive or negative value if \fIa\fR is equal to, greater than +or less than \fIb\fR respectively. .PP Care should be taken when checking the return values of the functions -\&\fBsk_TYPE_find()\fR and \fBsk_TYPE_find_ex()\fR. They return an index to the +\&\fBsk_\f(BI\s-1TYPE\s0\fB_find\fR() and \fBsk_\f(BI\s-1TYPE\s0\fB_find_ex\fR(). They return an index to the matching element. In particular \fB0\fR indicates a matching first element. A failed search is indicated by a \fB\-1\fR return value. .PP \&\s-1\fBSTACK_OF\s0()\fR, \s-1\fBDEFINE_STACK_OF\s0()\fR, \s-1\fBDEFINE_STACK_OF_CONST\s0()\fR, and \&\s-1\fBDEFINE_SPECIAL_STACK_OF\s0()\fR are implemented as macros. .PP +It is not an error to call \fBsk_\f(BI\s-1TYPE\s0\fB_num\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_value\fR(), +\&\fBsk_\f(BI\s-1TYPE\s0\fB_free\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_zero\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_pop_free\fR(), +\&\fBsk_\f(BI\s-1TYPE\s0\fB_delete\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_delete_ptr\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_pop\fR(), +\&\fBsk_\f(BI\s-1TYPE\s0\fB_shift\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_find\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_find_ex\fR(), +and \fBsk_\f(BI\s-1TYPE\s0\fB_find_all\fR() on a \s-1NULL\s0 stack, empty stack, or with +an invalid index. An error is not raised in these conditions. +.PP The underlying utility \fBOPENSSL_sk_\fR \s-1API\s0 should not be used directly. It defines these functions: \fBOPENSSL_sk_deep_copy()\fR, \&\fBOPENSSL_sk_delete()\fR, \fBOPENSSL_sk_delete_ptr()\fR, \fBOPENSSL_sk_dup()\fR, -\&\fBOPENSSL_sk_find()\fR, \fBOPENSSL_sk_find_ex()\fR, \fBOPENSSL_sk_free()\fR, -\&\fBOPENSSL_sk_insert()\fR, \fBOPENSSL_sk_is_sorted()\fR, \fBOPENSSL_sk_new()\fR, -\&\fBOPENSSL_sk_new_null()\fR, \fBOPENSSL_sk_num()\fR, \fBOPENSSL_sk_pop()\fR, -\&\fBOPENSSL_sk_pop_free()\fR, \fBOPENSSL_sk_push()\fR, \fBOPENSSL_sk_reserve()\fR, -\&\fBOPENSSL_sk_set()\fR, \fBOPENSSL_sk_set_cmp_func()\fR, \fBOPENSSL_sk_shift()\fR, -\&\fBOPENSSL_sk_sort()\fR, \fBOPENSSL_sk_unshift()\fR, \fBOPENSSL_sk_value()\fR, -\&\fBOPENSSL_sk_zero()\fR. +\&\fBOPENSSL_sk_find()\fR, \fBOPENSSL_sk_find_ex()\fR, \fBOPENSSL_sk_find_all()\fR, +\&\fBOPENSSL_sk_free()\fR, \fBOPENSSL_sk_insert()\fR, \fBOPENSSL_sk_is_sorted()\fR, +\&\fBOPENSSL_sk_new()\fR, \fBOPENSSL_sk_new_null()\fR, \fBOPENSSL_sk_new_reserve()\fR, +\&\fBOPENSSL_sk_num()\fR, \fBOPENSSL_sk_pop()\fR, \fBOPENSSL_sk_pop_free()\fR, \fBOPENSSL_sk_push()\fR, +\&\fBOPENSSL_sk_reserve()\fR, \fBOPENSSL_sk_set()\fR, \fBOPENSSL_sk_set_cmp_func()\fR, +\&\fBOPENSSL_sk_shift()\fR, \fBOPENSSL_sk_sort()\fR, \fBOPENSSL_sk_unshift()\fR, +\&\fBOPENSSL_sk_value()\fR, \fBOPENSSL_sk_zero()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBsk_TYPE_num()\fR returns the number of elements in the stack or \fB\-1\fR if the -passed stack is \fB\s-1NULL\s0\fR. +\&\fBsk_\f(BI\s-1TYPE\s0\fB_num\fR() returns the number of elements in the stack or \fB\-1\fR if the +passed stack is \s-1NULL.\s0 .PP -\&\fBsk_TYPE_value()\fR returns a pointer to a stack element or \fB\s-1NULL\s0\fR if the +\&\fBsk_\f(BI\s-1TYPE\s0\fB_value\fR() returns a pointer to a stack element or \s-1NULL\s0 if the index is out of range. .PP -\&\fBsk_TYPE_new()\fR, \fBsk_TYPE_new_null()\fR and \fBsk_TYPE_new_reserve()\fR return an empty -stack or \fB\s-1NULL\s0\fR if an error occurs. +\&\fBsk_\f(BI\s-1TYPE\s0\fB_new\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_new_null\fR() and \fBsk_\f(BI\s-1TYPE\s0\fB_new_reserve\fR() +return an empty stack or \s-1NULL\s0 if an error occurs. .PP -\&\fBsk_TYPE_reserve()\fR returns \fB1\fR on successful allocation of the required memory -or \fB0\fR on error. +\&\fBsk_\f(BI\s-1TYPE\s0\fB_reserve\fR() returns \fB1\fR on successful allocation of the required +memory or \fB0\fR on error. .PP -\&\fBsk_TYPE_set_cmp_func()\fR returns the old comparison function or \fB\s-1NULL\s0\fR if +\&\fBsk_\f(BI\s-1TYPE\s0\fB_set_cmp_func\fR() returns the old comparison function or \s-1NULL\s0 if there was no old comparison function. .PP -\&\fBsk_TYPE_free()\fR, \fBsk_TYPE_zero()\fR, \fBsk_TYPE_pop_free()\fR and \fBsk_TYPE_sort()\fR do -not return values. +\&\fBsk_\f(BI\s-1TYPE\s0\fB_free\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_zero\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_pop_free\fR() and +\&\fBsk_\f(BI\s-1TYPE\s0\fB_sort\fR() do not return values. .PP -\&\fBsk_TYPE_pop()\fR, \fBsk_TYPE_shift()\fR, \fBsk_TYPE_delete()\fR and \fBsk_TYPE_delete_ptr()\fR -return a pointer to the deleted element or \fB\s-1NULL\s0\fR on error. +\&\fBsk_\f(BI\s-1TYPE\s0\fB_pop\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_shift\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_delete\fR() and +\&\fBsk_\f(BI\s-1TYPE\s0\fB_delete_ptr\fR() return a pointer to the deleted element or \s-1NULL\s0 +on error. .PP -\&\fBsk_TYPE_insert()\fR, \fBsk_TYPE_push()\fR and \fBsk_TYPE_unshift()\fR return the total -number of elements in the stack and 0 if an error occurred. \fBsk_TYPE_push()\fR -further returns \-1 if \fBsk\fR is \fB\s-1NULL\s0\fR. +\&\fBsk_\f(BI\s-1TYPE\s0\fB_insert\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_push\fR() and \fBsk_\f(BI\s-1TYPE\s0\fB_unshift\fR() return +the total number of elements in the stack and 0 if an error occurred. +\&\fBsk_\f(BI\s-1TYPE\s0\fB_push\fR() further returns \-1 if \fIsk\fR is \s-1NULL.\s0 .PP -\&\fBsk_TYPE_set()\fR returns a pointer to the replacement element or \fB\s-1NULL\s0\fR on +\&\fBsk_\f(BI\s-1TYPE\s0\fB_set\fR() returns a pointer to the replacement element or \s-1NULL\s0 on error. .PP -\&\fBsk_TYPE_find()\fR and \fBsk_TYPE_find_ex()\fR return an index to the found element -or \fB\-1\fR on error. +\&\fBsk_\f(BI\s-1TYPE\s0\fB_find\fR() and \fBsk_\f(BI\s-1TYPE\s0\fB_find_ex\fR() return an index to the found +element or \fB\-1\fR on error. .PP -\&\fBsk_TYPE_is_sorted()\fR returns \fB1\fR if the stack is sorted and \fB0\fR if it is +\&\fBsk_\f(BI\s-1TYPE\s0\fB_is_sorted\fR() returns \fB1\fR if the stack is sorted and \fB0\fR if it is not. .PP -\&\fBsk_TYPE_dup()\fR and \fBsk_TYPE_deep_copy()\fR return a pointer to the copy of the -stack. +\&\fBsk_\f(BI\s-1TYPE\s0\fB_dup\fR() and \fBsk_\f(BI\s-1TYPE\s0\fB_deep_copy\fR() return a pointer to the copy +of the stack or \s-1NULL\s0 on error. .SH "HISTORY" .IX Header "HISTORY" Before OpenSSL 1.1.0, this was implemented via macros and not inline functions and was not a public \s-1API.\s0 .PP -\&\fBsk_TYPE_reserve()\fR and \fBsk_TYPE_new_reserve()\fR were added in OpenSSL 1.1.1. +\&\fBsk_\f(BI\s-1TYPE\s0\fB_reserve\fR() and \fBsk_\f(BI\s-1TYPE\s0\fB_new_reserve\fR() were added in OpenSSL +1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/DES_random_key.3 b/secure/lib/libcrypto/man/man3/DES_random_key.3 index 294085aa1377..b9533cacd68b 100644 --- a/secure/lib/libcrypto/man/man3/DES_random_key.3 +++ b/secure/lib/libcrypto/man/man3/DES_random_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,33 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DES_RANDOM_KEY 3" -.TH DES_RANDOM_KEY 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "DES_RANDOM_KEY 3ossl" +.TH DES_RANDOM_KEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked, DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key, DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt, DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt, DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt, DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt, DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt, DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys, DES_fcrypt, DES_crypt \- DES encryption +DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked, +DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key, +DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt, +DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt, +DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt, +DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt, +DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt, +DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys, +DES_fcrypt, DES_crypt \- DES encryption .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/des.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 \& void DES_random_key(DES_cblock *ret); \& \& int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); @@ -223,6 +235,10 @@ DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked, DES_set_key_unc .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. Applications should +instead use \fBEVP_EncryptInit_ex\fR\|(3), \fBEVP_EncryptUpdate\fR\|(3) and +\&\fBEVP_EncryptFinal_ex\fR\|(3) or the equivalently named decrypt functions. +.PP This library contains a fast implementation of the \s-1DES\s0 encryption algorithm. .PP @@ -248,11 +264,8 @@ and is not a weak or semi-weak key. If the parity is wrong, then \-1 is returned. If the key is a weak key, then \-2 is returned. If an error is returned, the key schedule is not generated. .PP -\&\fBDES_set_key()\fR works like -\&\fBDES_set_key_checked()\fR if the \fIDES_check_key\fR flag is nonzero, -otherwise like \fBDES_set_key_unchecked()\fR. These functions are available -for compatibility; it is recommended to use a function that does not -depend on a global variable. +\&\fBDES_set_key()\fR works like \fBDES_set_key_checked()\fR and remains for +backward compatibility. .PP \&\fBDES_set_odd_parity()\fR sets the parity of the passed \fIkey\fR to odd. .PP @@ -415,9 +428,12 @@ Single-key \s-1DES\s0 is insecure due to its short key size. \s-1ECB\s0 mode is not suitable for most applications; see \fBdes_modes\fR\|(7). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBDES_set_key()\fR, \fBDES_key_sched()\fR, \fBDES_set_key_checked()\fR and \fBDES_is_weak_key()\fR +\&\fBDES_set_key()\fR, \fBDES_key_sched()\fR, and \fBDES_set_key_checked()\fR return 0 on success or negative values on error. .PP +\&\fBDES_is_weak_key()\fR returns 1 if the passed key is a weak key, 0 if it +is ok. +.PP \&\fBDES_cbc_cksum()\fR and \fBDES_quad_cksum()\fR return 4\-byte integer representing the last 4 bytes of the checksum of the input. .PP @@ -429,6 +445,8 @@ to a static buffer on success; otherwise they return \s-1NULL.\s0 \&\fBEVP_EncryptInit\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP The requirement that the \fBsalt\fR parameter to \fBDES_crypt()\fR and \fBDES_fcrypt()\fR be two \s-1ASCII\s0 characters was first enforced in OpenSSL 1.1.0. Previous versions tried to use the letter uppercase \fBA\fR @@ -436,9 +454,9 @@ if both character were not present, and could crash when given non-ASCII on some platforms. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/DH_generate_key.3 b/secure/lib/libcrypto/man/man3/DH_generate_key.3 index 594eb572024e..5318fe313602 100644 --- a/secure/lib/libcrypto/man/man3/DH_generate_key.3 +++ b/secure/lib/libcrypto/man/man3/DH_generate_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,26 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DH_GENERATE_KEY 3" -.TH DH_GENERATE_KEY 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "DH_GENERATE_KEY 3ossl" +.TH DH_GENERATE_KEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -DH_generate_key, DH_compute_key, DH_compute_key_padded \- perform Diffie\-Hellman key exchange +DH_generate_key, DH_compute_key, DH_compute_key_padded \- perform +Diffie\-Hellman key exchange .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/dh.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 \& int DH_generate_key(DH *dh); \& \& int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); @@ -153,6 +158,10 @@ DH_generate_key, DH_compute_key, DH_compute_key_padded \- perform Diffie\-Hellma .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fBEVP_PKEY_derive_init\fR\|(3) +and \fBEVP_PKEY_derive\fR\|(3). +.PP \&\fBDH_generate_key()\fR performs the first step of a Diffie-Hellman key exchange by generating private and public \s-1DH\s0 values. By calling \&\fBDH_compute_key()\fR or \fBDH_compute_key_padded()\fR, these are combined with @@ -187,15 +196,18 @@ on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBEVP_PKEY_derive\fR\|(3), \&\fBDH_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \fBDH_size\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fBDH_compute_key_padded()\fR was added in OpenSSL 1.0.2. +.PP +All of these functions were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/DH_generate_parameters.3 b/secure/lib/libcrypto/man/man3/DH_generate_parameters.3 index 2f7ca870f26b..fe7831b28c06 100644 --- a/secure/lib/libcrypto/man/man3/DH_generate_parameters.3 +++ b/secure/lib/libcrypto/man/man3/DH_generate_parameters.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,29 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DH_GENERATE_PARAMETERS 3" -.TH DH_GENERATE_PARAMETERS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "DH_GENERATE_PARAMETERS 3ossl" +.TH DH_GENERATE_PARAMETERS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -DH_generate_parameters_ex, DH_generate_parameters, DH_check, DH_check_params, DH_check_ex, DH_check_params_ex, DH_check_pub_key_ex \&\- generate and check Diffie\-Hellman parameters +DH_generate_parameters_ex, DH_generate_parameters, +DH_check, DH_check_params, +DH_check_ex, DH_check_params_ex, DH_check_pub_key_ex +\&\- generate and check Diffie\-Hellman +parameters .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/dh.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 \& int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, BN_GENCB *cb); \& \& int DH_check(DH *dh, int *codes); @@ -155,16 +163,21 @@ DH_generate_parameters_ex, DH_generate_parameters, DH_check, DH_check_params, DH \& int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key); .Ve .PP -Deprecated: +The following functions have been deprecated since OpenSSL 0.9.8, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): .PP -.Vb 4 -\& #if OPENSSL_API_COMPAT < 0x00908000L +.Vb 2 \& DH *DH_generate_parameters(int prime_len, int generator, \& void (*callback)(int, int, void *), void *cb_arg); -\& #endif .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fBEVP_PKEY_check\fR\|(3), +\&\fBEVP_PKEY_public_check\fR\|(3), \fBEVP_PKEY_private_check\fR\|(3) and +\&\fBEVP_PKEY_param_check\fR\|(3). +.PP \&\fBDH_generate_parameters_ex()\fR generates Diffie-Hellman parameters that can be shared among a group of users, and stores them in the provided \fB\s-1DH\s0\fR structure. The pseudo-random number generator must be @@ -203,6 +216,12 @@ prime. The generator \fBg\fR is not suitable. Note that the lack of this bit doesn't guarantee that \fBg\fR is suitable, unless \fBp\fR is known to be a strong prime. +.IP "\s-1DH_MODULUS_TOO_SMALL\s0" 4 +.IX Item "DH_MODULUS_TOO_SMALL" +The modulus is too small. +.IP "\s-1DH_MODULUS_TOO_LARGE\s0" 4 +.IX Item "DH_MODULUS_TOO_LARGE" +The modulus is too large. .PP \&\fBDH_check()\fR confirms that the Diffie-Hellman parameters \fBdh\fR are valid. The value of \fB*codes\fR is updated with any problems found. If \fB*codes\fR is zero then @@ -251,13 +270,15 @@ The error codes can be obtained by \fBERR_get_error\fR\|(3). \&\fBDH_free\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP \&\fBDH_generate_parameters()\fR was deprecated in OpenSSL 0.9.8; use \&\fBDH_generate_parameters_ex()\fR instead. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/DH_get0_pqg.3 b/secure/lib/libcrypto/man/man3/DH_get0_pqg.3 index 85b55a086b8b..b4712c0542c1 100644 --- a/secure/lib/libcrypto/man/man3/DH_get0_pqg.3 +++ b/secure/lib/libcrypto/man/man3/DH_get0_pqg.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,29 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DH_GET0_PQG 3" -.TH DH_GET0_PQG 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "DH_GET0_PQG 3ossl" +.TH DH_GET0_PQG 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -DH_get0_pqg, DH_set0_pqg, DH_get0_key, DH_set0_key, DH_get0_p, DH_get0_q, DH_get0_g, DH_get0_priv_key, DH_get0_pub_key, DH_clear_flags, DH_test_flags, DH_set_flags, DH_get0_engine, DH_get_length, DH_set_length \- Routines for getting and setting data in a DH object +DH_get0_pqg, DH_set0_pqg, DH_get0_key, DH_set0_key, +DH_get0_p, DH_get0_q, DH_get0_g, +DH_get0_priv_key, DH_get0_pub_key, +DH_clear_flags, DH_test_flags, DH_set_flags, DH_get0_engine, +DH_get_length, DH_set_length \- Routines for getting and setting data in a DH object .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/dh.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 10 \& void DH_get0_pqg(const DH *dh, \& const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); \& int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); @@ -159,37 +167,48 @@ DH_get0_pqg, DH_set0_pqg, DH_get0_key, DH_set0_key, DH_get0_p, DH_get0_q, DH_get \& void DH_clear_flags(DH *dh, int flags); \& int DH_test_flags(const DH *dh, int flags); \& void DH_set_flags(DH *dh, int flags); -\& ENGINE *DH_get0_engine(DH *d); +\& \& long DH_get_length(const DH *dh); \& int DH_set_length(DH *dh, long length); +\& +\& ENGINE *DH_get0_engine(DH *d); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -A \s-1DH\s0 object contains the parameters \fBp\fR, \fBq\fR and \fBg\fR. Note that the \fBq\fR -parameter is optional. It also contains a public key (\fBpub_key\fR) and -(optionally) a private key (\fBpriv_key\fR). +All of the functions described on this page are deprecated. +Applications should instead use \fBEVP_PKEY_get_bn_param\fR\|(3) for any methods that +return a \fB\s-1BIGNUM\s0\fR. Refer to \s-1\fBEVP_PKEY\-DH\s0\fR\|(7) for more information. .PP -The \fBp\fR, \fBq\fR and \fBg\fR parameters can be obtained by calling \fBDH_get0_pqg()\fR. -If the parameters have not yet been set then \fB*p\fR, \fB*q\fR and \fB*g\fR will be set +A \s-1DH\s0 object contains the parameters \fIp\fR, \fIq\fR and \fIg\fR. Note that the \fIq\fR +parameter is optional. It also contains a public key (\fIpub_key\fR) and +(optionally) a private key (\fIpriv_key\fR). +.PP +The \fIp\fR, \fIq\fR and \fIg\fR parameters can be obtained by calling \fBDH_get0_pqg()\fR. +If the parameters have not yet been set then \fI*p\fR, \fI*q\fR and \fI*g\fR will be set to \s-1NULL.\s0 Otherwise they are set to pointers to their respective values. These point directly to the internal representations of the values and therefore should not be freed directly. -Any of the out parameters \fBp\fR, \fBq\fR, and \fBg\fR can be \s-1NULL,\s0 in which case no +Any of the out parameters \fIp\fR, \fIq\fR, and \fIg\fR can be \s-1NULL,\s0 in which case no value will be returned for that parameter. .PP -The \fBp\fR, \fBq\fR and \fBg\fR values can be set by calling \fBDH_set0_pqg()\fR and passing -the new values for \fBp\fR, \fBq\fR and \fBg\fR as parameters to the function. Calling +The \fIp\fR, \fIq\fR and \fIg\fR values can be set by calling \fBDH_set0_pqg()\fR and passing +the new values for \fIp\fR, \fIq\fR and \fIg\fR as parameters to the function. Calling this function transfers the memory management of the values to the \s-1DH\s0 object, and therefore the values that have been passed in should not be freed directly -after this function has been called. The \fBq\fR parameter may be \s-1NULL.\s0 +after this function has been called. The \fIq\fR parameter may be \s-1NULL.\s0 +\&\fBDH_set0_pqg()\fR also checks if the parameters associated with \fIp\fR and \fIg\fR and +optionally \fIq\fR are associated with known safe prime groups. If it is a safe +prime group then the value of \fIq\fR will be set to q = (p \- 1) / 2 if \fIq\fR is +\&\s-1NULL.\s0 The optional length parameter will be set to BN_num_bits(\fIq\fR) if \fIq\fR +is not \s-1NULL.\s0 .PP To get the public and private key values use the \fBDH_get0_key()\fR function. A -pointer to the public key will be stored in \fB*pub_key\fR, and a pointer to the -private key will be stored in \fB*priv_key\fR. Either may be \s-1NULL\s0 if they have not +pointer to the public key will be stored in \fI*pub_key\fR, and a pointer to the +private key will be stored in \fI*priv_key\fR. Either may be \s-1NULL\s0 if they have not been set yet, although if the private key has been set then the public key must be. The values point to the internal representation of the public key and private key values. This memory should not be freed directly. -Any of the out parameters \fBpub_key\fR and \fBpriv_key\fR can be \s-1NULL,\s0 in which case +Any of the out parameters \fIpub_key\fR and \fIpriv_key\fR can be \s-1NULL,\s0 in which case no value will be returned for that parameter. .PP The public and private key values can be set using \fBDH_set0_key()\fR. Either @@ -198,25 +217,31 @@ untouched. As with \fBDH_set0_pqg()\fR this function transfers the memory manage of the key values to the \s-1DH\s0 object, and therefore they should not be freed directly after this function has been called. .PP -Any of the values \fBp\fR, \fBq\fR, \fBg\fR, \fBpriv_key\fR, and \fBpub_key\fR can also be +Any of the values \fIp\fR, \fIq\fR, \fIg\fR, \fIpriv_key\fR, and \fIpub_key\fR can also be retrieved separately by the corresponding function \fBDH_get0_p()\fR, \fBDH_get0_q()\fR, \&\fBDH_get0_g()\fR, \fBDH_get0_priv_key()\fR, and \fBDH_get0_pub_key()\fR, respectively. .PP -\&\fBDH_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1DH\s0 object. +\&\fBDH_set_flags()\fR sets the flags in the \fIflags\fR parameter on the \s-1DH\s0 object. Multiple flags can be passed in one go (bitwise ORed together). Any flags that are already set are left set. \fBDH_test_flags()\fR tests to see whether the flags -passed in the \fBflags\fR parameter are currently set in the \s-1DH\s0 object. Multiple +passed in the \fIflags\fR parameter are currently set in the \s-1DH\s0 object. Multiple flags can be tested in one go. All flags that are currently set are returned, or zero if none of the flags are set. \fBDH_clear_flags()\fR clears the specified flags within the \s-1DH\s0 object. .PP \&\fBDH_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1DH\s0 -object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. +object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. This function is deprecated. All +engines should be replaced by providers. .PP The \fBDH_get_length()\fR and \fBDH_set_length()\fR functions get and set the optional length parameter associated with this \s-1DH\s0 object. If the length is nonzero then -it is used, otherwise it is ignored. The \fBlength\fR parameter indicates the -length of the secret exponent (private key) in bits. +it is used, otherwise it is ignored. The \fIlength\fR parameter indicates the +length of the secret exponent (private key) in bits. For safe prime groups the optional length parameter \fIlength\fR can be +set to a value greater or equal to 2 * maximum_target_security_strength(BN_num_bits(\fIp\fR)) +as listed in SP800\-56Ar3 Table(s) 25 & 26. +These functions are deprecated and should be replaced with +\&\fBEVP_PKEY_CTX_set_params()\fR and \fBEVP_PKEY_get_int_param()\fR using the parameter key +\&\fB\s-1OSSL_PKEY_PARAM_DH_PRIV_LEN\s0\fR as described in \s-1\fBEVP_PKEY\-DH\s0\fR\|(7). .SH "NOTES" .IX Header "NOTES" Values retrieved with \fBDH_get0_key()\fR are owned by the \s-1DH\s0 object used @@ -244,11 +269,13 @@ or zero if no such length has been explicitly set. .SH "HISTORY" .IX Header "HISTORY" The functions described here were added in OpenSSL 1.1.0. +.PP +All of these functions were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/DH_get_1024_160.3 b/secure/lib/libcrypto/man/man3/DH_get_1024_160.3 index 691c1b34f8c1..75426aacb122 100644 --- a/secure/lib/libcrypto/man/man3/DH_get_1024_160.3 +++ b/secure/lib/libcrypto/man/man3/DH_get_1024_160.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,41 +130,71 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DH_GET_1024_160 3" -.TH DH_GET_1024_160 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "DH_GET_1024_160 3ossl" +.TH DH_GET_1024_160 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -DH_get_1024_160, DH_get_2048_224, DH_get_2048_256, BN_get0_nist_prime_192, BN_get0_nist_prime_224, BN_get0_nist_prime_256, BN_get0_nist_prime_384, BN_get0_nist_prime_521, BN_get_rfc2409_prime_768, BN_get_rfc2409_prime_1024, BN_get_rfc3526_prime_1536, BN_get_rfc3526_prime_2048, BN_get_rfc3526_prime_3072, BN_get_rfc3526_prime_4096, BN_get_rfc3526_prime_6144, BN_get_rfc3526_prime_8192 \&\- Create standardized public primes or DH pairs +DH_get_1024_160, +DH_get_2048_224, +DH_get_2048_256, +BN_get0_nist_prime_192, +BN_get0_nist_prime_224, +BN_get0_nist_prime_256, +BN_get0_nist_prime_384, +BN_get0_nist_prime_521, +BN_get_rfc2409_prime_768, +BN_get_rfc2409_prime_1024, +BN_get_rfc3526_prime_1536, +BN_get_rfc3526_prime_2048, +BN_get_rfc3526_prime_3072, +BN_get_rfc3526_prime_4096, +BN_get_rfc3526_prime_6144, +BN_get_rfc3526_prime_8192 +\&\- Create standardized public primes or DH pairs .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 4 +.Vb 1 \& #include <openssl/dh.h> -\& DH *DH_get_1024_160(void) -\& DH *DH_get_2048_224(void) -\& DH *DH_get_2048_256(void) \& -\& const BIGNUM *BN_get0_nist_prime_192(void) -\& const BIGNUM *BN_get0_nist_prime_224(void) -\& const BIGNUM *BN_get0_nist_prime_256(void) -\& const BIGNUM *BN_get0_nist_prime_384(void) -\& const BIGNUM *BN_get0_nist_prime_521(void) +\& const BIGNUM *BN_get0_nist_prime_192(void); +\& const BIGNUM *BN_get0_nist_prime_224(void); +\& const BIGNUM *BN_get0_nist_prime_256(void); +\& const BIGNUM *BN_get0_nist_prime_384(void); +\& const BIGNUM *BN_get0_nist_prime_521(void); +\& +\& BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn); +\& BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn); +\& BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn); +\& BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn); +\& BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn); +\& BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn); +\& BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn); +\& BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn); +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& #include <openssl/dh.h> \& -\& BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn) -\& BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn) -\& BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn) -\& BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn) -\& BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn) -\& BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn) -\& BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn) -\& BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn) +\& DH *DH_get_1024_160(void); +\& DH *DH_get_2048_224(void); +\& DH *DH_get_2048_256(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBDH_get_1024_160()\fR, \fBDH_get_2048_224()\fR, and \fBDH_get_2048_256()\fR each return -a \s-1DH\s0 object for the \s-1IETF RFC 5114\s0 value. +a \s-1DH\s0 object for the \s-1IETF RFC 5114\s0 value. These functions are deprecated. +Applications should instead use \fBEVP_PKEY_CTX_set_dh_rfc5114()\fR and +\&\fBEVP_PKEY_CTX_set_dhx_rfc5114()\fR as described in \fBEVP_PKEY_CTX_ctrl\fR\|(3) or +by setting the \fB\s-1OSSL_PKEY_PARAM_GROUP_NAME\s0\fR as specified in +\&\*(L"\s-1DH\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-DH\s0\fR\|(7)) to one of \*(L"dh_1024_160\*(R", \*(L"dh_2048_224\*(R" or +\&\*(L"dh_2048_256\*(R". .PP \&\fBBN_get0_nist_prime_192()\fR, \fBBN_get0_nist_prime_224()\fR, \fBBN_get0_nist_prime_256()\fR, \&\fBBN_get0_nist_prime_384()\fR, and \fBBN_get0_nist_prime_521()\fR functions return @@ -181,11 +209,15 @@ is not \s-1NULL,\s0 the \s-1BIGNUM\s0 will be set into that location as well. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Defined above. +.SH "HISTORY" +.IX Header "HISTORY" +The functions \fBDH_get_1024_160()\fR, \fBDH_get_2048_224()\fR and \fBDH_get_2048_256()\fR were +deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/DH_meth_new.3 b/secure/lib/libcrypto/man/man3/DH_meth_new.3 index c36492b002f3..5036315d0ce0 100644 --- a/secure/lib/libcrypto/man/man3/DH_meth_new.3 +++ b/secure/lib/libcrypto/man/man3/DH_meth_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,31 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DH_METH_NEW 3" -.TH DH_METH_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "DH_METH_NEW 3ossl" +.TH DH_METH_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -DH_meth_new, DH_meth_free, DH_meth_dup, DH_meth_get0_name, DH_meth_set1_name, DH_meth_get_flags, DH_meth_set_flags, DH_meth_get0_app_data, DH_meth_set0_app_data, DH_meth_get_generate_key, DH_meth_set_generate_key, DH_meth_get_compute_key, DH_meth_set_compute_key, DH_meth_get_bn_mod_exp, DH_meth_set_bn_mod_exp, DH_meth_get_init, DH_meth_set_init, DH_meth_get_finish, DH_meth_set_finish, DH_meth_get_generate_params, DH_meth_set_generate_params \- Routines to build up DH methods +DH_meth_new, DH_meth_free, DH_meth_dup, DH_meth_get0_name, DH_meth_set1_name, +DH_meth_get_flags, DH_meth_set_flags, DH_meth_get0_app_data, +DH_meth_set0_app_data, DH_meth_get_generate_key, DH_meth_set_generate_key, +DH_meth_get_compute_key, DH_meth_set_compute_key, DH_meth_get_bn_mod_exp, +DH_meth_set_bn_mod_exp, DH_meth_get_init, DH_meth_set_init, DH_meth_get_finish, +DH_meth_set_finish, DH_meth_get_generate_params, +DH_meth_set_generate_params \- Routines to build up DH methods .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/dh.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 \& DH_METHOD *DH_meth_new(const char *name, int flags); \& \& void DH_meth_free(DH_METHOD *dhm); @@ -189,6 +199,9 @@ DH_meth_new, DH_meth_free, DH_meth_dup, DH_meth_get0_name, DH_meth_set1_name, DH .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use the provider APIs. +.PP The \fB\s-1DH_METHOD\s0\fR type is a structure used for the provision of custom \s-1DH\s0 implementations. It provides a set of functions used by OpenSSL for the implementation of the various \s-1DH\s0 capabilities. @@ -283,12 +296,14 @@ set. \&\fBDH_set_method\fR\|(3), \fBDH_size\fR\|(3), \fBDH_get0_pqg\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP The functions described here were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/DH_new.3 b/secure/lib/libcrypto/man/man3/DH_new.3 index fb9d4c60748c..d58262296079 100644 --- a/secure/lib/libcrypto/man/man3/DH_new.3 +++ b/secure/lib/libcrypto/man/man3/DH_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DH_NEW 3" -.TH DH_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "DH_NEW 3ossl" +.TH DH_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,7 +142,13 @@ DH_new, DH_free \- allocate and free DH objects .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/dh.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 \& DH* DH_new(void); \& \& void DH_free(DH *dh); @@ -167,12 +171,18 @@ a pointer to the newly allocated structure. .IX Header "SEE ALSO" \&\fBDH_new\fR\|(3), \fBERR_get_error\fR\|(3), \&\fBDH_generate_parameters\fR\|(3), -\&\fBDH_generate_key\fR\|(3) +\&\fBDH_generate_key\fR\|(3), +\&\s-1\fBEVP_PKEY\-DH\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP +For replacement see \s-1\fBEVP_PKEY\-DH\s0\fR\|(7). .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/DH_new_by_nid.3 b/secure/lib/libcrypto/man/man3/DH_new_by_nid.3 index a5146c449450..05368ade538f 100644 --- a/secure/lib/libcrypto/man/man3/DH_new_by_nid.3 +++ b/secure/lib/libcrypto/man/man3/DH_new_by_nid.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,41 +130,55 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DH_NEW_BY_NID 3" -.TH DH_NEW_BY_NID 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "DH_NEW_BY_NID 3ossl" +.TH DH_NEW_BY_NID 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -DH_new_by_nid, DH_get_nid \- get or find DH named parameters +DH_new_by_nid, DH_get_nid \- create or get DH named parameters .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 3 +.Vb 1 \& #include <openssl/dh.h> +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 \& DH *DH_new_by_nid(int nid); -\& int *DH_get_nid(const DH *dh); +\& +\& int DH_get_nid(const DH *dh); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBDH_new_by_nid()\fR creates and returns a \s-1DH\s0 structure containing named parameters \&\fBnid\fR. Currently \fBnid\fR must be \fBNID_ffdhe2048\fR, \fBNID_ffdhe3072\fR, -\&\fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR or \fBNID_ffdhe8192\fR. +\&\fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR, \fBNID_ffdhe8192\fR, +\&\fBNID_modp_1536\fR, \fBNID_modp_2048\fR, \fBNID_modp_3072\fR, +\&\fBNID_modp_4096\fR, \fBNID_modp_6144\fR or \fBNID_modp_8192\fR. .PP \&\fBDH_get_nid()\fR determines if the parameters contained in \fBdh\fR match -any named set. It returns the \s-1NID\s0 corresponding to the matching parameters or -\&\fBNID_undef\fR if there is no match. +any named safe prime group. It returns the \s-1NID\s0 corresponding to the matching +parameters or \fBNID_undef\fR if there is no match. +This function is deprecated. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBDH_new_by_nid()\fR returns a set of \s-1DH\s0 parameters or \fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fBDH_get_nid()\fR returns the \s-1NID\s0 of the matching set of parameters or -\&\fBNID_undef\fR if there is no match. +\&\fBDH_get_nid()\fR returns the \s-1NID\s0 of the matching set of parameters for p and g +and optionally q, otherwise it returns \fBNID_undef\fR if there is no match. +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/DH_set_method.3 b/secure/lib/libcrypto/man/man3/DH_set_method.3 index 8ebd169990dd..08533826ed66 100644 --- a/secure/lib/libcrypto/man/man3/DH_set_method.3 +++ b/secure/lib/libcrypto/man/man3/DH_set_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,26 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DH_SET_METHOD 3" -.TH DH_SET_METHOD 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "DH_SET_METHOD 3ossl" +.TH DH_SET_METHOD 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -DH_set_default_method, DH_get_default_method, DH_set_method, DH_new_method, DH_OpenSSL \- select DH method +DH_set_default_method, DH_get_default_method, +DH_set_method, DH_new_method, DH_OpenSSL \- select DH method .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/dh.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 \& void DH_set_default_method(const DH_METHOD *meth); \& \& const DH_METHOD *DH_get_default_method(void); @@ -157,6 +162,9 @@ DH_set_default_method, DH_get_default_method, DH_set_method, DH_new_method, DH_O .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use the provider APIs. +.PP A \fB\s-1DH_METHOD\s0\fR specifies the functions that OpenSSL uses for Diffie-Hellman operations. By modifying the method, alternative implementations such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for @@ -209,11 +217,14 @@ returns a pointer to the newly allocated structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDH_new\fR\|(3), \fBDH_new\fR\|(3), \fBDH_meth_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/DH_size.3 b/secure/lib/libcrypto/man/man3/DH_size.3 index e98362725461..6f79ffc7c4c5 100644 --- a/secure/lib/libcrypto/man/man3/DH_size.3 +++ b/secure/lib/libcrypto/man/man3/DH_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,56 +130,71 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DH_SIZE 3" -.TH DH_SIZE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "DH_SIZE 3ossl" +.TH DH_SIZE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -DH_size, DH_bits, DH_security_bits \- get Diffie\-Hellman prime size and security bits +DH_size, DH_bits, DH_security_bits \- get Diffie\-Hellman prime size and +security bits .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/dh.h> +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& int DH_bits(const DH *dh); \& \& int DH_size(const DH *dh); \& -\& int DH_bits(const DH *dh); -\& \& int DH_security_bits(const DH *dh); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBDH_size()\fR returns the Diffie-Hellman prime size in bytes. It can be used -to determine how much memory must be allocated for the shared secret -computed by \fBDH_compute_key\fR\|(3). +The functions described on this page are deprecated. +Applications should instead use \fBEVP_PKEY_get_bits\fR\|(3), +\&\fBEVP_PKEY_get_security_bits\fR\|(3) and \fBEVP_PKEY_get_size\fR\|(3). .PP \&\fBDH_bits()\fR returns the number of significant bits. .PP \&\fBdh\fR and \fBdh\->p\fR must not be \fB\s-1NULL\s0\fR. .PP +\&\fBDH_size()\fR returns the Diffie-Hellman prime size in bytes. It can be used +to determine how much memory must be allocated for the shared secret +computed by \fBDH_compute_key\fR\|(3). +.PP \&\fBDH_security_bits()\fR returns the number of security bits of the given \fBdh\fR key. See \fBBN_security_bits\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBDH_size()\fR returns the prime size of Diffie-Hellman in bytes. +\&\fBDH_bits()\fR returns the number of bits in the key, or \-1 if +\&\fBdh\fR doesn't hold any key parameters. .PP -\&\fBDH_bits()\fR returns the number of bits in the key. +\&\fBDH_size()\fR returns the prime size of Diffie-Hellman in bytes, or \-1 if +\&\fBdh\fR doesn't hold any key parameters. .PP -\&\fBDH_security_bits()\fR returns the number of security bits. +\&\fBDH_security_bits()\fR returns the number of security bits, or \-1 if +\&\fBdh\fR doesn't hold any key parameters. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBEVP_PKEY_get_bits\fR\|(3), \&\fBDH_new\fR\|(3), \fBDH_generate_key\fR\|(3), \&\fBBN_num_bits\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -The \fBDH_bits()\fR function was added in OpenSSL 1.1.0. +All functions were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/DSA_SIG_new.3 b/secure/lib/libcrypto/man/man3/DSA_SIG_new.3 index bf9abc94ede0..9126bfd5fe32 100644 --- a/secure/lib/libcrypto/man/man3/DSA_SIG_new.3 +++ b/secure/lib/libcrypto/man/man3/DSA_SIG_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DSA_SIG_NEW 3" -.TH DSA_SIG_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "DSA_SIG_NEW 3ossl" +.TH DSA_SIG_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -DSA_SIG_get0, DSA_SIG_set0, DSA_SIG_new, DSA_SIG_free \- allocate and free DSA signature objects +DSA_SIG_get0, DSA_SIG_set0, +DSA_SIG_new, DSA_SIG_free \- allocate and free DSA signature objects .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -177,13 +176,13 @@ to the newly allocated structure. \&\fBDSA_SIG_set0()\fR returns 1 on success or 0 on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), -\&\fBDSA_do_sign\fR\|(3) +\&\fBEVP_PKEY_new\fR\|(3), \fBEVP_PKEY_free\fR\|(3), \fBEVP_PKEY_get_bn_param\fR\|(3), +\&\fBERR_get_error\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/DSA_do_sign.3 b/secure/lib/libcrypto/man/man3/DSA_do_sign.3 index 743d1ad1e6b7..e0987e2943ce 100644 --- a/secure/lib/libcrypto/man/man3/DSA_do_sign.3 +++ b/secure/lib/libcrypto/man/man3/DSA_do_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DSA_DO_SIGN 3" -.TH DSA_DO_SIGN 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "DSA_DO_SIGN 3ossl" +.TH DSA_DO_SIGN 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,7 +142,13 @@ DSA_do_sign, DSA_do_verify \- raw DSA signature operations .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/dsa.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 \& DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); \& \& int DSA_do_verify(const unsigned char *dgst, int dgst_len, @@ -152,6 +156,10 @@ DSA_do_sign, DSA_do_verify \- raw DSA signature operations .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fBEVP_PKEY_sign_init\fR\|(3), \fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify_init\fR\|(3) and \fBEVP_PKEY_verify\fR\|(3). +.PP \&\fBDSA_do_sign()\fR computes a digital signature on the \fBlen\fR byte message digest \fBdgst\fR using the private key \fBdsa\fR and returns it in a newly allocated \fB\s-1DSA_SIG\s0\fR structure. @@ -174,11 +182,14 @@ on error. The error codes can be obtained by \&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \&\fBDSA_SIG_new\fR\|(3), \&\fBDSA_sign\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/DSA_dup_DH.3 b/secure/lib/libcrypto/man/man3/DSA_dup_DH.3 index 64f85fcb4fea..a3519db15f54 100644 --- a/secure/lib/libcrypto/man/man3/DSA_dup_DH.3 +++ b/secure/lib/libcrypto/man/man3/DSA_dup_DH.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DSA_DUP_DH 3" -.TH DSA_DUP_DH 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "DSA_DUP_DH 3ossl" +.TH DSA_DUP_DH 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,11 +142,21 @@ DSA_dup_DH \- create a DH structure out of DSA structure .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/dsa.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 \& DH *DSA_dup_DH(const DSA *r); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +The function described on this page is deprecated. There is no direct +replacement, applications should use the \s-1EVP_PKEY\s0 APIs for Diffie-Hellman +operations. +.PP \&\fBDSA_dup_DH()\fR duplicates \s-1DSA\s0 parameters/keys as \s-1DH\s0 parameters/keys. q is lost during that conversion, but the resulting \s-1DH\s0 parameters contain its length. @@ -162,11 +170,14 @@ Be careful to avoid small subgroup attacks when using this. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDH_new\fR\|(3), \fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +This function was deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/DSA_generate_key.3 b/secure/lib/libcrypto/man/man3/DSA_generate_key.3 index 45184de7e624..9b510e2e42f0 100644 --- a/secure/lib/libcrypto/man/man3/DSA_generate_key.3 +++ b/secure/lib/libcrypto/man/man3/DSA_generate_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DSA_GENERATE_KEY 3" -.TH DSA_GENERATE_KEY 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "DSA_GENERATE_KEY 3ossl" +.TH DSA_GENERATE_KEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,11 +142,21 @@ DSA_generate_key \- generate DSA key pair .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/dsa.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 \& int DSA_generate_key(DSA *a); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fBEVP_PKEY_keygen_init\fR\|(3) and +\&\fBEVP_PKEY_keygen\fR\|(3) as described in \s-1\fBEVP_PKEY\-DSA\s0\fR\|(7). +.PP \&\fBDSA_generate_key()\fR expects \fBa\fR to contain \s-1DSA\s0 parameters. It generates a new key pair and stores it in \fBa\->pub_key\fR and \fBa\->priv_key\fR. .PP @@ -163,11 +171,14 @@ The error codes can be obtained by \fBERR_get_error\fR\|(3). .IX Header "SEE ALSO" \&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \&\fBDSA_generate_parameters_ex\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +This function was deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/DSA_generate_parameters.3 b/secure/lib/libcrypto/man/man3/DSA_generate_parameters.3 index 02d7e4b8c4d1..36d668a6f5fa 100644 --- a/secure/lib/libcrypto/man/man3/DSA_generate_parameters.3 +++ b/secure/lib/libcrypto/man/man3/DSA_generate_parameters.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DSA_GENERATE_PARAMETERS 3" -.TH DSA_GENERATE_PARAMETERS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "DSA_GENERATE_PARAMETERS 3ossl" +.TH DSA_GENERATE_PARAMETERS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,24 +142,34 @@ DSA_generate_parameters_ex, DSA_generate_parameters \- generate DSA parameters .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/dsa.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 4 \& int DSA_generate_parameters_ex(DSA *dsa, int bits, \& const unsigned char *seed, int seed_len, \& int *counter_ret, unsigned long *h_ret, \& BN_GENCB *cb); .Ve .PP -Deprecated: +The following functions have been deprecated since OpenSSL 0.9.8, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): .PP -.Vb 5 -\& #if OPENSSL_API_COMPAT < 0x00908000L +.Vb 3 \& DSA *DSA_generate_parameters(int bits, unsigned char *seed, int seed_len, \& int *counter_ret, unsigned long *h_ret, \& void (*callback)(int, int, void *), void *cb_arg); -\& #endif .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fBEVP_PKEY_paramgen_init\fR\|(3) and +\&\fBEVP_PKEY_keygen\fR\|(3) as described in \s-1\fBEVP_PKEY\-DSA\s0\fR\|(7). +.PP \&\fBDSA_generate_parameters_ex()\fR generates primes p and q and a generator g for use in the \s-1DSA\s0 and stores the result in \fBdsa\fR. .PP @@ -228,13 +236,15 @@ Seed lengths greater than 20 are not supported. \&\fBDSA_free\fR\|(3), \fBBN_generate_prime\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" +\&\fBDSA_generate_parameters_ex()\fR was deprecated in OpenSSL 3.0. +.PP \&\fBDSA_generate_parameters()\fR was deprecated in OpenSSL 0.9.8; use \&\fBDSA_generate_parameters_ex()\fR instead. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/DSA_get0_pqg.3 b/secure/lib/libcrypto/man/man3/DSA_get0_pqg.3 index ed73dd99e063..e3a65b520c8d 100644 --- a/secure/lib/libcrypto/man/man3/DSA_get0_pqg.3 +++ b/secure/lib/libcrypto/man/man3/DSA_get0_pqg.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,30 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DSA_GET0_PQG 3" -.TH DSA_GET0_PQG 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "DSA_GET0_PQG 3ossl" +.TH DSA_GET0_PQG 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -DSA_get0_pqg, DSA_set0_pqg, DSA_get0_key, DSA_set0_key, DSA_get0_p, DSA_get0_q, DSA_get0_g, DSA_get0_pub_key, DSA_get0_priv_key, DSA_clear_flags, DSA_test_flags, DSA_set_flags, DSA_get0_engine \- Routines for getting and setting data in a DSA object +DSA_get0_pqg, DSA_set0_pqg, DSA_get0_key, DSA_set0_key, +DSA_get0_p, DSA_get0_q, DSA_get0_g, +DSA_get0_pub_key, DSA_get0_priv_key, +DSA_clear_flags, DSA_test_flags, DSA_set_flags, +DSA_get0_engine \- Routines for getting and +setting data in a DSA object .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/dsa.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 10 \& void DSA_get0_pqg(const DSA *d, \& const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); \& int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); @@ -163,6 +172,9 @@ DSA_get0_pqg, DSA_set0_pqg, DSA_get0_key, DSA_set0_key, DSA_get0_p, DSA_get0_q, .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fBEVP_PKEY_get_bn_param\fR\|(3). +.PP A \s-1DSA\s0 object contains the parameters \fBp\fR, \fBq\fR and \fBg\fR. It also contains a public key (\fBpub_key\fR) and (optionally) a private key (\fBpriv_key\fR). .PP @@ -223,17 +235,19 @@ duplicate. The same applies to \fBDSA_get0_pqg()\fR and \fBDSA_set0_pqg()\fR. has been set. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBEVP_PKEY_get_bn_param\fR\|(3), \&\fBDSA_new\fR\|(3), \fBDSA_new\fR\|(3), \fBDSA_generate_parameters\fR\|(3), \fBDSA_generate_key\fR\|(3), \&\fBDSA_dup_DH\fR\|(3), \fBDSA_do_sign\fR\|(3), \fBDSA_set_method\fR\|(3), \fBDSA_SIG_new\fR\|(3), \&\fBDSA_sign\fR\|(3), \fBDSA_size\fR\|(3), \fBDSA_meth_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -The functions described here were added in OpenSSL 1.1.0. +The functions described here were added in OpenSSL 1.1.0 and deprecated in +OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/DSA_meth_new.3 b/secure/lib/libcrypto/man/man3/DSA_meth_new.3 index 1425483dedd6..1a036a2b22d6 100644 --- a/secure/lib/libcrypto/man/man3/DSA_meth_new.3 +++ b/secure/lib/libcrypto/man/man3/DSA_meth_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,33 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DSA_METH_NEW 3" -.TH DSA_METH_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "DSA_METH_NEW 3ossl" +.TH DSA_METH_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -DSA_meth_new, DSA_meth_free, DSA_meth_dup, DSA_meth_get0_name, DSA_meth_set1_name, DSA_meth_get_flags, DSA_meth_set_flags, DSA_meth_get0_app_data, DSA_meth_set0_app_data, DSA_meth_get_sign, DSA_meth_set_sign, DSA_meth_get_sign_setup, DSA_meth_set_sign_setup, DSA_meth_get_verify, DSA_meth_set_verify, DSA_meth_get_mod_exp, DSA_meth_set_mod_exp, DSA_meth_get_bn_mod_exp, DSA_meth_set_bn_mod_exp, DSA_meth_get_init, DSA_meth_set_init, DSA_meth_get_finish, DSA_meth_set_finish, DSA_meth_get_paramgen, DSA_meth_set_paramgen, DSA_meth_get_keygen, DSA_meth_set_keygen \- Routines to build up DSA methods +DSA_meth_new, DSA_meth_free, DSA_meth_dup, DSA_meth_get0_name, +DSA_meth_set1_name, DSA_meth_get_flags, DSA_meth_set_flags, +DSA_meth_get0_app_data, DSA_meth_set0_app_data, DSA_meth_get_sign, +DSA_meth_set_sign, DSA_meth_get_sign_setup, DSA_meth_set_sign_setup, +DSA_meth_get_verify, DSA_meth_set_verify, DSA_meth_get_mod_exp, +DSA_meth_set_mod_exp, DSA_meth_get_bn_mod_exp, DSA_meth_set_bn_mod_exp, +DSA_meth_get_init, DSA_meth_set_init, DSA_meth_get_finish, DSA_meth_set_finish, +DSA_meth_get_paramgen, DSA_meth_set_paramgen, DSA_meth_get_keygen, +DSA_meth_set_keygen \- Routines to build up DSA methods .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/dsa.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 \& DSA_METHOD *DSA_meth_new(const char *name, int flags); \& \& void DSA_meth_free(DSA_METHOD *dsam); @@ -215,10 +227,13 @@ DSA_meth_new, DSA_meth_free, DSA_meth_dup, DSA_meth_get0_name, DSA_meth_set1_nam .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications and extension implementations should instead use the +\&\s-1OSSL_PROVIDER\s0 APIs. +.PP The \fB\s-1DSA_METHOD\s0\fR type is a structure used for the provision of custom \s-1DSA\s0 implementations. It provides a set of functions used by OpenSSL for the -implementation of the various \s-1DSA\s0 capabilities. See the dsa page for more -information. +implementation of the various \s-1DSA\s0 capabilities. .PP \&\fBDSA_meth_new()\fR creates a new \fB\s-1DSA_METHOD\s0\fR structure. It should be given a unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a \s-1NULL\s0 terminated @@ -331,12 +346,14 @@ set. \&\fBDSA_sign\fR\|(3), \fBDSA_size\fR\|(3), \fBDSA_get0_pqg\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" +The functions described here were deprecated in OpenSSL 3.0. +.PP The functions described here were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/DSA_new.3 b/secure/lib/libcrypto/man/man3/DSA_new.3 index 7b59d49ba094..980d2c78c72e 100644 --- a/secure/lib/libcrypto/man/man3/DSA_new.3 +++ b/secure/lib/libcrypto/man/man3/DSA_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DSA_NEW 3" -.TH DSA_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "DSA_NEW 3ossl" +.TH DSA_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,13 +142,22 @@ DSA_new, DSA_free \- allocate and free DSA objects .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/dsa.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 \& DSA* DSA_new(void); \& \& void DSA_free(DSA *dsa); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fBEVP_PKEY_new\fR\|(3) and \fBEVP_PKEY_free\fR\|(3). +.PP \&\fBDSA_new()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure. It is equivalent to calling DSA_new_method(\s-1NULL\s0). .PP @@ -167,14 +174,18 @@ to the newly allocated structure. \&\fBDSA_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBEVP_PKEY_new\fR\|(3), \fBEVP_PKEY_free\fR\|(3), \&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \&\fBDSA_generate_parameters\fR\|(3), \&\fBDSA_generate_key\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/DSA_set_method.3 b/secure/lib/libcrypto/man/man3/DSA_set_method.3 index de29303f3f66..79176a342a64 100644 --- a/secure/lib/libcrypto/man/man3/DSA_set_method.3 +++ b/secure/lib/libcrypto/man/man3/DSA_set_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,26 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DSA_SET_METHOD 3" -.TH DSA_SET_METHOD 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "DSA_SET_METHOD 3ossl" +.TH DSA_SET_METHOD 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -DSA_set_default_method, DSA_get_default_method, DSA_set_method, DSA_new_method, DSA_OpenSSL \- select DSA method +DSA_set_default_method, DSA_get_default_method, +DSA_set_method, DSA_new_method, DSA_OpenSSL \- select DSA method .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/dsa.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 \& void DSA_set_default_method(const DSA_METHOD *meth); \& \& const DSA_METHOD *DSA_get_default_method(void); @@ -153,10 +158,13 @@ DSA_set_default_method, DSA_get_default_method, DSA_set_method, DSA_new_method, \& \& DSA *DSA_new_method(ENGINE *engine); \& -\& DSA_METHOD *DSA_OpenSSL(void); +\& const DSA_METHOD *DSA_OpenSSL(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should providers instead of method overrides. +.PP A \fB\s-1DSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1DSA\s0 operations. By modifying the method, alternative implementations such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for @@ -185,7 +193,7 @@ be released during the change. It is possible to have \s-1DSA\s0 keys that only work with certain \s-1DSA_METHOD\s0 implementations (e.g. from an \s-1ENGINE\s0 module that supports embedded hardware-protected keys), and in such cases attempting to change the \s-1DSA_METHOD\s0 for the key can have unexpected -results. See DSA_meth_new for information on constructing custom \s-1DSA_METHOD\s0 +results. See \fBDSA_meth_new\fR\|(3) for information on constructing custom \s-1DSA_METHOD\s0 objects; .PP \&\fBDSA_new_method()\fR allocates and initializes a \s-1DSA\s0 structure so that \fBengine\fR @@ -209,11 +217,14 @@ fails. Otherwise it returns a pointer to the newly allocated structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDSA_new\fR\|(3), \fBDSA_new\fR\|(3), \fBDSA_meth_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/DSA_sign.3 b/secure/lib/libcrypto/man/man3/DSA_sign.3 index d42ff1570098..5e9d5bac023f 100644 --- a/secure/lib/libcrypto/man/man3/DSA_sign.3 +++ b/secure/lib/libcrypto/man/man3/DSA_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DSA_SIGN 3" -.TH DSA_SIGN 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "DSA_SIGN 3ossl" +.TH DSA_SIGN 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,7 +142,13 @@ DSA_sign, DSA_sign_setup, DSA_verify \- DSA signatures .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/dsa.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 2 \& int DSA_sign(int type, const unsigned char *dgst, int len, \& unsigned char *sigret, unsigned int *siglen, DSA *dsa); \& @@ -155,6 +159,10 @@ DSA_sign, DSA_sign_setup, DSA_verify \- DSA signatures .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fBEVP_PKEY_sign_init\fR\|(3), \fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify_init\fR\|(3) and \fBEVP_PKEY_verify\fR\|(3). +.PP \&\fBDSA_sign()\fR computes a digital signature on the \fBlen\fR byte message digest \fBdgst\fR using the private key \fBdsa\fR and places its \s-1ASN.1 DER\s0 encoding at \fBsigret\fR. The length of the signature is places in @@ -185,18 +193,21 @@ signature and \-1 on error. The error codes can be obtained by \&\fBERR_get_error\fR\|(3). .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS 186\s0 (Digital Signature +\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS186\-4\s0 (Digital Signature Standard, \s-1DSS\s0), \s-1ANSI X9.30\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \&\fBDSA_do_sign\fR\|(3), \&\s-1\fBRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/DSA_size.3 b/secure/lib/libcrypto/man/man3/DSA_size.3 index 3e00394f26c8..dd82f2bc4334 100644 --- a/secure/lib/libcrypto/man/man3/DSA_size.3 +++ b/secure/lib/libcrypto/man/man3/DSA_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DSA_SIZE 3" -.TH DSA_SIZE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "DSA_SIZE 3ossl" +.TH DSA_SIZE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,37 +142,58 @@ DSA_size, DSA_bits, DSA_security_bits \- get DSA signature size, key bits or sec .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/dsa.h> +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& int DSA_bits(const DSA *dsa); \& \& int DSA_size(const DSA *dsa); -\& int DSA_bits(const DSA *dsa); +\& \& int DSA_security_bits(const DSA *dsa); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBDSA_size()\fR returns the maximum size of an \s-1ASN.1\s0 encoded \s-1DSA\s0 signature -for key \fBdsa\fR in bytes. It can be used to determine how much memory must -be allocated for a \s-1DSA\s0 signature. +All of the functions described on this page are deprecated. +Applications should instead use \fBEVP_PKEY_get_bits\fR\|(3), +\&\fBEVP_PKEY_get_security_bits\fR\|(3) and \fBEVP_PKEY_get_size\fR\|(3). .PP -\&\fBdsa\->q\fR must not be \fB\s-1NULL\s0\fR. +\&\fBDSA_bits()\fR returns the number of bits in key \fIdsa\fR: this is the number +of bits in the \fIp\fR parameter. .PP -\&\fBDSA_bits()\fR returns the number of bits in key \fBdsa\fR: this is the number -of bits in the \fBp\fR parameter. +\&\fBDSA_size()\fR returns the maximum size of an \s-1ASN.1\s0 encoded \s-1DSA\s0 signature +for key \fIdsa\fR in bytes. It can be used to determine how much memory must +be allocated for a \s-1DSA\s0 signature. .PP -\&\fBDSA_security_bits()\fR returns the number of security bits of the given \fBdsa\fR +\&\fBDSA_security_bits()\fR returns the number of security bits of the given \fIdsa\fR key. See \fBBN_security_bits\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBDSA_size()\fR returns the signature size in bytes. +\&\fBDSA_security_bits()\fR returns the number of security bits in the key, or \-1 if +\&\fIdsa\fR doesn't hold any key parameters. +.PP +\&\fBDSA_bits()\fR returns the number of bits in the key, or \-1 if \fIdsa\fR doesn't +hold any key parameters. .PP -\&\fBDSA_bits()\fR returns the number of bits in the key. +\&\fBDSA_size()\fR returns the signature size in bytes, or \-1 if \fIdsa\fR doesn't +hold any key parameters. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBEVP_PKEY_get_bits\fR\|(3), +\&\fBEVP_PKEY_get_security_bits\fR\|(3), +\&\fBEVP_PKEY_get_size\fR\|(3), \&\fBDSA_new\fR\|(3), \fBDSA_sign\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/DTLS_get_data_mtu.3 b/secure/lib/libcrypto/man/man3/DTLS_get_data_mtu.3 index 062c19fdf987..49d2b0ae1253 100644 --- a/secure/lib/libcrypto/man/man3/DTLS_get_data_mtu.3 +++ b/secure/lib/libcrypto/man/man3/DTLS_get_data_mtu.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DTLS_GET_DATA_MTU 3" -.TH DTLS_GET_DATA_MTU 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "DTLS_GET_DATA_MTU 3ossl" +.TH DTLS_GET_DATA_MTU 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -162,7 +160,7 @@ The \fBDTLS_get_data_mtu()\fR function was added in OpenSSL 1.1.1. .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/DTLS_set_timer_cb.3 b/secure/lib/libcrypto/man/man3/DTLS_set_timer_cb.3 index 5a89ef059b2d..440455cd5e1b 100644 --- a/secure/lib/libcrypto/man/man3/DTLS_set_timer_cb.3 +++ b/secure/lib/libcrypto/man/man3/DTLS_set_timer_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DTLS_SET_TIMER_CB 3" -.TH DTLS_SET_TIMER_CB 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "DTLS_SET_TIMER_CB 3ossl" +.TH DTLS_SET_TIMER_CB 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -DTLS_timer_cb, DTLS_set_timer_cb \&\- Set callback for controlling DTLS timer duration +DTLS_timer_cb, +DTLS_set_timer_cb +\&\- Set callback for controlling DTLS timer duration .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -164,7 +164,7 @@ The \fBDTLS_set_timer_cb()\fR function was added in OpenSSL 1.1.1. .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/DTLSv1_listen.3 b/secure/lib/libcrypto/man/man3/DTLSv1_listen.3 index d74aa7cce6e9..eba62a4ffe1d 100644 --- a/secure/lib/libcrypto/man/man3/DTLSv1_listen.3 +++ b/secure/lib/libcrypto/man/man3/DTLSv1_listen.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "DTLSV1_LISTEN 3" -.TH DTLSV1_LISTEN 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "DTLSV1_LISTEN 3ossl" +.TH DTLSV1_LISTEN 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_stateless, DTLSv1_listen \&\- Statelessly listen for incoming connections +SSL_stateless, +DTLSv1_listen +\&\- Statelessly listen for incoming connections .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -198,6 +198,23 @@ does not support this), then \fB*peer\fR will be cleared and the family set to \&\s-1AF_UNSPEC.\s0 Typically user code is expected to \*(L"connect\*(R" the underlying socket to the peer and continue the handshake in a connected state. .PP +Warning: It is essential that the calling code connects the underlying socket to +the peer after making use of \fBDTLSv1_listen()\fR. In the typical case where +\&\fBBIO_s_datagram\fR\|(3) is used, the peer address is updated when receiving a +datagram on an unconnected socket. If the socket is not connected, it can +receive datagrams from any host on the network, which will cause subsequent +outgoing datagrams transmitted by \s-1DTLS\s0 to be transmitted to that host. In other +words, failing to call \fBBIO_connect()\fR or a similar OS-specific function on a +socket means that any host on the network can cause outgoing \s-1DTLS\s0 traffic to be +redirected to it by sending a datagram to the socket in question. This does not +break the cryptographic protections of \s-1DTLS\s0 but may facilitate a +denial-of-service attack or allow unencrypted information in the \s-1DTLS\s0 handshake +to be learned by an attacker. This is due to the historical design of +\&\fBBIO_s_datagram\fR\|(3); see \fBBIO_s_datagram\fR\|(3) for details on this issue. +.PP +Once a socket has been connected, \fBBIO_ctrl_set_connected\fR\|(3) should be used to +inform the \s-1BIO\s0 that the socket is to be used in connected mode. +.PP Prior to calling \fBDTLSv1_listen()\fR user code must ensure that cookie generation and verification callbacks have been set up using \&\fBSSL_CTX_set_cookie_generate_cb\fR\|(3) and \fBSSL_CTX_set_cookie_verify_cb\fR\|(3) @@ -256,9 +273,9 @@ The \fBDTLSv1_listen()\fR return codes were clarified in OpenSSL 1.1.0. The type of \*(L"peer\*(R" also changed in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ECDSA_SIG_new.3 b/secure/lib/libcrypto/man/man3/ECDSA_SIG_new.3 index 8b3647c8f90a..0a3d7133dab6 100644 --- a/secure/lib/libcrypto/man/man3/ECDSA_SIG_new.3 +++ b/secure/lib/libcrypto/man/man3/ECDSA_SIG_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ECDSA_SIG_NEW 3" -.TH ECDSA_SIG_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "ECDSA_SIG_NEW 3ossl" +.TH ECDSA_SIG_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0, ECDSA_SIG_new, ECDSA_SIG_free, ECDSA_size, ECDSA_sign, ECDSA_do_sign, ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign_ex, ECDSA_do_sign_ex \- low\-level elliptic curve digital signature algorithm (ECDSA) functions +ECDSA_SIG_new, ECDSA_SIG_free, +ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0 +\&\- Functions for creating, destroying and manipulating ECDSA_SIG objects .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -151,97 +151,37 @@ ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0, ECDSA_SIG_ne \& const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); \& const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); \& int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); -\& int ECDSA_size(const EC_KEY *eckey); -\& -\& int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, -\& unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); -\& ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, -\& EC_KEY *eckey); -\& -\& int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, -\& const unsigned char *sig, int siglen, EC_KEY *eckey); -\& int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, -\& const ECDSA_SIG *sig, EC_KEY* eckey); -\& -\& ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, -\& const BIGNUM *kinv, const BIGNUM *rp, -\& EC_KEY *eckey); -\& int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); -\& int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, -\& unsigned char *sig, unsigned int *siglen, -\& const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -Note: these functions provide a low-level interface to \s-1ECDSA.\s0 Most -applications should use the higher level \fB\s-1EVP\s0\fR interface such as -\&\fBEVP_DigestSignInit\fR\|(3) or \fBEVP_DigestVerifyInit\fR\|(3) instead. -.PP \&\fB\s-1ECDSA_SIG\s0\fR is an opaque structure consisting of two BIGNUMs for the -\&\fBr\fR and \fBs\fR value of an \s-1ECDSA\s0 signature (see X9.62 or \s-1FIPS 186\-2\s0). +\&\fIr\fR and \fIs\fR value of an Elliptic Curve Digital Signature Algorithm (\s-1ECDSA\s0) signature +(see \s-1FIPS186\-4\s0 or X9.62). +The \fB\s-1ECDSA_SIG\s0\fR object was mainly used by the deprecated low level functions described in +\&\fBECDSA_sign\fR\|(3), it is still required in order to be able to set or get the values of +\&\fIr\fR and \fIs\fR into or from a signature. This is mainly used for testing purposes as shown +in the \*(L"\s-1EXAMPLES\*(R"\s0. .PP -\&\fBECDSA_SIG_new()\fR allocates an empty \fB\s-1ECDSA_SIG\s0\fR structure. Note: before -OpenSSL 1.1.0 the: the \fBr\fR and \fBs\fR components were initialised. +\&\fBECDSA_SIG_new()\fR allocates an empty \fB\s-1ECDSA_SIG\s0\fR structure. +Note: before OpenSSL 1.1.0, the \fIr\fR and \fIs\fR components were initialised. .PP -\&\fBECDSA_SIG_free()\fR frees the \fB\s-1ECDSA_SIG\s0\fR structure \fBsig\fR. +\&\fBECDSA_SIG_free()\fR frees the \fB\s-1ECDSA_SIG\s0\fR structure \fIsig\fR. .PP -\&\fBECDSA_SIG_get0()\fR returns internal pointers the \fBr\fR and \fBs\fR values contained -in \fBsig\fR and stores them in \fB*pr\fR and \fB*ps\fR, respectively. -The pointer \fBpr\fR or \fBps\fR can be \s-1NULL,\s0 in which case the corresponding value +\&\fBECDSA_SIG_get0()\fR returns internal pointers the \fIr\fR and \fIs\fR values contained +in \fIsig\fR and stores them in \fI*pr\fR and \fI*ps\fR, respectively. +The pointer \fIpr\fR or \fIps\fR can be \s-1NULL,\s0 in which case the corresponding value is not returned. .PP -The values \fBr\fR, \fBs\fR can also be retrieved separately by the corresponding +The values \fIr\fR, \fIs\fR can also be retrieved separately by the corresponding function \fBECDSA_SIG_get0_r()\fR and \fBECDSA_SIG_get0_s()\fR, respectively. .PP -The \fBr\fR and \fBs\fR values can be set by calling \fBECDSA_SIG_set0()\fR and passing the -new values for \fBr\fR and \fBs\fR as parameters to the function. Calling this -function transfers the memory management of the values to the \s-1ECDSA_SIG\s0 object, -and therefore the values that have been passed in should not be freed directly -after this function has been called. +Non-NULL \fIr\fR and \fIs\fR values can be set on the \fIsig\fR by calling +\&\fBECDSA_SIG_set0()\fR. Calling this function transfers the memory management of the +values to the \fB\s-1ECDSA_SIG\s0\fR object, and therefore the values that have been +passed in should not be freed by the caller. .PP See \fBi2d_ECDSA_SIG\fR\|(3) and \fBd2i_ECDSA_SIG\fR\|(3) for information about encoding and decoding \s-1ECDSA\s0 signatures to/from \s-1DER.\s0 -.PP -\&\fBECDSA_size()\fR returns the maximum length of a \s-1DER\s0 encoded \s-1ECDSA\s0 signature -created with the private \s-1EC\s0 key \fBeckey\fR. -.PP -\&\fBECDSA_sign()\fR computes a digital signature of the \fBdgstlen\fR bytes hash value -\&\fBdgst\fR using the private \s-1EC\s0 key \fBeckey\fR. The \s-1DER\s0 encoded signatures is -stored in \fBsig\fR and its length is returned in \fBsig_len\fR. Note: \fBsig\fR must -point to ECDSA_size(eckey) bytes of memory. The parameter \fBtype\fR is currently -ignored. \fBECDSA_sign()\fR is wrapper function for \fBECDSA_sign_ex()\fR with \fBkinv\fR -and \fBrp\fR set to \s-1NULL.\s0 -.PP -\&\fBECDSA_do_sign()\fR is similar to \fBECDSA_sign()\fR except the signature is returned -as a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error). \fBECDSA_do_sign()\fR -is a wrapper function for \fBECDSA_do_sign_ex()\fR with \fBkinv\fR and \fBrp\fR set to -\&\s-1NULL.\s0 -.PP -\&\fBECDSA_verify()\fR verifies that the signature in \fBsig\fR of size \fBsiglen\fR is a -valid \s-1ECDSA\s0 signature of the hash value \fBdgst\fR of size \fBdgstlen\fR using the -public key \fBeckey\fR. The parameter \fBtype\fR is ignored. -.PP -\&\fBECDSA_do_verify()\fR is similar to \fBECDSA_verify()\fR except the signature is -presented in the form of a pointer to an \fB\s-1ECDSA_SIG\s0\fR structure. -.PP -The remaining functions utilise the internal \fBkinv\fR and \fBr\fR values used -during signature computation. Most applications will never need to call these -and some external \s-1ECDSA ENGINE\s0 implementations may not support them at all if -either \fBkinv\fR or \fBr\fR is not \fB\s-1NULL\s0\fR. -.PP -\&\fBECDSA_sign_setup()\fR may be used to precompute parts of the signing operation. -\&\fBeckey\fR is the private \s-1EC\s0 key and \fBctx\fR is a pointer to \fB\s-1BN_CTX\s0\fR structure -(or \s-1NULL\s0). The precomputed values or returned in \fBkinv\fR and \fBrp\fR and can be -used in a later call to \fBECDSA_sign_ex()\fR or \fBECDSA_do_sign_ex()\fR. -.PP -\&\fBECDSA_sign_ex()\fR computes a digital signature of the \fBdgstlen\fR bytes hash value -\&\fBdgst\fR using the private \s-1EC\s0 key \fBeckey\fR and the optional pre-computed values -\&\fBkinv\fR and \fBrp\fR. The \s-1DER\s0 encoded signature is stored in \fBsig\fR and its -length is returned in \fBsig_len\fR. Note: \fBsig\fR must point to ECDSA_size(eckey) -bytes of memory. The parameter \fBtype\fR is ignored. -.PP -\&\fBECDSA_do_sign_ex()\fR is similar to \fBECDSA_sign_ex()\fR except the signature is -returned as a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBECDSA_SIG_new()\fR returns \s-1NULL\s0 if the allocation fails. @@ -250,98 +190,89 @@ returned as a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 o .PP \&\fBECDSA_SIG_get0_r()\fR and \fBECDSA_SIG_get0_s()\fR return the corresponding value, or \s-1NULL\s0 if it is unset. -.PP -\&\fBECDSA_size()\fR returns the maximum length signature or 0 on error. -.PP -\&\fBECDSA_sign()\fR, \fBECDSA_sign_ex()\fR and \fBECDSA_sign_setup()\fR return 1 if successful -or 0 on error. -.PP -\&\fBECDSA_do_sign()\fR and \fBECDSA_do_sign_ex()\fR return a pointer to an allocated -\&\fB\s-1ECDSA_SIG\s0\fR structure or \s-1NULL\s0 on error. -.PP -\&\fBECDSA_verify()\fR and \fBECDSA_do_verify()\fR return 1 for a valid -signature, 0 for an invalid signature and \-1 on error. -The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "EXAMPLES" .IX Header "EXAMPLES" -Creating an \s-1ECDSA\s0 signature of a given \s-1SHA\-256\s0 hash value using the -named curve prime256v1 (aka P\-256). -.PP -First step: create an \s-1EC_KEY\s0 object (note: this part is \fBnot\fR \s-1ECDSA\s0 -specific) +Extract signature \fIr\fR and \fIs\fR values from a \s-1ECDSA\s0 \fIsignature\fR +of size \fIsignaturelen\fR: .PP -.Vb 3 -\& int ret; -\& ECDSA_SIG *sig; -\& EC_KEY *eckey; +.Vb 2 +\& ECDSA_SIG *obj; +\& const BIGNUM *r, *s; \& -\& eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); -\& if (eckey == NULL) +\& /* Load a signature into the ECDSA_SIG object */ +\& obj = d2i_ECDSA_SIG(NULL, &signature, signaturelen); +\& if (obj == NULL) \& /* error */ -\& if (EC_KEY_generate_key(eckey) == 0) +\& +\& r = ECDSA_SIG_get0_r(obj); +\& s = ECDSA_SIG_get0_s(obj); +\& if (r == NULL || s == NULL) \& /* error */ +\& +\& /* Use BN_bn2binpad() here to convert to r and s into byte arrays */ +\& +\& /* +\& * Do not try to access I<r> or I<s> after calling ECDSA_SIG_free(), +\& * as they are both freed by this call. +\& */ +\& ECDSA_SIG_free(obj); .Ve .PP -Second step: compute the \s-1ECDSA\s0 signature of a \s-1SHA\-256\s0 hash value -using \fBECDSA_do_sign()\fR: +Convert \fIr\fR and \fIs\fR byte arrays into an \s-1ECDSA_SIG\s0 \fIsignature\fR of +size \fIsignaturelen\fR: .PP -.Vb 3 -\& sig = ECDSA_do_sign(digest, 32, eckey); -\& if (sig == NULL) +.Vb 4 +\& ECDSA_SIG *obj = NULL; +\& unsigned char *signature = NULL; +\& size_t signaturelen; +\& BIGNUM *rbn = NULL, *sbn = NULL; +\& +\& obj = ECDSA_SIG_new(); +\& if (obj == NULL) +\& /* error */ +\& rbn = BN_bin2bn(r, rlen, NULL); +\& sbn = BN_bin2bn(s, slen, NULL); +\& if (rbn == NULL || sbn == NULL) \& /* error */ -.Ve -.PP -or using \fBECDSA_sign()\fR: -.PP -.Vb 2 -\& unsigned char *buffer, *pp; -\& int buf_len; \& -\& buf_len = ECDSA_size(eckey); -\& buffer = OPENSSL_malloc(buf_len); -\& pp = buffer; -\& if (ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) == 0) +\& if (!ECDSA_SIG_set0(obj, rbn, sbn)) \& /* error */ -.Ve -.PP -Third step: verify the created \s-1ECDSA\s0 signature using \fBECDSA_do_verify()\fR: -.PP -.Vb 1 -\& ret = ECDSA_do_verify(digest, 32, sig, eckey); -.Ve -.PP -or using \fBECDSA_verify()\fR: -.PP -.Vb 1 -\& ret = ECDSA_verify(0, digest, 32, buffer, buf_len, eckey); -.Ve -.PP -and finally evaluate the return value: -.PP -.Vb 6 -\& if (ret == 1) -\& /* signature ok */ -\& else if (ret == 0) -\& /* incorrect signature */ -\& else +\& /* Set these to NULL since they are now owned by obj */ +\& rbn = sbn = NULL; +\& +\& signaturelen = i2d_ECDSA_SIG(obj, &signature); +\& if (signaturelen <= 0) \& /* error */ +\& +\& /* +\& * This signature could now be passed to L<EVP_DigestVerify(3)> +\& * or L<EVP_DigestVerifyFinal(3)> +\& */ +\& +\& BN_free(rbn); +\& BN_free(sbn); +\& OPENSSL_free(signature); +\& ECDSA_SIG_free(obj); .Ve .SH "CONFORMING TO" .IX Header "CONFORMING TO" -\&\s-1ANSI X9.62, US\s0 Federal Information Processing Standard \s-1FIPS 186\-2\s0 +\&\s-1ANSI X9.62, +US\s0 Federal Information Processing Standard \s-1FIPS186\-4\s0 (Digital Signature Standard, \s-1DSS\s0) .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEC_KEY_new\fR\|(3), \&\fBEVP_DigestSignInit\fR\|(3), \&\fBEVP_DigestVerifyInit\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3) \&\fBi2d_ECDSA_SIG\fR\|(3), -\&\fBd2i_ECDSA_SIG\fR\|(3) +\&\fBd2i_ECDSA_SIG\fR\|(3), +\&\fBECDSA_sign\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2004\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ECDSA_sign.3 b/secure/lib/libcrypto/man/man3/ECDSA_sign.3 new file mode 100644 index 000000000000..08e466880236 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ECDSA_sign.3 @@ -0,0 +1,327 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ECDSA_SIGN 3ossl" +.TH ECDSA_SIGN 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ECDSA_size, ECDSA_sign, ECDSA_do_sign, +ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign_ex, +ECDSA_do_sign_ex \- deprecated low\-level elliptic curve digital signature algorithm +(ECDSA) functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ecdsa.h> +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& int ECDSA_size(const EC_KEY *eckey); +\& +\& int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, +\& unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); +\& ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, +\& EC_KEY *eckey); +\& +\& int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, +\& const unsigned char *sig, int siglen, EC_KEY *eckey); +\& int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, +\& const ECDSA_SIG *sig, EC_KEY* eckey); +\& +\& ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, +\& const BIGNUM *kinv, const BIGNUM *rp, +\& EC_KEY *eckey); +\& int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); +\& int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, +\& unsigned char *sig, unsigned int *siglen, +\& const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +See \fBECDSA_SIG_new\fR\|(3) for a description of the \fB\s-1ECDSA_SIG\s0\fR object. +.PP +See \fBi2d_ECDSA_SIG\fR\|(3) and \fBd2i_ECDSA_SIG\fR\|(3) for information about encoding +and decoding \s-1ECDSA\s0 signatures to/from \s-1DER.\s0 +.PP +All of the functions described below are deprecated. Applications should +use the higher level \fB\s-1EVP\s0\fR interface such as \fBEVP_DigestSignInit\fR\|(3) +or \fBEVP_DigestVerifyInit\fR\|(3) instead. +.PP +\&\fBECDSA_size()\fR returns the maximum length of a \s-1DER\s0 encoded \s-1ECDSA\s0 signature +created with the private \s-1EC\s0 key \fIeckey\fR. To obtain the actual signature +size use \fBEVP_PKEY_sign\fR\|(3) with a \s-1NULL\s0 \fIsig\fR parameter. +.PP +\&\fBECDSA_sign()\fR computes a digital signature of the \fIdgstlen\fR bytes hash value +\&\fIdgst\fR using the private \s-1EC\s0 key \fIeckey\fR. The \s-1DER\s0 encoded signatures is +stored in \fIsig\fR and its length is returned in \fIsig_len\fR. Note: \fIsig\fR must +point to ECDSA_size(eckey) bytes of memory. The parameter \fItype\fR is currently +ignored. \fBECDSA_sign()\fR is wrapper function for \fBECDSA_sign_ex()\fR with \fIkinv\fR +and \fIrp\fR set to \s-1NULL.\s0 +.PP +\&\fBECDSA_do_sign()\fR is similar to \fBECDSA_sign()\fR except the signature is returned +as a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error). \fBECDSA_do_sign()\fR +is a wrapper function for \fBECDSA_do_sign_ex()\fR with \fIkinv\fR and \fIrp\fR set to +\&\s-1NULL.\s0 +.PP +\&\fBECDSA_verify()\fR verifies that the signature in \fIsig\fR of size \fIsiglen\fR is a +valid \s-1ECDSA\s0 signature of the hash value \fIdgst\fR of size \fIdgstlen\fR using the +public key \fIeckey\fR. The parameter \fItype\fR is ignored. +.PP +\&\fBECDSA_do_verify()\fR is similar to \fBECDSA_verify()\fR except the signature is +presented in the form of a pointer to an \fB\s-1ECDSA_SIG\s0\fR structure. +.PP +The remaining functions utilise the internal \fIkinv\fR and \fIr\fR values used +during signature computation. Most applications will never need to call these +and some external \s-1ECDSA ENGINE\s0 implementations may not support them at all if +either \fIkinv\fR or \fIr\fR is not \s-1NULL.\s0 +.PP +\&\fBECDSA_sign_setup()\fR may be used to precompute parts of the signing operation. +\&\fIeckey\fR is the private \s-1EC\s0 key and \fIctx\fR is a pointer to \fB\s-1BN_CTX\s0\fR structure +(or \s-1NULL\s0). The precomputed values or returned in \fIkinv\fR and \fIrp\fR and can be +used in a later call to \fBECDSA_sign_ex()\fR or \fBECDSA_do_sign_ex()\fR. +.PP +\&\fBECDSA_sign_ex()\fR computes a digital signature of the \fIdgstlen\fR bytes hash value +\&\fIdgst\fR using the private \s-1EC\s0 key \fIeckey\fR and the optional pre-computed values +\&\fIkinv\fR and \fIrp\fR. The \s-1DER\s0 encoded signature is stored in \fIsig\fR and its +length is returned in \fIsig_len\fR. Note: \fIsig\fR must point to ECDSA_size(eckey) +bytes of memory. The parameter \fItype\fR is ignored. +.PP +\&\fBECDSA_do_sign_ex()\fR is similar to \fBECDSA_sign_ex()\fR except the signature is +returned as a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBECDSA_size()\fR returns the maximum length signature or 0 on error. +.PP +\&\fBECDSA_sign()\fR, \fBECDSA_sign_ex()\fR and \fBECDSA_sign_setup()\fR return 1 if successful +or 0 on error. +.PP +\&\fBECDSA_do_sign()\fR and \fBECDSA_do_sign_ex()\fR return a pointer to an allocated +\&\fB\s-1ECDSA_SIG\s0\fR structure or \s-1NULL\s0 on error. +.PP +\&\fBECDSA_verify()\fR and \fBECDSA_do_verify()\fR return 1 for a valid +signature, 0 for an invalid signature and \-1 on error. +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Creating an \s-1ECDSA\s0 signature of a given \s-1SHA\-256\s0 hash value using the +named curve prime256v1 (aka P\-256). +This example uses deprecated functionality. See \*(L"\s-1DESCRIPTION\*(R"\s0. +.PP +First step: create an \s-1EC_KEY\s0 object (note: this part is \fBnot\fR \s-1ECDSA\s0 +specific) +.PP +.Vb 3 +\& int ret; +\& ECDSA_SIG *sig; +\& EC_KEY *eckey; +\& +\& eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); +\& if (eckey == NULL) +\& /* error */ +\& if (EC_KEY_generate_key(eckey) == 0) +\& /* error */ +.Ve +.PP +Second step: compute the \s-1ECDSA\s0 signature of a \s-1SHA\-256\s0 hash value +using \fBECDSA_do_sign()\fR: +.PP +.Vb 3 +\& sig = ECDSA_do_sign(digest, 32, eckey); +\& if (sig == NULL) +\& /* error */ +.Ve +.PP +or using \fBECDSA_sign()\fR: +.PP +.Vb 2 +\& unsigned char *buffer, *pp; +\& int buf_len; +\& +\& buf_len = ECDSA_size(eckey); +\& buffer = OPENSSL_malloc(buf_len); +\& pp = buffer; +\& if (ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) == 0) +\& /* error */ +.Ve +.PP +Third step: verify the created \s-1ECDSA\s0 signature using \fBECDSA_do_verify()\fR: +.PP +.Vb 1 +\& ret = ECDSA_do_verify(digest, 32, sig, eckey); +.Ve +.PP +or using \fBECDSA_verify()\fR: +.PP +.Vb 1 +\& ret = ECDSA_verify(0, digest, 32, buffer, buf_len, eckey); +.Ve +.PP +and finally evaluate the return value: +.PP +.Vb 6 +\& if (ret == 1) +\& /* signature ok */ +\& else if (ret == 0) +\& /* incorrect signature */ +\& else +\& /* error */ +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ANSI X9.62, US\s0 Federal Information Processing Standard \s-1FIPS186\-2\s0 +(Digital Signature Standard, \s-1DSS\s0) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEC_KEY_new\fR\|(3), +\&\fBEVP_DigestSignInit\fR\|(3), +\&\fBEVP_DigestVerifyInit\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3) +\&\fBi2d_ECDSA_SIG\fR\|(3), +\&\fBd2i_ECDSA_SIG\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All functionality described here was deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2022 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ECPKParameters_print.3 b/secure/lib/libcrypto/man/man3/ECPKParameters_print.3 index 3cfda676cbfb..376608257533 100644 --- a/secure/lib/libcrypto/man/man3/ECPKParameters_print.3 +++ b/secure/lib/libcrypto/man/man3/ECPKParameters_print.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,24 +130,34 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ECPKPARAMETERS_PRINT 3" -.TH ECPKPARAMETERS_PRINT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "ECPKPARAMETERS_PRINT 3ossl" +.TH ECPKPARAMETERS_PRINT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ECPKParameters_print, ECPKParameters_print_fp \- Functions for decoding and encoding ASN1 representations of elliptic curve entities +ECPKParameters_print, ECPKParameters_print_fp \- Functions for decoding and +encoding ASN1 representations of elliptic curve entities .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ec.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 2 \& int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); \& int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fBEVP_PKEY_print_params\fR\|(3) +.PP The ECPKParameters represent the public parameters for an \&\fB\s-1EC_GROUP\s0\fR structure, which represents a curve. .PP @@ -165,11 +173,14 @@ return 1 for success and 0 if an error occurs. \&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), \&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), \&\fBEC_GFp_simple_method\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EC_GFp_simple_method.3 b/secure/lib/libcrypto/man/man3/EC_GFp_simple_method.3 index f7b669a1350a..b8ae359b54ef 100644 --- a/secure/lib/libcrypto/man/man3/EC_GFp_simple_method.3 +++ b/secure/lib/libcrypto/man/man3/EC_GFp_simple_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EC_GFP_SIMPLE_METHOD 3" -.TH EC_GFP_SIMPLE_METHOD 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EC_GFP_SIMPLE_METHOD 3ossl" +.TH EC_GFP_SIMPLE_METHOD 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,7 +142,13 @@ EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_me .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ec.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 6 \& const EC_METHOD *EC_GFp_simple_method(void); \& const EC_METHOD *EC_GFp_mont_method(void); \& const EC_METHOD *EC_GFp_nist_method(void); @@ -158,6 +162,9 @@ EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_me .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All const \s-1EC_METHOD\s0 *EC_GF* functions were deprecated in OpenSSL 3.0, since +\&\s-1EC_METHOD\s0 is no longer a public concept. +.PP The Elliptic Curve library provides a number of different implementations through a single common interface. When constructing a curve using EC_GROUP_new (see \fBEC_GROUP_new\fR\|(3)) an implementation method must be provided. The functions described here all return a const pointer to an @@ -176,10 +183,8 @@ The functions EC_GFp_nistp224_method, EC_GFp_nistp256_method and EC_GFp_nistp521 optimised implementations for the \s-1NIST P224, P256\s0 and P521 curves respectively. Note, however, that these implementations are not available on all platforms. .PP -EC_METHOD_get_field_type identifies what type of field the \s-1EC_METHOD\s0 structure supports, which will be either -F2^m or Fp. If the field type is Fp then the value \fBNID_X9_62_prime_field\fR is returned. If the field type is -F2^m then the value \fBNID_X9_62_characteristic_two_field\fR is returned. These values are defined in the -obj_mac.h header file. +\&\fBEC_METHOD_get_field_type()\fR was deprecated in OpenSSL 3.0. +Applications should use \fBEC_GROUP_get_field_type()\fR as a replacement (see \fBEC_GROUP_copy\fR\|(3)). .SH "RETURN VALUES" .IX Header "RETURN VALUES" All EC_GFp* functions and EC_GF2m_simple_method always return a const pointer to an \s-1EC_METHOD\s0 structure. @@ -191,11 +196,18 @@ EC_METHOD_get_field_type returns an integer that identifies the type of field th \&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), \&\fBd2i_ECPKParameters\fR\|(3), \&\fBBN_mod_mul_montgomery\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBEC_GFp_simple_method()\fR, EC_GFp_mont_method(void), +\&\fBEC_GFp_nist_method()\fR, \fBEC_GFp_nistp224_method()\fR, +\&\fBEC_GFp_nistp256_method()\fR, \fBEC_GFp_nistp521_method()\fR, +\&\fBEC_GF2m_simple_method()\fR, and \fBEC_METHOD_get_field_type()\fR +were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EC_GROUP_copy.3 b/secure/lib/libcrypto/man/man3/EC_GROUP_copy.3 index 0a88ae500319..1c8e41eda72a 100644 --- a/secure/lib/libcrypto/man/man3/EC_GROUP_copy.3 +++ b/secure/lib/libcrypto/man/man3/EC_GROUP_copy.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,26 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EC_GROUP_COPY 3" -.TH EC_GROUP_COPY 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EC_GROUP_COPY 3ossl" +.TH EC_GROUP_COPY 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EC_GROUP_get0_order, EC_GROUP_order_bits, EC_GROUP_get0_cofactor, EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator, EC_GROUP_get0_generator, EC_GROUP_get_order, EC_GROUP_get_cofactor, EC_GROUP_set_curve_name, EC_GROUP_get_curve_name, EC_GROUP_set_asn1_flag, EC_GROUP_get_asn1_flag, EC_GROUP_set_point_conversion_form, EC_GROUP_get_point_conversion_form, EC_GROUP_get0_seed, EC_GROUP_get_seed_len, EC_GROUP_set_seed, EC_GROUP_get_degree, EC_GROUP_check, EC_GROUP_check_discriminant, EC_GROUP_cmp, EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis, EC_GROUP_get_pentanomial_basis \&\- Functions for manipulating EC_GROUP objects +EC_GROUP_get0_order, EC_GROUP_order_bits, EC_GROUP_get0_cofactor, +EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator, +EC_GROUP_get0_generator, EC_GROUP_get_order, EC_GROUP_get_cofactor, +EC_GROUP_set_curve_name, EC_GROUP_get_curve_name, EC_GROUP_set_asn1_flag, +EC_GROUP_get_asn1_flag, EC_GROUP_set_point_conversion_form, +EC_GROUP_get_point_conversion_form, EC_GROUP_get0_seed, +EC_GROUP_get_seed_len, EC_GROUP_set_seed, EC_GROUP_get_degree, +EC_GROUP_check, EC_GROUP_check_named_curve, +EC_GROUP_check_discriminant, EC_GROUP_cmp, +EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis, +EC_GROUP_get_pentanomial_basis, EC_GROUP_get0_field, +EC_GROUP_get_field_type +\&\- Functions for manipulating EC_GROUP objects .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -148,8 +158,6 @@ EC_GROUP_get0_order, EC_GROUP_order_bits, EC_GROUP_get0_cofactor, EC_GROUP_copy, \& int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); \& EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); \& -\& const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); -\& \& int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, \& const BIGNUM *order, const BIGNUM *cofactor); \& const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); @@ -159,6 +167,7 @@ EC_GROUP_get0_order, EC_GROUP_order_bits, EC_GROUP_get0_cofactor, EC_GROUP_copy, \& int EC_GROUP_order_bits(const EC_GROUP *group); \& int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx); \& const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group); +\& const BIGNUM *EC_GROUP_get0_field(const EC_GROUP *group); \& \& void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); \& int EC_GROUP_get_curve_name(const EC_GROUP *group); @@ -169,22 +178,34 @@ EC_GROUP_get0_order, EC_GROUP_order_bits, EC_GROUP_get0_cofactor, EC_GROUP_copy, \& void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form); \& point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *group); \& -\& unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); -\& size_t EC_GROUP_get_seed_len(const EC_GROUP *); -\& size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); +\& unsigned char *EC_GROUP_get0_seed(const EC_GROUP *group); +\& size_t EC_GROUP_get_seed_len(const EC_GROUP *group); +\& size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *, size_t len); \& \& int EC_GROUP_get_degree(const EC_GROUP *group); \& \& int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); +\& int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only, +\& BN_CTX *ctx); \& \& int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); \& \& int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); \& -\& int EC_GROUP_get_basis_type(const EC_GROUP *); -\& int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); -\& int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, +\& int EC_GROUP_get_basis_type(const EC_GROUP *group); +\& int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k); +\& int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1, \& unsigned int *k2, unsigned int *k3); +\& +\& int EC_GROUP_get_field_type(const EC_GROUP *group); +.Ve +.PP +The following function has been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -194,6 +215,7 @@ EC_GROUP_get0_order, EC_GROUP_order_bits, EC_GROUP_get0_cofactor, EC_GROUP_copy, \&\s-1EC_GROUP\s0 object. .PP \&\fBEC_GROUP_method_of()\fR obtains the \s-1EC_METHOD\s0 of \fBgroup\fR. +This function was deprecated in OpenSSL 3.0, since \s-1EC_METHOD\s0 is no longer a public concept. .PP \&\fBEC_GROUP_set_generator()\fR sets curve parameters that must be agreed by all participants using the curve. These parameters include the \fBgenerator\fR, the \fBorder\fR and the \fBcofactor\fR. The \fBgenerator\fR is a well defined point on the @@ -246,7 +268,7 @@ point_conversion_form_t is an enum defined as follows: For \s-1POINT_CONVERSION_UNCOMPRESSED\s0 the point is encoded as an octet signifying the \s-1UNCOMPRESSED\s0 form has been used followed by the octets for x, followed by the octets for y. .PP -For any given x co-ordinate for a point on a curve it is possible to derive two possible y values. For +For any given x coordinate for a point on a curve it is possible to derive two possible y values. For \&\s-1POINT_CONVERSION_COMPRESSED\s0 the point is encoded as an octet signifying that the \s-1COMPRESSED\s0 form has been used \s-1AND\s0 which of the two possible solutions for y has been used, followed by the octets for x. .PP @@ -265,16 +287,31 @@ built-in curves within the library provide seed values that can be obtained. It \&\fBEC_GROUP_set_seed()\fR and passing a pointer to a memory block, along with the length of the seed. Again, the \s-1EC\s0 library will not use this seed value, although it will be preserved in any \s-1ASN1\s0 based communications. .PP -\&\fBEC_GROUP_get_degree()\fR gets the degree of the field. For Fp fields this will be the number of bits in p. For F2^m fields this will be -the value m. +\&\fBEC_GROUP_get_degree()\fR gets the degree of the field. +For Fp fields this will be the number of bits in p. +For F2^m fields this will be the value m. +.PP +\&\fBEC_GROUP_get_field_type()\fR identifies what type of field the \s-1EC_GROUP\s0 structure supports, +which will be either F2^m or Fp. .PP The function \fBEC_GROUP_check_discriminant()\fR calculates the discriminant for the curve and verifies that it is valid. For a curve defined over Fp the discriminant is given by the formula 4*a^3 + 27*b^2 whilst for F2^m curves the discriminant is simply b. In either case for the curve to be valid the discriminant must be non zero. .PP -The function \fBEC_GROUP_check()\fR performs a number of checks on a curve to verify that it is valid. Checks performed include +The function \fBEC_GROUP_check()\fR behaves in the following way: +For the OpenSSL default provider it performs a number of checks on a curve to verify that it is valid. Checks performed include verifying that the discriminant is non zero; that a generator has been defined; that the generator is on the curve and has -the correct order. +the correct order. For the OpenSSL \s-1FIPS\s0 provider it uses \fBEC_GROUP_check_named_curve()\fR to conform to SP800\-56Ar3. +.PP +The function \fBEC_GROUP_check_named_curve()\fR determines if the group's domain parameters match one of the built-in curves supported by the library. +The curve name is returned as a \fB\s-1NID\s0\fR if it matches. If the group's domain parameters have been modified then no match will be found. +If the curve name of the given group is \fBNID_undef\fR (e.g. it has been created by using explicit parameters with no curve name), +then this method can be used to lookup the name of the curve that matches the group domain parameters. The built-in curves contain +aliases, so that multiple \s-1NID\s0's can map to the same domain parameters. For such curves it is unspecified which of the aliases will be +returned if the curve name of the given group is NID_undef. +If \fBnist_only\fR is 1 it will only look for \s-1NIST\s0 approved curves, otherwise it searches all built-in curves. +This function may be passed a \s-1BN_CTX\s0 object in the \fBctx\fR parameter. +The \fBctx\fR parameter may be \s-1NULL.\s0 .PP \&\fBEC_GROUP_cmp()\fR compares \fBa\fR and \fBb\fR to determine whether they represent the same curve or not. .PP @@ -316,9 +353,17 @@ The following functions return 1 on success or 0 on error: \fBEC_GROUP_copy()\fR .PP \&\fBEC_GROUP_get_degree()\fR returns the degree for \fBgroup\fR or 0 if the operation is not supported by the underlying group implementation. .PP +\&\fBEC_GROUP_get_field_type()\fR returns either \fBNID_X9_62_prime_field\fR for prime curves +or \fBNID_X9_62_characteristic_two_field\fR for binary curves; +these values are defined in the \fI<openssl/obj_mac.h>\fR header file. +.PP +\&\fBEC_GROUP_check_named_curve()\fR returns the nid of the matching named curve, otherwise it returns 0 for no match, or \-1 on error. +.PP \&\fBEC_GROUP_get0_order()\fR returns an internal pointer to the group order. \&\fBEC_GROUP_order_bits()\fR returns the number of bits in the group order. \&\fBEC_GROUP_get0_cofactor()\fR returns an internal pointer to the group cofactor. +\&\fBEC_GROUP_get0_field()\fR returns an internal pointer to the group field. For curves over \s-1GF\s0(p), this is the modulus; for curves +over \s-1GF\s0(2^m), this is the irreducible polynomial defining the field. .PP \&\fBEC_GROUP_get0_seed()\fR returns a pointer to the seed that was used to generate the parameter b, or \s-1NULL\s0 if the seed is not specified. \fBEC_GROUP_get_seed_len()\fR returns the length of the seed or 0 if the seed is not specified. @@ -328,18 +373,23 @@ specified. \fBEC_GROUP_get_seed_len()\fR returns the length of the seed or 0 if .PP \&\fBEC_GROUP_cmp()\fR returns 0 if the curves are equal, 1 if they are not equal, or \-1 on error. .PP -\&\fBEC_GROUP_get_basis_type()\fR returns the values NID_X9_62_tpBasis or NID_X9_62_ppBasis (as defined in <openssl/obj_mac.h>) for a +\&\fBEC_GROUP_get_basis_type()\fR returns the values NID_X9_62_tpBasis or NID_X9_62_ppBasis (as defined in \fI<openssl/obj_mac.h>\fR) for a trinomial or pentanomial respectively. Alternatively in the event of an error a 0 is returned. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), \&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBEC_GROUP_method_of()\fR was deprecated in OpenSSL 3.0. +\&\fBEC_GROUP_get0_field()\fR, \fBEC_GROUP_check_named_curve()\fR and \fBEC_GROUP_get_field_type()\fR were added in OpenSSL 3.0. +\&\fBEC_GROUP_get0_order()\fR, \fBEC_GROUP_order_bits()\fR and \fBEC_GROUP_get0_cofactor()\fR were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EC_GROUP_new.3 b/secure/lib/libcrypto/man/man3/EC_GROUP_new.3 index a08441181187..50ab5c927daf 100644 --- a/secure/lib/libcrypto/man/man3/EC_GROUP_new.3 +++ b/secure/lib/libcrypto/man/man3/EC_GROUP_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,35 +130,75 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EC_GROUP_NEW 3" -.TH EC_GROUP_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EC_GROUP_NEW 3ossl" +.TH EC_GROUP_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EC_GROUP_get_ecparameters, EC_GROUP_get_ecpkparameters, EC_GROUP_new, EC_GROUP_new_from_ecparameters, EC_GROUP_new_from_ecpkparameters, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_new_curve_GFp, EC_GROUP_new_curve_GF2m, EC_GROUP_new_by_curve_name, EC_GROUP_set_curve, EC_GROUP_get_curve, EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m, EC_get_builtin_curves \- Functions for creating and destroying EC_GROUP objects +EC_GROUP_get_ecparameters, +EC_GROUP_get_ecpkparameters, +EC_GROUP_new_from_params, +EC_GROUP_new_from_ecparameters, +EC_GROUP_new_from_ecpkparameters, +EC_GROUP_new, +EC_GROUP_free, +EC_GROUP_clear_free, +EC_GROUP_new_curve_GFp, +EC_GROUP_new_curve_GF2m, +EC_GROUP_new_by_curve_name_ex, +EC_GROUP_new_by_curve_name, +EC_GROUP_set_curve, +EC_GROUP_get_curve, +EC_GROUP_set_curve_GFp, +EC_GROUP_get_curve_GFp, +EC_GROUP_set_curve_GF2m, +EC_GROUP_get_curve_GF2m, +EC_get_builtin_curves, +OSSL_EC_curve_nid2name \- +Functions for creating and destroying EC_GROUP objects .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ec.h> \& -\& EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); -\& EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) -\& EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params) +\& EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], +\& OSSL_LIB_CTX *libctx, const char *propq); +\& EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params); +\& EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params); \& void EC_GROUP_free(EC_GROUP *group); -\& void EC_GROUP_clear_free(EC_GROUP *group); \& \& EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, \& const BIGNUM *b, BN_CTX *ctx); \& EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, \& const BIGNUM *b, BN_CTX *ctx); +\& EC_GROUP *EC_GROUP_new_by_curve_name_ex(OSSL_LIB_CTX *libctx, const char *propq, +\& int nid); \& EC_GROUP *EC_GROUP_new_by_curve_name(int nid); \& \& int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, \& const BIGNUM *b, BN_CTX *ctx); \& int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, \& BN_CTX *ctx); +\& +\& ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, +\& ECPARAMETERS *params); +\& ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, +\& ECPKPARAMETERS *params); +\& +\& size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); +\& const char *OSSL_EC_curve_nid2name(int nid); +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); +\& void EC_GROUP_clear_free(EC_GROUP *group); +\& \& int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, \& const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); \& int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, @@ -169,11 +207,6 @@ EC_GROUP_get_ecparameters, EC_GROUP_get_ecpkparameters, EC_GROUP_new, EC_GROUP_n \& const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); \& int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, \& BIGNUM *a, BIGNUM *b, BN_CTX *ctx); -\& -\& ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, ECPARAMETERS *params) -\& ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, ECPKPARAMETERS *params) -\& -\& size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -190,23 +223,38 @@ curve equation is modified to: .PP y^2 + xy = x^3 + ax^2 + b (where b != 0) .PP -Operations in a binary field are performed relative to an \fBirreducible -polynomial\fR. All such curves with OpenSSL use a trinomial or a pentanomial for -this parameter. +Operations in a binary field are performed relative to an +\&\fBirreducible polynomial\fR. All such curves with OpenSSL use a trinomial or a +pentanomial for this parameter. +.PP +Although deprecated since OpenSSL 3.0 and should no longer be used, +a new curve can be constructed by calling \fBEC_GROUP_new()\fR, using the +implementation provided by \fImeth\fR (see \fBEC_GFp_simple_method\fR\|(3)) and +associated with the library context \fIctx\fR (see \s-1\fBOSSL_LIB_CTX\s0\fR\|(3)). +The \fIctx\fR parameter may be \s-1NULL\s0 in which case the default library context is +used. +It is then necessary to call \fBEC_GROUP_set_curve()\fR to set the curve parameters. +Applications should instead use one of the other EC_GROUP_new_* constructors. .PP -A new curve can be constructed by calling \fBEC_GROUP_new()\fR, using the -implementation provided by \fBmeth\fR (see \fBEC_GFp_simple_method\fR\|(3)). It is then -necessary to call \fBEC_GROUP_set_curve()\fR to set the curve parameters. -\&\fBEC_GROUP_new_from_ecparameters()\fR will create a group from the specified -\&\fBparams\fR and \fBEC_GROUP_new_from_ecpkparameters()\fR will create a group from the -specific \s-1PK\s0 \fBparams\fR. +\&\fBEC_GROUP_new_from_params()\fR creates a group with parameters specified by \fIparams\fR. +The library context \fIlibctx\fR (see \s-1\fBOSSL_LIB_CTX\s0\fR\|(3)) and property query string +\&\fIpropq\fR are used to fetch algorithms from providers. +\&\fIparams\fR may be either a list of explicit params or a named group, +The values for \fIctx\fR and \fIpropq\fR may be \s-1NULL.\s0 +The \fIparams\fR that can be used are described in +\&\fB\s-1EVP_PKEY\-EC\s0\fR(7). .PP -\&\fBEC_GROUP_set_curve()\fR sets the curve parameters \fBp\fR, \fBa\fR and \fBb\fR. For a curve -over Fp \fBp\fR is the prime for the field. For a curve over F2^m \fBp\fR represents +\&\fBEC_GROUP_new_from_ecparameters()\fR will create a group from the +specified \fIparams\fR and +\&\fBEC_GROUP_new_from_ecpkparameters()\fR will create a group from the specific \s-1PK\s0 +\&\fIparams\fR. +.PP +\&\fBEC_GROUP_set_curve()\fR sets the curve parameters \fIp\fR, \fIa\fR and \fIb\fR. For a curve +over Fp \fIp\fR is the prime for the field. For a curve over F2^m \fIp\fR represents the irreducible polynomial \- each bit represents a term in the polynomial. Therefore, there will either be three or five bits set dependent on whether the polynomial is a trinomial or a pentanomial. -In either case, \fBa\fR and \fBb\fR represents the coefficients a and b from the +In either case, \fIa\fR and \fIb\fR represents the coefficients a and b from the relevant equation introduced above. .PP \&\fBEC_group_get_curve()\fR obtains the previously set curve parameters. @@ -226,13 +274,13 @@ An appropriate default implementation method will be used. Whilst the library can be used to create any curve using the functions described above, there are also a number of predefined curves that are available. In order to obtain a list of all of the predefined curves, call the function -\&\fBEC_get_builtin_curves()\fR. The parameter \fBr\fR should be an array of -EC_builtin_curve structures of size \fBnitems\fR. The function will populate the -\&\fBr\fR array with information about the builtin curves. If \fBnitems\fR is less than -the total number of curves available, then the first \fBnitems\fR curves will be +\&\fBEC_get_builtin_curves()\fR. The parameter \fIr\fR should be an array of +EC_builtin_curve structures of size \fInitems\fR. The function will populate the +\&\fIr\fR array with information about the built-in curves. If \fInitems\fR is less than +the total number of curves available, then the first \fInitems\fR curves will be returned. Otherwise the total number of curves will be provided. The return value is the total number of curves available (whether that number has been -populated in \fBr\fR or not). Passing a \s-1NULL\s0 \fBr\fR, or setting \fBnitems\fR to 0 will +populated in \fIr\fR or not). Passing a \s-1NULL\s0 \fIr\fR, or setting \fInitems\fR to 0 will do nothing other than return the total number of curves available. The EC_builtin_curve structure is defined as follows: .PP @@ -243,37 +291,71 @@ The EC_builtin_curve structure is defined as follows: \& } EC_builtin_curve; .Ve .PP -Each EC_builtin_curve item has a unique integer id (\fBnid\fR), and a human +Each EC_builtin_curve item has a unique integer id (\fInid\fR), and a human readable comment string describing the curve. .PP -In order to construct a builtin curve use the function -\&\fBEC_GROUP_new_by_curve_name()\fR and provide the \fBnid\fR of the curve to -be constructed. +In order to construct a built-in curve use the function +\&\fBEC_GROUP_new_by_curve_name_ex()\fR and provide the \fInid\fR of the curve to +be constructed, the associated library context to be used in \fIctx\fR (see +\&\s-1\fBOSSL_LIB_CTX\s0\fR\|(3)) and any property query string in \fIpropq\fR. The \fIctx\fR value +may be \s-1NULL\s0 in which case the default library context is used. The \fIpropq\fR +value may also be \s-1NULL.\s0 +.PP +\&\fBEC_GROUP_new_by_curve_name()\fR is the same as +\&\fBEC_GROUP_new_by_curve_name_ex()\fR except that the default library context +is always used along with a \s-1NULL\s0 property query string. .PP \&\fBEC_GROUP_free()\fR frees the memory associated with the \s-1EC_GROUP.\s0 -If \fBgroup\fR is \s-1NULL\s0 nothing is done. +If \fIgroup\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fBEC_GROUP_clear_free()\fR is deprecated: it was meant to destroy any sensitive data +held within the \s-1EC_GROUP\s0 and then free its memory, but since all the data stored +in the \s-1EC_GROUP\s0 is public anyway, this function is unnecessary. +Its use can be safely replaced with \fBEC_GROUP_free()\fR. +If \fIgroup\fR is \s-1NULL\s0 nothing is done. .PP -\&\fBEC_GROUP_clear_free()\fR destroys any sensitive data held within the \s-1EC_GROUP\s0 and -then frees its memory. If \fBgroup\fR is \s-1NULL\s0 nothing is done. +\&\fBOSSL_EC_curve_nid2name()\fR converts a curve \fInid\fR into the corresponding name. .SH "RETURN VALUES" .IX Header "RETURN VALUES" All EC_GROUP_new* functions return a pointer to the newly constructed group, or \&\s-1NULL\s0 on error. .PP -\&\fBEC_get_builtin_curves()\fR returns the number of builtin curves that are available. +\&\fBEC_get_builtin_curves()\fR returns the number of built-in curves that are +available. .PP \&\fBEC_GROUP_set_curve_GFp()\fR, \fBEC_GROUP_get_curve_GFp()\fR, \fBEC_GROUP_set_curve_GF2m()\fR, \&\fBEC_GROUP_get_curve_GF2m()\fR return 1 on success or 0 on error. +.PP +\&\fBOSSL_EC_curve_nid2name()\fR returns a character string constant, or \s-1NULL\s0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \fBEC_GROUP_copy\fR\|(3), \&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), -\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) +\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3), +\&\s-1\fBOSSL_LIB_CTX\s0\fR\|(3), \s-1\fBEVP_PKEY\-EC\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +.IP "\(bu" 2 +\&\fBEC_GROUP_new()\fR was deprecated in OpenSSL 3.0. +.Sp +\&\fBEC_GROUP_new_by_curve_name_ex()\fR and \fBEC_GROUP_new_from_params()\fR were +added in OpenSSL 3.0. +.IP "\(bu" 2 +\&\fBEC_GROUP_clear_free()\fR was deprecated in OpenSSL 3.0; use \fBEC_GROUP_free()\fR +instead. +.IP "\(bu" 2 + +.Sp +.Vb 3 +\& EC_GROUP_set_curve_GFp(), EC_GROUP_get_curve_GFp(), +\& EC_GROUP_set_curve_GF2m() and EC_GROUP_get_curve_GF2m() were deprecated in +\& OpenSSL 3.0; use EC_GROUP_set_curve() and EC_GROUP_get_curve() instead. +.Ve .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2013\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EC_KEY_get_enc_flags.3 b/secure/lib/libcrypto/man/man3/EC_KEY_get_enc_flags.3 index dab36618e697..e28c9abb93e4 100644 --- a/secure/lib/libcrypto/man/man3/EC_KEY_get_enc_flags.3 +++ b/secure/lib/libcrypto/man/man3/EC_KEY_get_enc_flags.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EC_KEY_GET_ENC_FLAGS 3" -.TH EC_KEY_GET_ENC_FLAGS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EC_KEY_GET_ENC_FLAGS 3ossl" +.TH EC_KEY_GET_ENC_FLAGS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EC_KEY_get_enc_flags, EC_KEY_set_enc_flags \&\- Get and set flags for encoding EC_KEY structures +EC_KEY_get_enc_flags, EC_KEY_set_enc_flags +\&\- Get and set flags for encoding EC_KEY structures .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -184,7 +183,7 @@ set then the public key is not encoded along with the private key. .IX Header "COPYRIGHT" Copyright 2015\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EC_KEY_new.3 b/secure/lib/libcrypto/man/man3/EC_KEY_new.3 index 598df6f7f80f..326f0d38eaad 100644 --- a/secure/lib/libcrypto/man/man3/EC_KEY_new.3 +++ b/secure/lib/libcrypto/man/man3/EC_KEY_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,23 +130,47 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EC_KEY_NEW 3" -.TH EC_KEY_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EC_KEY_NEW 3ossl" +.TH EC_KEY_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags, EC_KEY_new_by_curve_name, EC_KEY_free, EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_engine, EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key, EC_KEY_get_conv_form, EC_KEY_set_conv_form, EC_KEY_set_asn1_flag, EC_KEY_decoded_from_explicit_params, EC_KEY_precompute_mult, EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_set_public_key_affine_coordinates, EC_KEY_oct2key, EC_KEY_key2buf, EC_KEY_oct2priv, EC_KEY_priv2oct, EC_KEY_priv2buf \- Functions for creating, destroying and manipulating EC_KEY objects +EVP_EC_gen, +EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new_ex, +EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags, +EC_KEY_new_by_curve_name_ex, EC_KEY_new_by_curve_name, EC_KEY_free, +EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_engine, +EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, +EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key, +EC_KEY_get_conv_form, +EC_KEY_set_conv_form, EC_KEY_set_asn1_flag, +EC_KEY_decoded_from_explicit_params, EC_KEY_precompute_mult, +EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_set_public_key_affine_coordinates, +EC_KEY_oct2key, EC_KEY_key2buf, EC_KEY_oct2priv, EC_KEY_priv2oct, +EC_KEY_priv2buf \- Functions for creating, destroying and manipulating +EC_KEY objects .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ec.h> \& +\& EVP_PKEY *EVP_EC_gen(const char *curve); +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 10 +\& EC_KEY *EC_KEY_new_ex(OSSL_LIB_CTX *ctx, const char *propq); \& EC_KEY *EC_KEY_new(void); \& int EC_KEY_get_flags(const EC_KEY *key); \& void EC_KEY_set_flags(EC_KEY *key, int flags); \& void EC_KEY_clear_flags(EC_KEY *key, int flags); +\& EC_KEY *EC_KEY_new_by_curve_name_ex(OSSL_LIB_CTX *ctx, const char *propq, +\& int nid); \& EC_KEY *EC_KEY_new_by_curve_name(int nid); \& void EC_KEY_free(EC_KEY *key); \& EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); @@ -158,14 +180,13 @@ EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_f \& const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); \& int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); \& const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); -\& int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); +\& int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key); \& const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); \& int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); \& point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); \& void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); \& void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); \& int EC_KEY_decoded_from_explicit_params(const EC_KEY *key); -\& int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); \& int EC_KEY_generate_key(EC_KEY *key); \& int EC_KEY_check_key(const EC_KEY *key); \& int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y); @@ -180,27 +201,52 @@ EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_f \& size_t EC_KEY_priv2oct(const EC_KEY *eckey, unsigned char *buf, size_t len); \& \& size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf); +\& int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +\&\fBEVP_EC_gen()\fR generates a new \s-1EC\s0 key pair on the given \fIcurve\fR. +.PP +All of the functions described below are deprecated. +Applications should instead use \fBEVP_EC_gen()\fR, \fBEVP_PKEY_Q_keygen\fR\|(3), or +\&\fBEVP_PKEY_keygen_init\fR\|(3) and \fBEVP_PKEY_keygen\fR\|(3). +.PP An \s-1EC_KEY\s0 represents a public key and, optionally, the associated private -key. A new \s-1EC_KEY\s0 with no associated curve can be constructed by calling -\&\fBEC_KEY_new()\fR. The reference count for the newly created \s-1EC_KEY\s0 is initially -set to 1. A curve can be associated with the \s-1EC_KEY\s0 by calling +key. +A new \s-1EC_KEY\s0 with no associated curve can be constructed by calling +\&\fBEC_KEY_new_ex()\fR and specifying the associated library context in \fIctx\fR +(see \s-1\fBOSSL_LIB_CTX\s0\fR\|(3)) and property query string \fIpropq\fR. +The \fIctx\fR parameter may be \s-1NULL\s0 in which case the default library context is +used. +The reference count for the newly created \s-1EC_KEY\s0 is initially +set to 1. +A curve can be associated with the \s-1EC_KEY\s0 by calling \&\fBEC_KEY_set_group()\fR. .PP +\&\fBEC_KEY_new()\fR is the same as \fBEC_KEY_new_ex()\fR except that the default library +context is always used. +.PP Alternatively a new \s-1EC_KEY\s0 can be constructed by calling -\&\fBEC_KEY_new_by_curve_name()\fR and supplying the nid of the associated curve. See -\&\fBEC_GROUP_new\fR\|(3) for a description of curve names. This function simply -wraps calls to \fBEC_KEY_new()\fR and \fBEC_GROUP_new_by_curve_name()\fR. +\&\fBEC_KEY_new_by_curve_name_ex()\fR and supplying the nid of the associated +curve, the library context to be used \fIctx\fR (see \s-1\fBOSSL_LIB_CTX\s0\fR\|(3)) and any +property query string \fIpropq\fR. +The \fIctx\fR parameter may be \s-1NULL\s0 in which case the default library context is +used. The \fIpropq\fR value may also be \s-1NULL.\s0 +See \fBEC_GROUP_new\fR\|(3) for a description of curve names. +This function simply wraps calls to \fBEC_KEY_new_ex()\fR and +\&\fBEC_GROUP_new_by_curve_name_ex()\fR. +.PP +\&\fBEC_KEY_new_by_curve_name()\fR is the same as \fBEC_KEY_new_by_curve_name_ex()\fR +except that the default library context is always used and a \s-1NULL\s0 property query +string. .PP Calling \fBEC_KEY_free()\fR decrements the reference count for the \s-1EC_KEY\s0 object, and if it has dropped to zero then frees the memory associated with it. If -\&\fBkey\fR is \s-1NULL\s0 nothing is done. +\&\fIkey\fR is \s-1NULL\s0 nothing is done. .PP -\&\fBEC_KEY_copy()\fR copies the contents of the \s-1EC_KEY\s0 in \fBsrc\fR into \fBdest\fR. +\&\fBEC_KEY_copy()\fR copies the contents of the \s-1EC_KEY\s0 in \fIsrc\fR into \fIdest\fR. .PP -\&\fBEC_KEY_dup()\fR creates a new \s-1EC_KEY\s0 object and copies \fBec_key\fR into it. +\&\fBEC_KEY_dup()\fR creates a new \s-1EC_KEY\s0 object and copies \fIec_key\fR into it. .PP \&\fBEC_KEY_up_ref()\fR increments the reference count associated with the \s-1EC_KEY\s0 object. @@ -209,7 +255,7 @@ object. this \s-1EC_KEY\s0 object. .PP \&\fBEC_KEY_generate_key()\fR generates a new public and private key for the supplied -\&\fBeckey\fR object. \fBeckey\fR must have an \s-1EC_GROUP\s0 object associated with it +\&\fIeckey\fR object. \fIeckey\fR must have an \s-1EC_GROUP\s0 object associated with it before calling this function. The private key is a random integer (0 < priv_key < order, where \fIorder\fR is the order of the \s-1EC_GROUP\s0 object). The public key is an \s-1EC_POINT\s0 on the curve calculated by multiplying the generator for the @@ -218,27 +264,29 @@ curve by the private key. \&\fBEC_KEY_check_key()\fR performs various sanity checks on the \s-1EC_KEY\s0 object to confirm that it is valid. .PP -\&\fBEC_KEY_set_public_key_affine_coordinates()\fR sets the public key for \fBkey\fR based -on its affine co-ordinates; i.e., it constructs an \s-1EC_POINT\s0 object based on -the supplied \fBx\fR and \fBy\fR values and sets the public key to be this +\&\fBEC_KEY_set_public_key_affine_coordinates()\fR sets the public key for \fIkey\fR based +on its affine coordinates; i.e., it constructs an \s-1EC_POINT\s0 object based on +the supplied \fIx\fR and \fIy\fR values and sets the public key to be this \&\s-1EC_POINT.\s0 It also performs certain sanity checks on the key to confirm that it is valid. .PP The functions \fBEC_KEY_get0_group()\fR, \fBEC_KEY_set_group()\fR, \&\fBEC_KEY_get0_private_key()\fR, \fBEC_KEY_set_private_key()\fR, \fBEC_KEY_get0_public_key()\fR, and \fBEC_KEY_set_public_key()\fR get and set the \s-1EC_GROUP\s0 object, the private key, -and the \s-1EC_POINT\s0 public key for the \fBkey\fR respectively. +and the \s-1EC_POINT\s0 public key for the \fBkey\fR respectively. The function +\&\fBEC_KEY_set_private_key()\fR accepts \s-1NULL\s0 as the priv_key argument to securely clear +the private key component from the \s-1EC_KEY.\s0 .PP The functions \fBEC_KEY_get_conv_form()\fR and \fBEC_KEY_set_conv_form()\fR get and set the -point_conversion_form for the \fBkey\fR. For a description of +point_conversion_form for the \fIkey\fR. For a description of point_conversion_forms please see \fBEC_POINT_new\fR\|(3). .PP -\&\fBEC_KEY_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1EC_KEY\s0 +\&\fBEC_KEY_set_flags()\fR sets the flags in the \fIflags\fR parameter on the \s-1EC_KEY\s0 object. Any flags that are already set are left set. The flags currently defined are \s-1EC_FLAG_NON_FIPS_ALLOW\s0 and \s-1EC_FLAG_FIPS_CHECKED.\s0 In addition there is the flag \s-1EC_FLAG_COFACTOR_ECDH\s0 which is specific to \s-1ECDH.\s0 \&\fBEC_KEY_get_flags()\fR returns the current flags that are set for this \s-1EC_KEY.\s0 -\&\fBEC_KEY_clear_flags()\fR clears the flags indicated by the \fBflags\fR parameter; all +\&\fBEC_KEY_clear_flags()\fR clears the flags indicated by the \fIflags\fR parameter; all other flags are left in their existing state. .PP \&\fBEC_KEY_set_asn1_flag()\fR sets the asn1_flag on the underlying \s-1EC_GROUP\s0 object @@ -251,14 +299,16 @@ is \s-1NULL\s0 or the group parameters are missing, and 0 otherwise. .PP \&\fBEC_KEY_precompute_mult()\fR stores multiples of the underlying \s-1EC_GROUP\s0 generator for faster point multiplication. See also \fBEC_POINT_add\fR\|(3). +Modern versions should instead switch to named curves which OpenSSL has +hardcoded lookup tables for. .PP \&\fBEC_KEY_oct2key()\fR and \fBEC_KEY_key2buf()\fR are identical to the functions \&\fBEC_POINT_oct2point()\fR and \fBEC_POINT_point2buf()\fR except they use the public key -\&\s-1EC_POINT\s0 in \fBeckey\fR. +\&\s-1EC_POINT\s0 in \fIeckey\fR. .PP \&\fBEC_KEY_oct2priv()\fR and \fBEC_KEY_priv2oct()\fR convert between the private key -component of \fBeckey\fR and octet form. The octet form consists of the content -octets of the \fBprivateKey\fR \s-1OCTET STRING\s0 in an \fBECPrivateKey\fR \s-1ASN.1\s0 structure. +component of \fIeckey\fR and octet form. The octet form consists of the content +octets of the \fIprivateKey\fR \s-1OCTET STRING\s0 in an \fIECPrivateKey\fR \s-1ASN.1\s0 structure. .PP The function \fBEC_KEY_priv2oct()\fR must be supplied with a buffer long enough to store the octet form. The return value provides the number of octets stored. @@ -266,16 +316,17 @@ Calling the function with a \s-1NULL\s0 buffer will not perform the conversion b will just return the required buffer length. .PP The function \fBEC_KEY_priv2buf()\fR allocates a buffer of suitable length and writes -an \s-1EC_KEY\s0 to it in octet format. The allocated buffer is written to \fB*pbuf\fR +an \s-1EC_KEY\s0 to it in octet format. The allocated buffer is written to \fI*pbuf\fR and its length is returned. The caller must free up the allocated buffer with a -call to \fBOPENSSL_free()\fR. Since the allocated buffer value is written to \fB*pbuf\fR -the \fBpbuf\fR parameter \fB\s-1MUST NOT\s0\fR be \fB\s-1NULL\s0\fR. +call to \fBOPENSSL_free()\fR. Since the allocated buffer value is written to \fI*pbuf\fR +the \fIpbuf\fR parameter \fB\s-1MUST NOT\s0\fR be \fB\s-1NULL\s0\fR. .PP \&\fBEC_KEY_priv2buf()\fR converts an \s-1EC_KEY\s0 private key into an allocated buffer. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBEC_KEY_new()\fR, \fBEC_KEY_new_by_curve_name()\fR and \fBEC_KEY_dup()\fR return a pointer to -the newly created \s-1EC_KEY\s0 object, or \s-1NULL\s0 on error. +\&\fBEC_KEY_new_ex()\fR, \fBEC_KEY_new()\fR, \fBEC_KEY_new_by_curve_name_ex()\fR, +\&\fBEC_KEY_new_by_curve_name()\fR and \fBEC_KEY_dup()\fR return a pointer to the newly +created \s-1EC_KEY\s0 object, or \s-1NULL\s0 on error. .PP \&\fBEC_KEY_get_flags()\fR returns the flags associated with the \s-1EC_KEY\s0 object as an integer. @@ -284,10 +335,14 @@ integer. .PP \&\fBEC_KEY_get0_engine()\fR returns a pointer to an \s-1ENGINE,\s0 or \s-1NULL\s0 if it wasn't set. .PP -\&\fBEC_KEY_up_ref()\fR, \fBEC_KEY_set_group()\fR, \fBEC_KEY_set_private_key()\fR, -\&\fBEC_KEY_set_public_key()\fR, \fBEC_KEY_precompute_mult()\fR, \fBEC_KEY_generate_key()\fR, -\&\fBEC_KEY_check_key()\fR, \fBEC_KEY_set_public_key_affine_coordinates()\fR, -\&\fBEC_KEY_oct2key()\fR and \fBEC_KEY_oct2priv()\fR return 1 on success or 0 on error. +\&\fBEC_KEY_up_ref()\fR, \fBEC_KEY_set_group()\fR, \fBEC_KEY_set_public_key()\fR, +\&\fBEC_KEY_precompute_mult()\fR, \fBEC_KEY_generate_key()\fR, \fBEC_KEY_check_key()\fR, +\&\fBEC_KEY_set_public_key_affine_coordinates()\fR, \fBEC_KEY_oct2key()\fR and +\&\fBEC_KEY_oct2priv()\fR return 1 on success or 0 on error. +.PP +\&\fBEC_KEY_set_private_key()\fR returns 1 on success or 0 on error except when the +priv_key argument is \s-1NULL,\s0 in that case it returns 0, for legacy compatibility, +and should not be treated as an error. .PP \&\fBEC_KEY_get0_group()\fR returns the \s-1EC_GROUP\s0 associated with the \s-1EC_KEY.\s0 .PP @@ -299,16 +354,23 @@ integer. of the buffer or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBEVP_PKEY_Q_keygen\fR\|(3) \&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \&\fBEC_GROUP_copy\fR\|(3), \fBEC_POINT_new\fR\|(3), \&\fBEC_POINT_add\fR\|(3), \&\fBEC_GFp_simple_method\fR\|(3), -\&\fBd2i_ECPKParameters\fR\|(3) +\&\fBd2i_ECPKParameters\fR\|(3), +\&\s-1\fBOSSL_LIB_CTX\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBEVP_EC_gen()\fR was added in OpenSSL 3.0. +All other functions described here were deprecated in OpenSSL 3.0. +For replacement see \s-1\fBEVP_PKEY\-EC\s0\fR\|(7). .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2013\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EC_POINT_add.3 b/secure/lib/libcrypto/man/man3/EC_POINT_add.3 index 15ac6972b16e..1195469bf39d 100644 --- a/secure/lib/libcrypto/man/man3/EC_POINT_add.3 +++ b/secure/lib/libcrypto/man/man3/EC_POINT_add.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EC_POINT_ADD 3" -.TH EC_POINT_ADD 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EC_POINT_ADD 3ossl" +.TH EC_POINT_ADD 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,13 +150,20 @@ EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_is_at_infinity, EC_POINT_i \& int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); \& int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx); \& int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); +\& int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, +\& const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 7 \& int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); \& int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, \& EC_POINT *points[], BN_CTX *ctx); \& int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, \& const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx); -\& int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, -\& const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); \& int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); \& int EC_GROUP_have_precompute_mult(const EC_GROUP *group); .Ve @@ -176,19 +181,24 @@ EC_POINT_is_on_curve tests whether the supplied point is on the curve or not. EC_POINT_cmp compares the two supplied points and tests whether or not they are equal. .PP The functions EC_POINT_make_affine and EC_POINTs_make_affine force the internal representation of the \s-1EC_POINT\s0(s) into the affine -co-ordinate system. In the case of EC_POINTs_make_affine the value \fBnum\fR provides the number of points in the array \fBpoints\fR to be -forced. +coordinate system. In the case of EC_POINTs_make_affine the value \fBnum\fR provides the number of points in the array \fBpoints\fR to be +forced. These functions were deprecated in OpenSSL 3.0 and should no longer be used. +Modern versions automatically perform this conversion when needed. .PP -EC_POINT_mul is a convenient interface to EC_POINTs_mul: it calculates the value generator * \fBn\fR + \fBq\fR * \fBm\fR and stores the result in \fBr\fR. +EC_POINT_mul calculates the value generator * \fBn\fR + \fBq\fR * \fBm\fR and stores the result in \fBr\fR. The value \fBn\fR may be \s-1NULL\s0 in which case the result is just \fBq\fR * \fBm\fR (variable point multiplication). Alternatively, both \fBq\fR and \fBm\fR may be \s-1NULL,\s0 and \fBn\fR non-NULL, in which case the result is just generator * \fBn\fR (fixed point multiplication). When performing a single fixed or variable point multiplication, the underlying implementation uses a constant time algorithm, when the input scalar (either \fBn\fR or \fBm\fR) is in the range [0, ec_group_order). .PP +Although deprecated in OpenSSL 3.0 and should no longer be used, EC_POINTs_mul calculates the value generator * \fBn\fR + \fBq[0]\fR * \fBm[0]\fR + ... + \fBq[num\-1]\fR * \fBm[num\-1]\fR. As for EC_POINT_mul the value \fBn\fR may be \s-1NULL\s0 or \fBnum\fR may be zero. When performing a fixed point multiplication (\fBn\fR is non-NULL and \fBnum\fR is 0) or a variable point multiplication (\fBn\fR is \s-1NULL\s0 and \fBnum\fR is 1), the underlying implementation uses a constant time algorithm, when the input scalar (either \fBn\fR or \fBm[0]\fR) is in the range [0, ec_group_order). +Modern versions should instead use \fBEC_POINT_mul()\fR, combined (if needed) with \fBEC_POINT_add()\fR in such rare circumstances. .PP The function EC_GROUP_precompute_mult stores multiples of the generator for faster point multiplication, whilst EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See \fBEC_GROUP_copy\fR\|(3) for information -about the generator. +about the generator. Precomputation functionality was deprecated in OpenSSL 3.0. +Users of \fBEC_GROUP_precompute_mult()\fR and \fBEC_GROUP_have_precompute_mult()\fR should +switch to named curves which OpenSSL has hardcoded lookup tables for. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following functions return 1 on success or 0 on error: EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_make_affine, @@ -206,11 +216,16 @@ EC_GROUP_have_precompute_mult return 1 if a precomputation has been done, or 0 i \&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), \&\fBEC_POINT_new\fR\|(3), \fBEC_KEY_new\fR\|(3), \&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBEC_POINT_make_affine()\fR, \fBEC_POINTs_make_affine()\fR, \fBEC_POINTs_mul()\fR, +\&\fBEC_GROUP_precompute_mult()\fR, and \fBEC_GROUP_have_precompute_mult()\fR +were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EC_POINT_new.3 b/secure/lib/libcrypto/man/man3/EC_POINT_new.3 index f10e06fd35fd..7fd7ce29e88c 100644 --- a/secure/lib/libcrypto/man/man3/EC_POINT_new.3 +++ b/secure/lib/libcrypto/man/man3/EC_POINT_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,39 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EC_POINT_NEW 3" -.TH EC_POINT_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EC_POINT_NEW 3ossl" +.TH EC_POINT_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EC_POINT_set_Jprojective_coordinates_GFp, EC_POINT_point2buf, EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy, EC_POINT_dup, EC_POINT_method_of, EC_POINT_set_to_infinity, EC_POINT_get_Jprojective_coordinates_GFp, EC_POINT_set_affine_coordinates, EC_POINT_get_affine_coordinates, EC_POINT_set_compressed_coordinates, EC_POINT_set_affine_coordinates_GFp, EC_POINT_get_affine_coordinates_GFp, EC_POINT_set_compressed_coordinates_GFp, EC_POINT_set_affine_coordinates_GF2m, EC_POINT_get_affine_coordinates_GF2m, EC_POINT_set_compressed_coordinates_GF2m, EC_POINT_point2oct, EC_POINT_oct2point, EC_POINT_point2bn, EC_POINT_bn2point, EC_POINT_point2hex, EC_POINT_hex2point \&\- Functions for creating, destroying and manipulating EC_POINT objects +EC_POINT_set_Jprojective_coordinates_GFp, +EC_POINT_point2buf, +EC_POINT_new, +EC_POINT_free, +EC_POINT_clear_free, +EC_POINT_copy, +EC_POINT_dup, +EC_POINT_method_of, +EC_POINT_set_to_infinity, +EC_POINT_get_Jprojective_coordinates_GFp, +EC_POINT_set_affine_coordinates, +EC_POINT_get_affine_coordinates, +EC_POINT_set_compressed_coordinates, +EC_POINT_set_affine_coordinates_GFp, +EC_POINT_get_affine_coordinates_GFp, +EC_POINT_set_compressed_coordinates_GFp, +EC_POINT_set_affine_coordinates_GF2m, +EC_POINT_get_affine_coordinates_GF2m, +EC_POINT_set_compressed_coordinates_GF2m, +EC_POINT_point2oct, +EC_POINT_oct2point, +EC_POINT_point2bn, +EC_POINT_bn2point, +EC_POINT_point2hex, +EC_POINT_hex2point +\&\- Functions for creating, destroying and manipulating EC_POINT objects .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -150,16 +173,7 @@ EC_POINT_set_Jprojective_coordinates_GFp, EC_POINT_point2buf, EC_POINT_new, EC_P \& void EC_POINT_clear_free(EC_POINT *point); \& int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); \& EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); -\& const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); \& int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); -\& int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, -\& EC_POINT *p, -\& const BIGNUM *x, const BIGNUM *y, -\& const BIGNUM *z, BN_CTX *ctx); -\& int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, -\& const EC_POINT *p, -\& BIGNUM *x, BIGNUM *y, BIGNUM *z, -\& BN_CTX *ctx); \& int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, \& const BIGNUM *x, const BIGNUM *y, \& BN_CTX *ctx); @@ -168,6 +182,34 @@ EC_POINT_set_Jprojective_coordinates_GFp, EC_POINT_point2buf, EC_POINT_new, EC_P \& int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p, \& const BIGNUM *x, int y_bit, \& BN_CTX *ctx); +\& size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, +\& point_conversion_form_t form, +\& unsigned char *buf, size_t len, BN_CTX *ctx); +\& size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, +\& point_conversion_form_t form, +\& unsigned char **pbuf, BN_CTX *ctx); +\& int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, +\& const unsigned char *buf, size_t len, BN_CTX *ctx); +\& char *EC_POINT_point2hex(const EC_GROUP *group, const EC_POINT *p, +\& point_conversion_form_t form, BN_CTX *ctx); +\& EC_POINT *EC_POINT_hex2point(const EC_GROUP *group, const char *hex, +\& EC_POINT *p, BN_CTX *ctx); +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 10 +\& const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); +\& int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, +\& EC_POINT *p, +\& const BIGNUM *x, const BIGNUM *y, +\& const BIGNUM *z, BN_CTX *ctx); +\& int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, +\& const EC_POINT *p, +\& BIGNUM *x, BIGNUM *y, BIGNUM *z, +\& BN_CTX *ctx); \& int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, \& const BIGNUM *x, const BIGNUM *y, \& BN_CTX *ctx); @@ -188,23 +230,11 @@ EC_POINT_set_Jprojective_coordinates_GFp, EC_POINT_point2buf, EC_POINT_new, EC_P \& EC_POINT *p, \& const BIGNUM *x, int y_bit, \& BN_CTX *ctx); -\& size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, -\& point_conversion_form_t form, -\& unsigned char *buf, size_t len, BN_CTX *ctx); -\& size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, -\& point_conversion_form_t form, -\& unsigned char **pbuf, BN_CTX *ctx); -\& int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, -\& const unsigned char *buf, size_t len, BN_CTX *ctx); \& BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, const EC_POINT *p, \& point_conversion_form_t form, BIGNUM *bn, \& BN_CTX *ctx); \& EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, const BIGNUM *bn, \& EC_POINT *p, BN_CTX *ctx); -\& char *EC_POINT_point2hex(const EC_GROUP *group, const EC_POINT *p, -\& point_conversion_form_t form, BN_CTX *ctx); -\& EC_POINT *EC_POINT_hex2point(const EC_GROUP *group, const char *hex, -\& EC_POINT *p, BN_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -225,13 +255,15 @@ must use the same \fB\s-1EC_METHOD\s0\fR. \&\fBsrc\fR to the newly created \fB\s-1EC_POINT\s0\fR object. .PP \&\fBEC_POINT_method_of()\fR obtains the \fB\s-1EC_METHOD\s0\fR associated with \fBpoint\fR. +This function was deprecated in OpenSSL 3.0, since \s-1EC_METHOD\s0 is no longer a +public concept. .PP A valid point on a curve is the special point at infinity. A point is set to be at infinity by calling \fBEC_POINT_set_to_infinity()\fR. .PP -The affine co-ordinates for a point describe a point in terms of its x and y +The affine coordinates for a point describe a point in terms of its x and y position. The function \fBEC_POINT_set_affine_coordinates()\fR sets the \fBx\fR and \fBy\fR -co-ordinates for the point \fBp\fR defined over the curve given in \fBgroup\fR. The +coordinates for the point \fBp\fR defined over the curve given in \fBgroup\fR. The function \fBEC_POINT_get_affine_coordinates()\fR sets \fBx\fR and \fBy\fR, either of which may be \s-1NULL,\s0 to the corresponding coordinates of \fBp\fR. .PP @@ -245,23 +277,27 @@ The functions \fBEC_POINT_get_affine_coordinates_GFp()\fR and \&\fBEC_POINT_get_affine_coordinates()\fR. They are defined for backwards compatibility only and should not be used. .PP -As well as the affine co-ordinates, a point can alternatively be described in -terms of its Jacobian projective co-ordinates (for Fp curves only). Jacobian -projective co-ordinates are expressed as three values x, y and z. Working in -this co-ordinate system provides more efficient point multiplication -operations. A mapping exists between Jacobian projective co-ordinates and -affine co-ordinates. A Jacobian projective co-ordinate (x, y, z) can be written -as an affine co-ordinate as (x/(z^2), y/(z^3)). Conversion to Jacobian -projective from affine co-ordinates is simple. The co-ordinate (x, y) is mapped -to (x, y, 1). To set or get the projective co-ordinates use +As well as the affine coordinates, a point can alternatively be described in +terms of its Jacobian projective coordinates (for Fp curves only). Jacobian +projective coordinates are expressed as three values x, y and z. Working in +this coordinate system provides more efficient point multiplication +operations. A mapping exists between Jacobian projective coordinates and +affine coordinates. A Jacobian projective coordinate (x, y, z) can be written +as an affine coordinate as (x/(z^2), y/(z^3)). Conversion to Jacobian +projective from affine coordinates is simple. The coordinate (x, y) is mapped +to (x, y, 1). Although deprecated in OpenSSL 3.0 and should no longer be used, +to set or get the projective coordinates in older versions use \&\fBEC_POINT_set_Jprojective_coordinates_GFp()\fR and \&\fBEC_POINT_get_Jprojective_coordinates_GFp()\fR respectively. +Modern versions should instead use \fBEC_POINT_set_affine_coordinates()\fR and +\&\fBEC_POINT_get_affine_coordinates()\fR, performing the conversion manually using the +above maps in such rare circumstances. .PP -Points can also be described in terms of their compressed co-ordinates. For a +Points can also be described in terms of their compressed coordinates. For a point (x, y), for any given value for x such that the point is on the curve there will only ever be two possible values for y. Therefore, a point can be set using the \fBEC_POINT_set_compressed_coordinates()\fR function where \fBx\fR is the x -co-ordinate and \fBy_bit\fR is a value 0 or 1 to identify which of the two +coordinate and \fBy_bit\fR is a value 0 or 1 to identify which of the two possible values for y should be used. .PP The functions \fBEC_POINT_set_compressed_coordinates_GFp()\fR and @@ -349,11 +385,25 @@ error. \&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), \&\fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), \&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBEC_POINT_method_of()\fR, +\&\fBEC_POINT_set_Jprojective_coordinates_GFp()\fR, +\&\fBEC_POINT_get_Jprojective_coordinates_GFp()\fR, +\&\fBEC_POINT_set_affine_coordinates_GFp()\fR, \fBEC_POINT_get_affine_coordinates_GFp()\fR, +\&\fBEC_POINT_set_compressed_coordinates_GFp()\fR, +\&\fBEC_POINT_set_affine_coordinates_GF2m()\fR, \fBEC_POINT_get_affine_coordinates_GF2m()\fR, +\&\fBEC_POINT_set_compressed_coordinates_GF2m()\fR, +\&\fBEC_POINT_point2bn()\fR, and \fBEC_POINT_bn2point()\fR were deprecated in OpenSSL 3.0. +.PP +\&\fBEC_POINT_set_affine_coordinates\fR, \fBEC_POINT_get_affine_coordinates\fR, +and \fBEC_POINT_set_compressed_coordinates\fR were +added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2013\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ENGINE_add.3 b/secure/lib/libcrypto/man/man3/ENGINE_add.3 index 455423458c4a..0cc95771a7d3 100644 --- a/secure/lib/libcrypto/man/man3/ENGINE_add.3 +++ b/secure/lib/libcrypto/man/man3/ENGINE_add.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,63 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ENGINE_ADD 3" -.TH ENGINE_ADD 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "ENGINE_ADD 3ossl" +.TH ENGINE_ADD 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ENGINE_get_DH, ENGINE_get_DSA, ENGINE_by_id, ENGINE_get_cipher_engine, ENGINE_get_default_DH, ENGINE_get_default_DSA, ENGINE_get_default_RAND, ENGINE_get_default_RSA, ENGINE_get_digest_engine, ENGINE_get_first, ENGINE_get_last, ENGINE_get_next, ENGINE_get_prev, ENGINE_new, ENGINE_get_ciphers, ENGINE_get_ctrl_function, ENGINE_get_digests, ENGINE_get_destroy_function, ENGINE_get_finish_function, ENGINE_get_init_function, ENGINE_get_load_privkey_function, ENGINE_get_load_pubkey_function, ENGINE_load_private_key, ENGINE_load_public_key, ENGINE_get_RAND, ENGINE_get_RSA, ENGINE_get_id, ENGINE_get_name, ENGINE_get_cmd_defns, ENGINE_get_cipher, ENGINE_get_digest, ENGINE_add, ENGINE_cmd_is_executable, ENGINE_ctrl, ENGINE_ctrl_cmd, ENGINE_ctrl_cmd_string, ENGINE_finish, ENGINE_free, ENGINE_get_flags, ENGINE_init, ENGINE_register_DH, ENGINE_register_DSA, ENGINE_register_RAND, ENGINE_register_RSA, ENGINE_register_all_complete, ENGINE_register_ciphers, ENGINE_register_complete, ENGINE_register_digests, ENGINE_remove, ENGINE_set_DH, ENGINE_set_DSA, ENGINE_set_RAND, ENGINE_set_RSA, ENGINE_set_ciphers, ENGINE_set_cmd_defns, ENGINE_set_ctrl_function, ENGINE_set_default, ENGINE_set_default_DH, ENGINE_set_default_DSA, ENGINE_set_default_RAND, ENGINE_set_default_RSA, ENGINE_set_default_ciphers, ENGINE_set_default_digests, ENGINE_set_default_string, ENGINE_set_destroy_function, ENGINE_set_digests, ENGINE_set_finish_function, ENGINE_set_flags, ENGINE_set_id, ENGINE_set_init_function, ENGINE_set_load_privkey_function, ENGINE_set_load_pubkey_function, ENGINE_set_name, ENGINE_up_ref, ENGINE_get_table_flags, ENGINE_cleanup, ENGINE_load_builtin_engines, ENGINE_register_all_DH, ENGINE_register_all_DSA, ENGINE_register_all_RAND, ENGINE_register_all_RSA, ENGINE_register_all_ciphers, ENGINE_register_all_digests, ENGINE_set_table_flags, ENGINE_unregister_DH, ENGINE_unregister_DSA, ENGINE_unregister_RAND, ENGINE_unregister_RSA, ENGINE_unregister_ciphers, ENGINE_unregister_digests \&\- ENGINE cryptographic module support +ENGINE_get_DH, ENGINE_get_DSA, +ENGINE_by_id, ENGINE_get_cipher_engine, ENGINE_get_default_DH, +ENGINE_get_default_DSA, +ENGINE_get_default_RAND, +ENGINE_get_default_RSA, ENGINE_get_digest_engine, ENGINE_get_first, +ENGINE_get_last, ENGINE_get_next, ENGINE_get_prev, ENGINE_new, +ENGINE_get_ciphers, ENGINE_get_ctrl_function, ENGINE_get_digests, +ENGINE_get_destroy_function, ENGINE_get_finish_function, +ENGINE_get_init_function, ENGINE_get_load_privkey_function, +ENGINE_get_load_pubkey_function, ENGINE_load_private_key, +ENGINE_load_public_key, ENGINE_get_RAND, ENGINE_get_RSA, ENGINE_get_id, +ENGINE_get_name, ENGINE_get_cmd_defns, ENGINE_get_cipher, +ENGINE_get_digest, ENGINE_add, ENGINE_cmd_is_executable, +ENGINE_ctrl, ENGINE_ctrl_cmd, ENGINE_ctrl_cmd_string, +ENGINE_finish, ENGINE_free, ENGINE_get_flags, ENGINE_init, +ENGINE_register_DH, ENGINE_register_DSA, +ENGINE_register_RAND, ENGINE_register_RSA, +ENGINE_register_all_complete, ENGINE_register_ciphers, +ENGINE_register_complete, ENGINE_register_digests, ENGINE_remove, +ENGINE_set_DH, ENGINE_set_DSA, +ENGINE_set_RAND, ENGINE_set_RSA, ENGINE_set_ciphers, +ENGINE_set_cmd_defns, ENGINE_set_ctrl_function, ENGINE_set_default, +ENGINE_set_default_DH, ENGINE_set_default_DSA, +ENGINE_set_default_RAND, ENGINE_set_default_RSA, +ENGINE_set_default_ciphers, ENGINE_set_default_digests, +ENGINE_set_default_string, ENGINE_set_destroy_function, +ENGINE_set_digests, ENGINE_set_finish_function, ENGINE_set_flags, +ENGINE_set_id, ENGINE_set_init_function, ENGINE_set_load_privkey_function, +ENGINE_set_load_pubkey_function, ENGINE_set_name, ENGINE_up_ref, +ENGINE_get_table_flags, ENGINE_cleanup, +ENGINE_load_builtin_engines, ENGINE_register_all_DH, +ENGINE_register_all_DSA, +ENGINE_register_all_RAND, +ENGINE_register_all_RSA, ENGINE_register_all_ciphers, +ENGINE_register_all_digests, ENGINE_set_table_flags, ENGINE_unregister_DH, +ENGINE_unregister_DSA, +ENGINE_unregister_RAND, ENGINE_unregister_RSA, ENGINE_unregister_ciphers, +ENGINE_unregister_digests +\&\- ENGINE cryptographic module support .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/engine.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 4 \& ENGINE *ENGINE_get_first(void); \& ENGINE *ENGINE_get_last(void); \& ENGINE *ENGINE_get_next(ENGINE *e); @@ -254,15 +296,18 @@ ENGINE_get_DH, ENGINE_get_DSA, ENGINE_by_id, ENGINE_get_cipher_engine, ENGINE_ge \& UI_METHOD *ui_method, void *callback_data); .Ve .PP -Deprecated: +The following function has been deprecated since OpenSSL 1.1.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): .PP -.Vb 3 -\& #if OPENSSL_API_COMPAT < 0x10100000L -\& void ENGINE_cleanup(void) -\& #endif +.Vb 1 +\& void ENGINE_cleanup(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use the provider APIs. +.PP These functions create, manipulate, and use cryptographic modules in the form of \fB\s-1ENGINE\s0\fR objects. These objects act as containers for implementations of cryptographic algorithms, and support a @@ -342,7 +387,7 @@ released on behalf of the caller. .PP To clarify a particular function's handling of references, one should always consult that function's documentation \*(L"man\*(R" page, or failing that -the openssl/engine.h header file includes some hints. +the \fI<openssl/engine.h>\fR header file includes some hints. .PP \&\fIFunctional references\fR .PP @@ -433,7 +478,7 @@ acceleration hardware attached to the machine or some such thing. There are probably numerous other ways in which applications may prefer to handle things, so we will simply illustrate the consequences as they apply to a couple of simple cases and leave developers to consider these and the -source code to openssl's builtin utilities as guides. +source code to openssl's built-in utilities as guides. .PP If no \s-1ENGINE API\s0 functions are called within an application, then OpenSSL will not allocate any internal resources. Prior to OpenSSL 1.1.0, however, @@ -446,7 +491,7 @@ Here we'll assume an application has been configured by its user or admin to want to use the \*(L"\s-1ACME\*(R" ENGINE\s0 if it is available in the version of OpenSSL the application was compiled with. If it is available, it should be used by default for all \s-1RSA, DSA,\s0 and symmetric cipher operations, otherwise -OpenSSL should use its builtin software as per usual. The following code +OpenSSL should use its built-in software as per usual. The following code illustrates how to approach this; .PP .Vb 10 @@ -476,7 +521,7 @@ illustrates how to approach this; \& ENGINE_free(e); .Ve .PP -\&\fIAutomatically using builtin \s-1ENGINE\s0 implementations\fR +\&\fIAutomatically using built-in \s-1ENGINE\s0 implementations\fR .PP Here we'll assume we want to load and register all \s-1ENGINE\s0 implementations bundled with OpenSSL, such that for any cryptographic algorithm required by @@ -525,7 +570,7 @@ calling \fBENGINE_init()\fR. The other class of commands consist of settings or operations that tweak certain behaviour or cause certain operations to take place, and these commands may work either before or after \fBENGINE_init()\fR, or in some cases both. \s-1ENGINE\s0 implementations should provide indications of -this in the descriptions attached to builtin control commands and/or in +this in the descriptions attached to built-in control commands and/or in external product documentation. .PP \&\fIIssuing control commands to an \s-1ENGINE\s0\fR @@ -596,10 +641,10 @@ and input parameters of the control commands supported by an \s-1ENGINE\s0 using structural reference. Note that some control commands are defined by OpenSSL itself and it will intercept and handle these control commands on behalf of the \&\s-1ENGINE,\s0 i.e. the \s-1ENGINE\s0's \fBctrl()\fR handler is not used for the control command. -openssl/engine.h defines an index, \s-1ENGINE_CMD_BASE,\s0 that all control commands -implemented by ENGINEs should be numbered from. Any command value lower than -this symbol is considered a \*(L"generic\*(R" command is handled directly by the -OpenSSL core routines. +\&\fI<openssl/engine.h>\fR defines an index, \s-1ENGINE_CMD_BASE,\s0 that all control +commands implemented by ENGINEs should be numbered from. Any command value +lower than this symbol is considered a \*(L"generic\*(R" command is handled directly +by the OpenSSL core routines. .PP It is using these \*(L"core\*(R" control commands that one can discover the control commands implemented by a given \s-1ENGINE,\s0 specifically the commands: @@ -753,6 +798,8 @@ structure on success or \s-1NULL\s0 if an error occurred. \&\fBRAND_bytes\fR\|(3), \fBconfig\fR\|(5) .SH "HISTORY" .IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP \&\fBENGINE_cleanup()\fR was deprecated in OpenSSL 1.1.0 by the automatic cleanup done by \fBOPENSSL_cleanup()\fR and should not be used. @@ -760,7 +807,7 @@ and should not be used. .IX Header "COPYRIGHT" Copyright 2002\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ERR_GET_LIB.3 b/secure/lib/libcrypto/man/man3/ERR_GET_LIB.3 index 47ab48bb1bea..d33d00924c01 100644 --- a/secure/lib/libcrypto/man/man3/ERR_GET_LIB.3 +++ b/secure/lib/libcrypto/man/man3/ERR_GET_LIB.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ERR_GET_LIB 3" -.TH ERR_GET_LIB 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "ERR_GET_LIB 3ossl" +.TH ERR_GET_LIB 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON, ERR_FATAL_ERROR \&\- get information from error codes +ERR_GET_LIB, ERR_GET_REASON, ERR_FATAL_ERROR +\&\- get information from error codes .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -147,8 +146,6 @@ ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON, ERR_FATAL_ERROR \&\- get information \& \& int ERR_GET_LIB(unsigned long e); \& -\& int ERR_GET_FUNC(unsigned long e); -\& \& int ERR_GET_REASON(unsigned long e); \& \& int ERR_FATAL_ERROR(unsigned long e); @@ -156,41 +153,48 @@ ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON, ERR_FATAL_ERROR \&\- get information .SH "DESCRIPTION" .IX Header "DESCRIPTION" The error code returned by \fBERR_get_error()\fR consists of a library -number, function code and reason code. \s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR +number and reason code. \s-1\fBERR_GET_LIB\s0()\fR and \s-1\fBERR_GET_REASON\s0()\fR can be used to extract these. .PP \&\s-1\fBERR_FATAL_ERROR\s0()\fR indicates whether a given error code is a fatal error. .PP -The library number and function code describe where the error +The library number describes where the error occurred, the reason code is the information about what went wrong. .PP -Each sub-library of OpenSSL has a unique library number; function and -reason codes are unique within each sub-library. Note that different -libraries may use the same value to signal different functions and -reasons. +Each sub-library of OpenSSL has a unique library number; the +reason code is unique within each sub-library. Note that different +libraries may use the same value to signal different reasons. .PP \&\fB\s-1ERR_R_...\s0\fR reason codes such as \fB\s-1ERR_R_MALLOC_FAILURE\s0\fR are globally unique. However, when checking for sub-library specific reason codes, be sure to also compare the library number. .PP -\&\s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR, \s-1\fBERR_GET_REASON\s0()\fR, and \s-1\fBERR_FATAL_ERROR\s0()\fR - are macros. +\&\s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_REASON\s0()\fR, and \s-1\fBERR_FATAL_ERROR\s0()\fR are macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The library number, function code, reason code, and whether the error +The library number, reason code, and whether the error is fatal, respectively. +Starting with OpenSSL 3.0.0, the function code is always set to zero. +.SH "NOTES" +.IX Header "NOTES" +Applications should not make control flow decisions based on specific error +codes. Error codes are subject to change at any time (even in patch releases of +OpenSSL). A particular error code can only be considered meaningful for control +flow decisions if it is explicitly documented as such. New failure codes may +still appear at any time. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR and \s-1\fBERR_GET_REASON\s0()\fR are available in -all versions of OpenSSL. +\&\s-1\fBERR_GET_LIB\s0()\fR and \s-1\fBERR_GET_REASON\s0()\fR are available in all versions of OpenSSL. +.PP +\&\s-1\fBERR_GET_FUNC\s0()\fR was removed in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ERR_clear_error.3 b/secure/lib/libcrypto/man/man3/ERR_clear_error.3 index 64d0254477e8..9372f05de9e2 100644 --- a/secure/lib/libcrypto/man/man3/ERR_clear_error.3 +++ b/secure/lib/libcrypto/man/man3/ERR_clear_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ERR_CLEAR_ERROR 3" -.TH ERR_CLEAR_ERROR 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "ERR_CLEAR_ERROR 3ossl" +.TH ERR_CLEAR_ERROR 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -160,7 +158,7 @@ ERR_clear_error \- clear the error queue .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ERR_error_string.3 b/secure/lib/libcrypto/man/man3/ERR_error_string.3 index 5162fbcfc00c..7819eeebe7c6 100644 --- a/secure/lib/libcrypto/man/man3/ERR_error_string.3 +++ b/secure/lib/libcrypto/man/man3/ERR_error_string.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ERR_ERROR_STRING 3" -.TH ERR_ERROR_STRING 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "ERR_ERROR_STRING 3ossl" +.TH ERR_ERROR_STRING 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ERR_error_string, ERR_error_string_n, ERR_lib_error_string, ERR_func_error_string, ERR_reason_error_string \- obtain human\-readable error message +ERR_error_string, ERR_error_string_n, ERR_lib_error_string, +ERR_func_error_string, ERR_reason_error_string \- obtain human\-readable +error message .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -149,9 +149,14 @@ ERR_error_string, ERR_error_string_n, ERR_lib_error_string, ERR_func_error_strin \& void ERR_error_string_n(unsigned long e, char *buf, size_t len); \& \& const char *ERR_lib_error_string(unsigned long e); -\& const char *ERR_func_error_string(unsigned long e); \& const char *ERR_reason_error_string(unsigned long e); .Ve +.PP +Deprecated in OpenSSL 3.0: +.PP +.Vb 1 +\& const char *ERR_func_error_string(unsigned long e); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBERR_error_string()\fR generates a human-readable string representing the @@ -169,14 +174,13 @@ For \fBERR_error_string_n()\fR, \fIbuf\fR may not be \fB\s-1NULL\s0\fR. The string will have the following format: .PP .Vb 1 -\& error:[error code]:[library name]:[function name]:[reason string] +\& error:[error code]:[library name]::[reason string] .Ve .PP -\&\fIerror code\fR is an 8 digit hexadecimal number, \fIlibrary name\fR, -\&\fIfunction name\fR and \fIreason string\fR are \s-1ASCII\s0 text. +\&\fIerror code\fR is an 8 digit hexadecimal number, \fIlibrary name\fR and +\&\fIreason string\fR are \s-1ASCII\s0 text. .PP -\&\fBERR_lib_error_string()\fR, \fBERR_func_error_string()\fR and -\&\fBERR_reason_error_string()\fR return the library name, function +\&\fBERR_lib_error_string()\fR and \fBERR_reason_error_string()\fR return the library name and reason string respectively. .PP If there is no text string registered for the given error code, @@ -189,18 +193,22 @@ all error codes currently in the queue. \&\fBERR_error_string()\fR returns a pointer to a static buffer containing the string if \fIbuf\fR \fB== \s-1NULL\s0\fR, \fIbuf\fR otherwise. .PP -\&\fBERR_lib_error_string()\fR, \fBERR_func_error_string()\fR and -\&\fBERR_reason_error_string()\fR return the strings, and \fB\s-1NULL\s0\fR if -none is registered for the error code. +\&\fBERR_lib_error_string()\fR and \fBERR_reason_error_string()\fR return the strings, +and \fB\s-1NULL\s0\fR if none is registered for the error code. +.PP +\&\fBERR_func_error_string()\fR returns \s-1NULL.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \&\fBERR_print_errors\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBERR_func_error_string()\fR became deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ERR_get_error.3 b/secure/lib/libcrypto/man/man3/ERR_get_error.3 index c25331562b34..9d5b89358564 100644 --- a/secure/lib/libcrypto/man/man3/ERR_get_error.3 +++ b/secure/lib/libcrypto/man/man3/ERR_get_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,20 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ERR_GET_ERROR 3" -.TH ERR_GET_ERROR 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "ERR_GET_ERROR 3ossl" +.TH ERR_GET_ERROR 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ERR_get_error, ERR_peek_error, ERR_peek_last_error, ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line, ERR_get_error_line_data, ERR_peek_error_line_data, ERR_peek_last_error_line_data \- obtain error code and data +ERR_get_error, ERR_peek_error, ERR_peek_last_error, +ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line, +ERR_peek_error_func, ERR_peek_last_error_func, +ERR_peek_error_data, ERR_peek_last_error_data, +ERR_get_error_all, ERR_peek_error_all, ERR_peek_last_error_all, +ERR_get_error_line_data, ERR_peek_error_line_data, ERR_peek_last_error_line_data +\&\- obtain error code and data .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -149,10 +153,32 @@ ERR_get_error, ERR_peek_error, ERR_peek_last_error, ERR_get_error_line, ERR_peek \& unsigned long ERR_peek_error(void); \& unsigned long ERR_peek_last_error(void); \& -\& unsigned long ERR_get_error_line(const char **file, int *line); \& unsigned long ERR_peek_error_line(const char **file, int *line); \& unsigned long ERR_peek_last_error_line(const char **file, int *line); \& +\& unsigned long ERR_peek_error_func(const char **func); +\& unsigned long ERR_peek_last_error_func(const char **func); +\& +\& unsigned long ERR_peek_error_data(const char **data, int *flags); +\& unsigned long ERR_peek_last_error_data(const char **data, int *flags); +\& +\& unsigned long ERR_get_error_all(const char **file, int *line, +\& const char **func, +\& const char **data, int *flags); +\& unsigned long ERR_peek_error_all(const char **file, int *line, +\& const char **func, +\& const char **data, int *flags); +\& unsigned long ERR_peek_last_error_all(const char **file, int *line, +\& const char *func, +\& const char **data, int *flags); +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 7 +\& unsigned long ERR_get_error_line(const char **file, int *line); \& unsigned long ERR_get_error_line_data(const char **file, int *line, \& const char **data, int *flags); \& unsigned long ERR_peek_error_line_data(const char **file, int *line, @@ -163,7 +189,7 @@ ERR_get_error, ERR_peek_error, ERR_peek_last_error, ERR_get_error_line, ERR_peek .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBERR_get_error()\fR returns the earliest error code from the thread's error -queue and removes the entry. This function can be called repeatedly +queue and removes the entry. This function can be called repeatedly until there are no more error codes to return. .PP \&\fBERR_peek_error()\fR returns the earliest error code from the thread's @@ -172,23 +198,52 @@ error queue without modifying it. \&\fBERR_peek_last_error()\fR returns the latest error code from the thread's error queue without modifying it. .PP -See \s-1\fBERR_GET_LIB\s0\fR\|(3) for obtaining information about -location and reason of the error, and -\&\fBERR_error_string\fR\|(3) for human-readable error -messages. +See \s-1\fBERR_GET_LIB\s0\fR\|(3) for obtaining further specific information +such as the reason of the error, +and \fBERR_error_string\fR\|(3) for human-readable error messages. +.PP +\&\fBERR_get_error_all()\fR is the same as \fBERR_get_error()\fR, but on success it +additionally stores the filename, line number and function where the error +occurred in *\fIfile\fR, *\fIline\fR and *\fIfunc\fR, and also extra text and flags +in *\fIdata\fR, *\fIflags\fR. If any of those parameters are \s-1NULL,\s0 it will not +be changed. +An unset filename is indicated as "\*(L", i.e. an empty string. +An unset line number is indicated as 0. +An unset function name is indicated as \*(R"", i.e. an empty string. +.PP +A pointer returned this way by these functions and the ones below +is valid until the respective entry is overwritten in the error queue. +.PP +\&\fBERR_peek_error_line()\fR and \fBERR_peek_last_error_line()\fR are the same as +\&\fBERR_peek_error()\fR and \fBERR_peek_last_error()\fR, but on success they additionally +store the filename and line number where the error occurred in *\fIfile\fR and +*\fIline\fR, as far as they are not \s-1NULL.\s0 +An unset filename is indicated as "", i.e., an empty string. +An unset line number is indicated as 0. .PP -\&\fBERR_get_error_line()\fR, \fBERR_peek_error_line()\fR and -\&\fBERR_peek_last_error_line()\fR are the same as the above, but they -additionally store the filename and line number where -the error occurred in *\fBfile\fR and *\fBline\fR, unless these are \fB\s-1NULL\s0\fR. +\&\fBERR_peek_error_func()\fR and \fBERR_peek_last_error_func()\fR are the same as +\&\fBERR_peek_error()\fR and \fBERR_peek_last_error()\fR, but on success they additionally +store the name of the function where the error occurred in *\fIfunc\fR, unless +it is \s-1NULL.\s0 +An unset function name is indicated as "". .PP -\&\fBERR_get_error_line_data()\fR, \fBERR_peek_error_line_data()\fR and -\&\fBERR_peek_last_error_line_data()\fR store additional data and flags -associated with the error code in *\fBdata\fR -and *\fBflags\fR, unless these are \fB\s-1NULL\s0\fR. *\fBdata\fR contains a string -if *\fBflags\fR&\fB\s-1ERR_TXT_STRING\s0\fR is true. +\&\fBERR_peek_error_data()\fR and \fBERR_peek_last_error_data()\fR are the same as +\&\fBERR_peek_error()\fR and \fBERR_peek_last_error()\fR, but on success they additionally +store additional data and flags associated with the error code in *\fIdata\fR +and *\fIflags\fR, as far as they are not \s-1NULL.\s0 +Unset data is indicated as "". +In this case the value given for the flag is irrelevant (and equals 0). +*\fIdata\fR contains a string if *\fIflags\fR&\fB\s-1ERR_TXT_STRING\s0\fR is true. .PP -An application \fB\s-1MUST NOT\s0\fR free the *\fBdata\fR pointer (or any other pointers +\&\fBERR_peek_error_all()\fR and \fBERR_peek_last_error_all()\fR are combinations of all +of the above. +.PP +\&\fBERR_get_error_line()\fR, \fBERR_get_error_line_data()\fR, \fBERR_peek_error_line_data()\fR +and \fBERR_peek_last_error_line_data()\fR are older variants of \fBERR_get_error_all()\fR, +\&\fBERR_peek_error_all()\fR and \fBERR_peek_last_error_all()\fR, and may give confusing +results. They should no longer be used and are therefore deprecated. +.PP +An application \fB\s-1MUST NOT\s0\fR free the *\fIdata\fR pointer (or any other pointers returned by these functions) with \fBOPENSSL_free()\fR as freeing is handled automatically by the error library. .SH "RETURN VALUES" @@ -198,11 +253,20 @@ The error code, or 0 if there is no error in the queue. .IX Header "SEE ALSO" \&\fBERR_error_string\fR\|(3), \&\s-1\fBERR_GET_LIB\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBERR_peek_error_func()\fR, \fBERR_peek_last_error_func()\fR, +\&\fBERR_peek_error_data()\fR, \fBERR_peek_last_error_data()\fR, +\&\fBERR_peek_error_all()\fR and \fBERR_peek_last_error_all()\fR +were added in OpenSSL 3.0. +.PP +\&\fBERR_get_error_line()\fR, \fBERR_get_error_line_data()\fR, \fBERR_peek_error_line_data()\fR +and \fBERR_peek_last_error_line_data()\fR became deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ERR_load_crypto_strings.3 b/secure/lib/libcrypto/man/man3/ERR_load_crypto_strings.3 index 890a057d68d3..ddbd9c4c2905 100644 --- a/secure/lib/libcrypto/man/man3/ERR_load_crypto_strings.3 +++ b/secure/lib/libcrypto/man/man3/ERR_load_crypto_strings.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,31 +130,30 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ERR_LOAD_CRYPTO_STRINGS 3" -.TH ERR_LOAD_CRYPTO_STRINGS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "ERR_LOAD_CRYPTO_STRINGS 3ossl" +.TH ERR_LOAD_CRYPTO_STRINGS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings \- load and free error strings +ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings \- +load and free error strings .SH "SYNOPSIS" .IX Header "SYNOPSIS" -Deprecated: +The following functions have been deprecated since OpenSSL 1.1.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): .PP .Vb 1 \& #include <openssl/err.h> \& -\& #if OPENSSL_API_COMPAT < 0x10100000L \& void ERR_load_crypto_strings(void); \& void ERR_free_strings(void); -\& #endif \& \& #include <openssl/ssl.h> \& -\& #if OPENSSL_API_COMPAT < 0x10100000L \& void SSL_load_error_strings(void); -\& #endif .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -180,9 +177,9 @@ The \fBERR_load_crypto_strings()\fR, \fBSSL_load_error_strings()\fR, and \&\fBOPENSSL_init_crypto()\fR and \fBOPENSSL_init_ssl()\fR and should not be used. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ERR_load_strings.3 b/secure/lib/libcrypto/man/man3/ERR_load_strings.3 index 94c39ba20a15..f66cda082de5 100644 --- a/secure/lib/libcrypto/man/man3/ERR_load_strings.3 +++ b/secure/lib/libcrypto/man/man3/ERR_load_strings.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ERR_LOAD_STRINGS 3" -.TH ERR_LOAD_STRINGS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "ERR_LOAD_STRINGS 3ossl" +.TH ERR_LOAD_STRINGS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ERR_load_strings, ERR_PACK, ERR_get_next_error_library \- load arbitrary error strings +ERR_load_strings, ERR_PACK, ERR_get_next_error_library \- load +arbitrary error strings .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -172,7 +171,7 @@ reason code: \fBerror\fR = \s-1ERR_PACK\s0(\fBlib\fR, \fBfunc\fR, \fBreason\fR). The last entry in the array is {0,0}. .PP \&\fBERR_get_next_error_library()\fR can be used to assign library numbers -to user libraries at runtime. +to user libraries at run time. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBERR_load_strings()\fR returns 1 for success and 0 for failure. \s-1\fBERR_PACK\s0()\fR returns the error code. @@ -185,7 +184,7 @@ library number. .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ERR_new.3 b/secure/lib/libcrypto/man/man3/ERR_new.3 new file mode 100644 index 000000000000..c3d014bac8ef --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ERR_new.3 @@ -0,0 +1,207 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_NEW 3ossl" +.TH ERR_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_new, ERR_set_debug, ERR_set_error, ERR_vset_error +\&\- Error recording building blocks +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/err.h> +\& +\& void ERR_new(void); +\& void ERR_set_debug(const char *file, int line, const char *func); +\& void ERR_set_error(int lib, int reason, const char *fmt, ...); +\& void ERR_vset_error(int lib, int reason, const char *fmt, va_list args); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions described here are generally not used directly, but +rather through macros such as \fBERR_raise\fR\|(3). +They can still be useful for anyone that wants to make their own +macros. +.PP +\&\fBERR_new()\fR allocates a new slot in the thread's error queue. +.PP +\&\fBERR_set_debug()\fR sets the debug information related to the current +error in the thread's error queue. +The values that can be given are the filename \fIfile\fR, line in the +file \fIline\fR and the name of the function \fIfunc\fR where the error +occurred. +The names must be constant, this function will only save away the +pointers, not copy the strings. +.PP +\&\fBERR_set_error()\fR sets the error information, which are the library +number \fIlib\fR and the reason code \fIreason\fR, and additional data as a +format string \fIfmt\fR and an arbitrary number of arguments. +The additional data is processed with \fBBIO_snprintf\fR\|(3) to form the +additional data string, which is allocated and store in the error +record. +.PP +\&\fBERR_vset_error()\fR works like \fBERR_set_error()\fR, but takes a \fBva_list\fR +argument instead of a variable number of arguments. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +ERR_new, ERR_set_debug, ERR_set_error and ERR_vset_error +do not return any values. +.SH "NOTES" +.IX Header "NOTES" +The library number is unique to each unit that records errors. +OpenSSL has a number of preallocated ones for its own uses, but +others may allocate their own library number dynamically with +\&\fBERR_get_next_error_library\fR\|(3). +.PP +Reason codes are unique within each library, and may have an +associated set of strings as a short description of the reason. +For dynamically allocated library numbers, reason strings are recorded +with \fBERR_load_strings\fR\|(3). +.PP +Provider authors are supplied with core versions of these functions, +see \fBprovider\-base\fR\|(7). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_raise\fR\|(3), \fBERR_get_next_error_library\fR\|(3), +\&\fBERR_load_strings\fR\|(3), \fBBIO_snprintf\fR\|(3), \fBprovider\-base\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ERR_print_errors.3 b/secure/lib/libcrypto/man/man3/ERR_print_errors.3 index fba7472601a0..b4d9af4b0b8c 100644 --- a/secure/lib/libcrypto/man/man3/ERR_print_errors.3 +++ b/secure/lib/libcrypto/man/man3/ERR_print_errors.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ERR_PRINT_ERRORS 3" -.TH ERR_PRINT_ERRORS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "ERR_PRINT_ERRORS 3ossl" +.TH ERR_PRINT_ERRORS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ERR_print_errors, ERR_print_errors_fp, ERR_print_errors_cb \&\- print error messages +ERR_print_errors, ERR_print_errors_fp, ERR_print_errors_cb +\&\- print error messages .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -147,7 +146,8 @@ ERR_print_errors, ERR_print_errors_fp, ERR_print_errors_cb \&\- print error mess \& \& void ERR_print_errors(BIO *bp); \& void ERR_print_errors_fp(FILE *fp); -\& void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), void *u) +\& void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), +\& void *u); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -185,7 +185,7 @@ the error string will contain the numeric code. .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ERR_put_error.3 b/secure/lib/libcrypto/man/man3/ERR_put_error.3 index f4e7dc0be620..8c01af8c592b 100644 --- a/secure/lib/libcrypto/man/man3/ERR_put_error.3 +++ b/secure/lib/libcrypto/man/man3/ERR_put_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,76 +130,168 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ERR_PUT_ERROR 3" -.TH ERR_PUT_ERROR 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "ERR_PUT_ERROR 3ossl" +.TH ERR_PUT_ERROR 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ERR_put_error, ERR_add_error_data, ERR_add_error_vdata \- record an error +ERR_raise, ERR_raise_data, +ERR_put_error, ERR_add_error_data, ERR_add_error_vdata, +ERR_add_error_txt, ERR_add_error_mem_bio +\&\- record an error .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/err.h> \& -\& void ERR_put_error(int lib, int func, int reason, const char *file, int line); +\& void ERR_raise(int lib, int reason); +\& void ERR_raise_data(int lib, int reason, const char *fmt, ...); \& \& void ERR_add_error_data(int num, ...); \& void ERR_add_error_vdata(int num, va_list arg); +\& void ERR_add_error_txt(const char *sep, const char *txt); +\& void ERR_add_error_mem_bio(const char *sep, BIO *bio); +.Ve +.PP +The following function has been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& void ERR_put_error(int lib, int func, int reason, const char *file, int line); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +\&\fBERR_raise()\fR adds a new error to the thread's error queue. The +error occurred in the library \fBlib\fR for the reason given by the +\&\fBreason\fR code. Furthermore, the name of the file, the line, and name +of the function where the error occurred is saved with the error +record. +.PP +\&\fBERR_raise_data()\fR does the same thing as \fBERR_raise()\fR, but also lets the +caller specify additional information as a format string \fBfmt\fR and an +arbitrary number of values, which are processed with \fBBIO_snprintf\fR\|(3). +.PP \&\fBERR_put_error()\fR adds an error code to the thread's error queue. It signals that the error of reason code \fBreason\fR occurred in function \&\fBfunc\fR of library \fBlib\fR, in line number \fBline\fR of \fBfile\fR. This function is usually called by a macro. .PP \&\fBERR_add_error_data()\fR associates the concatenation of its \fBnum\fR string -arguments with the error code added last. +arguments as additional data with the error code added last. \&\fBERR_add_error_vdata()\fR is similar except the argument is a \fBva_list\fR. +Multiple calls to these functions append to the current top of the error queue. +The total length of the string data per error is limited to 4096 characters. +.PP +\&\fBERR_add_error_txt()\fR appends the given text string as additional data to the +last error queue entry, after inserting the optional separator string if it is +not \s-1NULL\s0 and the top error entry does not yet have additional data. +In case the separator is at the end of the text it is not appended to the data. +The \fBsep\fR argument may be for instance \*(L"\en\*(R" to insert a line break when needed. +If the associated data would become more than 4096 characters long +(which is the limit given above) +it is split over sufficiently many new copies of the last error queue entry. +.PP +\&\fBERR_add_error_mem_bio()\fR is the same as \fBERR_add_error_txt()\fR except that +the text string is taken from the given memory \s-1BIO.\s0 +It appends '\e0' to the \s-1BIO\s0 contents if not already NUL-terminated. .PP \&\fBERR_load_strings\fR\|(3) can be used to register error strings so that the application can a generate human-readable error messages for the error code. .SS "Reporting errors" .IX Subsection "Reporting errors" -Each sub-library has a specific macro \fBXXXerr()\fR that is used to report -errors. Its first argument is a function code \fB\s-1XXX_F_...\s0\fR, the second -argument is a reason code \fB\s-1XXX_R_...\s0\fR. Function codes are derived -from the function names; reason codes consist of textual error +\fIOpenSSL library reports\fR +.IX Subsection "OpenSSL library reports" +.PP +Each OpenSSL sub-library has library code \fB\s-1ERR_LIB_XXX\s0\fR and has its own set +of reason codes \fB\s-1XXX_R_...\s0\fR. These are both passed in combination to +\&\fBERR_raise()\fR and \fBERR_raise_data()\fR, and the combination ultimately produces +the correct error text for the reported error. +.PP +All these macros and the numbers they have as values are specific to +OpenSSL's libraries. OpenSSL reason codes normally consist of textual error descriptions. For example, the function \fBssl3_read_bytes()\fR reports a \&\*(L"handshake failure\*(R" as follows: .PP .Vb 1 -\& SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); +\& ERR_raise(ERR_LIB_SSL, SSL_R_SSL_HANDSHAKE_FAILURE); .Ve .PP -Function and reason codes should consist of uppercase characters, -numbers and underscores only. The error file generation script translates -function codes into function names by looking in the header files -for an appropriate function name, if none is found it just uses -the capitalized form such as \*(L"\s-1SSL3_READ_BYTES\*(R"\s0 in the above example. +There are two exceptions: +.IP "\fB\s-1ERR_LIB_SYS\s0\fR" 4 +.IX Item "ERR_LIB_SYS" +This \*(L"library code\*(R" indicates that a system error is being reported. In +this case, the reason code given to \fBERR_raise()\fR and \fBERR_raise_data()\fR \fImust\fR +be \fBerrno\fR\|(3). +.Sp +.Vb 1 +\& ERR_raise(ERR_LIB_SYS, errno); +.Ve +.IP "\fB\s-1ERR_R_XXX\s0\fR" 4 +.IX Item "ERR_R_XXX" +This set of error codes is considered global, and may be used in combination +with any sub-library code. +.Sp +.Vb 1 +\& ERR_raise(ERR_LIB_RSA, ERR_R_PASSED_INVALID_ARGUMENT); +.Ve +.PP +\fIOther pieces of software\fR +.IX Subsection "Other pieces of software" .PP -The trailing section of a reason code (after the \*(L"_R_\*(R") is translated -into lowercase and underscores changed to spaces. +Other pieces of software that may want to use OpenSSL's error reporting +system, such as engines or applications, must normally get their own +numbers. +.IP "\(bu" 4 +To get a \*(L"library\*(R" code, call \fBERR_get_next_error_library\fR\|(3); this gives +the calling code a dynamic number, usable for the duration of the process. +.IP "\(bu" 4 +Reason codes for each such \*(L"library\*(R" are determined or generated by the +authors of that code. They must be numbers in the range 1 to 524287 (in +other words, they must be nonzero unsigned 18 bit integers). .PP -Although a library will normally report errors using its own specific -XXXerr macro, another library's macro can be used. This is normally -only done when a library wants to include \s-1ASN1\s0 code which must use -the \fBASN1err()\fR macro. +The exceptions mentioned in \*(L"OpenSSL library reports\*(R" above are valid for +other pieces of software, i.e. they may use \fB\s-1ERR_LIB_SYS\s0\fR to report system +errors: +.PP +.Vb 1 +\& ERR_raise(ERR_LIB_SYS, errno); +.Ve +.PP +\&... and they may use \fB\s-1ERR_R_XXX\s0\fR macros together with their own \*(L"library\*(R" +code. +.PP +.Vb 1 +\& int app_lib_code = ERR_get_next_error_library(); +\& +\& /* ... */ +\& +\& ERR_raise(app_lib_code, ERR_R_PASSED_INVALID_ARGUMENT); +.Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBERR_put_error()\fR and \fBERR_add_error_data()\fR return -no values. +\&\fBERR_raise()\fR, \fBERR_raise_data()\fR, \fBERR_put_error()\fR, +\&\fBERR_add_error_data()\fR, \fBERR_add_error_vdata()\fR +\&\fBERR_add_error_txt()\fR, and \fBERR_add_error_mem_bio()\fR +return no values. +.SH "NOTES" +.IX Header "NOTES" +\&\fBERR_raise()\fR, \fBERR_raise()\fR and \fBERR_put_error()\fR are implemented as macros. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBERR_load_strings\fR\|(3) +\&\fBERR_load_strings\fR\|(3), \fBERR_get_next_error_library\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +ERR_raise, ERR_raise_data, \fBERR_add_error_txt()\fR and \fBERR_add_error_mem_bio()\fR +were added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ERR_remove_state.3 b/secure/lib/libcrypto/man/man3/ERR_remove_state.3 index 15df2737cfbd..73097bd0664f 100644 --- a/secure/lib/libcrypto/man/man3/ERR_remove_state.3 +++ b/secure/lib/libcrypto/man/man3/ERR_remove_state.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ERR_REMOVE_STATE 3" -.TH ERR_REMOVE_STATE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "ERR_REMOVE_STATE 3ossl" +.TH ERR_REMOVE_STATE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -142,16 +140,20 @@ ERR_remove_thread_state, ERR_remove_state \- DEPRECATED .SH "SYNOPSIS" .IX Header "SYNOPSIS" -Deprecated: +The following function has been deprecated since OpenSSL 1.0.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): .PP -.Vb 3 -\& #if OPENSSL_API_COMPAT < 0x10000000L +.Vb 1 \& void ERR_remove_state(unsigned long tid); -\& #endif -\& -\& #if OPENSSL_API_COMPAT < 0x10100000L +.Ve +.PP +The following function has been deprecated since OpenSSL 1.1.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 \& void ERR_remove_thread_state(void *tid); -\& #endif .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -172,9 +174,9 @@ L\fBOPENSSL_init_crypto\fR\|(3) and should not be used. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/ERR_set_mark.3 b/secure/lib/libcrypto/man/man3/ERR_set_mark.3 index 2a552a8356a5..17673b13a583 100644 --- a/secure/lib/libcrypto/man/man3/ERR_set_mark.3 +++ b/secure/lib/libcrypto/man/man3/ERR_set_mark.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,22 +130,23 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "ERR_SET_MARK 3" -.TH ERR_SET_MARK 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "ERR_SET_MARK 3ossl" +.TH ERR_SET_MARK 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ERR_set_mark, ERR_pop_to_mark \- set marks and pop errors until mark +ERR_set_mark, ERR_clear_last_mark, ERR_pop_to_mark +\&\- set mark, clear mark and pop errors until mark .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/err.h> \& \& int ERR_set_mark(void); -\& \& int ERR_pop_to_mark(void); +\& int ERR_clear_last_mark(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -156,17 +155,19 @@ is one. .PP \&\fBERR_pop_to_mark()\fR will pop the top of the error stack until a mark is found. The mark is then removed. If there is no mark, the whole stack is removed. +.PP +\&\fBERR_clear_last_mark()\fR removes the last mark added if there is one. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBERR_set_mark()\fR returns 0 if the error stack is empty, otherwise 1. .PP -\&\fBERR_pop_to_mark()\fR returns 0 if there was no mark in the error stack, which -implies that the stack became empty, otherwise 1. +\&\fBERR_clear_last_mark()\fR and \fBERR_pop_to_mark()\fR return 0 if there was no mark in the +error stack, which implies that the stack became empty, otherwise 1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2003\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2003\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_ASYM_CIPHER_free.3 b/secure/lib/libcrypto/man/man3/EVP_ASYM_CIPHER_free.3 new file mode 100644 index 000000000000..f38b569de18d --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_ASYM_CIPHER_free.3 @@ -0,0 +1,241 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_ASYM_CIPHER_FREE 3ossl" +.TH EVP_ASYM_CIPHER_FREE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_ASYM_CIPHER_fetch, EVP_ASYM_CIPHER_free, EVP_ASYM_CIPHER_up_ref, +EVP_ASYM_CIPHER_is_a, EVP_ASYM_CIPHER_get0_provider, +EVP_ASYM_CIPHER_do_all_provided, EVP_ASYM_CIPHER_names_do_all, +EVP_ASYM_CIPHER_get0_name, EVP_ASYM_CIPHER_get0_description, +EVP_ASYM_CIPHER_gettable_ctx_params, EVP_ASYM_CIPHER_settable_ctx_params +\&\- Functions to manage EVP_ASYM_CIPHER algorithm objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& EVP_ASYM_CIPHER *EVP_ASYM_CIPHER_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, +\& const char *properties); +\& void EVP_ASYM_CIPHER_free(EVP_ASYM_CIPHER *cipher); +\& int EVP_ASYM_CIPHER_up_ref(EVP_ASYM_CIPHER *cipher); +\& const char *EVP_ASYM_CIPHER_get0_name(const EVP_ASYM_CIPHER *cipher); +\& int EVP_ASYM_CIPHER_is_a(const EVP_ASYM_CIPHER *cipher, const char *name); +\& OSSL_PROVIDER *EVP_ASYM_CIPHER_get0_provider(const EVP_ASYM_CIPHER *cipher); +\& void EVP_ASYM_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx, +\& void (*fn)(EVP_ASYM_CIPHER *cipher, +\& void *arg), +\& void *arg); +\& int EVP_ASYM_CIPHER_names_do_all(const EVP_ASYM_CIPHER *cipher, +\& void (*fn)(const char *name, void *data), +\& void *data); +\& const char *EVP_ASYM_CIPHER_get0_description(const EVP_ASYM_CIPHER *cipher); +\& const OSSL_PARAM *EVP_ASYM_CIPHER_gettable_ctx_params(const EVP_ASYM_CIPHER *cip); +\& const OSSL_PARAM *EVP_ASYM_CIPHER_settable_ctx_params(const EVP_ASYM_CIPHER *cip); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEVP_ASYM_CIPHER_fetch()\fR fetches the implementation for the given +\&\fBalgorithm\fR from any provider offering it, within the criteria given +by the \fBproperties\fR and in the scope of the given library context \fBctx\fR (see +\&\s-1\fBOSSL_LIB_CTX\s0\fR\|(3)). The algorithm will be one offering functions for performing +asymmetric cipher related tasks such as asymmetric encryption and decryption. +See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further information. +.PP +The returned value must eventually be freed with \fBEVP_ASYM_CIPHER_free()\fR. +.PP +\&\fBEVP_ASYM_CIPHER_free()\fR decrements the reference count for the \fB\s-1EVP_ASYM_CIPHER\s0\fR +structure. Typically this structure will have been obtained from an earlier call +to \fBEVP_ASYM_CIPHER_fetch()\fR. If the reference count drops to 0 then the +structure is freed. +.PP +\&\fBEVP_ASYM_CIPHER_up_ref()\fR increments the reference count for an +\&\fB\s-1EVP_ASYM_CIPHER\s0\fR structure. +.PP +\&\fBEVP_ASYM_CIPHER_is_a()\fR returns 1 if \fIcipher\fR is an implementation of an +algorithm that's identifiable with \fIname\fR, otherwise 0. +.PP +\&\fBEVP_ASYM_CIPHER_get0_provider()\fR returns the provider that \fIcipher\fR was +fetched from. +.PP +\&\fBEVP_ASYM_CIPHER_do_all_provided()\fR traverses all EVP_ASYM_CIPHERs implemented by +all activated providers in the given library context \fIlibctx\fR, and for each of +the implementations, calls the given function \fIfn\fR with the implementation +method and the given \fIarg\fR as argument. +.PP +\&\fBEVP_ASYM_CIPHER_get0_name()\fR returns the algorithm name from the provided +implementation for the given \fIcipher\fR. Note that the \fIcipher\fR may have +multiple synonyms associated with it. In this case the first name from the +algorithm definition is returned. Ownership of the returned string is retained +by the \fIcipher\fR object and should not be freed by the caller. +.PP +\&\fBEVP_ASYM_CIPHER_names_do_all()\fR traverses all names for \fIcipher\fR, and calls +\&\fIfn\fR with each name and \fIdata\fR. +.PP +\&\fBEVP_ASYM_CIPHER_get0_description()\fR returns a description of the \fIcipher\fR, +meant for display and human consumption. The description is at the +discretion of the \fIcipher\fR implementation. +.PP +\&\fBEVP_ASYM_CIPHER_gettable_ctx_params()\fR and \fBEVP_ASYM_CIPHER_settable_ctx_params()\fR +return a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the names and types of key +parameters that can be retrieved or set by a key encryption algorithm using +\&\fBEVP_PKEY_CTX_get_params\fR\|(3) and \fBEVP_PKEY_CTX_set_params\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_ASYM_CIPHER_fetch()\fR returns a pointer to an \fB\s-1EVP_ASYM_CIPHER\s0\fR for success +or \fB\s-1NULL\s0\fR for failure. +.PP +\&\fBEVP_ASYM_CIPHER_up_ref()\fR returns 1 for success or 0 otherwise. +.PP +\&\fBEVP_ASYM_CIPHER_names_do_all()\fR returns 1 if the callback was called for all +names. A return value of 0 means that the callback was not called for any names. +.PP +\&\fBEVP_ASYM_CIPHER_gettable_ctx_params()\fR and \fBEVP_ASYM_CIPHER_settable_ctx_params()\fR +return a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array or \s-1NULL\s0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7), \s-1\fBOSSL_PROVIDER\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_BytesToKey.3 b/secure/lib/libcrypto/man/man3/EVP_BytesToKey.3 index d84a50927615..f87a1c229321 100644 --- a/secure/lib/libcrypto/man/man3/EVP_BytesToKey.3 +++ b/secure/lib/libcrypto/man/man3/EVP_BytesToKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_BYTESTOKEY 3" -.TH EVP_BYTESTOKEY 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_BYTESTOKEY 3ossl" +.TH EVP_BYTESTOKEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -204,7 +202,7 @@ or 0 on error. .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 b/secure/lib/libcrypto/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 index 9f81e7c49bde..98f0c8350390 100644 --- a/secure/lib/libcrypto/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 +++ b/secure/lib/libcrypto/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_CIPHER_CTX_GET_CIPHER_DATA 3" -.TH EVP_CIPHER_CTX_GET_CIPHER_DATA 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_CIPHER_CTX_GET_CIPHER_DATA 3ossl" +.TH EVP_CIPHER_CTX_GET_CIPHER_DATA 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_CIPHER_CTX_get_cipher_data, EVP_CIPHER_CTX_set_cipher_data \- Routines to inspect and modify EVP_CIPHER_CTX objects +EVP_CIPHER_CTX_get_cipher_data, EVP_CIPHER_CTX_set_cipher_data \- Routines to +inspect and modify EVP_CIPHER_CTX objects .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -176,7 +175,7 @@ functions were added in OpenSSL 1.1.0. .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_CIPHER_CTX_get_original_iv.3 b/secure/lib/libcrypto/man/man3/EVP_CIPHER_CTX_get_original_iv.3 new file mode 100644 index 000000000000..c8b99be558a9 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_CIPHER_CTX_get_original_iv.3 @@ -0,0 +1,206 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_CIPHER_CTX_GET_ORIGINAL_IV 3ossl" +.TH EVP_CIPHER_CTX_GET_ORIGINAL_IV 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_CIPHER_CTX_get_original_iv, EVP_CIPHER_CTX_get_updated_iv, +EVP_CIPHER_CTX_iv, EVP_CIPHER_CTX_original_iv, +EVP_CIPHER_CTX_iv_noconst \- Routines to inspect EVP_CIPHER_CTX IV data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& int EVP_CIPHER_CTX_get_original_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len); +\& int EVP_CIPHER_CTX_get_updated_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len); +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 3 +\& const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx); +\& const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx); +\& unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEVP_CIPHER_CTX_get_original_iv()\fR and \fBEVP_CIPHER_CTX_get_updated_iv()\fR copy +initialization vector (\s-1IV\s0) information from the \fB\s-1EVP_CIPHER_CTX\s0\fR into the +caller-supplied buffer. \fBEVP_CIPHER_CTX_get_iv_length\fR\|(3) can be used to +determine an appropriate buffer size, and if the supplied buffer is too small, +an error will be returned (and no data copied). +\&\fBEVP_CIPHER_CTX_get_original_iv()\fR accesses the (\*(L"original\*(R") \s-1IV\s0 that was +supplied when the \fB\s-1EVP_CIPHER_CTX\s0\fR was initialized, and +\&\fBEVP_CIPHER_CTX_get_updated_iv()\fR accesses the current \*(L"\s-1IV\s0 state\*(R" +of the cipher, which is updated during cipher operation for certain cipher modes +(e.g., \s-1CBC\s0 and \s-1OFB\s0). +.PP +The functions \fBEVP_CIPHER_CTX_iv()\fR, \fBEVP_CIPHER_CTX_original_iv()\fR, and +\&\fBEVP_CIPHER_CTX_iv_noconst()\fR are deprecated functions that provide similar (at +a conceptual level) functionality. \fBEVP_CIPHER_CTX_iv()\fR returns a pointer to +the beginning of the \*(L"\s-1IV\s0 state\*(R" as maintained internally in the +\&\fB\s-1EVP_CIPHER_CTX\s0\fR; \fBEVP_CIPHER_CTX_original_iv()\fR returns a pointer to the +beginning of the (\*(L"original\*(R") \s-1IV,\s0 as maintained by the \fB\s-1EVP_CIPHER_CTX\s0\fR, that +was provided when the \fB\s-1EVP_CIPHER_CTX\s0\fR was initialized; and +\&\fBEVP_CIPHER_CTX_get_iv_noconst()\fR is the same as \fBEVP_CIPHER_CTX_iv()\fR but has a +different return type for the pointer. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_CIPHER_CTX_get_original_iv()\fR and \fBEVP_CIPHER_CTX_get_updated_iv()\fR return 1 +on success and 0 on failure. +.PP +The functions \fBEVP_CIPHER_CTX_iv()\fR, \fBEVP_CIPHER_CTX_original_iv()\fR, and +\&\fBEVP_CIPHER_CTX_iv_noconst()\fR return a pointer to an \s-1IV\s0 as an array of bytes on +success, and \s-1NULL\s0 on failure. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBEVP_CIPHER_CTX_get_original_iv()\fR and \fBEVP_CIPHER_CTX_get_updated_iv()\fR were added +in OpenSSL 3.0.0. +.PP +\&\fBEVP_CIPHER_CTX_iv()\fR, \fBEVP_CIPHER_CTX_original_iv()\fR, and +\&\fBEVP_CIPHER_CTX_iv_noconst()\fR were added in OpenSSL 1.1.0, and were deprecated +in OpenSSL 3.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_CIPHER_meth_new.3 b/secure/lib/libcrypto/man/man3/EVP_CIPHER_meth_new.3 index e460c62697d0..46ac0613263e 100644 --- a/secure/lib/libcrypto/man/man3/EVP_CIPHER_meth_new.3 +++ b/secure/lib/libcrypto/man/man3/EVP_CIPHER_meth_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,34 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_CIPHER_METH_NEW 3" -.TH EVP_CIPHER_METH_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_CIPHER_METH_NEW 3ossl" +.TH EVP_CIPHER_METH_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_CIPHER_meth_new, EVP_CIPHER_meth_dup, EVP_CIPHER_meth_free, EVP_CIPHER_meth_set_iv_length, EVP_CIPHER_meth_set_flags, EVP_CIPHER_meth_set_impl_ctx_size, EVP_CIPHER_meth_set_init, EVP_CIPHER_meth_set_do_cipher, EVP_CIPHER_meth_set_cleanup, EVP_CIPHER_meth_set_set_asn1_params, EVP_CIPHER_meth_set_get_asn1_params, EVP_CIPHER_meth_set_ctrl, EVP_CIPHER_meth_get_init, EVP_CIPHER_meth_get_do_cipher, EVP_CIPHER_meth_get_cleanup, EVP_CIPHER_meth_get_set_asn1_params, EVP_CIPHER_meth_get_get_asn1_params, EVP_CIPHER_meth_get_ctrl \- Routines to build up EVP_CIPHER methods +EVP_CIPHER_meth_new, EVP_CIPHER_meth_dup, EVP_CIPHER_meth_free, +EVP_CIPHER_meth_set_iv_length, EVP_CIPHER_meth_set_flags, +EVP_CIPHER_meth_set_impl_ctx_size, EVP_CIPHER_meth_set_init, +EVP_CIPHER_meth_set_do_cipher, EVP_CIPHER_meth_set_cleanup, +EVP_CIPHER_meth_set_set_asn1_params, EVP_CIPHER_meth_set_get_asn1_params, +EVP_CIPHER_meth_set_ctrl, EVP_CIPHER_meth_get_init, +EVP_CIPHER_meth_get_do_cipher, EVP_CIPHER_meth_get_cleanup, +EVP_CIPHER_meth_get_set_asn1_params, EVP_CIPHER_meth_get_get_asn1_params, +EVP_CIPHER_meth_get_ctrl +\&\- Routines to build up EVP_CIPHER methods .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 3 \& EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); \& EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); \& void EVP_CIPHER_meth_free(EVP_CIPHER *cipher); @@ -193,6 +206,9 @@ EVP_CIPHER_meth_new, EVP_CIPHER_meth_dup, EVP_CIPHER_meth_free, EVP_CIPHER_meth_ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use the \s-1OSSL_PROVIDER\s0 APIs. +.PP The \fB\s-1EVP_CIPHER\s0\fR type is a structure for symmetric cipher method implementation. .PP @@ -210,8 +226,8 @@ behaviours in the particular \fBcipher\fR. With the exception of cipher modes, of which only one may be present, several flags can be or'd together. The available flags are: -.IP "\s-1EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE\s0" 4 -.IX Item "EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE" +.IP "\s-1EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE, EVP_CIPH_SIV_MODE\s0" 4 +.IX Item "EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE, EVP_CIPH_SIV_MODE" The cipher mode. .IP "\s-1EVP_CIPH_VARIABLE_LENGTH\s0" 4 .IX Item "EVP_CIPH_VARIABLE_LENGTH" @@ -264,6 +280,11 @@ Signals that the length of the input buffer for encryption / decryption is to be understood as the number of bits instead of bytes for this implementation. This is only useful for \s-1CFB1\s0 ciphers. +.IP "\s-1EVP_CIPH_FLAG_CTS\s0" 4 +.IX Item "EVP_CIPH_FLAG_CTS" +Indicates that the cipher uses ciphertext stealing. This is currently +used to indicate that the cipher is a one shot that only allows a single call to +\&\fBEVP_CipherUpdate()\fR. .IP "\s-1EVP_CIPH_FLAG_CUSTOM_CIPHER\s0" 4 .IX Item "EVP_CIPH_FLAG_CUSTOM_CIPHER" This indicates that the implementation takes care of everything, @@ -329,15 +350,19 @@ All EVP_CIPHER_meth_get_*() functions return pointers to their respective \fBcipher\fR function. .SH "SEE ALSO" .IX Header "SEE ALSO" -EVP_EncryptInit +\&\fBEVP_EncryptInit\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP The functions described here were added in OpenSSL 1.1.0. +The \fB\s-1EVP_CIPHER\s0\fR structure created with these functions became reference +counted in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_DigestInit.3 b/secure/lib/libcrypto/man/man3/EVP_DigestInit.3 index bc9a1eab63fb..625abc8d58ed 100644 --- a/secure/lib/libcrypto/man/man3/EVP_DigestInit.3 +++ b/secure/lib/libcrypto/man/man3/EVP_DigestInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,29 +130,69 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_DIGESTINIT 3" -.TH EVP_DIGESTINIT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_DIGESTINIT 3ossl" +.TH EVP_DIGESTINIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy, EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, EVP_Digest, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_flags, EVP_MD_CTX_md, EVP_MD_CTX_type, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_md_data, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn, EVP_md_null, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj, EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx \- EVP digest routines +EVP_MD_fetch, EVP_MD_up_ref, EVP_MD_free, +EVP_MD_get_params, EVP_MD_gettable_params, +EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy, +EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, +EVP_MD_CTX_set_params, EVP_MD_CTX_get_params, +EVP_MD_settable_ctx_params, EVP_MD_gettable_ctx_params, +EVP_MD_CTX_settable_params, EVP_MD_CTX_gettable_params, +EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, +EVP_Q_digest, EVP_Digest, EVP_DigestInit_ex2, EVP_DigestInit_ex, EVP_DigestInit, +EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, +EVP_MD_is_a, EVP_MD_get0_name, EVP_MD_get0_description, +EVP_MD_names_do_all, EVP_MD_get0_provider, EVP_MD_get_type, +EVP_MD_get_pkey_type, EVP_MD_get_size, EVP_MD_get_block_size, EVP_MD_get_flags, +EVP_MD_CTX_get0_name, EVP_MD_CTX_md, EVP_MD_CTX_get0_md, EVP_MD_CTX_get1_md, +EVP_MD_CTX_get_type, EVP_MD_CTX_get_size, EVP_MD_CTX_get_block_size, +EVP_MD_CTX_get0_md_data, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn, +EVP_md_null, +EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj, +EVP_MD_CTX_get_pkey_ctx, EVP_MD_CTX_set_pkey_ctx, +EVP_MD_do_all_provided, +EVP_MD_type, EVP_MD_nid, EVP_MD_name, EVP_MD_pkey_type, EVP_MD_size, +EVP_MD_block_size, EVP_MD_flags, EVP_MD_CTX_size, EVP_MD_CTX_block_size, +EVP_MD_CTX_type, EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_md_data +\&\- EVP digest routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> \& +\& EVP_MD *EVP_MD_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, +\& const char *properties); +\& int EVP_MD_up_ref(EVP_MD *md); +\& void EVP_MD_free(EVP_MD *md); +\& int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[]); +\& const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest); \& EVP_MD_CTX *EVP_MD_CTX_new(void); \& int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); \& void EVP_MD_CTX_free(EVP_MD_CTX *ctx); \& void EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void* p2); +\& int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[]); +\& int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]); +\& const OSSL_PARAM *EVP_MD_settable_ctx_params(const EVP_MD *md); +\& const OSSL_PARAM *EVP_MD_gettable_ctx_params(const EVP_MD *md); +\& const OSSL_PARAM *EVP_MD_CTX_settable_params(EVP_MD_CTX *ctx); +\& const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx); \& void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); \& void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); \& int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); \& +\& int EVP_Q_digest(OSSL_LIB_CTX *libctx, const char *name, const char *propq, +\& const void *data, size_t datalen, +\& unsigned char *md, size_t *mdlen); \& int EVP_Digest(const void *data, size_t count, unsigned char *md, \& unsigned int *size, const EVP_MD *type, ENGINE *impl); +\& int EVP_DigestInit_ex2(EVP_MD_CTX *ctx, const EVP_MD *type, +\& const OSSL_PARAM params[]); \& int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); \& int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); \& int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); @@ -167,22 +205,26 @@ EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy, EVP_MD_CTX_c \& \& int EVP_MD_CTX_copy(EVP_MD_CTX *out, EVP_MD_CTX *in); \& -\& int EVP_MD_type(const EVP_MD *md); -\& int EVP_MD_pkey_type(const EVP_MD *md); -\& int EVP_MD_size(const EVP_MD *md); -\& int EVP_MD_block_size(const EVP_MD *md); -\& unsigned long EVP_MD_flags(const EVP_MD *md); +\& const char *EVP_MD_get0_name(const EVP_MD *md); +\& const char *EVP_MD_get0_description(const EVP_MD *md); +\& int EVP_MD_is_a(const EVP_MD *md, const char *name); +\& int EVP_MD_names_do_all(const EVP_MD *md, +\& void (*fn)(const char *name, void *data), +\& void *data); +\& const OSSL_PROVIDER *EVP_MD_get0_provider(const EVP_MD *md); +\& int EVP_MD_get_type(const EVP_MD *md); +\& int EVP_MD_get_pkey_type(const EVP_MD *md); +\& int EVP_MD_get_size(const EVP_MD *md); +\& int EVP_MD_get_block_size(const EVP_MD *md); +\& unsigned long EVP_MD_get_flags(const EVP_MD *md); \& -\& const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); -\& int EVP_MD_CTX_size(const EVP_MD_CTX *ctx); -\& int EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx); -\& int EVP_MD_CTX_type(const EVP_MD_CTX *ctx); -\& void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); -\& int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, -\& const void *data, size_t count); -\& void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, -\& int (*update)(EVP_MD_CTX *ctx, -\& const void *data, size_t count)); +\& const EVP_MD *EVP_MD_CTX_get0_md(const EVP_MD_CTX *ctx); +\& EVP_MD *EVP_MD_CTX_get1_md(EVP_MD_CTX *ctx); +\& const char *EVP_MD_CTX_get0_name(const EVP_MD_CTX *ctx); +\& int EVP_MD_CTX_get_size(const EVP_MD_CTX *ctx); +\& int EVP_MD_CTX_get_block_size(const EVP_MD_CTX *ctx); +\& int EVP_MD_CTX_get_type(const EVP_MD_CTX *ctx); +\& void *EVP_MD_CTX_get0_md_data(const EVP_MD_CTX *ctx); \& \& const EVP_MD *EVP_md_null(void); \& @@ -190,116 +232,266 @@ EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy, EVP_MD_CTX_c \& const EVP_MD *EVP_get_digestbynid(int type); \& const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *o); \& -\& EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); +\& EVP_PKEY_CTX *EVP_MD_CTX_get_pkey_ctx(const EVP_MD_CTX *ctx); \& void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); +\& +\& void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx, +\& void (*fn)(EVP_MD *mac, void *arg), +\& void *arg); +\& +\& #define EVP_MD_type EVP_MD_get_type +\& #define EVP_MD_nid EVP_MD_get_type +\& #define EVP_MD_name EVP_MD_get0_name +\& #define EVP_MD_pkey_type EVP_MD_get_pkey_type +\& #define EVP_MD_size EVP_MD_get_size +\& #define EVP_MD_block_size EVP_MD_get_block_size +\& #define EVP_MD_flags EVP_MD_get_flags +\& #define EVP_MD_CTX_size EVP_MD_CTX_get_size +\& #define EVP_MD_CTX_block_size EVP_MD_CTX_get_block_size +\& #define EVP_MD_CTX_type EVP_MD_CTX_get_type +\& #define EVP_MD_CTX_pkey_ctx EVP_MD_CTX_get_pkey_ctx +\& #define EVP_MD_CTX_md_data EVP_MD_CTX_get0_md_data +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +\& +\& int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, +\& const void *data, size_t count); +\& +\& void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, +\& int (*update)(EVP_MD_CTX *ctx, +\& const void *data, size_t count)); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1EVP\s0 digest routines are a high-level interface to message digests, -and should be used instead of the cipher-specific functions. +and should be used instead of the digest-specific functions. +.PP +The \fB\s-1EVP_MD\s0\fR type is a structure for digest method implementation. +.IP "\fBEVP_MD_fetch()\fR" 4 +.IX Item "EVP_MD_fetch()" +Fetches the digest implementation for the given \fIalgorithm\fR from any +provider offering it, within the criteria given by the \fIproperties\fR. +See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further information. +.Sp +The returned value must eventually be freed with \fBEVP_MD_free()\fR. +.Sp +Fetched \fB\s-1EVP_MD\s0\fR structures are reference counted. +.IP "\fBEVP_MD_up_ref()\fR" 4 +.IX Item "EVP_MD_up_ref()" +Increments the reference count for an \fB\s-1EVP_MD\s0\fR structure. +.IP "\fBEVP_MD_free()\fR" 4 +.IX Item "EVP_MD_free()" +Decrements the reference count for the fetched \fB\s-1EVP_MD\s0\fR structure. +If the reference count drops to 0 then the structure is freed. .IP "\fBEVP_MD_CTX_new()\fR" 4 .IX Item "EVP_MD_CTX_new()" Allocates and returns a digest context. .IP "\fBEVP_MD_CTX_reset()\fR" 4 .IX Item "EVP_MD_CTX_reset()" -Resets the digest context \fBctx\fR. This can be used to reuse an already +Resets the digest context \fIctx\fR. This can be used to reuse an already existing context. .IP "\fBEVP_MD_CTX_free()\fR" 4 .IX Item "EVP_MD_CTX_free()" -Cleans up digest context \fBctx\fR and frees up the space allocated to it. +Cleans up digest context \fIctx\fR and frees up the space allocated to it. .IP "\fBEVP_MD_CTX_ctrl()\fR" 4 .IX Item "EVP_MD_CTX_ctrl()" -Performs digest-specific control actions on context \fBctx\fR. The control command -is indicated in \fBcmd\fR and any additional arguments in \fBp1\fR and \fBp2\fR. -\&\fBEVP_MD_CTX_ctrl()\fR must be called after \fBEVP_DigestInit_ex()\fR. Other restrictions +\&\fIThis is a legacy method. \f(BIEVP_MD_CTX_set_params()\fI and \f(BIEVP_MD_CTX_get_params()\fI +is the mechanism that should be used to set and get parameters that are used by +providers.\fR +.Sp +Performs digest-specific control actions on context \fIctx\fR. The control command +is indicated in \fIcmd\fR and any additional arguments in \fIp1\fR and \fIp2\fR. +\&\fBEVP_MD_CTX_ctrl()\fR must be called after \fBEVP_DigestInit_ex2()\fR. Other restrictions may apply depending on the control type and digest implementation. -See \*(L"\s-1CONTROLS\*(R"\s0 below for more information. +.Sp +If this function happens to be used with a fetched \fB\s-1EVP_MD\s0\fR, it will +translate the controls that are known to OpenSSL into \s-1\fBOSSL_PARAM\s0\fR\|(3) +parameters with keys defined by OpenSSL and call \fBEVP_MD_CTX_get_params()\fR or +\&\fBEVP_MD_CTX_set_params()\fR as is appropriate for each control command. +.Sp +See \*(L"\s-1CONTROLS\*(R"\s0 below for more information, including what translations are +being done. +.IP "\fBEVP_MD_get_params()\fR" 4 +.IX Item "EVP_MD_get_params()" +Retrieves the requested list of \fIparams\fR from a \s-1MD\s0 \fImd\fR. +See \*(L"\s-1PARAMETERS\*(R"\s0 below for more information. +.IP "\fBEVP_MD_CTX_get_params()\fR" 4 +.IX Item "EVP_MD_CTX_get_params()" +Retrieves the requested list of \fIparams\fR from a \s-1MD\s0 context \fIctx\fR. +See \*(L"\s-1PARAMETERS\*(R"\s0 below for more information. +.IP "\fBEVP_MD_CTX_set_params()\fR" 4 +.IX Item "EVP_MD_CTX_set_params()" +Sets the list of \fIparams\fR into a \s-1MD\s0 context \fIctx\fR. +See \*(L"\s-1PARAMETERS\*(R"\s0 below for more information. +.IP "\fBEVP_MD_gettable_params()\fR" 4 +.IX Item "EVP_MD_gettable_params()" +Get a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the retrievable parameters +that can be used with \fBEVP_MD_get_params()\fR. +.IP "\fBEVP_MD_gettable_ctx_params()\fR, \fBEVP_MD_CTX_gettable_params()\fR" 4 +.IX Item "EVP_MD_gettable_ctx_params(), EVP_MD_CTX_gettable_params()" +Get a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the retrievable parameters +that can be used with \fBEVP_MD_CTX_get_params()\fR. \fBEVP_MD_gettable_ctx_params()\fR +returns the parameters that can be retrieved from the algorithm, whereas +\&\fBEVP_MD_CTX_gettable_params()\fR returns the parameters that can be retrieved +in the context's current state. +.IP "\fBEVP_MD_settable_ctx_params()\fR, \fBEVP_MD_CTX_settable_params()\fR" 4 +.IX Item "EVP_MD_settable_ctx_params(), EVP_MD_CTX_settable_params()" +Get a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the settable parameters +that can be used with \fBEVP_MD_CTX_set_params()\fR. \fBEVP_MD_settable_ctx_params()\fR +returns the parameters that can be set from the algorithm, whereas +\&\fBEVP_MD_CTX_settable_params()\fR returns the parameters that can be set in the +context's current state. .IP "\fBEVP_MD_CTX_set_flags()\fR, \fBEVP_MD_CTX_clear_flags()\fR, \fBEVP_MD_CTX_test_flags()\fR" 4 .IX Item "EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags(), EVP_MD_CTX_test_flags()" -Sets, clears and tests \fBctx\fR flags. See \*(L"\s-1FLAGS\*(R"\s0 below for more information. +Sets, clears and tests \fIctx\fR flags. See \*(L"\s-1FLAGS\*(R"\s0 below for more information. +.IP "\fBEVP_Q_digest()\fR is a quick one-shot digest function." 4 +.IX Item "EVP_Q_digest() is a quick one-shot digest function." +It hashes \fIdatalen\fR bytes of data at \fIdata\fR using the digest algorithm +\&\fIname\fR, which is fetched using the optional \fIlibctx\fR and \fIpropq\fR parameters. +The digest value is placed in \fImd\fR and its length is written at \fImdlen\fR +if the pointer is not \s-1NULL.\s0 At most \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written. .IP "\fBEVP_Digest()\fR" 4 .IX Item "EVP_Digest()" A wrapper around the Digest Init_ex, Update and Final_ex functions. -Hashes \fBcount\fR bytes of data at \fBdata\fR using a digest \fBtype\fR from \s-1ENGINE\s0 -\&\fBimpl\fR. The digest value is placed in \fBmd\fR and its length is written at \fBsize\fR +Hashes \fIcount\fR bytes of data at \fIdata\fR using a digest \fItype\fR from \s-1ENGINE\s0 +\&\fIimpl\fR. The digest value is placed in \fImd\fR and its length is written at \fIsize\fR if the pointer is not \s-1NULL.\s0 At most \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written. -If \fBimpl\fR is \s-1NULL\s0 the default implementation of digest \fBtype\fR is used. +If \fIimpl\fR is \s-1NULL\s0 the default implementation of digest \fItype\fR is used. +.IP "\fBEVP_DigestInit_ex2()\fR" 4 +.IX Item "EVP_DigestInit_ex2()" +Sets up digest context \fIctx\fR to use a digest \fItype\fR. +\&\fItype\fR is typically supplied by a function such as \fBEVP_sha1()\fR, or a +value explicitly fetched with \fBEVP_MD_fetch()\fR. +.Sp +The parameters \fBparams\fR are set on the context after initialisation. +.Sp +The \fItype\fR parameter can be \s-1NULL\s0 if \fIctx\fR has been already initialized +with another \fBEVP_DigestInit_ex()\fR call and has not been reset with +\&\fBEVP_MD_CTX_reset()\fR. .IP "\fBEVP_DigestInit_ex()\fR" 4 .IX Item "EVP_DigestInit_ex()" -Sets up digest context \fBctx\fR to use a digest \fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. -\&\fBtype\fR will typically be supplied by a function such as \fBEVP_sha1()\fR. If -\&\fBimpl\fR is \s-1NULL\s0 then the default implementation of digest \fBtype\fR is used. +Sets up digest context \fIctx\fR to use a digest \fItype\fR. +\&\fItype\fR is typically supplied by a function such as \fBEVP_sha1()\fR, or a +value explicitly fetched with \fBEVP_MD_fetch()\fR. +.Sp +If \fIimpl\fR is non-NULL, its implementation of the digest \fItype\fR is used if +there is one, and if not, the default implementation is used. +.Sp +The \fItype\fR parameter can be \s-1NULL\s0 if \fIctx\fR has been already initialized +with another \fBEVP_DigestInit_ex()\fR call and has not been reset with +\&\fBEVP_MD_CTX_reset()\fR. .IP "\fBEVP_DigestUpdate()\fR" 4 .IX Item "EVP_DigestUpdate()" -Hashes \fBcnt\fR bytes of data at \fBd\fR into the digest context \fBctx\fR. This -function can be called several times on the same \fBctx\fR to hash additional +Hashes \fIcnt\fR bytes of data at \fId\fR into the digest context \fIctx\fR. This +function can be called several times on the same \fIctx\fR to hash additional data. .IP "\fBEVP_DigestFinal_ex()\fR" 4 .IX Item "EVP_DigestFinal_ex()" -Retrieves the digest value from \fBctx\fR and places it in \fBmd\fR. If the \fBs\fR +Retrieves the digest value from \fIctx\fR and places it in \fImd\fR. If the \fIs\fR parameter is not \s-1NULL\s0 then the number of bytes of data written (i.e. the -length of the digest) will be written to the integer at \fBs\fR, at most +length of the digest) will be written to the integer at \fIs\fR, at most \&\fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written. After calling \fBEVP_DigestFinal_ex()\fR no additional calls to \fBEVP_DigestUpdate()\fR can be made, but -\&\fBEVP_DigestInit_ex()\fR can be called to initialize a new digest operation. +\&\fBEVP_DigestInit_ex2()\fR can be called to initialize a new digest operation. .IP "\fBEVP_DigestFinalXOF()\fR" 4 .IX Item "EVP_DigestFinalXOF()" Interfaces to extendable-output functions, XOFs, such as \s-1SHAKE128\s0 and \s-1SHAKE256.\s0 -It retrieves the digest value from \fBctx\fR and places it in \fBlen\fR\-sized <B>md. +It retrieves the digest value from \fIctx\fR and places it in \fIlen\fR\-sized \fImd\fR. After calling this function no additional calls to \fBEVP_DigestUpdate()\fR can be -made, but \fBEVP_DigestInit_ex()\fR can be called to initialize a new operation. +made, but \fBEVP_DigestInit_ex2()\fR can be called to initialize a new operation. .IP "\fBEVP_MD_CTX_copy_ex()\fR" 4 .IX Item "EVP_MD_CTX_copy_ex()" -Can be used to copy the message digest state from \fBin\fR to \fBout\fR. This is +Can be used to copy the message digest state from \fIin\fR to \fIout\fR. This is useful if large amounts of data are to be hashed which only differ in the last few bytes. .IP "\fBEVP_DigestInit()\fR" 4 .IX Item "EVP_DigestInit()" -Behaves in the same way as \fBEVP_DigestInit_ex()\fR except it always uses the -default digest implementation and calls \fBEVP_MD_CTX_reset()\fR. +Behaves in the same way as \fBEVP_DigestInit_ex2()\fR except it doesn't set any +parameters and calls \fBEVP_MD_CTX_reset()\fR so it cannot be used with an \fItype\fR +of \s-1NULL.\s0 .IP "\fBEVP_DigestFinal()\fR" 4 .IX Item "EVP_DigestFinal()" -Similar to \fBEVP_DigestFinal_ex()\fR except the digest context \fBctx\fR is -automatically cleaned up. +Similar to \fBEVP_DigestFinal_ex()\fR except after computing the digest +the digest context \fIctx\fR is automatically cleaned up with \fBEVP_MD_CTX_reset()\fR. .IP "\fBEVP_MD_CTX_copy()\fR" 4 .IX Item "EVP_MD_CTX_copy()" -Similar to \fBEVP_MD_CTX_copy_ex()\fR except the destination \fBout\fR does not have to +Similar to \fBEVP_MD_CTX_copy_ex()\fR except the destination \fIout\fR does not have to be initialized. -.IP "\fBEVP_MD_size()\fR, \fBEVP_MD_CTX_size()\fR" 4 -.IX Item "EVP_MD_size(), EVP_MD_CTX_size()" +.IP "\fBEVP_MD_is_a()\fR" 4 +.IX Item "EVP_MD_is_a()" +Returns 1 if \fImd\fR is an implementation of an algorithm that's +identifiable with \fIname\fR, otherwise 0. +.Sp +If \fImd\fR is a legacy digest (it's the return value from the likes of +\&\fBEVP_sha256()\fR rather than the result of an \fBEVP_MD_fetch()\fR), only cipher +names registered with the default library context (see +\&\s-1\fBOSSL_LIB_CTX\s0\fR\|(3)) will be considered. +.IP "\fBEVP_MD_get0_name()\fR, \fBEVP_MD_CTX_get0_name()\fR" 4 +.IX Item "EVP_MD_get0_name(), EVP_MD_CTX_get0_name()" +Return the name of the given message digest. For fetched message +digests with multiple names, only one of them is returned; it's +recommended to use \fBEVP_MD_names_do_all()\fR instead. +.IP "\fBEVP_MD_names_do_all()\fR" 4 +.IX Item "EVP_MD_names_do_all()" +Traverses all names for the \fImd\fR, and calls \fIfn\fR with each name and +\&\fIdata\fR. This is only useful with fetched \fB\s-1EVP_MD\s0\fRs. +.IP "\fBEVP_MD_get0_description()\fR" 4 +.IX Item "EVP_MD_get0_description()" +Returns a description of the digest, meant for display and human consumption. +The description is at the discretion of the digest implementation. +.IP "\fBEVP_MD_get0_provider()\fR" 4 +.IX Item "EVP_MD_get0_provider()" +Returns an \fB\s-1OSSL_PROVIDER\s0\fR pointer to the provider that implements the given +\&\fB\s-1EVP_MD\s0\fR. +.IP "\fBEVP_MD_get_size()\fR, \fBEVP_MD_CTX_get_size()\fR" 4 +.IX Item "EVP_MD_get_size(), EVP_MD_CTX_get_size()" Return the size of the message digest when passed an \fB\s-1EVP_MD\s0\fR or an \&\fB\s-1EVP_MD_CTX\s0\fR structure, i.e. the size of the hash. -.IP "\fBEVP_MD_block_size()\fR, \fBEVP_MD_CTX_block_size()\fR" 4 -.IX Item "EVP_MD_block_size(), EVP_MD_CTX_block_size()" +.IP "\fBEVP_MD_get_block_size()\fR, \fBEVP_MD_CTX_get_block_size()\fR" 4 +.IX Item "EVP_MD_get_block_size(), EVP_MD_CTX_get_block_size()" Return the block size of the message digest when passed an \fB\s-1EVP_MD\s0\fR or an \&\fB\s-1EVP_MD_CTX\s0\fR structure. -.IP "\fBEVP_MD_type()\fR, \fBEVP_MD_CTX_type()\fR" 4 -.IX Item "EVP_MD_type(), EVP_MD_CTX_type()" +.IP "\fBEVP_MD_get_type()\fR, \fBEVP_MD_CTX_get_type()\fR" 4 +.IX Item "EVP_MD_get_type(), EVP_MD_CTX_get_type()" Return the \s-1NID\s0 of the \s-1OBJECT IDENTIFIER\s0 representing the given message digest -when passed an \fB\s-1EVP_MD\s0\fR structure. For example, \f(CW\*(C`EVP_MD_type(EVP_sha1())\*(C'\fR +when passed an \fB\s-1EVP_MD\s0\fR structure. For example, \f(CW\*(C`EVP_MD_get_type(EVP_sha1())\*(C'\fR returns \fBNID_sha1\fR. This function is normally used when setting \s-1ASN1\s0 OIDs. -.IP "\fBEVP_MD_CTX_md_data()\fR" 4 -.IX Item "EVP_MD_CTX_md_data()" +.IP "\fBEVP_MD_CTX_get0_md_data()\fR" 4 +.IX Item "EVP_MD_CTX_get0_md_data()" Return the digest method private data for the passed \fB\s-1EVP_MD_CTX\s0\fR. The space is allocated by OpenSSL and has the size originally set with \&\fBEVP_MD_meth_set_app_datasize()\fR. -.IP "\fBEVP_MD_CTX_md()\fR" 4 -.IX Item "EVP_MD_CTX_md()" -Returns the \fB\s-1EVP_MD\s0\fR structure corresponding to the passed \fB\s-1EVP_MD_CTX\s0\fR. +.IP "\fBEVP_MD_CTX_get0_md()\fR, \fBEVP_MD_CTX_get1_md()\fR" 4 +.IX Item "EVP_MD_CTX_get0_md(), EVP_MD_CTX_get1_md()" +\&\fBEVP_MD_CTX_get0_md()\fR returns +the \fB\s-1EVP_MD\s0\fR structure corresponding to the passed \fB\s-1EVP_MD_CTX\s0\fR. This +will be the same \fB\s-1EVP_MD\s0\fR object originally passed to \fBEVP_DigestInit_ex2()\fR (or +other similar function) when the \s-1EVP_MD_CTX\s0 was first initialised. Note that +where explicit fetch is in use (see \fBEVP_MD_fetch\fR\|(3)) the value returned from +this function will not have its reference count incremented and therefore it +should not be used after the \s-1EVP_MD_CTX\s0 is freed. +\&\fBEVP_MD_CTX_get1_md()\fR is the same except the ownership is passed to the +caller and is from the passed \fB\s-1EVP_MD_CTX\s0\fR. .IP "\fBEVP_MD_CTX_set_update_fn()\fR" 4 .IX Item "EVP_MD_CTX_set_update_fn()" -Sets the update function for \fBctx\fR to \fBupdate\fR. -This is the function that is called by EVP_DigestUpdate. If not set, the +Sets the update function for \fIctx\fR to \fIupdate\fR. +This is the function that is called by \fBEVP_DigestUpdate()\fR. If not set, the update function from the \fB\s-1EVP_MD\s0\fR type specified at initialization is used. .IP "\fBEVP_MD_CTX_update_fn()\fR" 4 .IX Item "EVP_MD_CTX_update_fn()" -Returns the update function for \fBctx\fR. -.IP "\fBEVP_MD_flags()\fR" 4 -.IX Item "EVP_MD_flags()" -Returns the \fBmd\fR flags. Note that these are different from the \fB\s-1EVP_MD_CTX\s0\fR +Returns the update function for \fIctx\fR. +.IP "\fBEVP_MD_get_flags()\fR" 4 +.IX Item "EVP_MD_get_flags()" +Returns the \fImd\fR flags. Note that these are different from the \fB\s-1EVP_MD_CTX\s0\fR ones. See \fBEVP_MD_meth_set_flags\fR\|(3) for more information. -.IP "\fBEVP_MD_pkey_type()\fR" 4 -.IX Item "EVP_MD_pkey_type()" +.IP "\fBEVP_MD_get_pkey_type()\fR" 4 +.IX Item "EVP_MD_get_pkey_type()" Returns the \s-1NID\s0 of the public key signing algorithm associated with this digest. For example \fBEVP_sha1()\fR is associated with \s-1RSA\s0 so this will return \&\fBNID_sha1WithRSAEncryption\fR. Since digests and signature algorithms are no @@ -312,18 +504,66 @@ length. .IX Item "EVP_get_digestbyname(), EVP_get_digestbynid(), EVP_get_digestbyobj()" Returns an \fB\s-1EVP_MD\s0\fR structure when passed a digest name, a digest \fB\s-1NID\s0\fR or an \&\fB\s-1ASN1_OBJECT\s0\fR structure respectively. -.IP "\fBEVP_MD_CTX_pkey_ctx()\fR" 4 -.IX Item "EVP_MD_CTX_pkey_ctx()" -Returns the \fB\s-1EVP_PKEY_CTX\s0\fR assigned to \fBctx\fR. The returned pointer should not +.Sp +The \fBEVP_get_digestbyname()\fR function is present for backwards compatibility with +OpenSSL prior to version 3 and is different to the \fBEVP_MD_fetch()\fR function +since it does not attempt to \*(L"fetch\*(R" an implementation of the cipher. +Additionally, it only knows about digests that are built-in to OpenSSL and have +an associated \s-1NID.\s0 Similarly \fBEVP_get_digestbynid()\fR and \fBEVP_get_digestbyobj()\fR +also return objects without an associated implementation. +.Sp +When the digest objects returned by these functions are used (such as in a call +to \fBEVP_DigestInit_ex()\fR) an implementation of the digest will be implicitly +fetched from the loaded providers. This fetch could fail if no suitable +implementation is available. Use \fBEVP_MD_fetch()\fR instead to explicitly fetch +the algorithm and an associated implementation from a provider. +.Sp +See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for more information about fetching. +.Sp +The digest objects returned from these functions do not need to be freed with +\&\fBEVP_MD_free()\fR. +.IP "\fBEVP_MD_CTX_get_pkey_ctx()\fR" 4 +.IX Item "EVP_MD_CTX_get_pkey_ctx()" +Returns the \fB\s-1EVP_PKEY_CTX\s0\fR assigned to \fIctx\fR. The returned pointer should not be freed by the caller. .IP "\fBEVP_MD_CTX_set_pkey_ctx()\fR" 4 .IX Item "EVP_MD_CTX_set_pkey_ctx()" Assigns an \fB\s-1EVP_PKEY_CTX\s0\fR to \fB\s-1EVP_MD_CTX\s0\fR. This is usually used to provide a customized \fB\s-1EVP_PKEY_CTX\s0\fR to \fBEVP_DigestSignInit\fR\|(3) or -\&\fBEVP_DigestVerifyInit\fR\|(3). The \fBpctx\fR passed to this function should be freed -by the caller. A \s-1NULL\s0 \fBpctx\fR pointer is also allowed to clear the \fB\s-1EVP_PKEY_CTX\s0\fR -assigned to \fBctx\fR. In such case, freeing the cleared \fB\s-1EVP_PKEY_CTX\s0\fR or not +\&\fBEVP_DigestVerifyInit\fR\|(3). The \fIpctx\fR passed to this function should be freed +by the caller. A \s-1NULL\s0 \fIpctx\fR pointer is also allowed to clear the \fB\s-1EVP_PKEY_CTX\s0\fR +assigned to \fIctx\fR. In such case, freeing the cleared \fB\s-1EVP_PKEY_CTX\s0\fR or not depends on how the \fB\s-1EVP_PKEY_CTX\s0\fR is created. +.IP "\fBEVP_MD_do_all_provided()\fR" 4 +.IX Item "EVP_MD_do_all_provided()" +Traverses all messages digests implemented by all activated providers +in the given library context \fIlibctx\fR, and for each of the implementations, +calls the given function \fIfn\fR with the implementation method and the given +\&\fIarg\fR as argument. +.SH "PARAMETERS" +.IX Header "PARAMETERS" +See \s-1\fBOSSL_PARAM\s0\fR\|(3) for information about passing parameters. +.PP +\&\fBEVP_MD_CTX_set_params()\fR can be used with the following \s-1OSSL_PARAM\s0 keys: +.ie n .IP """xoflen"" (\fB\s-1OSSL_DIGEST_PARAM_XOFLEN\s0\fR) <unsigned integer>" 4 +.el .IP "``xoflen'' (\fB\s-1OSSL_DIGEST_PARAM_XOFLEN\s0\fR) <unsigned integer>" 4 +.IX Item "xoflen (OSSL_DIGEST_PARAM_XOFLEN) <unsigned integer>" +Sets the digest length for extendable output functions. +It is used by the \s-1SHAKE\s0 algorithm and should not exceed what can be given +using a \fBsize_t\fR. +.ie n .IP """pad-type"" (\fB\s-1OSSL_DIGEST_PARAM_PAD_TYPE\s0\fR) <unsigned integer>" 4 +.el .IP "``pad-type'' (\fB\s-1OSSL_DIGEST_PARAM_PAD_TYPE\s0\fR) <unsigned integer>" 4 +.IX Item "pad-type (OSSL_DIGEST_PARAM_PAD_TYPE) <unsigned integer>" +Sets the padding type. +It is used by the \s-1MDC2\s0 algorithm. +.PP +\&\fBEVP_MD_CTX_get_params()\fR can be used with the following \s-1OSSL_PARAM\s0 keys: +.ie n .IP """micalg"" (\fB\s-1OSSL_PARAM_DIGEST_KEY_MICALG\s0\fR) <\s-1UTF8\s0 string>." 4 +.el .IP "``micalg'' (\fB\s-1OSSL_PARAM_DIGEST_KEY_MICALG\s0\fR) <\s-1UTF8\s0 string>." 4 +.IX Item "micalg (OSSL_PARAM_DIGEST_KEY_MICALG) <UTF8 string>." +Gets the digest Message Integrity Check algorithm string. This is used when +creating S/MIME multipart/signed messages, as specified in \s-1RFC 3851.\s0 +It may be used by external engines or providers. .SH "CONTROLS" .IX Header "CONTROLS" \&\fBEVP_MD_CTX_ctrl()\fR can be used to send the following standard controls: @@ -331,13 +571,19 @@ depends on how the \fB\s-1EVP_PKEY_CTX\s0\fR is created. .IX Item "EVP_MD_CTRL_MICALG" Gets the digest Message Integrity Check algorithm string. This is used when creating S/MIME multipart/signed messages, as specified in \s-1RFC 3851.\s0 -The string value is written to \fBp2\fR. +The string value is written to \fIp2\fR. +.Sp +When used with a fetched \fB\s-1EVP_MD\s0\fR, \fBEVP_MD_CTX_get_params()\fR gets called with +an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key \*(L"micalg\*(R" (\fB\s-1OSSL_DIGEST_PARAM_MICALG\s0\fR). .IP "\s-1EVP_MD_CTRL_XOF_LEN\s0" 4 .IX Item "EVP_MD_CTRL_XOF_LEN" -This control sets the digest length for extendable output functions to \fBp1\fR. +This control sets the digest length for extendable output functions to \fIp1\fR. Sending this control directly should not be necessary, the use of -\&\f(CW\*(C`EVP_DigestFinalXOF()\*(C'\fR is preferred. +\&\fBEVP_DigestFinalXOF()\fR is preferred. Currently used by \s-1SHAKE.\s0 +.Sp +When used with a fetched \fB\s-1EVP_MD\s0\fR, \fBEVP_MD_CTX_get_params()\fR gets called with +an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key \*(L"xoflen\*(R" (\fB\s-1OSSL_DIGEST_PARAM_XOFLEN\s0\fR). .SH "FLAGS" .IX Header "FLAGS" \&\fBEVP_MD_CTX_set_flags()\fR, \fBEVP_MD_CTX_clear_flags()\fR and \fBEVP_MD_CTX_test_flags()\fR @@ -357,23 +603,36 @@ This is inefficient if this functionality is not required, and can be disabled with this flag. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -.IP "\fBEVP_DigestInit_ex()\fR, \fBEVP_DigestUpdate()\fR, \fBEVP_DigestFinal_ex()\fR" 4 -.IX Item "EVP_DigestInit_ex(), EVP_DigestUpdate(), EVP_DigestFinal_ex()" -Returns 1 for +.IP "\fBEVP_MD_fetch()\fR" 4 +.IX Item "EVP_MD_fetch()" +Returns a pointer to a \fB\s-1EVP_MD\s0\fR for success or \s-1NULL\s0 for failure. +.IP "\fBEVP_MD_up_ref()\fR" 4 +.IX Item "EVP_MD_up_ref()" +Returns 1 for success or 0 for failure. +.IP "\fBEVP_Q_digest()\fR, \fBEVP_Digest()\fR, \fBEVP_DigestInit_ex2()\fR, \fBEVP_DigestInit_ex()\fR, \fBEVP_DigestInit()\fR, \fBEVP_DigestUpdate()\fR, \fBEVP_DigestFinal_ex()\fR, \fBEVP_DigestFinalXOF()\fR, and \fBEVP_DigestFinal()\fR" 4 +.IX Item "EVP_Q_digest(), EVP_Digest(), EVP_DigestInit_ex2(), EVP_DigestInit_ex(), EVP_DigestInit(), EVP_DigestUpdate(), EVP_DigestFinal_ex(), EVP_DigestFinalXOF(), and EVP_DigestFinal()" +return 1 for success and 0 for failure. .IP "\fBEVP_MD_CTX_ctrl()\fR" 4 .IX Item "EVP_MD_CTX_ctrl()" Returns 1 if successful or 0 for failure. +.IP "\fBEVP_MD_CTX_set_params()\fR, \fBEVP_MD_CTX_get_params()\fR" 4 +.IX Item "EVP_MD_CTX_set_params(), EVP_MD_CTX_get_params()" +Returns 1 if successful or 0 for failure. +.IP "\fBEVP_MD_CTX_settable_params()\fR, \fBEVP_MD_CTX_gettable_params()\fR" 4 +.IX Item "EVP_MD_CTX_settable_params(), EVP_MD_CTX_gettable_params()" +Return an array of constant \s-1\fBOSSL_PARAM\s0\fR\|(3)s, or \s-1NULL\s0 if there is none +to get. .IP "\fBEVP_MD_CTX_copy_ex()\fR" 4 .IX Item "EVP_MD_CTX_copy_ex()" Returns 1 if successful or 0 for failure. -.IP "\fBEVP_MD_type()\fR, \fBEVP_MD_pkey_type()\fR" 4 -.IX Item "EVP_MD_type(), EVP_MD_pkey_type()" +.IP "\fBEVP_MD_get_type()\fR, \fBEVP_MD_get_pkey_type()\fR" 4 +.IX Item "EVP_MD_get_type(), EVP_MD_get_pkey_type()" Returns the \s-1NID\s0 of the corresponding \s-1OBJECT IDENTIFIER\s0 or NID_undef if none exists. -.IP "\fBEVP_MD_size()\fR, \fBEVP_MD_block_size()\fR, \fBEVP_MD_CTX_size()\fR, \fBEVP_MD_CTX_block_size()\fR" 4 -.IX Item "EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(), EVP_MD_CTX_block_size()" -Returns the digest or block size in bytes. +.IP "\fBEVP_MD_get_size()\fR, \fBEVP_MD_get_block_size()\fR, \fBEVP_MD_CTX_get_size()\fR, \fBEVP_MD_CTX_get_block_size()\fR" 4 +.IX Item "EVP_MD_get_size(), EVP_MD_get_block_size(), EVP_MD_CTX_get_size(), EVP_MD_CTX_get_block_size()" +Returns the digest or block size in bytes or \-1 for failure. .IP "\fBEVP_md_null()\fR" 4 .IX Item "EVP_md_null()" Returns a pointer to the \fB\s-1EVP_MD\s0\fR structure of the \*(L"null\*(R" message digest. @@ -383,6 +642,10 @@ Returns either an \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0 if an error occur .IP "\fBEVP_MD_CTX_set_pkey_ctx()\fR" 4 .IX Item "EVP_MD_CTX_set_pkey_ctx()" This function has no return value. +.IP "\fBEVP_MD_names_do_all()\fR" 4 +.IX Item "EVP_MD_names_do_all()" +Returns 1 if the callback was called for all names. A return value of 0 means +that the callback was not called for any names. .SH "NOTES" .IX Header "NOTES" The \fB\s-1EVP\s0\fR interface to message digests should almost always be used in @@ -393,9 +656,16 @@ New applications should use the \s-1SHA\-2\s0 (such as \fBEVP_sha256\fR\|(3)) or digest algorithms (such as \fBEVP_sha3_512\fR\|(3)). The other digest algorithms are still in common use. .PP -For most applications the \fBimpl\fR parameter to \fBEVP_DigestInit_ex()\fR will be +For most applications the \fIimpl\fR parameter to \fBEVP_DigestInit_ex()\fR will be set to \s-1NULL\s0 to use the default digest implementation. .PP +Ignoring failure returns of \fBEVP_DigestInit_ex()\fR, \fBEVP_DigestInit_ex2()\fR, or +\&\fBEVP_DigestInit()\fR can lead to undefined behavior on subsequent calls +updating or finalizing the \fB\s-1EVP_MD_CTX\s0\fR such as the \fBEVP_DigestUpdate()\fR or +\&\fBEVP_DigestFinal()\fR functions. The only valid calls on the \fB\s-1EVP_MD_CTX\s0\fR +when initialization fails are calls that attempt another initialization of +the context or release the context. +.PP The functions \fBEVP_DigestInit()\fR, \fBEVP_DigestFinal()\fR and \fBEVP_MD_CTX_copy()\fR are obsolete but are retained to maintain compatibility with existing code. New applications should use \fBEVP_DigestInit_ex()\fR, \fBEVP_DigestFinal_ex()\fR and @@ -406,9 +676,9 @@ implementations of digests to be specified. If digest contexts are not cleaned up after use, memory leaks will occur. .PP -\&\fBEVP_MD_CTX_size()\fR, \fBEVP_MD_CTX_block_size()\fR, \fBEVP_MD_CTX_type()\fR, -\&\fBEVP_get_digestbynid()\fR and \fBEVP_get_digestbyobj()\fR are defined as -macros. +\&\fBEVP_MD_CTX_get0_name()\fR, \fBEVP_MD_CTX_get_size()\fR, \fBEVP_MD_CTX_get_block_size()\fR, +\&\fBEVP_MD_CTX_get_type()\fR, \fBEVP_get_digestbynid()\fR and \fBEVP_get_digestbyobj()\fR are +defined as macros. .PP \&\fBEVP_MD_CTX_ctrl()\fR sends commands to message digests for additional configuration or control. @@ -443,10 +713,26 @@ digest name passed on the command line. \& } \& \& mdctx = EVP_MD_CTX_new(); -\& EVP_DigestInit_ex(mdctx, md, NULL); -\& EVP_DigestUpdate(mdctx, mess1, strlen(mess1)); -\& EVP_DigestUpdate(mdctx, mess2, strlen(mess2)); -\& EVP_DigestFinal_ex(mdctx, md_value, &md_len); +\& if (!EVP_DigestInit_ex2(mdctx, md, NULL)) { +\& printf("Message digest initialization failed.\en"); +\& EVP_MD_CTX_free(mdctx); +\& exit(1); +\& } +\& if (!EVP_DigestUpdate(mdctx, mess1, strlen(mess1))) { +\& printf("Message digest update failed.\en"); +\& EVP_MD_CTX_free(mdctx); +\& exit(1); +\& } +\& if (!EVP_DigestUpdate(mdctx, mess2, strlen(mess2))) { +\& printf("Message digest update failed.\en"); +\& EVP_MD_CTX_free(mdctx); +\& exit(1); +\& } +\& if (!EVP_DigestFinal_ex(mdctx, md_value, &md_len)) { +\& printf("Message digest finalization failed.\en"); +\& EVP_MD_CTX_free(mdctx); +\& exit(1); +\& } \& EVP_MD_CTX_free(mdctx); \& \& printf("Digest is: "); @@ -460,8 +746,14 @@ digest name passed on the command line. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_MD_meth_new\fR\|(3), -\&\fBdgst\fR\|(1), -\&\fBevp\fR\|(7) +\&\fBopenssl\-dgst\fR\|(1), +\&\fBevp\fR\|(7), +\&\s-1\fBOSSL_PROVIDER\s0\fR\|(3), +\&\s-1\fBOSSL_PARAM\s0\fR\|(3), +\&\fBproperty\fR\|(7), +\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7), +\&\fBprovider\-digest\fR\|(7), +\&\fBlife_cycle\-digest\fR\|(7) .PP The full list of digest algorithms are provided below. .PP @@ -486,12 +778,31 @@ later, so now \fBEVP_sha1()\fR can be used with \s-1RSA\s0 and \s-1DSA.\s0 .PP The \fBEVP_dss1()\fR function was removed in OpenSSL 1.1.0. .PP -The \fBEVP_MD_CTX_set_pkey_ctx()\fR function was added in 1.1.1. +The \fBEVP_MD_CTX_set_pkey_ctx()\fR function was added in OpenSSL 1.1.1. +.PP +The \fBEVP_Q_digest()\fR, \fBEVP_DigestInit_ex2()\fR, +\&\fBEVP_MD_fetch()\fR, \fBEVP_MD_free()\fR, \fBEVP_MD_up_ref()\fR, +\&\fBEVP_MD_get_params()\fR, \fBEVP_MD_CTX_set_params()\fR, \fBEVP_MD_CTX_get_params()\fR, +\&\fBEVP_MD_gettable_params()\fR, \fBEVP_MD_gettable_ctx_params()\fR, +\&\fBEVP_MD_settable_ctx_params()\fR, \fBEVP_MD_CTX_settable_params()\fR and +\&\fBEVP_MD_CTX_gettable_params()\fR functions were added in OpenSSL 3.0. +.PP +The \fBEVP_MD_type()\fR, \fBEVP_MD_nid()\fR, \fBEVP_MD_name()\fR, \fBEVP_MD_pkey_type()\fR, +\&\fBEVP_MD_size()\fR, \fBEVP_MD_block_size()\fR, \fBEVP_MD_flags()\fR, \fBEVP_MD_CTX_size()\fR, +\&\fBEVP_MD_CTX_block_size()\fR, \fBEVP_MD_CTX_type()\fR, and \fBEVP_MD_CTX_md_data()\fR +functions were renamed to include \f(CW\*(C`get\*(C'\fR or \f(CW\*(C`get0\*(C'\fR in their names in +OpenSSL 3.0, respectively. The old names are kept as non-deprecated +alias macros. +.PP +The \fBEVP_MD_CTX_md()\fR function was deprecated in OpenSSL 3.0; use +\&\fBEVP_MD_CTX_get0_md()\fR instead. +\&\fBEVP_MD_CTX_update_fn()\fR and \fBEVP_MD_CTX_set_update_fn()\fR were deprecated +in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_DigestSignInit.3 b/secure/lib/libcrypto/man/man3/EVP_DigestSignInit.3 index 65f112db208b..7459317f1b3d 100644 --- a/secure/lib/libcrypto/man/man3/EVP_DigestSignInit.3 +++ b/secure/lib/libcrypto/man/man3/EVP_DigestSignInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,24 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_DIGESTSIGNINIT 3" -.TH EVP_DIGESTSIGNINIT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_DIGESTSIGNINIT 3ossl" +.TH EVP_DIGESTSIGNINIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal, EVP_DigestSign \- EVP signing functions +EVP_DigestSignInit_ex, EVP_DigestSignInit, EVP_DigestSignUpdate, +EVP_DigestSignFinal, EVP_DigestSign \- EVP signing functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> \& +\& int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +\& const char *mdname, OSSL_LIB_CTX *libctx, +\& const char *props, EVP_PKEY *pkey, +\& const OSSL_PARAM params[]); \& int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, \& const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); \& int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); @@ -157,22 +160,45 @@ EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal, EVP_DigestSign \- .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1EVP\s0 signature routines are a high-level interface to digital signatures. +Input data is digested first before the signing takes place. +.PP +\&\fBEVP_DigestSignInit_ex()\fR sets up signing context \fIctx\fR to use a digest +with the name \fImdname\fR and private key \fIpkey\fR. The name of the digest to be +used is passed to the provider of the signature algorithm in use. How that +provider interprets the digest name is provider specific. The provider may +implement that digest directly itself or it may (optionally) choose to fetch it +(which could result in a digest from a different provider being selected). If the +provider supports fetching the digest then it may use the \fIprops\fR argument for +the properties to be used during the fetch. Finally, the passed parameters +\&\fIparams\fR, if not \s-1NULL,\s0 are set on the context before returning. +.PP +The \fIpkey\fR algorithm is used to fetch a \fB\s-1EVP_SIGNATURE\s0\fR method implicitly, to +be used for the actual signing. See \*(L"Implicit fetch\*(R" in \fBprovider\fR\|(7) for +more information about implicit fetches. +.PP +The OpenSSL default and legacy providers support fetching digests and can fetch +those digests from any available provider. The OpenSSL \s-1FIPS\s0 provider also +supports fetching digests but will only fetch digests that are themselves +implemented inside the \s-1FIPS\s0 provider. .PP -\&\fBEVP_DigestSignInit()\fR sets up signing context \fBctx\fR to use digest \fBtype\fR from -\&\s-1ENGINE\s0 \fBe\fR and private key \fBpkey\fR. \fBctx\fR must be created with -\&\fBEVP_MD_CTX_new()\fR before calling this function. If \fBpctx\fR is not \s-1NULL,\s0 the -\&\s-1EVP_PKEY_CTX\s0 of the signing operation will be written to \fB*pctx\fR: this can -be used to set alternative signing options. Note that any existing value in -\&\fB*pctx\fR is overwritten. The \s-1EVP_PKEY_CTX\s0 value returned must not be freed -directly by the application if \fBctx\fR is not assigned an \s-1EVP_PKEY_CTX\s0 value before -being passed to \fBEVP_DigestSignInit()\fR (which means the \s-1EVP_PKEY_CTX\s0 is created -inside \fBEVP_DigestSignInit()\fR and it will be freed automatically when the -\&\s-1EVP_MD_CTX\s0 is freed). +\&\fIctx\fR must be created with \fBEVP_MD_CTX_new()\fR before calling this function. If +\&\fIpctx\fR is not \s-1NULL,\s0 the \s-1EVP_PKEY_CTX\s0 of the signing operation will be written +to \fI*pctx\fR: this can be used to set alternative signing options. Note that any +existing value in \fI*pctx\fR is overwritten. The \s-1EVP_PKEY_CTX\s0 value returned must +not be freed directly by the application if \fIctx\fR is not assigned an +\&\s-1EVP_PKEY_CTX\s0 value before being passed to \fBEVP_DigestSignInit_ex()\fR +(which means the \s-1EVP_PKEY_CTX\s0 is created inside \fBEVP_DigestSignInit_ex()\fR +and it will be freed automatically when the \s-1EVP_MD_CTX\s0 is freed). If the +\&\s-1EVP_PKEY_CTX\s0 to be used is created by EVP_DigestSignInit_ex then it +will use the \fB\s-1OSSL_LIB_CTX\s0\fR specified in \fIlibctx\fR and the property query string +specified in \fIprops\fR. .PP -The digest \fBtype\fR may be \s-1NULL\s0 if the signing algorithm supports it. +The digest \fImdname\fR may be \s-1NULL\s0 if the signing algorithm supports it. The +\&\fIprops\fR argument can always be \s-1NULL.\s0 .PP -No \fB\s-1EVP_PKEY_CTX\s0\fR will be created by \fBEVP_DigestSignInit()\fR if the passed \fBctx\fR -has already been assigned one via \fBEVP_MD_CTX_set_pkey_ctx\fR\|(3). See also \s-1\fBSM2\s0\fR\|(7). +No \fB\s-1EVP_PKEY_CTX\s0\fR will be created by \fBEVP_DigestSignInit_ex()\fR if the +passed \fIctx\fR has already been assigned one via \fBEVP_MD_CTX_set_pkey_ctx\fR\|(3). +See also \s-1\fBSM2\s0\fR\|(7). .PP Only \s-1EVP_PKEY\s0 types that support signing can be used with these functions. This includes \s-1MAC\s0 algorithms where the \s-1MAC\s0 generation is considered as a form of @@ -188,7 +214,7 @@ Supports \s-1SHA1, SHA224, SHA256, SHA384\s0 and \s-1SHA512\s0 Supports \s-1SHA1, SHA224, SHA256, SHA384, SHA512\s0 and \s-1SM3\s0 .IP "\s-1RSA\s0 with no padding" 4 .IX Item "RSA with no padding" -Supports no digests (the digest \fBtype\fR must be \s-1NULL\s0) +Supports no digests (the digest \fItype\fR must be \s-1NULL\s0) .IP "\s-1RSA\s0 with X931 padding" 4 .IX Item "RSA with X931 padding" Supports \s-1SHA1, SHA256, SHA384\s0 and \s-1SHA512\s0 @@ -198,7 +224,7 @@ Support \s-1SHA1, SHA224, SHA256, SHA384, SHA512, MD5, MD5_SHA1, MD2, MD4, MDC2, SHA3\-224, SHA3\-256, SHA3\-384, SHA3\-512\s0 .IP "Ed25519 and Ed448" 4 .IX Item "Ed25519 and Ed448" -Support no digests (the digest \fBtype\fR must be \s-1NULL\s0) +Support no digests (the digest \fItype\fR must be \s-1NULL\s0) .IP "\s-1HMAC\s0" 4 .IX Item "HMAC" Supports any digest @@ -208,21 +234,30 @@ Will ignore any digest provided. .PP If RSA-PSS is used and restrictions apply then the digest must match. .PP -\&\fBEVP_DigestSignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the -signature context \fBctx\fR. This function can be called several times on the -same \fBctx\fR to include additional data. This function is currently implemented -using a macro. +\&\fBEVP_DigestSignInit()\fR works in the same way as \fBEVP_DigestSignInit_ex()\fR +except that the \fImdname\fR parameter will be inferred from the supplied +digest \fItype\fR, and \fIprops\fR will be \s-1NULL.\s0 Where supplied the \s-1ENGINE\s0 \fIe\fR will +be used for the signing and digest algorithm implementations. \fIe\fR may be \s-1NULL.\s0 .PP -\&\fBEVP_DigestSignFinal()\fR signs the data in \fBctx\fR and places the signature in \fBsig\fR. -If \fBsig\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to -the \fBsiglen\fR parameter. If \fBsig\fR is not \fB\s-1NULL\s0\fR then before the call the -\&\fBsiglen\fR parameter should contain the length of the \fBsig\fR buffer. If the -call is successful the signature is written to \fBsig\fR and the amount of data -written to \fBsiglen\fR. +\&\fBEVP_DigestSignUpdate()\fR hashes \fIcnt\fR bytes of data at \fId\fR into the +signature context \fIctx\fR. This function can be called several times on the +same \fIctx\fR to include additional data. .PP -\&\fBEVP_DigestSign()\fR signs \fBtbslen\fR bytes of data at \fBtbs\fR and places the -signature in \fBsig\fR and its length in \fBsiglen\fR in a similar way to -\&\fBEVP_DigestSignFinal()\fR. +Unless \fIsig\fR is \s-1NULL\s0 \fBEVP_DigestSignFinal()\fR signs the data in \fIctx\fR +and places the signature in \fIsig\fR. +Otherwise the maximum necessary size of the output buffer is written to +the \fIsiglen\fR parameter. If \fIsig\fR is not \s-1NULL\s0 then before the call the +\&\fIsiglen\fR parameter should contain the length of the \fIsig\fR buffer. If the +call is successful the signature is written to \fIsig\fR and the amount of data +written to \fIsiglen\fR. +.PP +\&\fBEVP_DigestSign()\fR signs \fItbslen\fR bytes of data at \fItbs\fR and places the +signature in \fIsig\fR and its length in \fIsiglen\fR in a similar way to +\&\fBEVP_DigestSignFinal()\fR. In the event of a failure \fBEVP_DigestSign()\fR cannot be +called again without reinitialising the \s-1EVP_MD_CTX.\s0 If \fIsig\fR is \s-1NULL\s0 before the +call then \fIsiglen\fR will be populated with the required size for the \fIsig\fR +buffer. If \fIsig\fR is non-NULL before the call then \fIsiglen\fR should contain the +length of the \fIsig\fR buffer. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_DigestSignInit()\fR, \fBEVP_DigestSignUpdate()\fR, \fBEVP_DigestSignFinal()\fR and @@ -253,13 +288,18 @@ The call to \fBEVP_DigestSignFinal()\fR internally finalizes a copy of the diges context. This means that calls to \fBEVP_DigestSignUpdate()\fR and \&\fBEVP_DigestSignFinal()\fR can be called later to digest and sign additional data. .PP -Since only a copy of the digest context is ever finalized, the context must -be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak -will occur. +\&\fBEVP_DigestSignInit()\fR and \fBEVP_DigestSignInit_ex()\fR functions can be called +multiple times on a context and the parameters set by previous calls should be +preserved if the \fIpkey\fR parameter is \s-1NULL.\s0 The call then just resets the state +of the \fIctx\fR. +.PP +Ignoring failure returns of \fBEVP_DigestSignInit()\fR and \fBEVP_DigestSignInit_ex()\fR +functions can lead to subsequent undefined behavior when calling +\&\fBEVP_DigestSignUpdate()\fR, \fBEVP_DigestSignFinal()\fR, or \fBEVP_DigestSign()\fR. .PP -The use of \fBEVP_PKEY_size()\fR with these functions is discouraged because some +The use of \fBEVP_PKEY_get_size()\fR with these functions is discouraged because some signature operations may have a signature length which depends on the -parameters set. As a result \fBEVP_PKEY_size()\fR would have to return a value +parameters set. As a result \fBEVP_PKEY_get_size()\fR would have to return a value which indicates the maximum possible signature for any set of parameters. .SH "SEE ALSO" .IX Header "SEE ALSO" @@ -267,17 +307,21 @@ which indicates the maximum possible signature for any set of parameters. \&\fBEVP_DigestInit\fR\|(3), \&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), \&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), -\&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1), +\&\s-1\fBSHA1\s0\fR\|(3), \fBopenssl\-dgst\fR\|(1), \&\s-1\fBRAND\s0\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" \&\fBEVP_DigestSignInit()\fR, \fBEVP_DigestSignUpdate()\fR and \fBEVP_DigestSignFinal()\fR were added in OpenSSL 1.0.0. +.PP +\&\fBEVP_DigestSignInit_ex()\fR was added in OpenSSL 3.0. +.PP +\&\fBEVP_DigestSignUpdate()\fR was converted from a macro to a function in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_DigestVerifyInit.3 b/secure/lib/libcrypto/man/man3/EVP_DigestVerifyInit.3 index 38569ca9518c..acd1078a1f16 100644 --- a/secure/lib/libcrypto/man/man3/EVP_DigestVerifyInit.3 +++ b/secure/lib/libcrypto/man/man3/EVP_DigestVerifyInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,24 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_DIGESTVERIFYINIT 3" -.TH EVP_DIGESTVERIFYINIT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_DIGESTVERIFYINIT 3ossl" +.TH EVP_DIGESTVERIFYINIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal, EVP_DigestVerify \- EVP signature verification functions +EVP_DigestVerifyInit_ex, EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, +EVP_DigestVerifyFinal, EVP_DigestVerify \- EVP signature verification functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> \& +\& int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +\& const char *mdname, OSSL_LIB_CTX *libctx, +\& const char *props, EVP_PKEY *pkey, +\& const OSSL_PARAM params[]); \& int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, \& const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); \& int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); @@ -156,25 +159,81 @@ EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal, EVP_DigestV .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1EVP\s0 signature routines are a high-level interface to digital signatures. +Input data is digested first before the signature verification takes place. +.PP +\&\fBEVP_DigestVerifyInit_ex()\fR sets up verification context \fBctx\fR to use a +digest with the name \fBmdname\fR and public key \fBpkey\fR. The name of the digest to +be used is passed to the provider of the signature algorithm in use. How that +provider interprets the digest name is provider specific. The provider may +implement that digest directly itself or it may (optionally) choose to fetch it +(which could result in a digest from a different provider being selected). If +the provider supports fetching the digest then it may use the \fBprops\fR argument +for the properties to be used during the fetch. Finally, the passed parameters +\&\fIparams\fR, if not \s-1NULL,\s0 are set on the context before returning. +.PP +The \fIpkey\fR algorithm is used to fetch a \fB\s-1EVP_SIGNATURE\s0\fR method implicitly, to +be used for the actual signing. See \*(L"Implicit fetch\*(R" in \fBprovider\fR\|(7) for +more information about implicit fetches. +.PP +The OpenSSL default and legacy providers support fetching digests and can fetch +those digests from any available provider. The OpenSSL \s-1FIPS\s0 provider also +supports fetching digests but will only fetch digests that are themselves +implemented inside the \s-1FIPS\s0 provider. +.PP +\&\fBctx\fR must be created with \fBEVP_MD_CTX_new()\fR before calling this function. If +\&\fBpctx\fR is not \s-1NULL,\s0 the \s-1EVP_PKEY_CTX\s0 of the verification operation will be +written to \fB*pctx\fR: this can be used to set alternative verification options. +Note that any existing value in \fB*pctx\fR is overwritten. The \s-1EVP_PKEY_CTX\s0 value +returned must not be freed directly by the application if \fBctx\fR is not assigned +an \s-1EVP_PKEY_CTX\s0 value before being passed to \fBEVP_DigestVerifyInit_ex()\fR +(which means the \s-1EVP_PKEY_CTX\s0 is created inside +\&\fBEVP_DigestVerifyInit_ex()\fR and it will be freed automatically when the +\&\s-1EVP_MD_CTX\s0 is freed). If the \s-1EVP_PKEY_CTX\s0 to be used is created by +EVP_DigestVerifyInit_ex then it will use the \fB\s-1OSSL_LIB_CTX\s0\fR specified +in \fIlibctx\fR and the property query string specified in \fIprops\fR. .PP -\&\fBEVP_DigestVerifyInit()\fR sets up verification context \fBctx\fR to use digest -\&\fBtype\fR from \s-1ENGINE\s0 \fBe\fR and public key \fBpkey\fR. \fBctx\fR must be created -with \fBEVP_MD_CTX_new()\fR before calling this function. If \fBpctx\fR is not \s-1NULL,\s0 the -\&\s-1EVP_PKEY_CTX\s0 of the verification operation will be written to \fB*pctx\fR: this -can be used to set alternative verification options. Note that any existing -value in \fB*pctx\fR is overwritten. The \s-1EVP_PKEY_CTX\s0 value returned must not be freed -directly by the application if \fBctx\fR is not assigned an \s-1EVP_PKEY_CTX\s0 value before -being passed to \fBEVP_DigestVerifyInit()\fR (which means the \s-1EVP_PKEY_CTX\s0 is created -inside \fBEVP_DigestVerifyInit()\fR and it will be freed automatically when the -\&\s-1EVP_MD_CTX\s0 is freed). +No \fB\s-1EVP_PKEY_CTX\s0\fR will be created by \fBEVP_DigestVerifyInit_ex()\fR if the +passed \fBctx\fR has already been assigned one via \fBEVP_MD_CTX_set_pkey_ctx\fR\|(3). +See also \s-1\fBSM2\s0\fR\|(7). .PP -No \fB\s-1EVP_PKEY_CTX\s0\fR will be created by \fBEVP_DigestSignInit()\fR if the passed \fBctx\fR -has already been assigned one via \fBEVP_MD_CTX_set_pkey_ctx\fR\|(3). See also \s-1\fBSM2\s0\fR\|(7). +Not all digests can be used for all key types. The following combinations apply. +.IP "\s-1DSA\s0" 4 +.IX Item "DSA" +Supports \s-1SHA1, SHA224, SHA256, SHA384\s0 and \s-1SHA512\s0 +.IP "\s-1ECDSA\s0" 4 +.IX Item "ECDSA" +Supports \s-1SHA1, SHA224, SHA256, SHA384, SHA512\s0 and \s-1SM3\s0 +.IP "\s-1RSA\s0 with no padding" 4 +.IX Item "RSA with no padding" +Supports no digests (the digest \fBtype\fR must be \s-1NULL\s0) +.IP "\s-1RSA\s0 with X931 padding" 4 +.IX Item "RSA with X931 padding" +Supports \s-1SHA1, SHA256, SHA384\s0 and \s-1SHA512\s0 +.IP "All other \s-1RSA\s0 padding types" 4 +.IX Item "All other RSA padding types" +Support \s-1SHA1, SHA224, SHA256, SHA384, SHA512, MD5, MD5_SHA1, MD2, MD4, MDC2, +SHA3\-224, SHA3\-256, SHA3\-384, SHA3\-512\s0 +.IP "Ed25519 and Ed448" 4 +.IX Item "Ed25519 and Ed448" +Support no digests (the digest \fBtype\fR must be \s-1NULL\s0) +.IP "\s-1HMAC\s0" 4 +.IX Item "HMAC" +Supports any digest +.IP "\s-1CMAC,\s0 Poly1305 and Siphash" 4 +.IX Item "CMAC, Poly1305 and Siphash" +Will ignore any digest provided. +.PP +If RSA-PSS is used and restrictions apply then the digest must match. +.PP +\&\fBEVP_DigestVerifyInit()\fR works in the same way as +\&\fBEVP_DigestVerifyInit_ex()\fR except that the \fBmdname\fR parameter will be +inferred from the supplied digest \fBtype\fR, and \fBprops\fR will be \s-1NULL.\s0 Where +supplied the \s-1ENGINE\s0 \fBe\fR will be used for the signature verification and digest +algorithm implementations. \fBe\fR may be \s-1NULL.\s0 .PP \&\fBEVP_DigestVerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the verification context \fBctx\fR. This function can be called several times on the -same \fBctx\fR to include additional data. This function is currently implemented -using a macro. +same \fBctx\fR to include additional data. .PP \&\fBEVP_DigestVerifyFinal()\fR verifies the data in \fBctx\fR against the signature in \&\fBsig\fR of length \fBsiglen\fR. @@ -218,26 +277,36 @@ The call to \fBEVP_DigestVerifyFinal()\fR internally finalizes a copy of the dig context. This means that \fBEVP_VerifyUpdate()\fR and \fBEVP_VerifyFinal()\fR can be called later to digest and verify additional data. .PP -Since only a copy of the digest context is ever finalized, the context must -be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak -will occur. +\&\fBEVP_DigestVerifyInit()\fR and \fBEVP_DigestVerifyInit_ex()\fR functions can be called +multiple times on a context and the parameters set by previous calls should be +preserved if the \fIpkey\fR parameter is \s-1NULL.\s0 The call then just resets the state +of the \fIctx\fR. +.PP +Ignoring failure returns of \fBEVP_DigestVerifyInit()\fR and \fBEVP_DigestVerifyInit_ex()\fR +functions can lead to subsequent undefined behavior when calling +\&\fBEVP_DigestVerifyUpdate()\fR, \fBEVP_DigestVerifyFinal()\fR, or \fBEVP_DigestVerify()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_DigestSignInit\fR\|(3), \&\fBEVP_DigestInit\fR\|(3), \&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), \&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), -\&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1), +\&\s-1\fBSHA1\s0\fR\|(3), \fBopenssl\-dgst\fR\|(1), \&\s-1\fBRAND\s0\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" \&\fBEVP_DigestVerifyInit()\fR, \fBEVP_DigestVerifyUpdate()\fR and \fBEVP_DigestVerifyFinal()\fR were added in OpenSSL 1.0.0. +.PP +\&\fBEVP_DigestVerifyInit_ex()\fR was added in OpenSSL 3.0. +.PP +\&\fBEVP_DigestVerifyUpdate()\fR was converted from a macro to a function in OpenSSL +3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_EncodeInit.3 b/secure/lib/libcrypto/man/man3/EVP_EncodeInit.3 index cba75598c3ac..ea02b12e348e 100644 --- a/secure/lib/libcrypto/man/man3/EVP_EncodeInit.3 +++ b/secure/lib/libcrypto/man/man3/EVP_EncodeInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,17 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_ENCODEINIT 3" -.TH EVP_ENCODEINIT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_ENCODEINIT 3ossl" +.TH EVP_ENCODEINIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_ENCODE_CTX_new, EVP_ENCODE_CTX_free, EVP_ENCODE_CTX_copy, EVP_ENCODE_CTX_num, EVP_EncodeInit, EVP_EncodeUpdate, EVP_EncodeFinal, EVP_EncodeBlock, EVP_DecodeInit, EVP_DecodeUpdate, EVP_DecodeFinal, EVP_DecodeBlock \- EVP base 64 encode/decode routines +EVP_ENCODE_CTX_new, EVP_ENCODE_CTX_free, EVP_ENCODE_CTX_copy, +EVP_ENCODE_CTX_num, EVP_EncodeInit, EVP_EncodeUpdate, EVP_EncodeFinal, +EVP_EncodeBlock, EVP_DecodeInit, EVP_DecodeUpdate, EVP_DecodeFinal, +EVP_DecodeBlock \- EVP base 64 encode/decode routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -284,7 +285,7 @@ then no more non-padding base 64 characters are expected. .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_EncryptInit.3 b/secure/lib/libcrypto/man/man3/EVP_EncryptInit.3 index c43fb7884090..773d049ab9b0 100644 --- a/secure/lib/libcrypto/man/man3/EVP_EncryptInit.3 +++ b/secure/lib/libcrypto/man/man3/EVP_EncryptInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,37 +130,142 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_ENCRYPTINIT 3" -.TH EVP_ENCRYPTINIT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_ENCRYPTINIT 3ossl" +.TH EVP_ENCRYPTINIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX_free, EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptUpdate, EVP_DecryptFinal_ex, EVP_CipherInit_ex, EVP_CipherUpdate, EVP_CipherFinal_ex, EVP_CIPHER_CTX_set_key_length, EVP_CIPHER_CTX_ctrl, EVP_EncryptInit, EVP_EncryptFinal, EVP_DecryptInit, EVP_DecryptFinal, EVP_CipherInit, EVP_CipherFinal, EVP_get_cipherbyname, EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_nid, EVP_CIPHER_block_size, EVP_CIPHER_key_length, EVP_CIPHER_iv_length, EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data, EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags, EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param, EVP_CIPHER_CTX_set_padding, EVP_enc_null \&\- EVP cipher routines +EVP_CIPHER_fetch, +EVP_CIPHER_up_ref, +EVP_CIPHER_free, +EVP_CIPHER_CTX_new, +EVP_CIPHER_CTX_reset, +EVP_CIPHER_CTX_free, +EVP_EncryptInit_ex, +EVP_EncryptInit_ex2, +EVP_EncryptUpdate, +EVP_EncryptFinal_ex, +EVP_DecryptInit_ex, +EVP_DecryptInit_ex2, +EVP_DecryptUpdate, +EVP_DecryptFinal_ex, +EVP_CipherInit_ex, +EVP_CipherInit_ex2, +EVP_CipherUpdate, +EVP_CipherFinal_ex, +EVP_CIPHER_CTX_set_key_length, +EVP_CIPHER_CTX_ctrl, +EVP_EncryptInit, +EVP_EncryptFinal, +EVP_DecryptInit, +EVP_DecryptFinal, +EVP_CipherInit, +EVP_CipherFinal, +EVP_Cipher, +EVP_get_cipherbyname, +EVP_get_cipherbynid, +EVP_get_cipherbyobj, +EVP_CIPHER_is_a, +EVP_CIPHER_get0_name, +EVP_CIPHER_get0_description, +EVP_CIPHER_names_do_all, +EVP_CIPHER_get0_provider, +EVP_CIPHER_get_nid, +EVP_CIPHER_get_params, +EVP_CIPHER_gettable_params, +EVP_CIPHER_get_block_size, +EVP_CIPHER_get_key_length, +EVP_CIPHER_get_iv_length, +EVP_CIPHER_get_flags, +EVP_CIPHER_get_mode, +EVP_CIPHER_get_type, +EVP_CIPHER_CTX_cipher, +EVP_CIPHER_CTX_get0_cipher, +EVP_CIPHER_CTX_get1_cipher, +EVP_CIPHER_CTX_get0_name, +EVP_CIPHER_CTX_get_nid, +EVP_CIPHER_CTX_get_params, +EVP_CIPHER_gettable_ctx_params, +EVP_CIPHER_CTX_gettable_params, +EVP_CIPHER_CTX_set_params, +EVP_CIPHER_settable_ctx_params, +EVP_CIPHER_CTX_settable_params, +EVP_CIPHER_CTX_get_block_size, +EVP_CIPHER_CTX_get_key_length, +EVP_CIPHER_CTX_get_iv_length, +EVP_CIPHER_CTX_get_tag_length, +EVP_CIPHER_CTX_get_app_data, +EVP_CIPHER_CTX_set_app_data, +EVP_CIPHER_CTX_flags, +EVP_CIPHER_CTX_set_flags, +EVP_CIPHER_CTX_clear_flags, +EVP_CIPHER_CTX_test_flags, +EVP_CIPHER_CTX_get_type, +EVP_CIPHER_CTX_get_mode, +EVP_CIPHER_CTX_get_num, +EVP_CIPHER_CTX_set_num, +EVP_CIPHER_CTX_is_encrypting, +EVP_CIPHER_param_to_asn1, +EVP_CIPHER_asn1_to_param, +EVP_CIPHER_CTX_set_padding, +EVP_enc_null, +EVP_CIPHER_do_all_provided, +EVP_CIPHER_nid, +EVP_CIPHER_name, +EVP_CIPHER_block_size, +EVP_CIPHER_key_length, +EVP_CIPHER_iv_length, +EVP_CIPHER_flags, +EVP_CIPHER_mode, +EVP_CIPHER_type, +EVP_CIPHER_CTX_encrypting, +EVP_CIPHER_CTX_nid, +EVP_CIPHER_CTX_block_size, +EVP_CIPHER_CTX_key_length, +EVP_CIPHER_CTX_iv_length, +EVP_CIPHER_CTX_tag_length, +EVP_CIPHER_CTX_num, +EVP_CIPHER_CTX_type, +EVP_CIPHER_CTX_mode +\&\- EVP cipher routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> \& +\& EVP_CIPHER *EVP_CIPHER_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, +\& const char *properties); +\& int EVP_CIPHER_up_ref(EVP_CIPHER *cipher); +\& void EVP_CIPHER_free(EVP_CIPHER *cipher); \& EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); \& int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx); \& void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx); \& \& int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, \& ENGINE *impl, const unsigned char *key, const unsigned char *iv); +\& int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& const unsigned char *key, const unsigned char *iv, +\& const OSSL_PARAM params[]); \& int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, \& int *outl, const unsigned char *in, int inl); \& int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); \& \& int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, \& ENGINE *impl, const unsigned char *key, const unsigned char *iv); +\& int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& const unsigned char *key, const unsigned char *iv, +\& const OSSL_PARAM params[]); \& int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, \& int *outl, const unsigned char *in, int inl); \& int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); \& \& int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, \& ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); +\& int EVP_CipherInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& const unsigned char *key, const unsigned char *iv, +\& int enc, const OSSL_PARAM params[]); \& int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, \& int *outl, const unsigned char *in, int inl); \& int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); @@ -179,185 +282,418 @@ EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX_free, EVP_EncryptInit_e \& const unsigned char *key, const unsigned char *iv, int enc); \& int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); \& +\& int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& const unsigned char *in, unsigned int inl); +\& \& int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding); \& int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); -\& int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); +\& int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int cmd, int p1, void *p2); \& int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); +\& void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); +\& void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); +\& int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); \& \& const EVP_CIPHER *EVP_get_cipherbyname(const char *name); \& const EVP_CIPHER *EVP_get_cipherbynid(int nid); \& const EVP_CIPHER *EVP_get_cipherbyobj(const ASN1_OBJECT *a); \& -\& int EVP_CIPHER_nid(const EVP_CIPHER *e); -\& int EVP_CIPHER_block_size(const EVP_CIPHER *e); -\& int EVP_CIPHER_key_length(const EVP_CIPHER *e); -\& int EVP_CIPHER_iv_length(const EVP_CIPHER *e); -\& unsigned long EVP_CIPHER_flags(const EVP_CIPHER *e); -\& unsigned long EVP_CIPHER_mode(const EVP_CIPHER *e); -\& int EVP_CIPHER_type(const EVP_CIPHER *ctx); +\& int EVP_CIPHER_get_nid(const EVP_CIPHER *e); +\& int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name); +\& int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher, +\& void (*fn)(const char *name, void *data), +\& void *data); +\& const char *EVP_CIPHER_get0_name(const EVP_CIPHER *cipher); +\& const char *EVP_CIPHER_get0_description(const EVP_CIPHER *cipher); +\& const OSSL_PROVIDER *EVP_CIPHER_get0_provider(const EVP_CIPHER *cipher); +\& int EVP_CIPHER_get_block_size(const EVP_CIPHER *e); +\& int EVP_CIPHER_get_key_length(const EVP_CIPHER *e); +\& int EVP_CIPHER_get_iv_length(const EVP_CIPHER *e); +\& unsigned long EVP_CIPHER_get_flags(const EVP_CIPHER *e); +\& unsigned long EVP_CIPHER_get_mode(const EVP_CIPHER *e); +\& int EVP_CIPHER_get_type(const EVP_CIPHER *cipher); \& -\& const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); -\& int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); -\& int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); -\& int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); -\& int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); +\& const EVP_CIPHER *EVP_CIPHER_CTX_get0_cipher(const EVP_CIPHER_CTX *ctx); +\& EVP_CIPHER *EVP_CIPHER_CTX_get1_cipher(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_get_nid(const EVP_CIPHER_CTX *ctx); +\& const char *EVP_CIPHER_CTX_get0_name(const EVP_CIPHER_CTX *ctx); +\& +\& int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[]); +\& int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]); +\& int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[]); +\& const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher); +\& const OSSL_PARAM *EVP_CIPHER_settable_ctx_params(const EVP_CIPHER *cipher); +\& const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher); +\& const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(EVP_CIPHER_CTX *ctx); +\& const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx); \& void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); \& void EVP_CIPHER_CTX_set_app_data(const EVP_CIPHER_CTX *ctx, void *data); -\& int EVP_CIPHER_CTX_type(const EVP_CIPHER_CTX *ctx); -\& int EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_get_type(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_get_mode(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_get_num(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num); +\& int EVP_CIPHER_CTX_is_encrypting(const EVP_CIPHER_CTX *ctx); \& \& int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); \& int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +\& +\& void EVP_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx, +\& void (*fn)(EVP_CIPHER *cipher, void *arg), +\& void *arg); +\& +\& #define EVP_CIPHER_nid EVP_CIPHER_get_nid +\& #define EVP_CIPHER_name EVP_CIPHER_get0_name +\& #define EVP_CIPHER_block_size EVP_CIPHER_get_block_size +\& #define EVP_CIPHER_key_length EVP_CIPHER_get_key_length +\& #define EVP_CIPHER_iv_length EVP_CIPHER_get_iv_length +\& #define EVP_CIPHER_flags EVP_CIPHER_get_flags +\& #define EVP_CIPHER_mode EVP_CIPHER_get_mode +\& #define EVP_CIPHER_type EVP_CIPHER_get_type +\& #define EVP_CIPHER_CTX_encrypting EVP_CIPHER_CTX_is_encrypting +\& #define EVP_CIPHER_CTX_nid EVP_CIPHER_CTX_get_nid +\& #define EVP_CIPHER_CTX_block_size EVP_CIPHER_CTX_get_block_size +\& #define EVP_CIPHER_CTX_key_length EVP_CIPHER_CTX_get_key_length +\& #define EVP_CIPHER_CTX_iv_length EVP_CIPHER_CTX_get_iv_length +\& #define EVP_CIPHER_CTX_tag_length EVP_CIPHER_CTX_get_tag_length +\& #define EVP_CIPHER_CTX_num EVP_CIPHER_CTX_get_num +\& #define EVP_CIPHER_CTX_type EVP_CIPHER_CTX_get_type +\& #define EVP_CIPHER_CTX_mode EVP_CIPHER_CTX_get_mode +.Ve +.PP +The following function has been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); +.Ve +.PP +The following function has been deprecated since OpenSSL 1.1.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& int EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1EVP\s0 cipher routines are a high-level interface to certain symmetric ciphers. .PP -\&\fBEVP_CIPHER_CTX_new()\fR creates a cipher context. -.PP -\&\fBEVP_CIPHER_CTX_free()\fR clears all information from a cipher context -and free up any allocated memory associate with it, including \fBctx\fR -itself. This function should be called after all operations using a -cipher are complete so sensitive information does not remain in -memory. -.PP -\&\fBEVP_EncryptInit_ex()\fR sets up cipher context \fBctx\fR for encryption -with cipher \fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be created -before calling this function. \fBtype\fR is normally supplied -by a function such as \fBEVP_aes_256_cbc()\fR. If \fBimpl\fR is \s-1NULL\s0 then the -default implementation is used. \fBkey\fR is the symmetric key to use -and \fBiv\fR is the \s-1IV\s0 to use (if necessary), the actual number of bytes -used for the key and \s-1IV\s0 depends on the cipher. It is possible to set -all parameters to \s-1NULL\s0 except \fBtype\fR in an initial call and supply -the remaining parameters in subsequent calls, all of which have \fBtype\fR -set to \s-1NULL.\s0 This is done when the default cipher parameters are not -appropriate. -.PP -\&\fBEVP_EncryptUpdate()\fR encrypts \fBinl\fR bytes from the buffer \fBin\fR and -writes the encrypted version to \fBout\fR. This function can be called -multiple times to encrypt successive blocks of data. The amount -of data written depends on the block alignment of the encrypted data. +The \fB\s-1EVP_CIPHER\s0\fR type is a structure for cipher method implementation. +.IP "\fBEVP_CIPHER_fetch()\fR" 4 +.IX Item "EVP_CIPHER_fetch()" +Fetches the cipher implementation for the given \fIalgorithm\fR from any provider +offering it, within the criteria given by the \fIproperties\fR. +See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further information. +.Sp +The returned value must eventually be freed with \fBEVP_CIPHER_free()\fR. +.Sp +Fetched \fB\s-1EVP_CIPHER\s0\fR structures are reference counted. +.IP "\fBEVP_CIPHER_up_ref()\fR" 4 +.IX Item "EVP_CIPHER_up_ref()" +Increments the reference count for an \fB\s-1EVP_CIPHER\s0\fR structure. +.IP "\fBEVP_CIPHER_free()\fR" 4 +.IX Item "EVP_CIPHER_free()" +Decrements the reference count for the fetched \fB\s-1EVP_CIPHER\s0\fR structure. +If the reference count drops to 0 then the structure is freed. +.IP "\fBEVP_CIPHER_CTX_new()\fR" 4 +.IX Item "EVP_CIPHER_CTX_new()" +Allocates and returns a cipher context. +.IP "\fBEVP_CIPHER_CTX_free()\fR" 4 +.IX Item "EVP_CIPHER_CTX_free()" +Clears all information from a cipher context and frees any allocated memory +associated with it, including \fIctx\fR itself. This function should be called after +all operations using a cipher are complete so sensitive information does not +remain in memory. +.IP "\fBEVP_CIPHER_CTX_ctrl()\fR" 4 +.IX Item "EVP_CIPHER_CTX_ctrl()" +\&\fIThis is a legacy method.\fR \fBEVP_CIPHER_CTX_set_params()\fR and +\&\fBEVP_CIPHER_CTX_get_params()\fR is the mechanism that should be used to set and get +parameters that are used by providers. +.Sp +Performs cipher-specific control actions on context \fIctx\fR. The control command +is indicated in \fIcmd\fR and any additional arguments in \fIp1\fR and \fIp2\fR. +\&\fBEVP_CIPHER_CTX_ctrl()\fR must be called after \fBEVP_CipherInit_ex2()\fR. Other restrictions +may apply depending on the control type and cipher implementation. +.Sp +If this function happens to be used with a fetched \fB\s-1EVP_CIPHER\s0\fR, it will +translate the controls that are known to OpenSSL into \s-1\fBOSSL_PARAM\s0\fR\|(3) +parameters with keys defined by OpenSSL and call \fBEVP_CIPHER_CTX_get_params()\fR or +\&\fBEVP_CIPHER_CTX_set_params()\fR as is appropriate for each control command. +.Sp +See \*(L"\s-1CONTROLS\*(R"\s0 below for more information, including what translations are +being done. +.IP "\fBEVP_CIPHER_get_params()\fR" 4 +.IX Item "EVP_CIPHER_get_params()" +Retrieves the requested list of algorithm \fIparams\fR from a \s-1CIPHER\s0 \fIcipher\fR. +See \*(L"\s-1PARAMETERS\*(R"\s0 below for more information. +.IP "\fBEVP_CIPHER_CTX_get_params()\fR" 4 +.IX Item "EVP_CIPHER_CTX_get_params()" +Retrieves the requested list of \fIparams\fR from \s-1CIPHER\s0 context \fIctx\fR. +See \*(L"\s-1PARAMETERS\*(R"\s0 below for more information. +.IP "\fBEVP_CIPHER_CTX_set_params()\fR" 4 +.IX Item "EVP_CIPHER_CTX_set_params()" +Sets the list of \fIparams\fR into a \s-1CIPHER\s0 context \fIctx\fR. +See \*(L"\s-1PARAMETERS\*(R"\s0 below for more information. +.IP "\fBEVP_CIPHER_gettable_params()\fR" 4 +.IX Item "EVP_CIPHER_gettable_params()" +Get a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the retrievable parameters +that can be used with \fBEVP_CIPHER_get_params()\fR. +.IP "\fBEVP_CIPHER_gettable_ctx_params()\fR and \fBEVP_CIPHER_CTX_gettable_params()\fR" 4 +.IX Item "EVP_CIPHER_gettable_ctx_params() and EVP_CIPHER_CTX_gettable_params()" +Get a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the retrievable parameters +that can be used with \fBEVP_CIPHER_CTX_get_params()\fR. +\&\fBEVP_CIPHER_gettable_ctx_params()\fR returns the parameters that can be retrieved +from the algorithm, whereas \fBEVP_CIPHER_CTX_gettable_params()\fR returns the +parameters that can be retrieved in the context's current state. +.IP "\fBEVP_CIPHER_settable_ctx_params()\fR and \fBEVP_CIPHER_CTX_settable_params()\fR" 4 +.IX Item "EVP_CIPHER_settable_ctx_params() and EVP_CIPHER_CTX_settable_params()" +Get a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the settable parameters +that can be used with \fBEVP_CIPHER_CTX_set_params()\fR. +\&\fBEVP_CIPHER_settable_ctx_params()\fR returns the parameters that can be set from the +algorithm, whereas \fBEVP_CIPHER_CTX_settable_params()\fR returns the parameters that +can be set in the context's current state. +.IP "\fBEVP_EncryptInit_ex2()\fR" 4 +.IX Item "EVP_EncryptInit_ex2()" +Sets up cipher context \fIctx\fR for encryption with cipher \fItype\fR. \fItype\fR is +typically supplied by calling \fBEVP_CIPHER_fetch()\fR. \fItype\fR may also be set +using legacy functions such as \fBEVP_aes_256_cbc()\fR, but this is not recommended +for new applications. \fIkey\fR is the symmetric key to use and \fIiv\fR is the \s-1IV\s0 to +use (if necessary), the actual number of bytes used for the key and \s-1IV\s0 depends +on the cipher. The parameters \fIparams\fR will be set on the context after +initialisation. It is possible to set all parameters to \s-1NULL\s0 except \fItype\fR in +an initial call and supply the remaining parameters in subsequent calls, all of +which have \fItype\fR set to \s-1NULL.\s0 This is done when the default cipher parameters +are not appropriate. +For \fB\s-1EVP_CIPH_GCM_MODE\s0\fR the \s-1IV\s0 will be generated internally if it is not +specified. +.IP "\fBEVP_EncryptInit_ex()\fR" 4 +.IX Item "EVP_EncryptInit_ex()" +This legacy function is similar to \fBEVP_EncryptInit_ex2()\fR when \fIimpl\fR is \s-1NULL.\s0 +The implementation of the \fItype\fR from the \fIimpl\fR engine will be used if it +exists. +.IP "\fBEVP_EncryptUpdate()\fR" 4 +.IX Item "EVP_EncryptUpdate()" +Encrypts \fIinl\fR bytes from the buffer \fIin\fR and writes the encrypted version to +\&\fIout\fR. This function can be called multiple times to encrypt successive blocks +of data. The amount of data written depends on the block alignment of the +encrypted data. For most ciphers and modes, the amount of data written can be anything from zero bytes to (inl + cipher_block_size \- 1) bytes. For wrap cipher modes, the amount of data written can be anything from zero bytes to (inl + cipher_block_size) bytes. For stream ciphers, the amount of data written can be anything from zero bytes to inl bytes. -Thus, \fBout\fR should contain sufficient room for the operation being performed. -The actual number of bytes written is placed in \fBoutl\fR. It also -checks if \fBin\fR and \fBout\fR are partially overlapping, and if they are +Thus, \fIout\fR should contain sufficient room for the operation being performed. +The actual number of bytes written is placed in \fIoutl\fR. It also +checks if \fIin\fR and \fIout\fR are partially overlapping, and if they are 0 is returned to indicate failure. -.PP +.Sp If padding is enabled (the default) then \fBEVP_EncryptFinal_ex()\fR encrypts the \*(L"final\*(R" data, that is any data that remains in a partial block. It uses standard block padding (aka \s-1PKCS\s0 padding) as described in the \s-1NOTES\s0 section, below. The encrypted -final data is written to \fBout\fR which should have sufficient space for -one cipher block. The number of bytes written is placed in \fBoutl\fR. After +final data is written to \fIout\fR which should have sufficient space for +one cipher block. The number of bytes written is placed in \fIoutl\fR. After this function is called the encryption operation is finished and no further calls to \fBEVP_EncryptUpdate()\fR should be made. -.PP +.Sp If padding is disabled then \fBEVP_EncryptFinal_ex()\fR will not encrypt any more data and it will return an error if any data remains in a partial block: that is if the total data length is not a multiple of the block size. -.PP -\&\fBEVP_DecryptInit_ex()\fR, \fBEVP_DecryptUpdate()\fR and \fBEVP_DecryptFinal_ex()\fR are the -corresponding decryption operations. \fBEVP_DecryptFinal()\fR will return an -error code if padding is enabled and the final block is not correctly -formatted. The parameters and restrictions are identical to the encryption -operations except that if padding is enabled the decrypted data buffer \fBout\fR -passed to \fBEVP_DecryptUpdate()\fR should have sufficient room for -(\fBinl\fR + cipher_block_size) bytes unless the cipher block size is 1 in -which case \fBinl\fR bytes is sufficient. -.PP -\&\fBEVP_CipherInit_ex()\fR, \fBEVP_CipherUpdate()\fR and \fBEVP_CipherFinal_ex()\fR are -functions that can be used for decryption or encryption. The operation -performed depends on the value of the \fBenc\fR parameter. It should be set -to 1 for encryption, 0 for decryption and \-1 to leave the value unchanged +.IP "\fBEVP_DecryptInit_ex2()\fR, \fBEVP_DecryptInit_ex()\fR, \fBEVP_DecryptUpdate()\fR and \fBEVP_DecryptFinal_ex()\fR" 4 +.IX Item "EVP_DecryptInit_ex2(), EVP_DecryptInit_ex(), EVP_DecryptUpdate() and EVP_DecryptFinal_ex()" +These functions are the corresponding decryption operations. +\&\fBEVP_DecryptFinal()\fR will return an error code if padding is enabled and the +final block is not correctly formatted. The parameters and restrictions are +identical to the encryption operations except that if padding is enabled the +decrypted data buffer \fIout\fR passed to \fBEVP_DecryptUpdate()\fR should have +sufficient room for (\fIinl\fR + cipher_block_size) bytes unless the cipher block +size is 1 in which case \fIinl\fR bytes is sufficient. +.IP "\fBEVP_CipherInit_ex2()\fR, \fBEVP_CipherInit_ex()\fR, \fBEVP_CipherUpdate()\fR and \fBEVP_CipherFinal_ex()\fR" 4 +.IX Item "EVP_CipherInit_ex2(), EVP_CipherInit_ex(), EVP_CipherUpdate() and EVP_CipherFinal_ex()" +These functions can be used for decryption or encryption. The operation +performed depends on the value of the \fIenc\fR parameter. It should be set to 1 +for encryption, 0 for decryption and \-1 to leave the value unchanged (the actual value of 'enc' being supplied in a previous call). -.PP -\&\fBEVP_CIPHER_CTX_reset()\fR clears all information from a cipher context -and free up any allocated memory associate with it, except the \fBctx\fR -itself. This function should be called anytime \fBctx\fR is to be reused -for another \fBEVP_CipherInit()\fR / \fBEVP_CipherUpdate()\fR / \fBEVP_CipherFinal()\fR -series of calls. -.PP -\&\fBEVP_EncryptInit()\fR, \fBEVP_DecryptInit()\fR and \fBEVP_CipherInit()\fR behave in a -similar way to \fBEVP_EncryptInit_ex()\fR, \fBEVP_DecryptInit_ex()\fR and -\&\fBEVP_CipherInit_ex()\fR except they always use the default cipher implementation. -.PP -\&\fBEVP_EncryptFinal()\fR, \fBEVP_DecryptFinal()\fR and \fBEVP_CipherFinal()\fR are -identical to \fBEVP_EncryptFinal_ex()\fR, \fBEVP_DecryptFinal_ex()\fR and +.IP "\fBEVP_CIPHER_CTX_reset()\fR" 4 +.IX Item "EVP_CIPHER_CTX_reset()" +Clears all information from a cipher context and free up any allocated memory +associated with it, except the \fIctx\fR itself. This function should be called +anytime \fIctx\fR is reused by another +\&\fBEVP_CipherInit()\fR / \fBEVP_CipherUpdate()\fR / \fBEVP_CipherFinal()\fR series of calls. +.IP "\fBEVP_EncryptInit()\fR, \fBEVP_DecryptInit()\fR and \fBEVP_CipherInit()\fR" 4 +.IX Item "EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit()" +Behave in a similar way to \fBEVP_EncryptInit_ex()\fR, \fBEVP_DecryptInit_ex()\fR and +\&\fBEVP_CipherInit_ex()\fR except if the \fItype\fR is not a fetched cipher they use the +default implementation of the \fItype\fR. +.IP "\fBEVP_EncryptFinal()\fR, \fBEVP_DecryptFinal()\fR and \fBEVP_CipherFinal()\fR" 4 +.IX Item "EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal()" +Identical to \fBEVP_EncryptFinal_ex()\fR, \fBEVP_DecryptFinal_ex()\fR and \&\fBEVP_CipherFinal_ex()\fR. In previous releases they also cleaned up -the \fBctx\fR, but this is no longer done and \fBEVP_CIPHER_CTX_clean()\fR +the \fIctx\fR, but this is no longer done and \fBEVP_CIPHER_CTX_cleanup()\fR must be called to free any context resources. -.PP -\&\fBEVP_get_cipherbyname()\fR, \fBEVP_get_cipherbynid()\fR and \fBEVP_get_cipherbyobj()\fR -return an \s-1EVP_CIPHER\s0 structure when passed a cipher name, a \s-1NID\s0 or an -\&\s-1ASN1_OBJECT\s0 structure. -.PP -\&\fBEVP_CIPHER_nid()\fR and \fBEVP_CIPHER_CTX_nid()\fR return the \s-1NID\s0 of a cipher when -passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The actual \s-1NID\s0 -value is an internal value which may not have a corresponding \s-1OBJECT -IDENTIFIER.\s0 -.PP -\&\fBEVP_CIPHER_CTX_set_padding()\fR enables or disables padding. This -function should be called after the context is set up for encryption -or decryption with \fBEVP_EncryptInit_ex()\fR, \fBEVP_DecryptInit_ex()\fR or -\&\fBEVP_CipherInit_ex()\fR. By default encryption operations are padded using -standard block padding and the padding is checked and removed when -decrypting. If the \fBpad\fR parameter is zero then no padding is +.IP "\fBEVP_Cipher()\fR" 4 +.IX Item "EVP_Cipher()" +Encrypts or decrypts a maximum \fIinl\fR amount of bytes from \fIin\fR and leaves the +result in \fIout\fR. +.Sp +For legacy ciphers \- If the cipher doesn't have the flag +\&\fB\s-1EVP_CIPH_FLAG_CUSTOM_CIPHER\s0\fR set, then \fIinl\fR must be a multiple of +\&\fBEVP_CIPHER_get_block_size()\fR. If it isn't, the result is undefined. If the cipher +has that flag set, then \fIinl\fR can be any size. +.Sp +Due to the constraints of the \s-1API\s0 contract of this function it shouldn't be used +in applications, please consider using \fBEVP_CipherUpdate()\fR and +\&\fBEVP_CipherFinal_ex()\fR instead. +.IP "\fBEVP_get_cipherbyname()\fR, \fBEVP_get_cipherbynid()\fR and \fBEVP_get_cipherbyobj()\fR" 4 +.IX Item "EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()" +Returns an \fB\s-1EVP_CIPHER\s0\fR structure when passed a cipher name, a cipher \fB\s-1NID\s0\fR or +an \fB\s-1ASN1_OBJECT\s0\fR structure respectively. +.Sp +\&\fBEVP_get_cipherbyname()\fR will return \s-1NULL\s0 for algorithms such as \*(L"\s-1AES\-128\-SIV\*(R", +\&\*(L"AES\-128\-CBC\-CTS\*(R"\s0 and \*(L"\s-1CAMELLIA\-128\-CBC\-CTS\*(R"\s0 which were previously only +accessible via low level interfaces. +.Sp +The \fBEVP_get_cipherbyname()\fR function is present for backwards compatibility with +OpenSSL prior to version 3 and is different to the \fBEVP_CIPHER_fetch()\fR function +since it does not attempt to \*(L"fetch\*(R" an implementation of the cipher. +Additionally, it only knows about ciphers that are built-in to OpenSSL and have +an associated \s-1NID.\s0 Similarly \fBEVP_get_cipherbynid()\fR and \fBEVP_get_cipherbyobj()\fR +also return objects without an associated implementation. +.Sp +When the cipher objects returned by these functions are used (such as in a call +to \fBEVP_EncryptInit_ex()\fR) an implementation of the cipher will be implicitly +fetched from the loaded providers. This fetch could fail if no suitable +implementation is available. Use \fBEVP_CIPHER_fetch()\fR instead to explicitly fetch +the algorithm and an associated implementation from a provider. +.Sp +See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for more information about fetching. +.Sp +The cipher objects returned from these functions do not need to be freed with +\&\fBEVP_CIPHER_free()\fR. +.IP "\fBEVP_CIPHER_get_nid()\fR and \fBEVP_CIPHER_CTX_get_nid()\fR" 4 +.IX Item "EVP_CIPHER_get_nid() and EVP_CIPHER_CTX_get_nid()" +Return the \s-1NID\s0 of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR +structure. The actual \s-1NID\s0 value is an internal value which may not have a +corresponding \s-1OBJECT IDENTIFIER.\s0 +.IP "\fBEVP_CIPHER_CTX_set_flags()\fR, \fBEVP_CIPHER_CTX_clear_flags()\fR and \fBEVP_CIPHER_CTX_test_flags()\fR" 4 +.IX Item "EVP_CIPHER_CTX_set_flags(), EVP_CIPHER_CTX_clear_flags() and EVP_CIPHER_CTX_test_flags()" +Sets, clears and tests \fIctx\fR flags. See \*(L"\s-1FLAGS\*(R"\s0 below for more information. +.Sp +For provided ciphers \fBEVP_CIPHER_CTX_set_flags()\fR should be called only after the +fetched cipher has been assigned to the \fIctx\fR. It is recommended to use +\&\*(L"\s-1PARAMETERS\*(R"\s0 instead. +.IP "\fBEVP_CIPHER_CTX_set_padding()\fR" 4 +.IX Item "EVP_CIPHER_CTX_set_padding()" +Enables or disables padding. This function should be called after the context +is set up for encryption or decryption with \fBEVP_EncryptInit_ex2()\fR, +\&\fBEVP_DecryptInit_ex2()\fR or \fBEVP_CipherInit_ex2()\fR. By default encryption operations +are padded using standard block padding and the padding is checked and removed +when decrypting. If the \fIpad\fR parameter is zero then no padding is performed, the total amount of data encrypted or decrypted must then be a multiple of the block size or an error will occur. -.PP -\&\fBEVP_CIPHER_key_length()\fR and \fBEVP_CIPHER_CTX_key_length()\fR return the key -length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR -structure. The constant \fB\s-1EVP_MAX_KEY_LENGTH\s0\fR is the maximum key length -for all ciphers. Note: although \fBEVP_CIPHER_key_length()\fR is fixed for a -given cipher, the value of \fBEVP_CIPHER_CTX_key_length()\fR may be different -for variable key length ciphers. -.PP -\&\fBEVP_CIPHER_CTX_set_key_length()\fR sets the key length of the cipher ctx. +.IP "\fBEVP_CIPHER_get_key_length()\fR and \fBEVP_CIPHER_CTX_get_key_length()\fR" 4 +.IX Item "EVP_CIPHER_get_key_length() and EVP_CIPHER_CTX_get_key_length()" +Return the key length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or +\&\fB\s-1EVP_CIPHER_CTX\s0\fR structure. The constant \fB\s-1EVP_MAX_KEY_LENGTH\s0\fR is the maximum +key length for all ciphers. Note: although \fBEVP_CIPHER_get_key_length()\fR is fixed for +a given cipher, the value of \fBEVP_CIPHER_CTX_get_key_length()\fR may be different for +variable key length ciphers. +.IP "\fBEVP_CIPHER_CTX_set_key_length()\fR" 4 +.IX Item "EVP_CIPHER_CTX_set_key_length()" +Sets the key length of the cipher context. If the cipher is a fixed length cipher then attempting to set the key length to any value other than the fixed value is an error. -.PP -\&\fBEVP_CIPHER_iv_length()\fR and \fBEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 -length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR. -It will return zero if the cipher does not use an \s-1IV.\s0 The constant -\&\fB\s-1EVP_MAX_IV_LENGTH\s0\fR is the maximum \s-1IV\s0 length for all ciphers. -.PP -\&\fBEVP_CIPHER_block_size()\fR and \fBEVP_CIPHER_CTX_block_size()\fR return the block -size of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR -structure. The constant \fB\s-1EVP_MAX_BLOCK_LENGTH\s0\fR is also the maximum block -length for all ciphers. -.PP -\&\fBEVP_CIPHER_type()\fR and \fBEVP_CIPHER_CTX_type()\fR return the type of the passed -cipher or context. This \*(L"type\*(R" is the actual \s-1NID\s0 of the cipher \s-1OBJECT -IDENTIFIER\s0 as such it ignores the cipher parameters and 40 bit \s-1RC2\s0 and -128 bit \s-1RC2\s0 have the same \s-1NID.\s0 If the cipher does not have an object -identifier or does not have \s-1ASN1\s0 support this function will return +.IP "\fBEVP_CIPHER_get_iv_length()\fR and \fBEVP_CIPHER_CTX_get_iv_length()\fR" 4 +.IX Item "EVP_CIPHER_get_iv_length() and EVP_CIPHER_CTX_get_iv_length()" +Return the \s-1IV\s0 length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or +\&\fB\s-1EVP_CIPHER_CTX\s0\fR. It will return zero if the cipher does not use an \s-1IV.\s0 +The constant \fB\s-1EVP_MAX_IV_LENGTH\s0\fR is the maximum \s-1IV\s0 length for all ciphers. +.IP "\fBEVP_CIPHER_CTX_get_tag_length()\fR" 4 +.IX Item "EVP_CIPHER_CTX_get_tag_length()" +Returns the tag length of an \s-1AEAD\s0 cipher when passed a \fB\s-1EVP_CIPHER_CTX\s0\fR. It will +return zero if the cipher does not support a tag. It returns a default value if +the tag length has not been set. +.IP "\fBEVP_CIPHER_get_block_size()\fR and \fBEVP_CIPHER_CTX_get_block_size()\fR" 4 +.IX Item "EVP_CIPHER_get_block_size() and EVP_CIPHER_CTX_get_block_size()" +Return the block size of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or +\&\fB\s-1EVP_CIPHER_CTX\s0\fR structure. The constant \fB\s-1EVP_MAX_BLOCK_LENGTH\s0\fR is also the +maximum block length for all ciphers. +.IP "\fBEVP_CIPHER_get_type()\fR and \fBEVP_CIPHER_CTX_get_type()\fR" 4 +.IX Item "EVP_CIPHER_get_type() and EVP_CIPHER_CTX_get_type()" +Return the type of the passed cipher or context. This \*(L"type\*(R" is the actual \s-1NID\s0 +of the cipher \s-1OBJECT IDENTIFIER\s0 and as such it ignores the cipher parameters +(40 bit \s-1RC2\s0 and 128 bit \s-1RC2\s0 have the same \s-1NID\s0). If the cipher does not have an +object identifier or does not have \s-1ASN1\s0 support this function will return \&\fBNID_undef\fR. -.PP -\&\fBEVP_CIPHER_CTX_cipher()\fR returns the \fB\s-1EVP_CIPHER\s0\fR structure when passed -an \fB\s-1EVP_CIPHER_CTX\s0\fR structure. -.PP -\&\fBEVP_CIPHER_mode()\fR and \fBEVP_CIPHER_CTX_mode()\fR return the block cipher mode: +.IP "\fBEVP_CIPHER_is_a()\fR" 4 +.IX Item "EVP_CIPHER_is_a()" +Returns 1 if \fIcipher\fR is an implementation of an algorithm that's identifiable +with \fIname\fR, otherwise 0. If \fIcipher\fR is a legacy cipher (it's the return +value from the likes of \fBEVP_aes128()\fR rather than the result of an +\&\fBEVP_CIPHER_fetch()\fR), only cipher names registered with the default library +context (see \s-1\fBOSSL_LIB_CTX\s0\fR\|(3)) will be considered. +.IP "\fBEVP_CIPHER_get0_name()\fR and \fBEVP_CIPHER_CTX_get0_name()\fR" 4 +.IX Item "EVP_CIPHER_get0_name() and EVP_CIPHER_CTX_get0_name()" +Return the name of the passed cipher or context. For fetched ciphers with +multiple names, only one of them is returned. See also \fBEVP_CIPHER_names_do_all()\fR. +.IP "\fBEVP_CIPHER_names_do_all()\fR" 4 +.IX Item "EVP_CIPHER_names_do_all()" +Traverses all names for the \fIcipher\fR, and calls \fIfn\fR with each name and +\&\fIdata\fR. This is only useful with fetched \fB\s-1EVP_CIPHER\s0\fRs. +.IP "\fBEVP_CIPHER_get0_description()\fR" 4 +.IX Item "EVP_CIPHER_get0_description()" +Returns a description of the cipher, meant for display and human consumption. +The description is at the discretion of the cipher implementation. +.IP "\fBEVP_CIPHER_get0_provider()\fR" 4 +.IX Item "EVP_CIPHER_get0_provider()" +Returns an \fB\s-1OSSL_PROVIDER\s0\fR pointer to the provider that implements the given +\&\fB\s-1EVP_CIPHER\s0\fR. +.IP "\fBEVP_CIPHER_CTX_get0_cipher()\fR" 4 +.IX Item "EVP_CIPHER_CTX_get0_cipher()" +Returns the \fB\s-1EVP_CIPHER\s0\fR structure when passed an \fB\s-1EVP_CIPHER_CTX\s0\fR structure. +\&\fBEVP_CIPHER_CTX_get1_cipher()\fR is the same except the ownership is passed to +the caller. +.IP "\fBEVP_CIPHER_get_mode()\fR and \fBEVP_CIPHER_CTX_get_mode()\fR" 4 +.IX Item "EVP_CIPHER_get_mode() and EVP_CIPHER_CTX_get_mode()" +Return the block cipher mode: \&\s-1EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, -EVP_CIPH_WRAP_MODE\s0 or \s-1EVP_CIPH_OCB_MODE.\s0 If the cipher is a stream cipher then -\&\s-1EVP_CIPH_STREAM_CIPHER\s0 is returned. -.PP -\&\fBEVP_CIPHER_param_to_asn1()\fR sets the AlgorithmIdentifier \*(L"parameter\*(R" based -on the passed cipher. This will typically include any parameters and an -\&\s-1IV.\s0 The cipher \s-1IV\s0 (if any) must be set when this call is made. This call -should be made before the cipher is actually \*(L"used\*(R" (before any -\&\fBEVP_EncryptUpdate()\fR, \fBEVP_DecryptUpdate()\fR calls for example). This function -may fail if the cipher does not have any \s-1ASN1\s0 support. -.PP -\&\fBEVP_CIPHER_asn1_to_param()\fR sets the cipher parameters based on an \s-1ASN1\s0 -AlgorithmIdentifier \*(L"parameter\*(R". The precise effect depends on the cipher -In the case of \s-1RC2,\s0 for example, it will set the \s-1IV\s0 and effective key length. +EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE\s0 or \s-1EVP_CIPH_SIV_MODE.\s0 +If the cipher is a stream cipher then \s-1EVP_CIPH_STREAM_CIPHER\s0 is returned. +.IP "\fBEVP_CIPHER_get_flags()\fR" 4 +.IX Item "EVP_CIPHER_get_flags()" +Returns any flags associated with the cipher. See \*(L"\s-1FLAGS\*(R"\s0 +for a list of currently defined flags. +.IP "\fBEVP_CIPHER_CTX_get_num()\fR and \fBEVP_CIPHER_CTX_set_num()\fR" 4 +.IX Item "EVP_CIPHER_CTX_get_num() and EVP_CIPHER_CTX_set_num()" +Gets or sets the cipher specific \*(L"num\*(R" parameter for the associated \fIctx\fR. +Built-in ciphers typically use this to track how much of the current underlying block +has been \*(L"used\*(R" already. +.IP "\fBEVP_CIPHER_CTX_is_encrypting()\fR" 4 +.IX Item "EVP_CIPHER_CTX_is_encrypting()" +Reports whether the \fIctx\fR is being used for encryption or decryption. +.IP "\fBEVP_CIPHER_CTX_flags()\fR" 4 +.IX Item "EVP_CIPHER_CTX_flags()" +A deprecated macro calling \f(CW\*(C`EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))\*(C'\fR. +Do not use. +.IP "\fBEVP_CIPHER_param_to_asn1()\fR" 4 +.IX Item "EVP_CIPHER_param_to_asn1()" +Sets the AlgorithmIdentifier \*(L"parameter\*(R" based on the passed cipher. This will +typically include any parameters and an \s-1IV.\s0 The cipher \s-1IV\s0 (if any) must be set +when this call is made. This call should be made before the cipher is actually +\&\*(L"used\*(R" (before any \fBEVP_EncryptUpdate()\fR, \fBEVP_DecryptUpdate()\fR calls for example). +This function may fail if the cipher does not have any \s-1ASN1\s0 support. +.IP "\fBEVP_CIPHER_asn1_to_param()\fR" 4 +.IX Item "EVP_CIPHER_asn1_to_param()" +Sets the cipher parameters based on an \s-1ASN1\s0 AlgorithmIdentifier \*(L"parameter\*(R". +The precise effect depends on the cipher. In the case of \fB\s-1RC2\s0\fR, for example, +it will set the \s-1IV\s0 and effective key length. This function should be called after the base cipher type is set but before the key is set. For example \fBEVP_CipherInit()\fR will be called with the \s-1IV\s0 and key set to \s-1NULL,\s0 \fBEVP_CIPHER_asn1_to_param()\fR will be called and finally @@ -365,55 +701,569 @@ key set to \s-1NULL,\s0 \fBEVP_CIPHER_asn1_to_param()\fR will be called and fina possible for this function to fail if the cipher does not have any \s-1ASN1\s0 support or the parameters cannot be set (for example the \s-1RC2\s0 effective key length is not supported. +.IP "\fBEVP_CIPHER_CTX_rand_key()\fR" 4 +.IX Item "EVP_CIPHER_CTX_rand_key()" +Generates a random key of the appropriate length based on the cipher context. +The \fB\s-1EVP_CIPHER\s0\fR can provide its own random key generation routine to support +keys of a specific form. \fIkey\fR must point to a buffer at least as big as the +value returned by \fBEVP_CIPHER_CTX_get_key_length()\fR. +.IP "\fBEVP_CIPHER_do_all_provided()\fR" 4 +.IX Item "EVP_CIPHER_do_all_provided()" +Traverses all ciphers implemented by all activated providers in the given +library context \fIlibctx\fR, and for each of the implementations, calls the given +function \fIfn\fR with the implementation method and the given \fIarg\fR as argument. +.SH "PARAMETERS" +.IX Header "PARAMETERS" +See \s-1\fBOSSL_PARAM\s0\fR\|(3) for information about passing parameters. +.SS "Gettable \s-1EVP_CIPHER\s0 parameters" +.IX Subsection "Gettable EVP_CIPHER parameters" +When \fBEVP_CIPHER_fetch()\fR is called it internally calls \fBEVP_CIPHER_get_params()\fR +and caches the results. .PP -\&\fBEVP_CIPHER_CTX_ctrl()\fR allows various cipher specific parameters to be determined -and set. +\&\fBEVP_CIPHER_get_params()\fR can be used with the following \s-1\fBOSSL_PARAM\s0\fR\|(3) keys: +.ie n .IP """mode"" (\fB\s-1OSSL_CIPHER_PARAM_MODE\s0\fR) <unsigned integer>" 4 +.el .IP "``mode'' (\fB\s-1OSSL_CIPHER_PARAM_MODE\s0\fR) <unsigned integer>" 4 +.IX Item "mode (OSSL_CIPHER_PARAM_MODE) <unsigned integer>" +Gets the mode for the associated cipher algorithm \fIcipher\fR. +See \*(L"\fBEVP_CIPHER_get_mode()\fR and \fBEVP_CIPHER_CTX_get_mode()\fR\*(R" for a list of valid modes. +Use \fBEVP_CIPHER_get_mode()\fR to retrieve the cached value. +.ie n .IP """keylen"" (\fB\s-1OSSL_CIPHER_PARAM_KEYLEN\s0\fR) <unsigned integer>" 4 +.el .IP "``keylen'' (\fB\s-1OSSL_CIPHER_PARAM_KEYLEN\s0\fR) <unsigned integer>" 4 +.IX Item "keylen (OSSL_CIPHER_PARAM_KEYLEN) <unsigned integer>" +Gets the key length for the associated cipher algorithm \fIcipher\fR. +Use \fBEVP_CIPHER_get_key_length()\fR to retrieve the cached value. +.ie n .IP """ivlen"" (\fB\s-1OSSL_CIPHER_PARAM_IVLEN\s0\fR) <unsigned integer>" 4 +.el .IP "``ivlen'' (\fB\s-1OSSL_CIPHER_PARAM_IVLEN\s0\fR) <unsigned integer>" 4 +.IX Item "ivlen (OSSL_CIPHER_PARAM_IVLEN) <unsigned integer>" +Gets the \s-1IV\s0 length for the associated cipher algorithm \fIcipher\fR. +Use \fBEVP_CIPHER_get_iv_length()\fR to retrieve the cached value. +.ie n .IP """blocksize"" (\fB\s-1OSSL_CIPHER_PARAM_BLOCK_SIZE\s0\fR) <unsigned integer>" 4 +.el .IP "``blocksize'' (\fB\s-1OSSL_CIPHER_PARAM_BLOCK_SIZE\s0\fR) <unsigned integer>" 4 +.IX Item "blocksize (OSSL_CIPHER_PARAM_BLOCK_SIZE) <unsigned integer>" +Gets the block size for the associated cipher algorithm \fIcipher\fR. +The block size should be 1 for stream ciphers. +Note that the block size for a cipher may be different to the block size for +the underlying encryption/decryption primitive. +For example \s-1AES\s0 in \s-1CTR\s0 mode has a block size of 1 (because it operates like a +stream cipher), even though \s-1AES\s0 has a block size of 16. +Use \fBEVP_CIPHER_get_block_size()\fR to retrieve the cached value. +.ie n .IP """aead"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD\s0\fR) <integer>" 4 +.el .IP "``aead'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD\s0\fR) <integer>" 4 +.IX Item "aead (OSSL_CIPHER_PARAM_AEAD) <integer>" +Gets 1 if this is an \s-1AEAD\s0 cipher algorithm, otherwise it gets 0. +Use (EVP_CIPHER_get_flags(cipher) & \s-1EVP_CIPH_FLAG_AEAD_CIPHER\s0) to retrieve the +cached value. +.ie n .IP """custom-iv"" (\fB\s-1OSSL_CIPHER_PARAM_CUSTOM_IV\s0\fR) <integer>" 4 +.el .IP "``custom-iv'' (\fB\s-1OSSL_CIPHER_PARAM_CUSTOM_IV\s0\fR) <integer>" 4 +.IX Item "custom-iv (OSSL_CIPHER_PARAM_CUSTOM_IV) <integer>" +Gets 1 if the cipher algorithm \fIcipher\fR has a custom \s-1IV,\s0 otherwise it gets 0. +Storing and initializing the \s-1IV\s0 is left entirely to the implementation, if a +custom \s-1IV\s0 is used. +Use (EVP_CIPHER_get_flags(cipher) & \s-1EVP_CIPH_CUSTOM_IV\s0) to retrieve the +cached value. +.ie n .IP """cts"" (\fB\s-1OSSL_CIPHER_PARAM_CTS\s0\fR) <integer>" 4 +.el .IP "``cts'' (\fB\s-1OSSL_CIPHER_PARAM_CTS\s0\fR) <integer>" 4 +.IX Item "cts (OSSL_CIPHER_PARAM_CTS) <integer>" +Gets 1 if the cipher algorithm \fIcipher\fR uses ciphertext stealing, +otherwise it gets 0. +This is currently used to indicate that the cipher is a one shot that only +allows a single call to \fBEVP_CipherUpdate()\fR. +Use (EVP_CIPHER_get_flags(cipher) & \s-1EVP_CIPH_FLAG_CTS\s0) to retrieve the +cached value. +.ie n .IP """tls-multi"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK\s0\fR) <integer>" 4 +.el .IP "``tls-multi'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK\s0\fR) <integer>" 4 +.IX Item "tls-multi (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK) <integer>" +Gets 1 if the cipher algorithm \fIcipher\fR supports interleaving of crypto blocks, +otherwise it gets 0. The interleaving is an optimization only applicable to certain +\&\s-1TLS\s0 ciphers. +Use (EVP_CIPHER_get_flags(cipher) & \s-1EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK\s0) to retrieve the +cached value. +.ie n .IP """has-randkey"" (\fB\s-1OSSL_CIPHER_PARAM_HAS_RANDKEY\s0\fR) <integer>" 4 +.el .IP "``has-randkey'' (\fB\s-1OSSL_CIPHER_PARAM_HAS_RANDKEY\s0\fR) <integer>" 4 +.IX Item "has-randkey (OSSL_CIPHER_PARAM_HAS_RANDKEY) <integer>" +Gets 1 if the cipher algorithm \fIcipher\fR supports the gettable \s-1EVP_CIPHER_CTX\s0 +parameter \fB\s-1OSSL_CIPHER_PARAM_RANDOM_KEY\s0\fR. Only \s-1DES\s0 and 3DES set this to 1, +all other OpenSSL ciphers return 0. +.SS "Gettable and Settable \s-1EVP_CIPHER_CTX\s0 parameters" +.IX Subsection "Gettable and Settable EVP_CIPHER_CTX parameters" +The following \s-1\fBOSSL_PARAM\s0\fR\|(3) keys can be used with both \fBEVP_CIPHER_CTX_get_params()\fR +and \fBEVP_CIPHER_CTX_set_params()\fR. +.ie n .IP """padding"" (\fB\s-1OSSL_CIPHER_PARAM_PADDING\s0\fR) <unsigned integer>" 4 +.el .IP "``padding'' (\fB\s-1OSSL_CIPHER_PARAM_PADDING\s0\fR) <unsigned integer>" 4 +.IX Item "padding (OSSL_CIPHER_PARAM_PADDING) <unsigned integer>" +Gets or sets the padding mode for the cipher context \fIctx\fR. +Padding is enabled if the value is 1, and disabled if the value is 0. +See also \fBEVP_CIPHER_CTX_set_padding()\fR. +.ie n .IP """num"" (\fB\s-1OSSL_CIPHER_PARAM_NUM\s0\fR) <unsigned integer>" 4 +.el .IP "``num'' (\fB\s-1OSSL_CIPHER_PARAM_NUM\s0\fR) <unsigned integer>" 4 +.IX Item "num (OSSL_CIPHER_PARAM_NUM) <unsigned integer>" +Gets or sets the cipher specific \*(L"num\*(R" parameter for the cipher context \fIctx\fR. +Built-in ciphers typically use this to track how much of the current underlying +block has been \*(L"used\*(R" already. +See also \fBEVP_CIPHER_CTX_get_num()\fR and \fBEVP_CIPHER_CTX_set_num()\fR. +.ie n .IP """keylen"" (\fB\s-1OSSL_CIPHER_PARAM_KEYLEN\s0\fR) <unsigned integer>" 4 +.el .IP "``keylen'' (\fB\s-1OSSL_CIPHER_PARAM_KEYLEN\s0\fR) <unsigned integer>" 4 +.IX Item "keylen (OSSL_CIPHER_PARAM_KEYLEN) <unsigned integer>" +Gets or sets the key length for the cipher context \fIctx\fR. +The length of the \*(L"keylen\*(R" parameter should not exceed that of a \fBsize_t\fR. +See also \fBEVP_CIPHER_CTX_get_key_length()\fR and \fBEVP_CIPHER_CTX_set_key_length()\fR. +.ie n .IP """tag"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TAG\s0\fR) <octet string>" 4 +.el .IP "``tag'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TAG\s0\fR) <octet string>" 4 +.IX Item "tag (OSSL_CIPHER_PARAM_AEAD_TAG) <octet string>" +Gets or sets the \s-1AEAD\s0 tag for the associated cipher context \fIctx\fR. +See \*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3). +.ie n .IP """keybits"" (\fB\s-1OSSL_CIPHER_PARAM_RC2_KEYBITS\s0\fR) <unsigned integer>" 4 +.el .IP "``keybits'' (\fB\s-1OSSL_CIPHER_PARAM_RC2_KEYBITS\s0\fR) <unsigned integer>" 4 +.IX Item "keybits (OSSL_CIPHER_PARAM_RC2_KEYBITS) <unsigned integer>" +Gets or sets the effective keybits used for a \s-1RC2\s0 cipher. +The length of the \*(L"keybits\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """rounds"" (\fB\s-1OSSL_CIPHER_PARAM_ROUNDS\s0\fR) <unsigned integer>" 4 +.el .IP "``rounds'' (\fB\s-1OSSL_CIPHER_PARAM_ROUNDS\s0\fR) <unsigned integer>" 4 +.IX Item "rounds (OSSL_CIPHER_PARAM_ROUNDS) <unsigned integer>" +Gets or sets the number of rounds to be used for a cipher. +This is used by the \s-1RC5\s0 cipher. +.ie n .IP """alg_id_param"" (\fB\s-1OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS\s0\fR) <octet string>" 4 +.el .IP "``alg_id_param'' (\fB\s-1OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS\s0\fR) <octet string>" 4 +.IX Item "alg_id_param (OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS) <octet string>" +Used to pass the \s-1DER\s0 encoded AlgorithmIdentifier parameter to or from +the cipher implementation. Functions like \fBEVP_CIPHER_param_to_asn1\fR\|(3) +and \fBEVP_CIPHER_asn1_to_param\fR\|(3) use this parameter for any implementation +that has the flag \fB\s-1EVP_CIPH_FLAG_CUSTOM_ASN1\s0\fR set. +.ie n .IP """cts_mode"" (\fB\s-1OSSL_CIPHER_PARAM_CTS_MODE\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``cts_mode'' (\fB\s-1OSSL_CIPHER_PARAM_CTS_MODE\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "cts_mode (OSSL_CIPHER_PARAM_CTS_MODE) <UTF8 string>" +Gets or sets the cipher text stealing mode. For all modes the output size is the +same as the input size. The input length must be greater than or equal to the +block size. (The block size for \s-1AES\s0 and \s-1CAMELLIA\s0 is 16 bytes). +.Sp +Valid values for the mode are: +.RS 4 +.ie n .IP """\s-1CS1""\s0" 4 +.el .IP "``\s-1CS1''\s0" 4 +.IX Item "CS1" +The \s-1NIST\s0 variant of cipher text stealing. +For input lengths that are multiples of the block size it is equivalent to +using a \*(L"AES-XXX-CBC\*(R" or \*(L"CAMELLIA-XXX-CBC\*(R" cipher otherwise the second last +cipher text block is a partial block. +.ie n .IP """\s-1CS2""\s0" 4 +.el .IP "``\s-1CS2''\s0" 4 +.IX Item "CS2" +For input lengths that are multiples of the block size it is equivalent to +using a \*(L"AES-XXX-CBC\*(R" or \*(L"CAMELLIA-XXX-CBC\*(R" cipher, otherwise it is the same as +\&\*(L"\s-1CS3\*(R"\s0 mode. +.ie n .IP """\s-1CS3""\s0" 4 +.el .IP "``\s-1CS3''\s0" 4 +.IX Item "CS3" +The Kerberos5 variant of cipher text stealing which always swaps the last +cipher text block with the previous block (which may be a partial or full block +depending on the input length). If the input length is exactly one full block +then this is equivalent to using a \*(L"AES-XXX-CBC\*(R" or \*(L"CAMELLIA-XXX-CBC\*(R" cipher. +.RE +.RS 4 +.Sp +The default is \*(L"\s-1CS1\*(R".\s0 +This is only supported for \*(L"\s-1AES\-128\-CBC\-CTS\*(R", \*(L"AES\-192\-CBC\-CTS\*(R", \*(L"AES\-256\-CBC\-CTS\*(R", +\&\*(L"CAMELLIA\-128\-CBC\-CTS\*(R", \*(L"CAMELLIA\-192\-CBC\-CTS\*(R"\s0 and \*(L"\s-1CAMELLIA\-256\-CBC\-CTS\*(R".\s0 +.RE +.ie n .IP """tls1multi_interleave"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE\s0\fR) <unsigned integer>" 4 +.el .IP "``tls1multi_interleave'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE\s0\fR) <unsigned integer>" 4 +.IX Item "tls1multi_interleave (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE) <unsigned integer>" +Sets or gets the number of records being sent in one go for a tls1 multiblock +cipher operation (either 4 or 8 records). +.SS "Gettable \s-1EVP_CIPHER_CTX\s0 parameters" +.IX Subsection "Gettable EVP_CIPHER_CTX parameters" +The following \s-1\fBOSSL_PARAM\s0\fR\|(3) keys can be used with \fBEVP_CIPHER_CTX_get_params()\fR: +.ie n .IP """ivlen"" (\fB\s-1OSSL_CIPHER_PARAM_IVLEN\s0\fR and <\fB\s-1OSSL_CIPHER_PARAM_AEAD_IVLEN\s0\fR) <unsigned integer>" 4 +.el .IP "``ivlen'' (\fB\s-1OSSL_CIPHER_PARAM_IVLEN\s0\fR and <\fB\s-1OSSL_CIPHER_PARAM_AEAD_IVLEN\s0\fR) <unsigned integer>" 4 +.IX Item "ivlen (OSSL_CIPHER_PARAM_IVLEN and <OSSL_CIPHER_PARAM_AEAD_IVLEN) <unsigned integer>" +Gets the \s-1IV\s0 length for the cipher context \fIctx\fR. +The length of the \*(L"ivlen\*(R" parameter should not exceed that of a \fBsize_t\fR. +See also \fBEVP_CIPHER_CTX_get_iv_length()\fR. +.ie n .IP """iv"" (\fB\s-1OSSL_CIPHER_PARAM_IV\s0\fR) <octet string \s-1OR\s0 octet ptr>" 4 +.el .IP "``iv'' (\fB\s-1OSSL_CIPHER_PARAM_IV\s0\fR) <octet string \s-1OR\s0 octet ptr>" 4 +.IX Item "iv (OSSL_CIPHER_PARAM_IV) <octet string OR octet ptr>" +Gets the \s-1IV\s0 used to initialize the associated cipher context \fIctx\fR. +See also \fBEVP_CIPHER_CTX_get_original_iv()\fR. +.ie n .IP """updated-iv"" (\fB\s-1OSSL_CIPHER_PARAM_UPDATED_IV\s0\fR) <octet string \s-1OR\s0 octet ptr>" 4 +.el .IP "``updated-iv'' (\fB\s-1OSSL_CIPHER_PARAM_UPDATED_IV\s0\fR) <octet string \s-1OR\s0 octet ptr>" 4 +.IX Item "updated-iv (OSSL_CIPHER_PARAM_UPDATED_IV) <octet string OR octet ptr>" +Gets the updated pseudo-IV state for the associated cipher context, e.g., +the previous ciphertext block for \s-1CBC\s0 mode or the iteratively encrypted \s-1IV\s0 +value for \s-1OFB\s0 mode. Note that octet pointer access is deprecated and is +provided only for backwards compatibility with historical libcrypto APIs. +See also \fBEVP_CIPHER_CTX_get_updated_iv()\fR. +.ie n .IP """randkey"" (\fB\s-1OSSL_CIPHER_PARAM_RANDOM_KEY\s0\fR) <octet string>" 4 +.el .IP "``randkey'' (\fB\s-1OSSL_CIPHER_PARAM_RANDOM_KEY\s0\fR) <octet string>" 4 +.IX Item "randkey (OSSL_CIPHER_PARAM_RANDOM_KEY) <octet string>" +Gets an implementation specific randomly generated key for the associated +cipher context \fIctx\fR. This is currently only supported by \s-1DES\s0 and 3DES (which set +the key to odd parity). +.ie n .IP """taglen"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TAGLEN\s0\fR) <unsigned integer>" 4 +.el .IP "``taglen'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TAGLEN\s0\fR) <unsigned integer>" 4 +.IX Item "taglen (OSSL_CIPHER_PARAM_AEAD_TAGLEN) <unsigned integer>" +Gets the tag length to be used for an \s-1AEAD\s0 cipher for the associated cipher +context \fIctx\fR. It gets a default value if it has not been set. +The length of the \*(L"taglen\*(R" parameter should not exceed that of a \fBsize_t\fR. +See also \fBEVP_CIPHER_CTX_get_tag_length()\fR. +.ie n .IP """tlsaadpad"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD\s0\fR) <unsigned integer>" 4 +.el .IP "``tlsaadpad'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD\s0\fR) <unsigned integer>" 4 +.IX Item "tlsaadpad (OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD) <unsigned integer>" +Gets the length of the tag that will be added to a \s-1TLS\s0 record for the \s-1AEAD\s0 +tag for the associated cipher context \fIctx\fR. +The length of the \*(L"tlsaadpad\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """tlsivgen"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN\s0\fR) <octet string>" 4 +.el .IP "``tlsivgen'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN\s0\fR) <octet string>" 4 +.IX Item "tlsivgen (OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN) <octet string>" +Gets the invocation field generated for encryption. +Can only be called after \*(L"tlsivfixed\*(R" is set. +This is only used for \s-1GCM\s0 mode. +.ie n .IP """tls1multi_enclen"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN\s0\fR) <unsigned integer>" 4 +.el .IP "``tls1multi_enclen'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN\s0\fR) <unsigned integer>" 4 +.IX Item "tls1multi_enclen (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN) <unsigned integer>" +Get the total length of the record returned from the \*(L"tls1multi_enc\*(R" operation. +.ie n .IP """tls1multi_maxbufsz"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE\s0\fR) <unsigned integer>" 4 +.el .IP "``tls1multi_maxbufsz'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE\s0\fR) <unsigned integer>" 4 +.IX Item "tls1multi_maxbufsz (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE) <unsigned integer>" +Gets the maximum record length for a \s-1TLS1\s0 multiblock cipher operation. +The length of the \*(L"tls1multi_maxbufsz\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """tls1multi_aadpacklen"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN\s0\fR) <unsigned integer>" 4 +.el .IP "``tls1multi_aadpacklen'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN\s0\fR) <unsigned integer>" 4 +.IX Item "tls1multi_aadpacklen (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN) <unsigned integer>" +Gets the result of running the \*(L"tls1multi_aad\*(R" operation. +.ie n .IP """tls-mac"" (\fB\s-1OSSL_CIPHER_PARAM_TLS_MAC\s0\fR) <octet ptr>" 4 +.el .IP "``tls-mac'' (\fB\s-1OSSL_CIPHER_PARAM_TLS_MAC\s0\fR) <octet ptr>" 4 +.IX Item "tls-mac (OSSL_CIPHER_PARAM_TLS_MAC) <octet ptr>" +Used to pass the \s-1TLS MAC\s0 data. +.SS "Settable \s-1EVP_CIPHER_CTX\s0 parameters" +.IX Subsection "Settable EVP_CIPHER_CTX parameters" +The following \s-1\fBOSSL_PARAM\s0\fR\|(3) keys can be used with \fBEVP_CIPHER_CTX_set_params()\fR: +.ie n .IP """mackey"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_MAC_KEY\s0\fR) <octet string>" 4 +.el .IP "``mackey'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_MAC_KEY\s0\fR) <octet string>" 4 +.IX Item "mackey (OSSL_CIPHER_PARAM_AEAD_MAC_KEY) <octet string>" +Sets the \s-1MAC\s0 key used by composite \s-1AEAD\s0 ciphers such as \s-1AES\-CBC\-HMAC\-SHA256.\s0 +.ie n .IP """speed"" (\fB\s-1OSSL_CIPHER_PARAM_SPEED\s0\fR) <unsigned integer>" 4 +.el .IP "``speed'' (\fB\s-1OSSL_CIPHER_PARAM_SPEED\s0\fR) <unsigned integer>" 4 +.IX Item "speed (OSSL_CIPHER_PARAM_SPEED) <unsigned integer>" +Sets the speed option for the associated cipher context. This is only supported +by \s-1AES SIV\s0 ciphers which disallow multiple operations by default. +Setting \*(L"speed\*(R" to 1 allows another encrypt or decrypt operation to be +performed. This is used for performance testing. +.ie n .IP """use-bits"" (\fB\s-1OSSL_CIPHER_PARAM_USE_BITS\s0\fR) <unsigned integer>" 4 +.el .IP "``use-bits'' (\fB\s-1OSSL_CIPHER_PARAM_USE_BITS\s0\fR) <unsigned integer>" 4 +.IX Item "use-bits (OSSL_CIPHER_PARAM_USE_BITS) <unsigned integer>" +Determines if the input length \fIinl\fR passed to \fBEVP_EncryptUpdate()\fR, +\&\fBEVP_DecryptUpdate()\fR and \fBEVP_CipherUpdate()\fR is the number of bits or number of bytes. +Setting \*(L"use-bits\*(R" to 1 uses bits. The default is in bytes. +This is only used for \fB\s-1CFB1\s0\fR ciphers. +.Sp +This can be set using EVP_CIPHER_CTX_set_flags(ctx, \s-1EVP_CIPH_FLAG_LENGTH_BITS\s0). +.ie n .IP """tls-version"" (\fB\s-1OSSL_CIPHER_PARAM_TLS_VERSION\s0\fR) <integer>" 4 +.el .IP "``tls-version'' (\fB\s-1OSSL_CIPHER_PARAM_TLS_VERSION\s0\fR) <integer>" 4 +.IX Item "tls-version (OSSL_CIPHER_PARAM_TLS_VERSION) <integer>" +Sets the \s-1TLS\s0 version. +.ie n .IP """tls-mac-size"" (\fB\s-1OSSL_CIPHER_PARAM_TLS_MAC_SIZE\s0\fR) <unsigned integer>" 4 +.el .IP "``tls-mac-size'' (\fB\s-1OSSL_CIPHER_PARAM_TLS_MAC_SIZE\s0\fR) <unsigned integer>" 4 +.IX Item "tls-mac-size (OSSL_CIPHER_PARAM_TLS_MAC_SIZE) <unsigned integer>" +Set the \s-1TLS MAC\s0 size. +.ie n .IP """tlsaad"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_AAD\s0\fR) <octet string>" 4 +.el .IP "``tlsaad'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_AAD\s0\fR) <octet string>" 4 +.IX Item "tlsaad (OSSL_CIPHER_PARAM_AEAD_TLS1_AAD) <octet string>" +Sets TLSv1.2 \s-1AAD\s0 information for the associated cipher context \fIctx\fR. +TLSv1.2 \s-1AAD\s0 information is always 13 bytes in length and is as defined for the +\&\*(L"additional_data\*(R" field described in section 6.2.3.3 of \s-1RFC5246.\s0 +.ie n .IP """tlsivfixed"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED\s0\fR) <octet string>" 4 +.el .IP "``tlsivfixed'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED\s0\fR) <octet string>" 4 +.IX Item "tlsivfixed (OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED) <octet string>" +Sets the fixed portion of an \s-1IV\s0 for an \s-1AEAD\s0 cipher used in a \s-1TLS\s0 record +encryption/ decryption for the associated cipher context. +\&\s-1TLS\s0 record encryption/decryption always occurs \*(L"in place\*(R" so that the input and +output buffers are always the same memory location. +\&\s-1AEAD\s0 IVs in TLSv1.2 consist of an implicit \*(L"fixed\*(R" part and an explicit part +that varies with every record. +Setting a \s-1TLS\s0 fixed \s-1IV\s0 changes a cipher to encrypt/decrypt \s-1TLS\s0 records. +\&\s-1TLS\s0 records are encrypted/decrypted using a single OSSL_FUNC_cipher_cipher call per +record. +For a record decryption the first bytes of the input buffer will be the explicit +part of the \s-1IV\s0 and the final bytes of the input buffer will be the \s-1AEAD\s0 tag. +The length of the explicit part of the \s-1IV\s0 and the tag length will depend on the +cipher in use and will be defined in the \s-1RFC\s0 for the relevant ciphersuite. +In order to allow for \*(L"in place\*(R" decryption the plaintext output should be +written to the same location in the output buffer that the ciphertext payload +was read from, i.e. immediately after the explicit \s-1IV.\s0 +.Sp +When encrypting a record the first bytes of the input buffer should be empty to +allow space for the explicit \s-1IV,\s0 as will the final bytes where the tag will +be written. +The length of the input buffer will include the length of the explicit \s-1IV,\s0 the +payload, and the tag bytes. +The cipher implementation should generate the explicit \s-1IV\s0 and write it to the +beginning of the output buffer, do \*(L"in place\*(R" encryption of the payload and +write that to the output buffer, and finally add the tag onto the end of the +output buffer. +.Sp +Whether encrypting or decrypting the value written to \fI*outl\fR in the +OSSL_FUNC_cipher_cipher call should be the length of the payload excluding the explicit +\&\s-1IV\s0 length and the tag length. +.ie n .IP """tlsivinv"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV\s0\fR) <octet string>" 4 +.el .IP "``tlsivinv'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV\s0\fR) <octet string>" 4 +.IX Item "tlsivinv (OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV) <octet string>" +Sets the invocation field used for decryption. +Can only be called after \*(L"tlsivfixed\*(R" is set. +This is only used for \s-1GCM\s0 mode. +.ie n .IP """tls1multi_enc"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC\s0\fR) <octet string>" 4 +.el .IP "``tls1multi_enc'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC\s0\fR) <octet string>" 4 +.IX Item "tls1multi_enc (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC) <octet string>" +Triggers a multiblock \s-1TLS1\s0 encrypt operation for a \s-1TLS1\s0 aware cipher that +supports sending 4 or 8 records in one go. +The cipher performs both the \s-1MAC\s0 and encrypt stages and constructs the record +headers itself. +\&\*(L"tls1multi_enc\*(R" supplies the output buffer for the encrypt operation, +\&\*(L"tls1multi_encin\*(R" & \*(L"tls1multi_interleave\*(R" must also be set in order to supply +values to the encrypt operation. +.ie n .IP """tls1multi_encin"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN\s0\fR) <octet string>" 4 +.el .IP "``tls1multi_encin'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN\s0\fR) <octet string>" 4 +.IX Item "tls1multi_encin (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN) <octet string>" +Supplies the data to encrypt for a \s-1TLS1\s0 multiblock cipher operation. +.ie n .IP """tls1multi_maxsndfrag"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT\s0\fR) <unsigned integer>" 4 +.el .IP "``tls1multi_maxsndfrag'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT\s0\fR) <unsigned integer>" 4 +.IX Item "tls1multi_maxsndfrag (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT) <unsigned integer>" +Sets the maximum send fragment size for a \s-1TLS1\s0 multiblock cipher operation. +It must be set before using \*(L"tls1multi_maxbufsz\*(R". +The length of the \*(L"tls1multi_maxsndfrag\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """tls1multi_aad"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD\s0\fR) <octet string>" 4 +.el .IP "``tls1multi_aad'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD\s0\fR) <octet string>" 4 +.IX Item "tls1multi_aad (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD) <octet string>" +Sets the authenticated additional data used by a \s-1TLS1\s0 multiblock cipher operation. +The supplied data consists of 13 bytes of record data containing: +Bytes 0\-7: The sequence number of the first record +Byte 8: The record type +Byte 9\-10: The protocol version +Byte 11\-12: Input length (Always 0) +.Sp +\&\*(L"tls1multi_interleave\*(R" must also be set for this operation. +.SH "CONTROLS" +.IX Header "CONTROLS" +The Mappings from \fBEVP_CIPHER_CTX_ctrl()\fR identifiers to \s-1PARAMETERS\s0 are listed +in the following section. See the \*(L"\s-1PARAMETERS\*(R"\s0 section for more details. .PP -\&\fBEVP_CIPHER_CTX_rand_key()\fR generates a random key of the appropriate length -based on the cipher context. The \s-1EVP_CIPHER\s0 can provide its own random key -generation routine to support keys of a specific form. \fBKey\fR must point to a -buffer at least as big as the value returned by \fBEVP_CIPHER_CTX_key_length()\fR. +\&\fBEVP_CIPHER_CTX_ctrl()\fR can be used to send the following standard controls: +.IP "\s-1EVP_CTRL_AEAD_SET_IVLEN\s0 and \s-1EVP_CTRL_GET_IVLEN\s0" 4 +.IX Item "EVP_CTRL_AEAD_SET_IVLEN and EVP_CTRL_GET_IVLEN" +When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR and +\&\fBEVP_CIPHER_CTX_get_params()\fR get called with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the +key \*(L"ivlen\*(R" (\fB\s-1OSSL_CIPHER_PARAM_IVLEN\s0\fR). +.IP "\s-1EVP_CTRL_AEAD_SET_IV_FIXED\s0" 4 +.IX Item "EVP_CTRL_AEAD_SET_IV_FIXED" +When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called +with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key \*(L"tlsivfixed\*(R" +(\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED\s0\fR). +.IP "\s-1EVP_CTRL_AEAD_SET_MAC_KEY\s0" 4 +.IX Item "EVP_CTRL_AEAD_SET_MAC_KEY" +When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called +with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key \*(L"mackey\*(R" +(\fB\s-1OSSL_CIPHER_PARAM_AEAD_MAC_KEY\s0\fR). +.IP "\s-1EVP_CTRL_AEAD_SET_TAG\s0 and \s-1EVP_CTRL_AEAD_GET_TAG\s0" 4 +.IX Item "EVP_CTRL_AEAD_SET_TAG and EVP_CTRL_AEAD_GET_TAG" +When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR and +\&\fBEVP_CIPHER_CTX_get_params()\fR get called with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the +key \*(L"tag\*(R" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TAG\s0\fR). +.IP "\s-1EVP_CTRL_CCM_SET_L\s0" 4 +.IX Item "EVP_CTRL_CCM_SET_L" +When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called +with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key \*(L"ivlen\*(R" (\fB\s-1OSSL_CIPHER_PARAM_IVLEN\s0\fR) +with a value of (15 \- L) +.IP "\s-1EVP_CTRL_COPY\s0" 4 +.IX Item "EVP_CTRL_COPY" +There is no \s-1OSSL_PARAM\s0 mapping for this. Use \fBEVP_CIPHER_CTX_copy()\fR instead. +.IP "\s-1EVP_CTRL_GCM_SET_IV_INV\s0" 4 +.IX Item "EVP_CTRL_GCM_SET_IV_INV" +When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called +with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key \*(L"tlsivinv\*(R" +(\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV\s0\fR). +.IP "\s-1EVP_CTRL_RAND_KEY\s0" 4 +.IX Item "EVP_CTRL_RAND_KEY" +When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called +with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key \*(L"randkey\*(R" +(\fB\s-1OSSL_CIPHER_PARAM_RANDOM_KEY\s0\fR). +.IP "\s-1EVP_CTRL_SET_KEY_LENGTH\s0" 4 +.IX Item "EVP_CTRL_SET_KEY_LENGTH" +When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called +with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key \*(L"keylen\*(R" (\fB\s-1OSSL_CIPHER_PARAM_KEYLEN\s0\fR). +.IP "\s-1EVP_CTRL_SET_RC2_KEY_BITS\s0 and \s-1EVP_CTRL_GET_RC2_KEY_BITS\s0" 4 +.IX Item "EVP_CTRL_SET_RC2_KEY_BITS and EVP_CTRL_GET_RC2_KEY_BITS" +When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR and +\&\fBEVP_CIPHER_CTX_get_params()\fR get called with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the +key \*(L"keybits\*(R" (\fB\s-1OSSL_CIPHER_PARAM_RC2_KEYBITS\s0\fR). +.IP "\s-1EVP_CTRL_SET_RC5_ROUNDS\s0 and \s-1EVP_CTRL_GET_RC5_ROUNDS\s0" 4 +.IX Item "EVP_CTRL_SET_RC5_ROUNDS and EVP_CTRL_GET_RC5_ROUNDS" +When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR and +\&\fBEVP_CIPHER_CTX_get_params()\fR get called with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the +key \*(L"rounds\*(R" (\fB\s-1OSSL_CIPHER_PARAM_ROUNDS\s0\fR). +.IP "\s-1EVP_CTRL_SET_SPEED\s0" 4 +.IX Item "EVP_CTRL_SET_SPEED" +When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called +with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key \*(L"speed\*(R" (\fB\s-1OSSL_CIPHER_PARAM_SPEED\s0\fR). +.IP "\s-1EVP_CTRL_GCM_IV_GEN\s0" 4 +.IX Item "EVP_CTRL_GCM_IV_GEN" +When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_get_params()\fR gets called +with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key +\&\*(L"tlsivgen\*(R" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN\s0\fR). +.IP "\s-1EVP_CTRL_AEAD_TLS1_AAD\s0" 4 +.IX Item "EVP_CTRL_AEAD_TLS1_AAD" +When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR get called +with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key +\&\*(L"tlsaad\*(R" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_AAD\s0\fR) +followed by \fBEVP_CIPHER_CTX_get_params()\fR with a key of +\&\*(L"tlsaadpad\*(R" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD\s0\fR). +.IP "\s-1EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE\s0" 4 +.IX Item "EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE" +When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, +\&\fBEVP_CIPHER_CTX_set_params()\fR gets called with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the +key \s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT\s0 +followed by \fBEVP_CIPHER_CTX_get_params()\fR with a key of +\&\*(L"tls1multi_maxbufsz\*(R" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE\s0\fR). +.IP "\s-1EVP_CTRL_TLS1_1_MULTIBLOCK_AAD\s0" 4 +.IX Item "EVP_CTRL_TLS1_1_MULTIBLOCK_AAD" +When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called +with \s-1\fBOSSL_PARAM\s0\fR\|(3) items with the keys +\&\*(L"tls1multi_aad\*(R" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD\s0\fR) and +\&\*(L"tls1multi_interleave\*(R" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE\s0\fR) +followed by \fBEVP_CIPHER_CTX_get_params()\fR with keys of +\&\*(L"tls1multi_aadpacklen\*(R" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN\s0\fR) and +\&\*(L"tls1multi_interleave\*(R" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE\s0\fR). +.IP "\s-1EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT\s0" 4 +.IX Item "EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT" +When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called +with \s-1\fBOSSL_PARAM\s0\fR\|(3) items with the keys +\&\*(L"tls1multi_enc\*(R" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC\s0\fR), +\&\*(L"tls1multi_encin\*(R" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN\s0\fR) and +\&\*(L"tls1multi_interleave\*(R" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE\s0\fR), +followed by \fBEVP_CIPHER_CTX_get_params()\fR with a key of +\&\*(L"tls1multi_enclen\*(R" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN\s0\fR). +.SH "FLAGS" +.IX Header "FLAGS" +\&\fBEVP_CIPHER_CTX_set_flags()\fR, \fBEVP_CIPHER_CTX_clear_flags()\fR and \fBEVP_CIPHER_CTX_test_flags()\fR. +can be used to manipulate and test these \fB\s-1EVP_CIPHER_CTX\s0\fR flags: +.IP "\s-1EVP_CIPH_NO_PADDING\s0" 4 +.IX Item "EVP_CIPH_NO_PADDING" +Used by \fBEVP_CIPHER_CTX_set_padding()\fR. +.Sp +See also \*(L"Gettable and Settable \s-1EVP_CIPHER_CTX\s0 parameters\*(R" \*(L"padding\*(R" +.IP "\s-1EVP_CIPH_FLAG_LENGTH_BITS\s0" 4 +.IX Item "EVP_CIPH_FLAG_LENGTH_BITS" +See \*(L"Settable \s-1EVP_CIPHER_CTX\s0 parameters\*(R" \*(L"use-bits\*(R". +.IP "\s-1EVP_CIPHER_CTX_FLAG_WRAP_ALLOW\s0" 4 +.IX Item "EVP_CIPHER_CTX_FLAG_WRAP_ALLOW" +Used for Legacy purposes only. This flag needed to be set to indicate the +cipher handled wrapping. +.PP +\&\fBEVP_CIPHER_flags()\fR uses the following flags that +have mappings to \*(L"Gettable \s-1EVP_CIPHER\s0 parameters\*(R": +.IP "\s-1EVP_CIPH_FLAG_AEAD_CIPHER\s0" 4 +.IX Item "EVP_CIPH_FLAG_AEAD_CIPHER" +See \*(L"Gettable \s-1EVP_CIPHER\s0 parameters\*(R" \*(L"aead\*(R". +.IP "\s-1EVP_CIPH_CUSTOM_IV\s0" 4 +.IX Item "EVP_CIPH_CUSTOM_IV" +See \*(L"Gettable \s-1EVP_CIPHER\s0 parameters\*(R" \*(L"custom-iv\*(R". +.IP "\s-1EVP_CIPH_FLAG_CTS\s0" 4 +.IX Item "EVP_CIPH_FLAG_CTS" +See \*(L"Gettable \s-1EVP_CIPHER\s0 parameters\*(R" \*(L"cts\*(R". +.IP "\s-1EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK\s0;" 4 +.IX Item "EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK;" +See \*(L"Gettable \s-1EVP_CIPHER\s0 parameters\*(R" \*(L"tls-multi\*(R". +.IP "\s-1EVP_CIPH_RAND_KEY\s0" 4 +.IX Item "EVP_CIPH_RAND_KEY" +See \*(L"Gettable \s-1EVP_CIPHER\s0 parameters\*(R" \*(L"has-randkey\*(R". +.PP +\&\fBEVP_CIPHER_flags()\fR uses the following flags for legacy purposes only: +.IP "\s-1EVP_CIPH_VARIABLE_LENGTH\s0" 4 +.IX Item "EVP_CIPH_VARIABLE_LENGTH" +.PD 0 +.IP "\s-1EVP_CIPH_FLAG_CUSTOM_CIPHER\s0" 4 +.IX Item "EVP_CIPH_FLAG_CUSTOM_CIPHER" +.IP "\s-1EVP_CIPH_ALWAYS_CALL_INIT\s0" 4 +.IX Item "EVP_CIPH_ALWAYS_CALL_INIT" +.IP "\s-1EVP_CIPH_CTRL_INIT\s0" 4 +.IX Item "EVP_CIPH_CTRL_INIT" +.IP "\s-1EVP_CIPH_CUSTOM_KEY_LENGTH\s0" 4 +.IX Item "EVP_CIPH_CUSTOM_KEY_LENGTH" +.IP "\s-1EVP_CIPH_CUSTOM_COPY\s0" 4 +.IX Item "EVP_CIPH_CUSTOM_COPY" +.IP "\s-1EVP_CIPH_FLAG_DEFAULT_ASN1\s0" 4 +.IX Item "EVP_CIPH_FLAG_DEFAULT_ASN1" +.PD +See \fBEVP_CIPHER_meth_set_flags\fR\|(3) for further information related to the above +flags. .SH "RETURN VALUES" .IX Header "RETURN VALUES" +\&\fBEVP_CIPHER_fetch()\fR returns a pointer to a \fB\s-1EVP_CIPHER\s0\fR for success +and \fB\s-1NULL\s0\fR for failure. +.PP +\&\fBEVP_CIPHER_up_ref()\fR returns 1 for success or 0 otherwise. +.PP \&\fBEVP_CIPHER_CTX_new()\fR returns a pointer to a newly created \&\fB\s-1EVP_CIPHER_CTX\s0\fR for success and \fB\s-1NULL\s0\fR for failure. .PP -\&\fBEVP_EncryptInit_ex()\fR, \fBEVP_EncryptUpdate()\fR and \fBEVP_EncryptFinal_ex()\fR +\&\fBEVP_EncryptInit_ex2()\fR, \fBEVP_EncryptUpdate()\fR and \fBEVP_EncryptFinal_ex()\fR return 1 for success and 0 for failure. .PP -\&\fBEVP_DecryptInit_ex()\fR and \fBEVP_DecryptUpdate()\fR return 1 for success and 0 for failure. +\&\fBEVP_DecryptInit_ex2()\fR and \fBEVP_DecryptUpdate()\fR return 1 for success and 0 for failure. \&\fBEVP_DecryptFinal_ex()\fR returns 0 if the decrypt failed or 1 for success. .PP -\&\fBEVP_CipherInit_ex()\fR and \fBEVP_CipherUpdate()\fR return 1 for success and 0 for failure. +\&\fBEVP_CipherInit_ex2()\fR and \fBEVP_CipherUpdate()\fR return 1 for success and 0 for failure. \&\fBEVP_CipherFinal_ex()\fR returns 0 for a decryption failure or 1 for success. .PP +\&\fBEVP_Cipher()\fR returns 1 on success or 0 on failure, if the flag +\&\fB\s-1EVP_CIPH_FLAG_CUSTOM_CIPHER\s0\fR is not set for the cipher. +\&\fBEVP_Cipher()\fR returns the number of bytes written to \fIout\fR for encryption / decryption, or +the number of bytes authenticated in a call specifying \s-1AAD\s0 for an \s-1AEAD\s0 cipher, if the flag +\&\fB\s-1EVP_CIPH_FLAG_CUSTOM_CIPHER\s0\fR is set for the cipher. +.PP \&\fBEVP_CIPHER_CTX_reset()\fR returns 1 for success and 0 for failure. .PP \&\fBEVP_get_cipherbyname()\fR, \fBEVP_get_cipherbynid()\fR and \fBEVP_get_cipherbyobj()\fR return an \fB\s-1EVP_CIPHER\s0\fR structure or \s-1NULL\s0 on error. .PP -\&\fBEVP_CIPHER_nid()\fR and \fBEVP_CIPHER_CTX_nid()\fR return a \s-1NID.\s0 +\&\fBEVP_CIPHER_get_nid()\fR and \fBEVP_CIPHER_CTX_get_nid()\fR return a \s-1NID.\s0 .PP -\&\fBEVP_CIPHER_block_size()\fR and \fBEVP_CIPHER_CTX_block_size()\fR return the block -size. +\&\fBEVP_CIPHER_get_block_size()\fR and \fBEVP_CIPHER_CTX_get_block_size()\fR return the +block size. .PP -\&\fBEVP_CIPHER_key_length()\fR and \fBEVP_CIPHER_CTX_key_length()\fR return the key +\&\fBEVP_CIPHER_get_key_length()\fR and \fBEVP_CIPHER_CTX_get_key_length()\fR return the key length. .PP \&\fBEVP_CIPHER_CTX_set_padding()\fR always returns 1. .PP -\&\fBEVP_CIPHER_iv_length()\fR and \fBEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 +\&\fBEVP_CIPHER_get_iv_length()\fR and \fBEVP_CIPHER_CTX_get_iv_length()\fR return the \s-1IV\s0 length or zero if the cipher does not use an \s-1IV.\s0 .PP -\&\fBEVP_CIPHER_type()\fR and \fBEVP_CIPHER_CTX_type()\fR return the \s-1NID\s0 of the cipher's -\&\s-1OBJECT IDENTIFIER\s0 or NID_undef if it has no defined \s-1OBJECT IDENTIFIER.\s0 +\&\fBEVP_CIPHER_CTX_get_tag_length()\fR return the tag length or zero if the cipher +does not use a tag. +.PP +\&\fBEVP_CIPHER_get_type()\fR and \fBEVP_CIPHER_CTX_get_type()\fR return the \s-1NID\s0 of the +cipher's \s-1OBJECT IDENTIFIER\s0 or NID_undef if it has no defined +\&\s-1OBJECT IDENTIFIER.\s0 .PP \&\fBEVP_CIPHER_CTX_cipher()\fR returns an \fB\s-1EVP_CIPHER\s0\fR structure. .PP +\&\fBEVP_CIPHER_CTX_get_num()\fR returns a nonnegative num value or +\&\fB\s-1EVP_CTRL_RET_UNSUPPORTED\s0\fR if the implementation does not support the call +or on any other error. +.PP +\&\fBEVP_CIPHER_CTX_set_num()\fR returns 1 on success and 0 if the implementation +does not support the call or on any other error. +.PP +\&\fBEVP_CIPHER_CTX_is_encrypting()\fR returns 1 if the \fIctx\fR is set up for encryption +0 otherwise. +.PP \&\fBEVP_CIPHER_param_to_asn1()\fR and \fBEVP_CIPHER_asn1_to_param()\fR return greater than zero for success and zero or a negative number on failure. .PP -\&\fBEVP_CIPHER_CTX_rand_key()\fR returns 1 for success. +\&\fBEVP_CIPHER_CTX_rand_key()\fR returns 1 for success and zero or a negative number +for failure. +.PP +\&\fBEVP_CIPHER_names_do_all()\fR returns 1 if the callback was called for all names. +A return value of 0 means that the callback was not called for any names. .SH "CIPHER LISTING" .IX Header "CIPHER LISTING" All algorithms have a fixed key length unless otherwise stated. @@ -423,15 +1273,16 @@ interface. .IP "\fBEVP_enc_null()\fR" 4 .IX Item "EVP_enc_null()" Null cipher: does nothing. -.SH "AEAD Interface" -.IX Header "AEAD Interface" +.SH "AEAD INTERFACE" +.IX Header "AEAD INTERFACE" The \s-1EVP\s0 interface for Authenticated Encryption with Associated Data (\s-1AEAD\s0) modes are subtly altered and several additional \fIctrl\fR operations are supported depending on the mode specified. .PP To specify additional authenticated data (\s-1AAD\s0), a call to \fBEVP_CipherUpdate()\fR, \&\fBEVP_EncryptUpdate()\fR or \fBEVP_DecryptUpdate()\fR should be made with the output -parameter \fBout\fR set to \fB\s-1NULL\s0\fR. +parameter \fIout\fR set to \fB\s-1NULL\s0\fR. In this case, on success, the parameter +\&\fIoutl\fR is set to the number of bytes authenticated. .PP When decrypting, the return value of \fBEVP_DecryptFinal()\fR or \fBEVP_CipherFinal()\fR indicates whether the operation was successful. If it does not indicate success, @@ -481,8 +1332,8 @@ few additional requirements and different \fIctrl\fR values. .PP For \s-1CCM\s0 mode, the total plaintext or ciphertext length \fB\s-1MUST\s0\fR be passed to \&\fBEVP_CipherUpdate()\fR, \fBEVP_EncryptUpdate()\fR or \fBEVP_DecryptUpdate()\fR with the output -and input parameters (\fBin\fR and \fBout\fR) set to \fB\s-1NULL\s0\fR and the length passed in -the \fBinl\fR parameter. +and input parameters (\fIin\fR and \fIout\fR) set to \fB\s-1NULL\s0\fR and the length passed in +the \fIinl\fR parameter. .PP The following \fIctrl\fRs are supported in \s-1CCM\s0 mode. .IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG,\s0 taglen, tag)" 4 @@ -492,25 +1343,71 @@ the length of the tag (with the \f(CW\*(C`tag\*(C'\fR parameter set to \s-1NULL\ The tag length is often referred to as \fBM\fR. If not set a default value is used (12 for \s-1AES\s0). When decrypting, the tag needs to be set before passing in data to be decrypted, but as in \s-1GCM\s0 and \s-1OCB\s0 mode, it can be set after -passing additional authenticated data (see \*(L"\s-1AEAD\s0 Interface\*(R"). +passing additional authenticated data (see \*(L"\s-1AEAD INTERFACE\*(R"\s0). .IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_CCM_SET_L,\s0 ivlen, \s-1NULL\s0)" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, ivlen, NULL)" Sets the \s-1CCM\s0 \fBL\fR value. If not set a default is used (8 for \s-1AES\s0). .IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN,\s0 ivlen, \s-1NULL\s0)" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" -Sets the \s-1CCM\s0 nonce (\s-1IV\s0) length. This call can only be made before specifying -a nonce value. The nonce length is given by \fB15 \- L\fR so it is 7 by default for +Sets the \s-1CCM\s0 nonce (\s-1IV\s0) length. This call can only be made before specifying a +nonce value. The nonce length is given by \fB15 \- L\fR so it is 7 by default for \&\s-1AES.\s0 +.SS "\s-1SIV\s0 Mode" +.IX Subsection "SIV Mode" +For \s-1SIV\s0 mode ciphers the behaviour of the \s-1EVP\s0 interface is subtly +altered and several additional ctrl operations are supported. +.PP +To specify any additional authenticated data (\s-1AAD\s0) and/or a Nonce, a call to +\&\fBEVP_CipherUpdate()\fR, \fBEVP_EncryptUpdate()\fR or \fBEVP_DecryptUpdate()\fR should be made +with the output parameter \fIout\fR set to \fB\s-1NULL\s0\fR. +.PP +\&\s-1RFC5297\s0 states that the Nonce is the last piece of \s-1AAD\s0 before the actual +encrypt/decrypt takes place. The \s-1API\s0 does not differentiate the Nonce from +other \s-1AAD.\s0 +.PP +When decrypting the return value of \fBEVP_DecryptFinal()\fR or \fBEVP_CipherFinal()\fR +indicates if the operation was successful. If it does not indicate success +the authentication operation has failed and any output data \fB\s-1MUST NOT\s0\fR +be used as it is corrupted. +.PP +The \s-1API\s0 does not store the the \s-1SIV\s0 (Synthetic Initialization Vector) in +the cipher text. Instead, it is stored as the tag within the \s-1EVP_CIPHER_CTX.\s0 +The \s-1SIV\s0 must be retrieved from the context after encryption, and set into +the context before decryption. +.PP +This differs from \s-1RFC5297\s0 in that the cipher output from encryption, and +the cipher input to decryption, does not contain the \s-1SIV.\s0 This also means +that the plain text and cipher text lengths are identical. +.PP +The following ctrls are supported in \s-1SIV\s0 mode, and are used to get and set +the Synthetic Initialization Vector: +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_GET_TAG,\s0 taglen, tag);" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag);" +Writes \fItaglen\fR bytes of the tag value (the Synthetic Initialization Vector) +to the buffer indicated by \fItag\fR. This call can only be made when encrypting +data and \fBafter\fR all data has been processed (e.g. after an \fBEVP_EncryptFinal()\fR +call). For \s-1SIV\s0 mode the taglen must be 16. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG,\s0 taglen, tag);" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag);" +Sets the expected tag (the Synthetic Initialization Vector) to \fItaglen\fR +bytes from \fItag\fR. This call is only legal when decrypting data and must be +made \fBbefore\fR any data is processed (e.g. before any \fBEVP_DecryptUpdate()\fR +calls). For \s-1SIV\s0 mode the taglen must be 16. +.PP +\&\s-1SIV\s0 mode makes two passes over the input data, thus, only one call to +\&\fBEVP_CipherUpdate()\fR, \fBEVP_EncryptUpdate()\fR or \fBEVP_DecryptUpdate()\fR should be made +with \fIout\fR set to a non\-\fB\s-1NULL\s0\fR value. A call to \fBEVP_DecryptFinal()\fR or +\&\fBEVP_CipherFinal()\fR is not required, but will indicate if the update +operation succeeded. .SS "ChaCha20\-Poly1305" .IX Subsection "ChaCha20-Poly1305" The following \fIctrl\fRs are supported for the ChaCha20\-Poly1305 \s-1AEAD\s0 algorithm. .IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN,\s0 ivlen, \s-1NULL\s0)" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" -Sets the nonce length. This call can only be made before specifying the nonce. -If not called a default nonce length of 12 (i.e. 96 bits) is used. The maximum -nonce length is 12 bytes (i.e. 96\-bits). If a nonce of less than 12 bytes is set -then the nonce is automatically padded with leading 0 bytes to make it 12 bytes -in length. +Sets the nonce length. This call is now redundant since the only valid value +is the default length of 12 (i.e. 96 bits). +Prior to OpenSSL 3.0 a nonce of less than 12 bytes could be used to automatically +pad the iv with leading 0 bytes to make it 12 bytes in length. .IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_GET_TAG,\s0 taglen, tag)" 4 .IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)" Writes \f(CW\*(C`taglen\*(C'\fR bytes of the tag value to the buffer indicated by \f(CW\*(C`tag\*(C'\fR. @@ -550,12 +1447,14 @@ the input data earlier on will not produce a final decrypt error. If padding is disabled then the decryption operation will always succeed if the total amount of data decrypted is a multiple of the block size. .PP -The functions \fBEVP_EncryptInit()\fR, \fBEVP_EncryptFinal()\fR, \fBEVP_DecryptInit()\fR, -\&\fBEVP_CipherInit()\fR and \fBEVP_CipherFinal()\fR are obsolete but are retained for -compatibility with existing code. New code should use \fBEVP_EncryptInit_ex()\fR, -\&\fBEVP_EncryptFinal_ex()\fR, \fBEVP_DecryptInit_ex()\fR, \fBEVP_DecryptFinal_ex()\fR, -\&\fBEVP_CipherInit_ex()\fR and \fBEVP_CipherFinal_ex()\fR because they can reuse an -existing context without allocating and freeing it up on each call. +The functions \fBEVP_EncryptInit()\fR, \fBEVP_EncryptInit_ex()\fR, +\&\fBEVP_EncryptFinal()\fR, \fBEVP_DecryptInit()\fR, \fBEVP_DecryptInit_ex()\fR, +\&\fBEVP_CipherInit()\fR, \fBEVP_CipherInit_ex()\fR and \fBEVP_CipherFinal()\fR are obsolete +but are retained for compatibility with existing code. New code should +use \fBEVP_EncryptInit_ex2()\fR, \fBEVP_EncryptFinal_ex()\fR, \fBEVP_DecryptInit_ex2()\fR, +\&\fBEVP_DecryptFinal_ex()\fR, \fBEVP_CipherInit_ex2()\fR and \fBEVP_CipherFinal_ex()\fR +because they can reuse an existing context without allocating and freeing +it up on each call. .PP There are some differences between functions \fBEVP_CipherInit()\fR and \&\fBEVP_CipherInit_ex()\fR, significant in some circumstances. \fBEVP_CipherInit()\fR fills @@ -566,6 +1465,12 @@ removed, and it is especially important for the \&\fB\s-1EVP_CIPHER_CTX_FLAG_WRAP_ALLOW\s0\fR flag treated specially in \&\fBEVP_CipherInit_ex()\fR. .PP +Ignoring failure returns of the \fB\s-1EVP_CIPHER_CTX\s0\fR initialization functions can +lead to subsequent undefined behavior when calling the functions that update or +finalize the context. The only valid calls on the \fB\s-1EVP_CIPHER_CTX\s0\fR when +initialization fails are calls that attempt another initialization of the +context or release the context. +.PP \&\fBEVP_get_cipherbynid()\fR, and \fBEVP_get_cipherbyobj()\fR are implemented as macros. .SH "BUGS" .IX Header "BUGS" @@ -597,7 +1502,11 @@ Encrypt a string using \s-1IDEA:\s0 \& FILE *out; \& \& ctx = EVP_CIPHER_CTX_new(); -\& EVP_EncryptInit_ex(ctx, EVP_idea_cbc(), NULL, key, iv); +\& if (!EVP_EncryptInit_ex2(ctx, EVP_idea_cbc(), key, iv, NULL)) { +\& /* Error */ +\& EVP_CIPHER_CTX_free(ctx); +\& return 0; +\& } \& \& if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext))) { \& /* Error */ @@ -659,13 +1568,21 @@ with a 128\-bit key: \& \& /* Don\*(Aqt set key or IV right away; we want to check lengths */ \& ctx = EVP_CIPHER_CTX_new(); -\& EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, NULL, NULL, -\& do_encrypt); -\& OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16); -\& OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16); +\& if (!EVP_CipherInit_ex2(ctx, EVP_aes_128_cbc(), NULL, NULL, +\& do_encrypt, NULL)) { +\& /* Error */ +\& EVP_CIPHER_CTX_free(ctx); +\& return 0; +\& } +\& OPENSSL_assert(EVP_CIPHER_CTX_get_key_length(ctx) == 16); +\& OPENSSL_assert(EVP_CIPHER_CTX_get_iv_length(ctx) == 16); \& \& /* Now we can set key and IV */ -\& EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_encrypt); +\& if (!EVP_CipherInit_ex2(ctx, NULL, key, iv, do_encrypt, NULL)) { +\& /* Error */ +\& EVP_CIPHER_CTX_free(ctx); +\& return 0; +\& } \& \& for (;;) { \& inlen = fread(inbuf, 1, 1024, in); @@ -689,26 +1606,76 @@ with a 128\-bit key: \& return 1; \& } .Ve +.PP +Encryption using AES-CBC with a 256\-bit key with \*(L"\s-1CS1\*(R"\s0 ciphertext stealing. +.PP +.Vb 10 +\& int encrypt(const unsigned char *key, const unsigned char *iv, +\& const unsigned char *msg, size_t msg_len, unsigned char *out) +\& { +\& /* +\& * This assumes that key size is 32 bytes and the iv is 16 bytes. +\& * For ciphertext stealing mode the length of the ciphertext "out" will be +\& * the same size as the plaintext size "msg_len". +\& * The "msg_len" can be any size >= 16. +\& */ +\& int ret = 0, encrypt = 1, outlen, len; +\& EVP_CIPHER_CTX *ctx = NULL; +\& EVP_CIPHER *cipher = NULL; +\& OSSL_PARAM params[2]; +\& +\& ctx = EVP_CIPHER_CTX_new(); +\& cipher = EVP_CIPHER_fetch(NULL, "AES\-256\-CBC\-CTS", NULL); +\& if (ctx == NULL || cipher == NULL) +\& goto err; +\& +\& /* +\& * The default is "CS1" so this is not really needed, +\& * but would be needed to set either "CS2" or "CS3". +\& */ +\& params[0] = OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE, +\& "CS1", 0); +\& params[1] = OSSL_PARAM_construct_end(); +\& +\& if (!EVP_CipherInit_ex2(ctx, cipher, key, iv, encrypt, params)) +\& goto err; +\& +\& /* NOTE: CTS mode does not support multiple calls to EVP_CipherUpdate() */ +\& if (!EVP_CipherUpdate(ctx, out, &outlen, msg, msg_len)) +\& goto err; +\& if (!EVP_CipherFinal_ex(ctx, out + outlen, &len)) +\& goto err; +\& ret = 1; +\& err: +\& EVP_CIPHER_free(cipher); +\& EVP_CIPHER_CTX_free(ctx); +\& return ret; +\& } +.Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBevp\fR\|(7) +\&\fBevp\fR\|(7), +\&\fBproperty\fR\|(7), +\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7), +\&\fBprovider\-cipher\fR\|(7), +\&\fBlife_cycle\-cipher\fR\|(7) .PP Supported ciphers are listed in: .PP -\&\fBEVP_aes\fR\|(3), -\&\fBEVP_aria\fR\|(3), -\&\fBEVP_bf\fR\|(3), -\&\fBEVP_camellia\fR\|(3), -\&\fBEVP_cast5\fR\|(3), +\&\fBEVP_aes_128_gcm\fR\|(3), +\&\fBEVP_aria_128_gcm\fR\|(3), +\&\fBEVP_bf_cbc\fR\|(3), +\&\fBEVP_camellia_128_ecb\fR\|(3), +\&\fBEVP_cast5_cbc\fR\|(3), \&\fBEVP_chacha20\fR\|(3), -\&\fBEVP_des\fR\|(3), -\&\fBEVP_desx\fR\|(3), -\&\fBEVP_idea\fR\|(3), -\&\fBEVP_rc2\fR\|(3), +\&\fBEVP_des_cbc\fR\|(3), +\&\fBEVP_desx_cbc\fR\|(3), +\&\fBEVP_idea_cbc\fR\|(3), +\&\fBEVP_rc2_cbc\fR\|(3), \&\fBEVP_rc4\fR\|(3), -\&\fBEVP_rc5\fR\|(3), -\&\fBEVP_seed\fR\|(3), -\&\fBEVP_sm4\fR\|(3) +\&\fBEVP_rc5_32_12_16_cbc\fR\|(3), +\&\fBEVP_seed_cbc\fR\|(3), +\&\fBEVP_sm4_cbc\fR\|(3), .SH "HISTORY" .IX Header "HISTORY" Support for \s-1OCB\s0 mode was added in OpenSSL 1.1.0. @@ -717,11 +1684,39 @@ Support for \s-1OCB\s0 mode was added in OpenSSL 1.1.0. \&\fBEVP_CIPHER_CTX_reset()\fR appeared and \fBEVP_CIPHER_CTX_cleanup()\fR disappeared. \fBEVP_CIPHER_CTX_init()\fR remains as an alias for \&\fBEVP_CIPHER_CTX_reset()\fR. +.PP +The \fBEVP_CIPHER_CTX_cipher()\fR function was deprecated in OpenSSL 3.0; use +\&\fBEVP_CIPHER_CTX_get0_cipher()\fR instead. +.PP +The \fBEVP_EncryptInit_ex2()\fR, \fBEVP_DecryptInit_ex2()\fR, \fBEVP_CipherInit_ex2()\fR, +\&\fBEVP_CIPHER_fetch()\fR, \fBEVP_CIPHER_free()\fR, \fBEVP_CIPHER_up_ref()\fR, +\&\fBEVP_CIPHER_CTX_get0_cipher()\fR, \fBEVP_CIPHER_CTX_get1_cipher()\fR, +\&\fBEVP_CIPHER_get_params()\fR, \fBEVP_CIPHER_CTX_set_params()\fR, +\&\fBEVP_CIPHER_CTX_get_params()\fR, \fBEVP_CIPHER_gettable_params()\fR, +\&\fBEVP_CIPHER_settable_ctx_params()\fR, \fBEVP_CIPHER_gettable_ctx_params()\fR, +\&\fBEVP_CIPHER_CTX_settable_params()\fR and \fBEVP_CIPHER_CTX_gettable_params()\fR +functions were added in 3.0. +.PP +The \fBEVP_CIPHER_nid()\fR, \fBEVP_CIPHER_name()\fR, \fBEVP_CIPHER_block_size()\fR, +\&\fBEVP_CIPHER_key_length()\fR, \fBEVP_CIPHER_iv_length()\fR, \fBEVP_CIPHER_flags()\fR, +\&\fBEVP_CIPHER_mode()\fR, \fBEVP_CIPHER_type()\fR, \fBEVP_CIPHER_CTX_nid()\fR, +\&\fBEVP_CIPHER_CTX_block_size()\fR, \fBEVP_CIPHER_CTX_key_length()\fR, +\&\fBEVP_CIPHER_CTX_iv_length()\fR, \fBEVP_CIPHER_CTX_tag_length()\fR, +\&\fBEVP_CIPHER_CTX_num()\fR, \fBEVP_CIPHER_CTX_type()\fR, and \fBEVP_CIPHER_CTX_mode()\fR +functions were renamed to include \f(CW\*(C`get\*(C'\fR or \f(CW\*(C`get0\*(C'\fR in their names in +OpenSSL 3.0, respectively. The old names are kept as non-deprecated +alias macros. +.PP +The \fBEVP_CIPHER_CTX_encrypting()\fR function was renamed to +\&\fBEVP_CIPHER_CTX_is_encrypting()\fR in OpenSSL 3.0. The old name is kept as +non-deprecated alias macro. +.PP +The \fBEVP_CIPHER_CTX_flags()\fR macro was deprecated in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_KDF.3 b/secure/lib/libcrypto/man/man3/EVP_KDF.3 new file mode 100644 index 000000000000..657e4e61d7da --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_KDF.3 @@ -0,0 +1,437 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KDF 3ossl" +.TH EVP_KDF 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KDF, EVP_KDF_fetch, EVP_KDF_free, EVP_KDF_up_ref, +EVP_KDF_CTX, EVP_KDF_CTX_new, EVP_KDF_CTX_free, EVP_KDF_CTX_dup, +EVP_KDF_CTX_reset, EVP_KDF_derive, +EVP_KDF_CTX_get_kdf_size, +EVP_KDF_get0_provider, EVP_KDF_CTX_kdf, EVP_KDF_is_a, +EVP_KDF_get0_name, EVP_KDF_names_do_all, EVP_KDF_get0_description, +EVP_KDF_CTX_get_params, EVP_KDF_CTX_set_params, EVP_KDF_do_all_provided, +EVP_KDF_get_params, EVP_KDF_gettable_params, +EVP_KDF_gettable_ctx_params, EVP_KDF_settable_ctx_params, +EVP_KDF_CTX_gettable_params, EVP_KDF_CTX_settable_params \- EVP KDF routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/kdf.h> +\& +\& typedef struct evp_kdf_st EVP_KDF; +\& typedef struct evp_kdf_ctx_st EVP_KDF_CTX; +\& +\& EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf); +\& const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx); +\& void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); +\& EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src); +\& void EVP_KDF_CTX_reset(EVP_KDF_CTX *ctx); +\& size_t EVP_KDF_CTX_get_kdf_size(EVP_KDF_CTX *ctx); +\& int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen, +\& const OSSL_PARAM params[]); +\& int EVP_KDF_up_ref(EVP_KDF *kdf); +\& void EVP_KDF_free(EVP_KDF *kdf); +\& EVP_KDF *EVP_KDF_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, +\& const char *properties); +\& int EVP_KDF_is_a(const EVP_KDF *kdf, const char *name); +\& const char *EVP_KDF_get0_name(const EVP_KDF *kdf); +\& const char *EVP_KDF_get0_description(const EVP_KDF *kdf); +\& const OSSL_PROVIDER *EVP_KDF_get0_provider(const EVP_KDF *kdf); +\& void EVP_KDF_do_all_provided(OSSL_LIB_CTX *libctx, +\& void (*fn)(EVP_KDF *kdf, void *arg), +\& void *arg); +\& int EVP_KDF_names_do_all(const EVP_KDF *kdf, +\& void (*fn)(const char *name, void *data), +\& void *data); +\& int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[]); +\& int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]); +\& int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]); +\& const OSSL_PARAM *EVP_KDF_gettable_params(const EVP_KDF *kdf); +\& const OSSL_PARAM *EVP_KDF_gettable_ctx_params(const EVP_KDF *kdf); +\& const OSSL_PARAM *EVP_KDF_settable_ctx_params(const EVP_KDF *kdf); +\& const OSSL_PARAM *EVP_KDF_CTX_gettable_params(const EVP_KDF *kdf); +\& const OSSL_PARAM *EVP_KDF_CTX_settable_params(const EVP_KDF *kdf); +\& const OSSL_PROVIDER *EVP_KDF_get0_provider(const EVP_KDF *kdf); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP KDF\s0 routines are a high-level interface to Key Derivation Function +algorithms and should be used instead of algorithm-specific functions. +.PP +After creating a \fB\s-1EVP_KDF_CTX\s0\fR for the required algorithm using +\&\fBEVP_KDF_CTX_new()\fR, inputs to the algorithm are supplied either by +passing them as part of the \fBEVP_KDF_derive()\fR call or using calls +to \fBEVP_KDF_CTX_set_params()\fR before calling \fBEVP_KDF_derive()\fR to derive +the key. +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1EVP_KDF\s0\fR is a type that holds the implementation of a \s-1KDF.\s0 +.PP +\&\fB\s-1EVP_KDF_CTX\s0\fR is a context type that holds the algorithm inputs. +.SS "Algorithm implementation fetching" +.IX Subsection "Algorithm implementation fetching" +\&\fBEVP_KDF_fetch()\fR fetches an implementation of a \s-1KDF\s0 \fIalgorithm\fR, given +a library context \fIlibctx\fR and a set of \fIproperties\fR. +See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further information. +.PP +See \*(L"Key Derivation Function (\s-1KDF\s0)\*(R" in \fBOSSL_PROVIDER\-default\fR\|(7) for the lists of +algorithms supported by the default provider. +.PP +The returned value must eventually be freed with +\&\fBEVP_KDF_free\fR\|(3). +.PP +\&\fBEVP_KDF_up_ref()\fR increments the reference count of an already fetched +\&\s-1KDF.\s0 +.PP +\&\fBEVP_KDF_free()\fR frees a fetched algorithm. +\&\s-1NULL\s0 is a valid parameter, for which this function is a no-op. +.SS "Context manipulation functions" +.IX Subsection "Context manipulation functions" +\&\fBEVP_KDF_CTX_new()\fR creates a new context for the \s-1KDF\s0 implementation \fIkdf\fR. +.PP +\&\fBEVP_KDF_CTX_free()\fR frees up the context \fIctx\fR. If \fIctx\fR is \s-1NULL,\s0 nothing +is done. +.PP +\&\fBEVP_KDF_CTX_kdf()\fR returns the \fB\s-1EVP_KDF\s0\fR associated with the context +\&\fIctx\fR. +.SS "Computing functions" +.IX Subsection "Computing functions" +\&\fBEVP_KDF_CTX_reset()\fR resets the context to the default state as if the context +had just been created. +.PP +\&\fBEVP_KDF_derive()\fR processes any parameters in \fIParams\fR and then derives +\&\fIkeylen\fR bytes of key material and places it in the \fIkey\fR buffer. +If the algorithm produces a fixed amount of output then an error will +occur unless the \fIkeylen\fR parameter is equal to that output size, +as returned by \fBEVP_KDF_CTX_get_kdf_size()\fR. +.PP +\&\fBEVP_KDF_get_params()\fR retrieves details about the implementation +\&\fIkdf\fR. +The set of parameters given with \fIparams\fR determine exactly what +parameters should be retrieved. +Note that a parameter that is unknown in the underlying context is +simply ignored. +.PP +\&\fBEVP_KDF_CTX_get_params()\fR retrieves chosen parameters, given the +context \fIctx\fR and its underlying context. +The set of parameters given with \fIparams\fR determine exactly what +parameters should be retrieved. +Note that a parameter that is unknown in the underlying context is +simply ignored. +.PP +\&\fBEVP_KDF_CTX_set_params()\fR passes chosen parameters to the underlying +context, given a context \fIctx\fR. +The set of parameters given with \fIparams\fR determine exactly what +parameters are passed down. +Note that a parameter that is unknown in the underlying context is +simply ignored. +Also, what happens when a needed parameter isn't passed down is +defined by the implementation. +.PP +\&\fBEVP_KDF_gettable_params()\fR returns an \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes +the retrievable and settable parameters. \fBEVP_KDF_gettable_params()\fR +returns parameters that can be used with \fBEVP_KDF_get_params()\fR. +.PP +\&\fBEVP_KDF_gettable_ctx_params()\fR and \fBEVP_KDF_CTX_gettable_params()\fR +return constant \s-1\fBOSSL_PARAM\s0\fR\|(3) arrays that describe the retrievable +parameters that can be used with \fBEVP_KDF_CTX_get_params()\fR. +\&\fBEVP_KDF_gettable_ctx_params()\fR returns the parameters that can be retrieved +from the algorithm, whereas \fBEVP_KDF_CTX_gettable_params()\fR returns +the parameters that can be retrieved in the context's current state. +.PP +\&\fBEVP_KDF_settable_ctx_params()\fR and \fBEVP_KDF_CTX_settable_params()\fR return +constant \s-1\fBOSSL_PARAM\s0\fR\|(3) arrays that describe the settable parameters that +can be used with \fBEVP_KDF_CTX_set_params()\fR. \fBEVP_KDF_settable_ctx_params()\fR +returns the parameters that can be retrieved from the algorithm, +whereas \fBEVP_KDF_CTX_settable_params()\fR returns the parameters that can +be retrieved in the context's current state. +.SS "Information functions" +.IX Subsection "Information functions" +\&\fBEVP_KDF_CTX_get_kdf_size()\fR returns the output size if the algorithm produces a fixed amount +of output and \fB\s-1SIZE_MAX\s0\fR otherwise. If an error occurs then 0 is returned. +For some algorithms an error may result if input parameters necessary to +calculate a fixed output size have not yet been supplied. +.PP +\&\fBEVP_KDF_is_a()\fR returns 1 if \fIkdf\fR is an implementation of an +algorithm that's identifiable with \fIname\fR, otherwise 0. +.PP +\&\fBEVP_KDF_get0_provider()\fR returns the provider that holds the implementation +of the given \fIkdf\fR. +.PP +\&\fBEVP_KDF_do_all_provided()\fR traverses all \s-1KDF\s0 implemented by all activated +providers in the given library context \fIlibctx\fR, and for each of the +implementations, calls the given function \fIfn\fR with the implementation method +and the given \fIarg\fR as argument. +.PP +\&\fBEVP_KDF_get0_name()\fR return the name of the given \s-1KDF.\s0 For fetched KDFs +with multiple names, only one of them is returned; it's +recommended to use \fBEVP_KDF_names_do_all()\fR instead. +.PP +\&\fBEVP_KDF_names_do_all()\fR traverses all names for \fIkdf\fR, and calls +\&\fIfn\fR with each name and \fIdata\fR. +.PP +\&\fBEVP_KDF_get0_description()\fR returns a description of the \fIkdf\fR, meant for +display and human consumption. The description is at the discretion of +the \fIkdf\fR implementation. +.SH "PARAMETERS" +.IX Header "PARAMETERS" +The standard parameter names are: +.ie n .IP """pass"" (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) <octet string>" 4 +.el .IP "``pass'' (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) <octet string>" 4 +.IX Item "pass (OSSL_KDF_PARAM_PASSWORD) <octet string>" +Some \s-1KDF\s0 implementations require a password. +For those \s-1KDF\s0 implementations that support it, this parameter sets the password. +.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) <octet string>" 4 +.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) <octet string>" 4 +.IX Item "salt (OSSL_KDF_PARAM_SALT) <octet string>" +Some \s-1KDF\s0 implementations can take a non-secret unique cryptographic salt. +For those \s-1KDF\s0 implementations that support it, this parameter sets the salt. +.Sp +The default value, if any, is implementation dependent. +.ie n .IP """iter"" (\fB\s-1OSSL_KDF_PARAM_ITER\s0\fR) <unsigned integer>" 4 +.el .IP "``iter'' (\fB\s-1OSSL_KDF_PARAM_ITER\s0\fR) <unsigned integer>" 4 +.IX Item "iter (OSSL_KDF_PARAM_ITER) <unsigned integer>" +Some \s-1KDF\s0 implementations require an iteration count. +For those \s-1KDF\s0 implementations that support it, this parameter sets the +iteration count. +.Sp +The default value, if any, is implementation dependent. +.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>" +.PD 0 +.ie n .IP """mac"" (\fB\s-1OSSL_KDF_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``mac'' (\fB\s-1OSSL_KDF_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "mac (OSSL_KDF_PARAM_MAC) <UTF8 string>" +.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_KDF_PARAM_DIGEST) <UTF8 string>" +.ie n .IP """cipher"" (\fB\s-1OSSL_KDF_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``cipher'' (\fB\s-1OSSL_KDF_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "cipher (OSSL_KDF_PARAM_CIPHER) <UTF8 string>" +.PD +For \s-1KDF\s0 implementations that use an underlying computation \s-1MAC,\s0 digest or +cipher, these parameters set what the algorithm should be. +.Sp +The value is always the name of the intended algorithm, +or the properties. +.Sp +Note that not all algorithms may support all possible underlying +implementations. +.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) <octet string>" 4 +.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) <octet string>" 4 +.IX Item "key (OSSL_KDF_PARAM_KEY) <octet string>" +Some \s-1KDF\s0 implementations require a key. +For those \s-1KDF\s0 implementations that support it, this octet string parameter +sets the key. +.ie n .IP """info"" (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) <octet string>" 4 +.el .IP "``info'' (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) <octet string>" 4 +.IX Item "info (OSSL_KDF_PARAM_INFO) <octet string>" +Some \s-1KDF\s0 implementations, such as \s-1\fBEVP_KDF\-HKDF\s0\fR\|(7), take an 'info' parameter +for binding the derived key material +to application\- and context-specific information. +This parameter sets the info, fixed info, other info or shared info argument. +You can specify this parameter multiple times, and each instance will +be concatenated to form the final value. +.ie n .IP """maclen"" (\fB\s-1OSSL_KDF_PARAM_MAC_SIZE\s0\fR) <unsigned integer>" 4 +.el .IP "``maclen'' (\fB\s-1OSSL_KDF_PARAM_MAC_SIZE\s0\fR) <unsigned integer>" 4 +.IX Item "maclen (OSSL_KDF_PARAM_MAC_SIZE) <unsigned integer>" +Used by implementations that use a \s-1MAC\s0 with a variable output size (\s-1KMAC\s0). +For those \s-1KDF\s0 implementations that support it, this parameter +sets the \s-1MAC\s0 output size. +.Sp +The default value, if any, is implementation dependent. +The length must never exceed what can be given with a \fBsize_t\fR. +.ie n .IP """maxmem_bytes"" (\fB\s-1OSSL_KDF_PARAM_SCRYPT_MAXMEM\s0\fR) <unsigned integer>" 4 +.el .IP "``maxmem_bytes'' (\fB\s-1OSSL_KDF_PARAM_SCRYPT_MAXMEM\s0\fR) <unsigned integer>" 4 +.IX Item "maxmem_bytes (OSSL_KDF_PARAM_SCRYPT_MAXMEM) <unsigned integer>" +Memory-hard password-based \s-1KDF\s0 algorithms, such as scrypt, use an amount of +memory that depends on the load factors provided as input. +For those \s-1KDF\s0 implementations that support it, this \fBuint64_t\fR parameter sets +an upper limit on the amount of memory that may be consumed while performing +a key derivation. +If this memory usage limit is exceeded because the load factors are chosen +too high, the key derivation will fail. +.Sp +The default value is implementation dependent. +The memory size must never exceed what can be given with a \fBsize_t\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_KDF_fetch()\fR returns a pointer to a newly fetched \fB\s-1EVP_KDF\s0\fR, or +\&\s-1NULL\s0 if allocation failed. +.PP +\&\fBEVP_KDF_get0_provider()\fR returns a pointer to the provider for the \s-1KDF,\s0 or +\&\s-1NULL\s0 on error. +.PP +\&\fBEVP_KDF_up_ref()\fR returns 1 on success, 0 on error. +.PP +\&\fBEVP_KDF_CTX_new()\fR returns either the newly allocated +\&\fB\s-1EVP_KDF_CTX\s0\fR structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fBEVP_KDF_CTX_free()\fR and \fBEVP_KDF_CTX_reset()\fR do not return a value. +.PP +\&\fBEVP_KDF_CTX_get_kdf_size()\fR returns the output size. \fB\s-1SIZE_MAX\s0\fR is returned to indicate +that the algorithm produces a variable amount of output; 0 to indicate failure. +.PP +\&\fBEVP_KDF_get0_name()\fR returns the name of the \s-1KDF,\s0 or \s-1NULL\s0 on error. +.PP +\&\fBEVP_KDF_names_do_all()\fR returns 1 if the callback was called for all names. A +return value of 0 means that the callback was not called for any names. +.PP +The remaining functions return 1 for success and 0 or a negative value for +failure. In particular, a return value of \-2 indicates the operation is not +supported by the \s-1KDF\s0 algorithm. +.SH "NOTES" +.IX Header "NOTES" +The \s-1KDF\s0 life-cycle is described in \fBlife_cycle\-kdf\fR\|(7). In the future, +the transitions described there will be enforced. When this is done, it will +not be considered a breaking change to the \s-1API.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\*(L"Key Derivation Function (\s-1KDF\s0)\*(R" in \fBOSSL_PROVIDER\-default\fR\|(7), +\&\fBlife_cycle\-kdf\fR\|(7). +.SH "HISTORY" +.IX Header "HISTORY" +This functionality was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_KEM_free.3 b/secure/lib/libcrypto/man/man3/EVP_KEM_free.3 new file mode 100644 index 000000000000..d8027fc8af63 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_KEM_free.3 @@ -0,0 +1,234 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KEM_FREE 3ossl" +.TH EVP_KEM_FREE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KEM_fetch, EVP_KEM_free, EVP_KEM_up_ref, +EVP_KEM_get0_name, EVP_KEM_is_a, EVP_KEM_get0_provider, +EVP_KEM_do_all_provided, EVP_KEM_names_do_all, EVP_KEM_get0_description, +EVP_KEM_gettable_ctx_params, EVP_KEM_settable_ctx_params +\&\- Functions to manage EVP_KEM algorithm objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& EVP_KEM *EVP_KEM_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, +\& const char *properties); +\& void EVP_KEM_free(EVP_KEM *kem); +\& int EVP_KEM_up_ref(EVP_KEM *kem); +\& const char *EVP_KEM_get0_name(const EVP_KEM *kem); +\& int EVP_KEM_is_a(const EVP_KEM *kem, const char *name); +\& OSSL_PROVIDER *EVP_KEM_get0_provider(const EVP_KEM *kem); +\& void EVP_KEM_do_all_provided(OSSL_LIB_CTX *libctx, +\& void (*fn)(EVP_KEM *kem, void *arg), void *arg); +\& int EVP_KEM_names_do_all(const EVP_KEM *kem, +\& void (*fn)(const char *name, void *data), void *data); +\& const char *EVP_KEM_get0_description(const EVP_KEM *kem); +\& const OSSL_PARAM *EVP_KEM_gettable_ctx_params(const EVP_KEM *kem); +\& const OSSL_PARAM *EVP_KEM_settable_ctx_params(const EVP_KEM *kem); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEVP_KEM_fetch()\fR fetches the implementation for the given \fBalgorithm\fR from any +provider offering it, within the criteria given by the \fBproperties\fR and in the +scope of the given library context \fBctx\fR (see \s-1\fBOSSL_LIB_CTX\s0\fR\|(3)). The algorithm +will be one offering functions for performing asymmetric kem related tasks such +as key encapsulation and decapsulation. +See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further information. +.PP +The returned value must eventually be freed with \fBEVP_KEM_free()\fR. +.PP +\&\fBEVP_KEM_free()\fR decrements the reference count for the \fB\s-1EVP_KEM\s0\fR structure. +Typically this structure will have been obtained from an earlier call to +\&\fBEVP_KEM_fetch()\fR. If the reference count drops to 0 then the structure is freed. +.PP +\&\fBEVP_KEM_up_ref()\fR increments the reference count for an \fB\s-1EVP_KEM\s0\fR structure. +.PP +\&\fBEVP_KEM_is_a()\fR returns 1 if \fIkem\fR is an implementation of an +algorithm that's identifiable with \fIname\fR, otherwise 0. +.PP +\&\fBEVP_KEM_get0_provider()\fR returns the provider that \fIkem\fR was fetched from. +.PP +\&\fBEVP_KEM_do_all_provided()\fR traverses all EVP_KEMs implemented by all activated +providers in the given library context \fIlibctx\fR, and for each of the +implementations, calls the given function \fIfn\fR with the implementation method +and the given \fIarg\fR as argument. +.PP +\&\fBEVP_KEM_get0_name()\fR returns the algorithm name from the provided +implementation for the given \fIkem\fR. Note that the \fIkem\fR may have +multiple synonyms associated with it. In this case the first name from the +algorithm definition is returned. Ownership of the returned string is retained +by the \fIkem\fR object and should not be freed by the caller. +.PP +\&\fBEVP_KEM_names_do_all()\fR traverses all names for \fIkem\fR, and calls \fIfn\fR with +each name and \fIdata\fR. +.PP +\&\fBEVP_KEM_get0_description()\fR returns a description of the \fIkem\fR, meant for +display and human consumption. The description is at the discretion of +the \fIkem\fR implementation. +.PP +\&\fBEVP_KEM_gettable_ctx_params()\fR and \fBEVP_KEM_settable_ctx_params()\fR return +a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the names and types of key +parameters that can be retrieved or set by a key encapsulation algorithm using +\&\fBEVP_PKEY_CTX_get_params\fR\|(3) and \fBEVP_PKEY_CTX_set_params\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_KEM_fetch()\fR returns a pointer to an \fB\s-1EVP_KEM\s0\fR for success or \fB\s-1NULL\s0\fR for +failure. +.PP +\&\fBEVP_KEM_up_ref()\fR returns 1 for success or 0 otherwise. +.PP +\&\fBEVP_KEM_names_do_all()\fR returns 1 if the callback was called for all names. A +return value of 0 means that the callback was not called for any names. +.PP +\&\fBEVP_KEM_gettable_ctx_params()\fR and \fBEVP_KEM_settable_ctx_params()\fR return +a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array or \s-1NULL\s0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7), \s-1\fBOSSL_PROVIDER\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_KEYEXCH_free.3 b/secure/lib/libcrypto/man/man3/EVP_KEYEXCH_free.3 new file mode 100644 index 000000000000..aa7bfaf7b646 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_KEYEXCH_free.3 @@ -0,0 +1,240 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KEYEXCH_FREE 3ossl" +.TH EVP_KEYEXCH_FREE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KEYEXCH_fetch, EVP_KEYEXCH_free, EVP_KEYEXCH_up_ref, +EVP_KEYEXCH_get0_provider, EVP_KEYEXCH_is_a, EVP_KEYEXCH_do_all_provided, +EVP_KEYEXCH_names_do_all, EVP_KEYEXCH_get0_name, EVP_KEYEXCH_get0_description, +EVP_KEYEXCH_gettable_ctx_params, EVP_KEYEXCH_settable_ctx_params +\&\- Functions to manage EVP_KEYEXCH algorithm objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& EVP_KEYEXCH *EVP_KEYEXCH_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, +\& const char *properties); +\& void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange); +\& int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange); +\& OSSL_PROVIDER *EVP_KEYEXCH_get0_provider(const EVP_KEYEXCH *exchange); +\& int EVP_KEYEXCH_is_a(const EVP_KEYEXCH *exchange, const char *name); +\& const char *EVP_KEYEXCH_get0_name(const EVP_KEYEXCH *exchange); +\& void EVP_KEYEXCH_do_all_provided(OSSL_LIB_CTX *libctx, +\& void (*fn)(EVP_KEYEXCH *exchange, void *arg), +\& void *arg); +\& int EVP_KEYEXCH_names_do_all(const EVP_KEYEXCH *exchange, +\& void (*fn)(const char *name, void *data), +\& void *data); +\& const char *EVP_KEYEXCH_get0_description(const EVP_KEYEXCH *keyexch); +\& const OSSL_PARAM *EVP_KEYEXCH_gettable_ctx_params(const EVP_KEYEXCH *keyexch); +\& const OSSL_PARAM *EVP_KEYEXCH_settable_ctx_params(const EVP_KEYEXCH *keyexch); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEVP_KEYEXCH_fetch()\fR fetches the key exchange implementation for the given +\&\fIalgorithm\fR from any provider offering it, within the criteria given +by the \fIproperties\fR. +See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further information. +.PP +The returned value must eventually be freed with \fBEVP_KEYEXCH_free()\fR. +.PP +\&\fBEVP_KEYEXCH_free()\fR decrements the reference count for the \fB\s-1EVP_KEYEXCH\s0\fR +structure. Typically this structure will have been obtained from an earlier call +to \fBEVP_KEYEXCH_fetch()\fR. If the reference count drops to 0 then the +structure is freed. +.PP +\&\fBEVP_KEYEXCH_up_ref()\fR increments the reference count for an \fB\s-1EVP_KEYEXCH\s0\fR +structure. +.PP +\&\fBEVP_KEYEXCH_get0_provider()\fR returns the provider that \fIexchange\fR was +fetched from. +.PP +\&\fBEVP_KEYEXCH_is_a()\fR checks if \fIexchange\fR is an implementation of an +algorithm that's identifiable with \fIname\fR. +.PP +\&\fBEVP_KEYEXCH_get0_name()\fR returns the algorithm name from the provided +implementation for the given \fIexchange\fR. Note that the \fIexchange\fR may have +multiple synonyms associated with it. In this case the first name from the +algorithm definition is returned. Ownership of the returned string is retained +by the \fIexchange\fR object and should not be freed by the caller. +.PP +\&\fBEVP_KEYEXCH_names_do_all()\fR traverses all names for the \fIexchange\fR, and +calls \fIfn\fR with each name and \fIdata\fR. +.PP +\&\fBEVP_KEYEXCH_get0_description()\fR returns a description of the \fIkeyexch\fR, meant +for display and human consumption. The description is at the discretion of +the \fIkeyexch\fR implementation. +.PP +\&\fBEVP_KEYEXCH_do_all_provided()\fR traverses all key exchange implementations by +all activated providers in the library context \fIlibctx\fR, and for each +of the implementations, calls \fIfn\fR with the implementation method and +\&\fIdata\fR as arguments. +.PP +\&\fBEVP_KEYEXCH_gettable_ctx_params()\fR and \fBEVP_KEYEXCH_settable_ctx_params()\fR return +a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the names and types of key +parameters that can be retrieved or set by a key exchange algorithm using +\&\fBEVP_PKEY_CTX_get_params\fR\|(3) and \fBEVP_PKEY_CTX_set_params\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_KEYEXCH_fetch()\fR returns a pointer to a \fB\s-1EVP_KEYEXCH\s0\fR for success +or \s-1NULL\s0 for failure. +.PP +\&\fBEVP_KEYEXCH_up_ref()\fR returns 1 for success or 0 otherwise. +.PP +\&\fBEVP_KEYEXCH_names_do_all()\fR returns 1 if the callback was called for all +names. A return value of 0 means that the callback was not called for any names. +.PP +\&\fBEVP_KEYEXCH_is_a()\fR returns 1 of \fIexchange\fR was identifiable, +otherwise 0. +.PP +\&\fBEVP_KEYEXCH_gettable_ctx_params()\fR and \fBEVP_KEYEXCH_settable_ctx_params()\fR return +a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array or \s-1NULL\s0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7), \s-1\fBOSSL_PROVIDER\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_KEYMGMT.3 b/secure/lib/libcrypto/man/man3/EVP_KEYMGMT.3 new file mode 100644 index 000000000000..c841aa611be7 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_KEYMGMT.3 @@ -0,0 +1,278 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KEYMGMT 3ossl" +.TH EVP_KEYMGMT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KEYMGMT, +EVP_KEYMGMT_fetch, +EVP_KEYMGMT_up_ref, +EVP_KEYMGMT_free, +EVP_KEYMGMT_get0_provider, +EVP_KEYMGMT_is_a, +EVP_KEYMGMT_get0_description, +EVP_KEYMGMT_get0_name, +EVP_KEYMGMT_do_all_provided, +EVP_KEYMGMT_names_do_all, +EVP_KEYMGMT_gettable_params, +EVP_KEYMGMT_settable_params, +EVP_KEYMGMT_gen_settable_params +\&\- EVP key management routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& typedef struct evp_keymgmt_st EVP_KEYMGMT; +\& +\& EVP_KEYMGMT *EVP_KEYMGMT_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, +\& const char *properties); +\& int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt); +\& void EVP_KEYMGMT_free(EVP_KEYMGMT *keymgmt); +\& const OSSL_PROVIDER *EVP_KEYMGMT_get0_provider(const EVP_KEYMGMT *keymgmt); +\& int EVP_KEYMGMT_is_a(const EVP_KEYMGMT *keymgmt, const char *name); +\& const char *EVP_KEYMGMT_get0_name(const EVP_KEYMGMT *keymgmt); +\& const char *EVP_KEYMGMT_get0_description(const EVP_KEYMGMT *keymgmt); +\& +\& void EVP_KEYMGMT_do_all_provided(OSSL_LIB_CTX *libctx, +\& void (*fn)(EVP_KEYMGMT *keymgmt, void *arg), +\& void *arg); +\& int EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt, +\& void (*fn)(const char *name, void *data), +\& void *data); +\& const OSSL_PARAM *EVP_KEYMGMT_gettable_params(const EVP_KEYMGMT *keymgmt); +\& const OSSL_PARAM *EVP_KEYMGMT_settable_params(const EVP_KEYMGMT *keymgmt); +\& const OSSL_PARAM *EVP_KEYMGMT_gen_settable_params(const EVP_KEYMGMT *keymgmt); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1EVP_KEYMGMT\s0\fR is a method object that represents key management +implementations for different cryptographic algorithms. +This method object provides functionality to have providers import key +material from the outside, as well as export key material to the +outside. +Most of the functionality can only be used internally and has no +public interface, this object is simply passed into other functions +when needed. +.PP +\&\fBEVP_KEYMGMT_fetch()\fR looks for an algorithm within the provider that +has been loaded into the \fB\s-1OSSL_LIB_CTX\s0\fR given by \fIctx\fR, having the +name given by \fIalgorithm\fR and the properties given by \fIproperties\fR. +.PP +\&\fBEVP_KEYMGMT_up_ref()\fR increments the reference count for the given +\&\fB\s-1EVP_KEYMGMT\s0\fR \fIkeymgmt\fR. +.PP +\&\fBEVP_KEYMGMT_free()\fR decrements the reference count for the given +\&\fB\s-1EVP_KEYMGMT\s0\fR \fIkeymgmt\fR, and when the count reaches zero, frees it. +.PP +\&\fBEVP_KEYMGMT_get0_provider()\fR returns the provider that has this particular +implementation. +.PP +\&\fBEVP_KEYMGMT_is_a()\fR checks if \fIkeymgmt\fR is an implementation of an +algorithm that's identifiable with \fIname\fR. +.PP +\&\fBEVP_KEYMGMT_get0_name()\fR returns the algorithm name from the provided +implementation for the given \fIkeymgmt\fR. Note that the \fIkeymgmt\fR may have +multiple synonyms associated with it. In this case the first name from the +algorithm definition is returned. Ownership of the returned string is +retained by the \fIkeymgmt\fR object and should not be freed by the caller. +.PP +\&\fBEVP_KEYMGMT_names_do_all()\fR traverses all names for the \fIkeymgmt\fR, and +calls \fIfn\fR with each name and \fIdata\fR. +.PP +\&\fBEVP_KEYMGMT_get0_description()\fR returns a description of the \fIkeymgmt\fR, meant +for display and human consumption. The description is at the discretion +of the \fIkeymgmt\fR implementation. +.PP +\&\fBEVP_KEYMGMT_do_all_provided()\fR traverses all key keymgmt implementations by +all activated providers in the library context \fIlibctx\fR, and for each +of the implementations, calls \fIfn\fR with the implementation method and +\&\fIdata\fR as arguments. +.PP +\&\fBEVP_KEYMGMT_gettable_params()\fR and \fBEVP_KEYMGMT_settable_params()\fR return a +constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the names and types of key +parameters that can be retrieved or set. +\&\fBEVP_KEYMGMT_gettable_params()\fR is used by \fBEVP_PKEY_gettable_params\fR\|(3). +.PP +\&\fBEVP_KEYMGMT_gen_settable_params()\fR returns a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that +describes the names and types of key generation parameters that can be set via +\&\fBEVP_PKEY_CTX_set_params\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +\&\fBEVP_KEYMGMT_fetch()\fR may be called implicitly by other fetching +functions, using the same library context and properties. +Any other \s-1API\s0 that uses keys will typically do this. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_KEYMGMT_fetch()\fR returns a pointer to the key management +implementation represented by an \s-1EVP_KEYMGMT\s0 object, or \s-1NULL\s0 on +error. +.PP +\&\fBEVP_KEYMGMT_up_ref()\fR returns 1 on success, or 0 on error. +.PP +\&\fBEVP_KEYMGMT_names_do_all()\fR returns 1 if the callback was called for all +names. A return value of 0 means that the callback was not called for any names. +.PP +\&\fBEVP_KEYMGMT_free()\fR doesn't return any value. +.PP +\&\fBEVP_KEYMGMT_get0_provider()\fR returns a pointer to a provider object, or \s-1NULL\s0 +on error. +.PP +\&\fBEVP_KEYMGMT_is_a()\fR returns 1 of \fIkeymgmt\fR was identifiable, +otherwise 0. +.PP +\&\fBEVP_KEYMGMT_get0_name()\fR returns the algorithm name, or \s-1NULL\s0 on error. +.PP +\&\fBEVP_KEYMGMT_get0_description()\fR returns a pointer to a description, or \s-1NULL\s0 if +there isn't one. +.PP +\&\fBEVP_KEYMGMT_gettable_params()\fR, \fBEVP_KEYMGMT_settable_params()\fR and +\&\fBEVP_KEYMGMT_gen_settable_params()\fR return a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array or +\&\s-1NULL\s0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_MD_fetch\fR\|(3), \s-1\fBOSSL_LIB_CTX\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_MAC.3 b/secure/lib/libcrypto/man/man3/EVP_MAC.3 new file mode 100644 index 000000000000..1f09c04db2b4 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_MAC.3 @@ -0,0 +1,616 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MAC 3ossl" +.TH EVP_MAC 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_MAC, EVP_MAC_fetch, EVP_MAC_up_ref, EVP_MAC_free, EVP_MAC_is_a, +EVP_MAC_get0_name, EVP_MAC_names_do_all, EVP_MAC_get0_description, +EVP_MAC_get0_provider, EVP_MAC_get_params, EVP_MAC_gettable_params, +EVP_MAC_CTX, EVP_MAC_CTX_new, EVP_MAC_CTX_free, EVP_MAC_CTX_dup, +EVP_MAC_CTX_get0_mac, EVP_MAC_CTX_get_params, EVP_MAC_CTX_set_params, +EVP_MAC_CTX_get_mac_size, EVP_MAC_CTX_get_block_size, EVP_Q_mac, +EVP_MAC_init, EVP_MAC_update, EVP_MAC_final, EVP_MAC_finalXOF, +EVP_MAC_gettable_ctx_params, EVP_MAC_settable_ctx_params, +EVP_MAC_CTX_gettable_params, EVP_MAC_CTX_settable_params, +EVP_MAC_do_all_provided \- EVP MAC routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& typedef struct evp_mac_st EVP_MAC; +\& typedef struct evp_mac_ctx_st EVP_MAC_CTX; +\& +\& EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, +\& const char *properties); +\& int EVP_MAC_up_ref(EVP_MAC *mac); +\& void EVP_MAC_free(EVP_MAC *mac); +\& int EVP_MAC_is_a(const EVP_MAC *mac, const char *name); +\& const char *EVP_MAC_get0_name(const EVP_MAC *mac); +\& int EVP_MAC_names_do_all(const EVP_MAC *mac, +\& void (*fn)(const char *name, void *data), +\& void *data); +\& const char *EVP_MAC_get0_description(const EVP_MAC *mac); +\& const OSSL_PROVIDER *EVP_MAC_get0_provider(const EVP_MAC *mac); +\& int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]); +\& +\& EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac); +\& void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx); +\& EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src); +\& EVP_MAC *EVP_MAC_CTX_get0_mac(EVP_MAC_CTX *ctx); +\& int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]); +\& int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]); +\& +\& size_t EVP_MAC_CTX_get_mac_size(EVP_MAC_CTX *ctx); +\& size_t EVP_MAC_CTX_get_block_size(EVP_MAC_CTX *ctx); +\& unsigned char *EVP_Q_mac(OSSL_LIB_CTX *libctx, const char *name, const char *propq, +\& const char *subalg, const OSSL_PARAM *params, +\& const void *key, size_t keylen, +\& const unsigned char *data, size_t datalen, +\& unsigned char *out, size_t outsize, size_t *outlen); +\& int EVP_MAC_init(EVP_MAC_CTX *ctx, const unsigned char *key, size_t keylen, +\& const OSSL_PARAM params[]); +\& int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen); +\& int EVP_MAC_final(EVP_MAC_CTX *ctx, +\& unsigned char *out, size_t *outl, size_t outsize); +\& int EVP_MAC_finalXOF(EVP_MAC_CTX *ctx, unsigned char *out, size_t outsize); +\& +\& const OSSL_PARAM *EVP_MAC_gettable_params(const EVP_MAC *mac); +\& const OSSL_PARAM *EVP_MAC_gettable_ctx_params(const EVP_MAC *mac); +\& const OSSL_PARAM *EVP_MAC_settable_ctx_params(const EVP_MAC *mac); +\& const OSSL_PARAM *EVP_MAC_CTX_gettable_params(EVP_MAC_CTX *ctx); +\& const OSSL_PARAM *EVP_MAC_CTX_settable_params(EVP_MAC_CTX *ctx); +\& +\& void EVP_MAC_do_all_provided(OSSL_LIB_CTX *libctx, +\& void (*fn)(EVP_MAC *mac, void *arg), +\& void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These types and functions help the application to calculate MACs of +different types and with different underlying algorithms if there are +any. +.PP +MACs are a bit complex insofar that some of them use other algorithms +for actual computation. \s-1HMAC\s0 uses a digest, and \s-1CMAC\s0 uses a cipher. +Therefore, there are sometimes two contexts to keep track of, one for +the \s-1MAC\s0 algorithm itself and one for the underlying computation +algorithm if there is one. +.PP +To make things less ambiguous, this manual talks about a \*(L"context\*(R" or +\&\*(L"\s-1MAC\s0 context\*(R", which is to denote the \s-1MAC\s0 level context, and about a +\&\*(L"underlying context\*(R", or \*(L"computation context\*(R", which is to denote the +context for the underlying computation algorithm if there is one. +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1EVP_MAC\s0\fR is a type that holds the implementation of a \s-1MAC.\s0 +.PP +\&\fB\s-1EVP_MAC_CTX\s0\fR is a context type that holds internal \s-1MAC\s0 information +as well as a reference to a computation context, for those MACs that +rely on an underlying computation algorithm. +.SS "Algorithm implementation fetching" +.IX Subsection "Algorithm implementation fetching" +\&\fBEVP_MAC_fetch()\fR fetches an implementation of a \s-1MAC\s0 \fIalgorithm\fR, given +a library context \fIlibctx\fR and a set of \fIproperties\fR. +See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further information. +.PP +See \*(L"Message Authentication Code (\s-1MAC\s0)\*(R" in \fBOSSL_PROVIDER\-default\fR\|(7) for the list +of algorithms supported by the default provider. +.PP +The returned value must eventually be freed with +\&\fBEVP_MAC_free\fR\|(3). +.PP +\&\fBEVP_MAC_up_ref()\fR increments the reference count of an already fetched +\&\s-1MAC.\s0 +.PP +\&\fBEVP_MAC_free()\fR frees a fetched algorithm. +\&\s-1NULL\s0 is a valid parameter, for which this function is a no-op. +.SS "Context manipulation functions" +.IX Subsection "Context manipulation functions" +\&\fBEVP_MAC_CTX_new()\fR creates a new context for the \s-1MAC\s0 type \fImac\fR. +The created context can then be used with most other functions +described here. +.PP +\&\fBEVP_MAC_CTX_free()\fR frees the contents of the context, including an +underlying context if there is one, as well as the context itself. +\&\s-1NULL\s0 is a valid parameter, for which this function is a no-op. +.PP +\&\fBEVP_MAC_CTX_dup()\fR duplicates the \fIsrc\fR context and returns a newly allocated +context. +.PP +\&\fBEVP_MAC_CTX_get0_mac()\fR returns the \fB\s-1EVP_MAC\s0\fR associated with the context +\&\fIctx\fR. +.SS "Computing functions" +.IX Subsection "Computing functions" +\&\fBEVP_Q_mac()\fR computes the message authentication code +of \fIdata\fR with length \fIdatalen\fR +using the \s-1MAC\s0 algorithm \fIname\fR and the key \fIkey\fR with length \fIkeylen\fR. +The \s-1MAC\s0 algorithm is fetched using any given \fIlibctx\fR and property query +string \fIpropq\fR. It takes parameters \fIsubalg\fR and further \fIparams\fR, +both of which may be \s-1NULL\s0 if not needed. +If \fIout\fR is not \s-1NULL,\s0 it places the result in the memory pointed at by \fIout\fR, +but only if \fIoutsize\fR is sufficient (otherwise no computation is made). +If \fIout\fR is \s-1NULL,\s0 it allocates and uses a buffer of suitable length, +which will be returned on success and must be freed by the caller. +In either case, also on error, +it assigns the number of bytes written to \fI*outlen\fR unless \fIoutlen\fR is \s-1NULL.\s0 +.PP +\&\fBEVP_MAC_init()\fR sets up the underlying context \fIctx\fR with information given +via the \fIkey\fR and \fIparams\fR arguments. The \s-1MAC\s0 \fIkey\fR has a length of +\&\fIkeylen\fR and the parameters in \fIparams\fR are processed before setting +the key. If \fIkey\fR is \s-1NULL,\s0 the key must be set via \fIparams\fR either +as part of this call or separately using \fBEVP_MAC_CTX_set_params()\fR. +Providing non-NULL \fIparams\fR to this function is equivalent to calling +\&\fBEVP_MAC_CTX_set_params()\fR with those \fIparams\fR for the same \fIctx\fR beforehand. +.PP +\&\fBEVP_MAC_init()\fR should be called before \fBEVP_MAC_update()\fR and \fBEVP_MAC_final()\fR. +.PP +\&\fBEVP_MAC_update()\fR adds \fIdatalen\fR bytes from \fIdata\fR to the \s-1MAC\s0 input. +.PP +\&\fBEVP_MAC_final()\fR does the final computation and stores the result in +the memory pointed at by \fIout\fR of size \fIoutsize\fR, and sets the number +of bytes written in \fI*outl\fR at. +If \fIout\fR is \s-1NULL\s0 or \fIoutsize\fR is too small, then no computation +is made. +To figure out what the output length will be and allocate space for it +dynamically, simply call with \fIout\fR being \s-1NULL\s0 and \fIoutl\fR +pointing at a valid location, then allocate space and make a second +call with \fIout\fR pointing at the allocated space. +.PP +\&\fBEVP_MAC_finalXOF()\fR does the final computation for an \s-1XOF\s0 based \s-1MAC\s0 and stores +the result in the memory pointed at by \fIout\fR of size \fIoutsize\fR. +.PP +\&\fBEVP_MAC_get_params()\fR retrieves details about the implementation +\&\fImac\fR. +The set of parameters given with \fIparams\fR determine exactly what +parameters should be retrieved. +Note that a parameter that is unknown in the underlying context is +simply ignored. +.PP +\&\fBEVP_MAC_CTX_get_params()\fR retrieves chosen parameters, given the +context \fIctx\fR and its underlying context. +The set of parameters given with \fIparams\fR determine exactly what +parameters should be retrieved. +Note that a parameter that is unknown in the underlying context is +simply ignored. +.PP +\&\fBEVP_MAC_CTX_set_params()\fR passes chosen parameters to the underlying +context, given a context \fIctx\fR. +The set of parameters given with \fIparams\fR determine exactly what +parameters are passed down. +If \fIparams\fR are \s-1NULL,\s0 the underlying context should do nothing and return 1. +Note that a parameter that is unknown in the underlying context is +simply ignored. +Also, what happens when a needed parameter isn't passed down is +defined by the implementation. +.PP +\&\fBEVP_MAC_gettable_params()\fR returns an \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes +the retrievable and settable parameters. \fBEVP_MAC_gettable_params()\fR +returns parameters that can be used with \fBEVP_MAC_get_params()\fR. +.PP +\&\fBEVP_MAC_gettable_ctx_params()\fR and \fBEVP_MAC_CTX_gettable_params()\fR +return constant \s-1\fBOSSL_PARAM\s0\fR\|(3) arrays that describe the retrievable +parameters that can be used with \fBEVP_MAC_CTX_get_params()\fR. +\&\fBEVP_MAC_gettable_ctx_params()\fR returns the parameters that can be retrieved +from the algorithm, whereas \fBEVP_MAC_CTX_gettable_params()\fR returns +the parameters that can be retrieved in the context's current state. +.PP +\&\fBEVP_MAC_settable_ctx_params()\fR and \fBEVP_MAC_CTX_settable_params()\fR return +constant \s-1\fBOSSL_PARAM\s0\fR\|(3) arrays that describe the settable parameters that +can be used with \fBEVP_MAC_CTX_set_params()\fR. \fBEVP_MAC_settable_ctx_params()\fR +returns the parameters that can be retrieved from the algorithm, +whereas \fBEVP_MAC_CTX_settable_params()\fR returns the parameters that can +be retrieved in the context's current state. +.SS "Information functions" +.IX Subsection "Information functions" +\&\fBEVP_MAC_CTX_get_mac_size()\fR returns the \s-1MAC\s0 output size for the given context. +.PP +\&\fBEVP_MAC_CTX_get_block_size()\fR returns the \s-1MAC\s0 block size for the given context. +Not all \s-1MAC\s0 algorithms support this. +.PP +\&\fBEVP_MAC_is_a()\fR checks if the given \fImac\fR is an implementation of an +algorithm that's identifiable with \fIname\fR. +.PP +\&\fBEVP_MAC_get0_provider()\fR returns the provider that holds the implementation +of the given \fImac\fR. +.PP +\&\fBEVP_MAC_do_all_provided()\fR traverses all \s-1MAC\s0 implemented by all activated +providers in the given library context \fIlibctx\fR, and for each of the +implementations, calls the given function \fIfn\fR with the implementation method +and the given \fIarg\fR as argument. +.PP +\&\fBEVP_MAC_get0_name()\fR return the name of the given \s-1MAC.\s0 For fetched MACs +with multiple names, only one of them is returned; it's +recommended to use \fBEVP_MAC_names_do_all()\fR instead. +.PP +\&\fBEVP_MAC_names_do_all()\fR traverses all names for \fImac\fR, and calls +\&\fIfn\fR with each name and \fIdata\fR. +.PP +\&\fBEVP_MAC_get0_description()\fR returns a description of the \fImac\fR, meant +for display and human consumption. The description is at the discretion +of the mac implementation. +.SH "PARAMETERS" +.IX Header "PARAMETERS" +Parameters are identified by name as strings, and have an expected +data type and maximum size. +OpenSSL has a set of macros for parameter names it expects to see in +its own \s-1MAC\s0 implementations. +Here, we show all three, the OpenSSL macro for the parameter name, the +name in string form, and a type description. +.PP +The standard parameter names are: +.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) <octet string>" 4 +.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) <octet string>" 4 +.IX Item "key (OSSL_MAC_PARAM_KEY) <octet string>" +Its value is the \s-1MAC\s0 key as an array of bytes. +.Sp +For MACs that use an underlying computation algorithm, the algorithm +must be set first, see parameter names \*(L"algorithm\*(R" below. +.ie n .IP """iv"" (\fB\s-1OSSL_MAC_PARAM_IV\s0\fR) <octet string>" 4 +.el .IP "``iv'' (\fB\s-1OSSL_MAC_PARAM_IV\s0\fR) <octet string>" 4 +.IX Item "iv (OSSL_MAC_PARAM_IV) <octet string>" +Some \s-1MAC\s0 implementations (\s-1GMAC\s0) require an \s-1IV,\s0 this parameter sets the \s-1IV.\s0 +.ie n .IP """custom"" (\fB\s-1OSSL_MAC_PARAM_CUSTOM\s0\fR) <octet string>" 4 +.el .IP "``custom'' (\fB\s-1OSSL_MAC_PARAM_CUSTOM\s0\fR) <octet string>" 4 +.IX Item "custom (OSSL_MAC_PARAM_CUSTOM) <octet string>" +Some \s-1MAC\s0 implementations (\s-1KMAC, BLAKE2\s0) accept a Customization String, +this parameter sets the Customization String. The default value is the +empty string. +.ie n .IP """salt"" (\fB\s-1OSSL_MAC_PARAM_SALT\s0\fR) <octet string>" 4 +.el .IP "``salt'' (\fB\s-1OSSL_MAC_PARAM_SALT\s0\fR) <octet string>" 4 +.IX Item "salt (OSSL_MAC_PARAM_SALT) <octet string>" +This option is used by \s-1BLAKE2 MAC.\s0 +.ie n .IP """xof"" (\fB\s-1OSSL_MAC_PARAM_XOF\s0\fR) <integer>" 4 +.el .IP "``xof'' (\fB\s-1OSSL_MAC_PARAM_XOF\s0\fR) <integer>" 4 +.IX Item "xof (OSSL_MAC_PARAM_XOF) <integer>" +It's a simple flag, the value 0 or 1 are expected. +.Sp +This option is used by \s-1KMAC.\s0 +.ie n .IP """digest-noinit"" (\fB\s-1OSSL_MAC_PARAM_DIGEST_NOINIT\s0\fR) <integer>" 4 +.el .IP "``digest-noinit'' (\fB\s-1OSSL_MAC_PARAM_DIGEST_NOINIT\s0\fR) <integer>" 4 +.IX Item "digest-noinit (OSSL_MAC_PARAM_DIGEST_NOINIT) <integer>" +A simple flag to set the \s-1MAC\s0 digest to not initialise the +implementation specific data. The value 0 or 1 is expected. +.Sp +This option is used by \s-1HMAC.\s0 +.ie n .IP """digest-oneshot"" (\fB\s-1OSSL_MAC_PARAM_DIGEST_ONESHOT\s0\fR) <integer>" 4 +.el .IP "``digest-oneshot'' (\fB\s-1OSSL_MAC_PARAM_DIGEST_ONESHOT\s0\fR) <integer>" 4 +.IX Item "digest-oneshot (OSSL_MAC_PARAM_DIGEST_ONESHOT) <integer>" +A simple flag to set the \s-1MAC\s0 digest to be a oneshot operation. +The value 0 or 1 is expected. +.Sp +This option is used by \s-1HMAC.\s0 +.ie n .IP """properties"" (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_MAC_PARAM_PROPERTIES) <UTF8 string>" +.PD 0 +.ie n .IP """digest"" (\fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_MAC_PARAM_DIGEST) <UTF8 string>" +.ie n .IP """cipher"" (\fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``cipher'' (\fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "cipher (OSSL_MAC_PARAM_CIPHER) <UTF8 string>" +.PD +For \s-1MAC\s0 implementations that use an underlying computation cipher or +digest, these parameters set what the algorithm should be. +.Sp +The value is always the name of the intended algorithm, +or the properties. +.Sp +Note that not all algorithms may support all digests. +\&\s-1HMAC\s0 does not support variable output length digests such as \s-1SHAKE128\s0 +or \s-1SHAKE256.\s0 +.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) <unsigned integer>" 4 +.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) <unsigned integer>" 4 +.IX Item "size (OSSL_MAC_PARAM_SIZE) <unsigned integer>" +For \s-1MAC\s0 implementations that support it, set the output size that +\&\fBEVP_MAC_final()\fR should produce. +The allowed sizes vary between \s-1MAC\s0 implementations, but must never exceed +what can be given with a \fBsize_t\fR. +.ie n .IP """tls-data-size"" (\fB\s-1OSSL_MAC_PARAM_TLS_DATA_SIZE\s0\fR) <unsigned integer>" 4 +.el .IP "``tls-data-size'' (\fB\s-1OSSL_MAC_PARAM_TLS_DATA_SIZE\s0\fR) <unsigned integer>" 4 +.IX Item "tls-data-size (OSSL_MAC_PARAM_TLS_DATA_SIZE) <unsigned integer>" +This parameter is only supported by \s-1HMAC.\s0 If set then special handling is +activated for calculating the \s-1MAC\s0 of a received mac-then-encrypt \s-1TLS\s0 record +where variable length record padding has been used (as in the case of \s-1CBC\s0 mode +ciphersuites). The value represents the total length of the record that is +having the \s-1MAC\s0 calculated including the received \s-1MAC\s0 and the record padding. +.Sp +When used EVP_MAC_update must be called precisely twice. The first time with +the 13 bytes of \s-1TLS\s0 \*(L"header\*(R" data, and the second time with the entire record +including the \s-1MAC\s0 itself and any padding. The entire record length must equal +the value passed in the \*(L"tls-data-size\*(R" parameter. The length passed in the +\&\fBdatalen\fR parameter to \fBEVP_MAC_update()\fR should be equal to the length of the +record after the \s-1MAC\s0 and any padding has been removed. +.PP +All these parameters should be used before the calls to any of +\&\fBEVP_MAC_init()\fR, \fBEVP_MAC_update()\fR and \fBEVP_MAC_final()\fR for a full +computation. +Anything else may give undefined results. +.SH "NOTES" +.IX Header "NOTES" +The \s-1MAC\s0 life-cycle is described in \fBlife_cycle\-mac\fR\|(7). In the future, +the transitions described there will be enforced. When this is done, it will +not be considered a breaking change to the \s-1API.\s0 +.PP +The usage of the parameter names \*(L"custom\*(R", \*(L"iv\*(R" and \*(L"salt\*(R" correspond to +the names used in the standard where the algorithm was defined. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_MAC_fetch()\fR returns a pointer to a newly fetched \fB\s-1EVP_MAC\s0\fR, or +\&\s-1NULL\s0 if allocation failed. +.PP +\&\fBEVP_MAC_up_ref()\fR returns 1 on success, 0 on error. +.PP +\&\fBEVP_MAC_names_do_all()\fR returns 1 if the callback was called for all names. A +return value of 0 means that the callback was not called for any names. +.PP +\&\fBEVP_MAC_free()\fR returns nothing at all. +.PP +\&\fBEVP_MAC_is_a()\fR returns 1 if the given method can be identified with +the given name, otherwise 0. +.PP +\&\fBEVP_MAC_get0_name()\fR returns a name of the \s-1MAC,\s0 or \s-1NULL\s0 on error. +.PP +\&\fBEVP_MAC_get0_provider()\fR returns a pointer to the provider for the \s-1MAC,\s0 or +\&\s-1NULL\s0 on error. +.PP +\&\fBEVP_MAC_CTX_new()\fR and \fBEVP_MAC_CTX_dup()\fR return a pointer to a newly +created \s-1EVP_MAC_CTX,\s0 or \s-1NULL\s0 if allocation failed. +.PP +\&\fBEVP_MAC_CTX_free()\fR returns nothing at all. +.PP +\&\fBEVP_MAC_CTX_get_params()\fR and \fBEVP_MAC_CTX_set_params()\fR return 1 on +success, 0 on error. +.PP +\&\fBEVP_Q_mac()\fR returns a pointer to the computed \s-1MAC\s0 value, or \s-1NULL\s0 on error. +.PP +\&\fBEVP_MAC_init()\fR, \fBEVP_MAC_update()\fR, \fBEVP_MAC_final()\fR, and \fBEVP_MAC_finalXOF()\fR +return 1 on success, 0 on error. +.PP +\&\fBEVP_MAC_CTX_get_mac_size()\fR returns the expected output size, or 0 if it isn't +set. If it isn't set, a call to \fBEVP_MAC_init()\fR will set it. +.PP +\&\fBEVP_MAC_CTX_get_block_size()\fR returns the block size, or 0 if it isn't set. +If it isn't set, a call to \fBEVP_MAC_init()\fR will set it. +.PP +\&\fBEVP_MAC_do_all_provided()\fR returns nothing at all. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +.Vb 5 +\& #include <stdlib.h> +\& #include <stdio.h> +\& #include <string.h> +\& #include <stdarg.h> +\& #include <unistd.h> +\& +\& #include <openssl/evp.h> +\& #include <openssl/err.h> +\& #include <openssl/params.h> +\& +\& int main() { +\& EVP_MAC *mac = EVP_MAC_fetch(NULL, getenv("MY_MAC"), NULL); +\& const char *cipher = getenv("MY_MAC_CIPHER"); +\& const char *digest = getenv("MY_MAC_DIGEST"); +\& const char *key = getenv("MY_KEY"); +\& EVP_MAC_CTX *ctx = NULL; +\& +\& unsigned char buf[4096]; +\& size_t read_l; +\& size_t final_l; +\& +\& size_t i; +\& +\& OSSL_PARAM params[3]; +\& size_t params_n = 0; +\& +\& if (cipher != NULL) +\& params[params_n++] = +\& OSSL_PARAM_construct_utf8_string("cipher", (char*)cipher, 0); +\& if (digest != NULL) +\& params[params_n++] = +\& OSSL_PARAM_construct_utf8_string("digest", (char*)digest, 0); +\& params[params_n] = OSSL_PARAM_construct_end(); +\& +\& if (mac == NULL +\& || key == NULL +\& || (ctx = EVP_MAC_CTX_new(mac)) == NULL +\& || !EVP_MAC_init(ctx, (const unsigned char *)key, strlen(key), +\& params)) +\& goto err; +\& +\& while ( (read_l = read(STDIN_FILENO, buf, sizeof(buf))) > 0) { +\& if (!EVP_MAC_update(ctx, buf, read_l)) +\& goto err; +\& } +\& +\& if (!EVP_MAC_final(ctx, buf, &final_l, sizeof(buf))) +\& goto err; +\& +\& printf("Result: "); +\& for (i = 0; i < final_l; i++) +\& printf("%02X", buf[i]); +\& printf("\en"); +\& +\& EVP_MAC_CTX_free(ctx); +\& EVP_MAC_free(mac); +\& exit(0); +\& +\& err: +\& EVP_MAC_CTX_free(ctx); +\& EVP_MAC_free(mac); +\& fprintf(stderr, "Something went wrong\en"); +\& ERR_print_errors_fp(stderr); +\& exit (1); +\& } +.Ve +.PP +A run of this program, called with correct environment variables, can +look like this: +.PP +.Vb 3 +\& $ MY_MAC=cmac MY_KEY=secret0123456789 MY_MAC_CIPHER=aes\-128\-cbc \e +\& LD_LIBRARY_PATH=. ./foo < foo.c +\& Result: C5C06683CD9DDEF904D754505C560A4E +.Ve +.PP +(in this example, that program was stored in \fIfoo.c\fR and compiled to +\&\fI./foo\fR) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBproperty\fR\|(7) +\&\s-1\fBOSSL_PARAM\s0\fR\|(3), +\&\s-1\fBEVP_MAC\-BLAKE2\s0\fR\|(7), +\&\s-1\fBEVP_MAC\-CMAC\s0\fR\|(7), +\&\s-1\fBEVP_MAC\-GMAC\s0\fR\|(7), +\&\s-1\fBEVP_MAC\-HMAC\s0\fR\|(7), +\&\s-1\fBEVP_MAC\-KMAC\s0\fR\|(7), +\&\fBEVP_MAC\-Siphash\fR\|(7), +\&\fBEVP_MAC\-Poly1305\fR\|(7), +\&\fBprovider\-mac\fR\|(7), +\&\fBlife_cycle\-mac\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_MD_meth_new.3 b/secure/lib/libcrypto/man/man3/EVP_MD_meth_new.3 index 3a5cfdeac763..35762d706378 100644 --- a/secure/lib/libcrypto/man/man3/EVP_MD_meth_new.3 +++ b/secure/lib/libcrypto/man/man3/EVP_MD_meth_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,35 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_MD_METH_NEW 3" -.TH EVP_MD_METH_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_MD_METH_NEW 3ossl" +.TH EVP_MD_METH_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_MD_meth_dup, EVP_MD_meth_new, EVP_MD_meth_free, EVP_MD_meth_set_input_blocksize, EVP_MD_meth_set_result_size, EVP_MD_meth_set_app_datasize, EVP_MD_meth_set_flags, EVP_MD_meth_set_init, EVP_MD_meth_set_update, EVP_MD_meth_set_final, EVP_MD_meth_set_copy, EVP_MD_meth_set_cleanup, EVP_MD_meth_set_ctrl, EVP_MD_meth_get_input_blocksize, EVP_MD_meth_get_result_size, EVP_MD_meth_get_app_datasize, EVP_MD_meth_get_flags, EVP_MD_meth_get_init, EVP_MD_meth_get_update, EVP_MD_meth_get_final, EVP_MD_meth_get_copy, EVP_MD_meth_get_cleanup, EVP_MD_meth_get_ctrl \&\- Routines to build up EVP_MD methods +EVP_MD_meth_new, EVP_MD_meth_dup, EVP_MD_meth_free, +EVP_MD_meth_set_input_blocksize, +EVP_MD_meth_set_result_size, EVP_MD_meth_set_app_datasize, +EVP_MD_meth_set_flags, EVP_MD_meth_set_init, EVP_MD_meth_set_update, +EVP_MD_meth_set_final, EVP_MD_meth_set_copy, EVP_MD_meth_set_cleanup, +EVP_MD_meth_set_ctrl, EVP_MD_meth_get_input_blocksize, +EVP_MD_meth_get_result_size, EVP_MD_meth_get_app_datasize, +EVP_MD_meth_get_flags, EVP_MD_meth_get_init, EVP_MD_meth_get_update, +EVP_MD_meth_get_final, EVP_MD_meth_get_copy, EVP_MD_meth_get_cleanup, +EVP_MD_meth_get_ctrl +\&\- Routines to build up legacy EVP_MD methods .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 3 \& EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type); \& void EVP_MD_meth_free(EVP_MD *md); \& EVP_MD *EVP_MD_meth_dup(const EVP_MD *md); @@ -183,15 +197,20 @@ EVP_MD_meth_dup, EVP_MD_meth_new, EVP_MD_meth_free, EVP_MD_meth_set_input_blocks .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use the \s-1OSSL_PROVIDER\s0 APIs. +.PP The \fB\s-1EVP_MD\s0\fR type is a structure for digest method implementation. It can also have associated public/private key signing and verifying routines. .PP \&\fBEVP_MD_meth_new()\fR creates a new \fB\s-1EVP_MD\s0\fR structure. +These \fB\s-1EVP_MD\s0\fR structures are reference counted. .PP \&\fBEVP_MD_meth_dup()\fR creates a copy of \fBmd\fR. .PP -\&\fBEVP_MD_meth_free()\fR destroys a \fB\s-1EVP_MD\s0\fR structure. +\&\fBEVP_MD_meth_free()\fR decrements the reference count for the \fB\s-1EVP_MD\s0\fR structure. +If the reference count drops to 0 then the structure is freed. .PP \&\fBEVP_MD_meth_set_input_blocksize()\fR sets the internal input block size for the method \fBmd\fR to \fBblocksize\fR bytes. @@ -252,7 +271,7 @@ computations after the method's private data structure has been copied from one \fB\s-1EVP_MD_CTX\s0\fR to another. If all that's needed is to copy the data, there is no need for this copy function. Note that the copy function is passed two \fB\s-1EVP_MD_CTX\s0 *\fR, the private -data structure is then available with \fBEVP_MD_CTX_md_data()\fR. +data structure is then available with \fBEVP_MD_CTX_get0_md_data()\fR. This copy function is called by \fBEVP_MD_CTX_copy()\fR and \&\fBEVP_MD_CTX_copy_ex()\fR. .PP @@ -260,7 +279,7 @@ This copy function is called by \fBEVP_MD_CTX_copy()\fR and cleanup before the method's private data structure is cleaned out and freed. Note that the cleanup function is passed a \fB\s-1EVP_MD_CTX\s0 *\fR, the -private data structure is then available with \fBEVP_MD_CTX_md_data()\fR. +private data structure is then available with \fBEVP_MD_CTX_get0_md_data()\fR. This cleanup function is called by \fBEVP_MD_CTX_reset()\fR and \&\fBEVP_MD_CTX_free()\fR. .PP @@ -289,13 +308,18 @@ respective \fBmd\fR function. \&\fBEVP_DigestInit\fR\|(3), \fBEVP_SignInit\fR\|(3), \fBEVP_VerifyInit\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP The \fB\s-1EVP_MD\s0\fR structure was openly available in OpenSSL before version -1.1. The functions described here were added in OpenSSL 1.1. +1.1. +The functions described here were added in OpenSSL 1.1. +The \fB\s-1EVP_MD\s0\fR structure created with these functions became reference +counted in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_OpenInit.3 b/secure/lib/libcrypto/man/man3/EVP_OpenInit.3 index 8ffd6d158f2b..e25cb0a0e2b6 100644 --- a/secure/lib/libcrypto/man/man3/EVP_OpenInit.3 +++ b/secure/lib/libcrypto/man/man3/EVP_OpenInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_OPENINIT 3" -.TH EVP_OPENINIT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_OPENINIT 3ossl" +.TH EVP_OPENINIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -194,7 +192,7 @@ recovered secret key size) if successful. .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PBE_CipherInit.3 b/secure/lib/libcrypto/man/man3/EVP_PBE_CipherInit.3 new file mode 100644 index 000000000000..3bed3c5682c9 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PBE_CipherInit.3 @@ -0,0 +1,227 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PBE_CIPHERINIT 3ossl" +.TH EVP_PBE_CIPHERINIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PBE_CipherInit, EVP_PBE_CipherInit_ex, +EVP_PBE_find, EVP_PBE_find_ex, +EVP_PBE_alg_add_type, EVP_PBE_alg_add \- Password based encryption routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, +\& ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); +\& int EVP_PBE_CipherInit_ex(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, +\& ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de, +\& OSSL_LIB_CTX *libctx, const char *propq); +\& +\& int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid, +\& EVP_PBE_KEYGEN **pkeygen); +\& int EVP_PBE_find_ex(int type, int pbe_nid, int *pcnid, int *pmnid, +\& EVP_PBE_KEYGEN **pkeygen, EVP_PBE_KEYGEN_EX **keygen_ex); +\& +\& int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, +\& int md_nid, EVP_PBE_KEYGEN *keygen); +\& int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, +\& EVP_PBE_KEYGEN *keygen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +.SS "\s-1PBE\s0 operations" +.IX Subsection "PBE operations" +\&\fBEVP_PBE_CipherInit()\fR and \fBEVP_PBE_CipherInit_ex()\fR initialise an \fB\s-1EVP_CIPHER_CTX\s0\fR +\&\fIctx\fR for encryption (\fIen_de\fR=1) or decryption (\fIen_de\fR=0) using the password +\&\fIpass\fR of length \fIpasslen\fR. The \s-1PBE\s0 algorithm type and parameters are extracted +from an \s-1OID\s0 \fIpbe_obj\fR and parameters \fIparam\fR. +.PP +\&\fBEVP_PBE_CipherInit_ex()\fR also allows the application to specify a library context +\&\fIlibctx\fR and property query \fIpropq\fR to select appropriate algorithm +implementations. +.SS "\s-1PBE\s0 algorithm search" +.IX Subsection "PBE algorithm search" +\&\fBEVP_PBE_find()\fR and \fBEVP_PBE_find_ex()\fR search for a matching algorithm using two parameters: +.PP +1. An algorithm type \fItype\fR which can be: +.IP "\(bu" 4 +\&\s-1EVP_PBE_TYPE_OUTER\s0 \- A \s-1PBE\s0 algorithm +.IP "\(bu" 4 +\&\s-1EVP_PBE_TYPE_PRF\s0 \- A pseudo-random function +.IP "\(bu" 4 +\&\s-1EVP_PBE_TYPE_KDF\s0 \- A key derivation function +.PP +2. A \fIpbe_nid\fR which can represent the algorithm identifier with parameters e.g. +\&\fBNID_pbeWithSHA1AndRC2_CBC\fR or an algorithm class e.g. \fBNID_pbes2\fR. +.PP +They return the algorithm's cipher \s-1ID\s0 \fIpcnid\fR, digest \s-1ID\s0 \fIpmnid\fR and a key +generation function for the algorithm \fIpkeygen\fR. \fBEVP_PBE_CipherInit_ex()\fR also +returns an extended key generation function \fIkeygen_ex\fR which takes a library +context and property query. +.PP +If a \s-1NULL\s0 is supplied for any of \fIpcnid\fR, \fIpmnid\fR, \fIpkeygen\fR or \fIpkeygen_ex\fR +then this parameter is not returned. +.SS "\s-1PBE\s0 algorithm add" +.IX Subsection "PBE algorithm add" +\&\fBEVP_PBE_alg_add_type()\fR and \fBEVP_PBE_alg_add()\fR add an algorithm to the list +of known algorithms. Their parameters have the same meaning as for +\&\fBEVP_PBE_find()\fR and \fBEVP_PBE_find_ex()\fR functions. +.SH "NOTES" +.IX Header "NOTES" +The arguments \fIpbe_obj\fR and \fIparam\fR to \fBEVP_PBE_CipherInit()\fR and \fBEVP_PBE_CipherInit_ex()\fR +together form an \fBX509_ALGOR\fR and can often be extracted directly from this structure. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Return value is 1 for success and 0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPKCS5_PBE_keyivgen\fR\|(3), +\&\fBPKCS12_PBE_keyivgen_ex\fR\|(3), +\&\fBPKCS5_v2_PBE_keyivgen_ex\fR\|(3), +\&\fBPKCS12_pbe_crypt_ex\fR\|(3), +\&\fBPKCS12_create_ex\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBEVP_PBE_CipherInit_ex()\fR and \fBEVP_PBE_find_ex()\fR were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2021\-2022 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY2PKCS8.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY2PKCS8.3 new file mode 100644 index 000000000000..1846e9f509af --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY2PKCS8.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY2PKCS8 3ossl" +.TH EVP_PKEY2PKCS8 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY2PKCS8, EVP_PKCS82PKEY_ex, EVP_PKCS82PKEY +\&\- Convert a private key to/from PKCS8 +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509.h> +\& +\& PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(const EVP_PKEY *pkey); +\& EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8); +\& EVP_PKEY *EVP_PKCS82PKEY_ex(const PKCS8_PRIV_KEY_INFO *p8, OSSL_LIB_CTX *libctx, +\& const char *propq); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1\fBEVP_PKEY2PKCS8\s0()\fR converts a private key \fIpkey\fR into a returned \s-1PKCS8\s0 object. +.PP +\&\fBEVP_PKCS82PKEY_ex()\fR converts a \s-1PKCS8\s0 object \fIp8\fR into a returned private key. +It uses \fIlibctx\fR and \fIpropq\fR when fetching algorithms. +.PP +\&\s-1\fBEVP_PKCS82PKEY\s0()\fR is similar to \fBEVP_PKCS82PKEY_ex()\fR but uses default values of +\&\s-1NULL\s0 for the \fIlibctx\fR and \fIpropq\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fBEVP_PKEY2PKCS8\s0()\fR returns a \s-1PKCS8\s0 object on success. +\&\s-1\fBEVP_PKCS82PKEY\s0()\fR and \fBEVP_PKCS82PKEY_ex()\fR return a private key on success. +.PP +All functions return \s-1NULL\s0 if the operation fails. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPKCS8_pkey_add1_attr\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_ASN1_METHOD.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_ASN1_METHOD.3 index 259b09803e4f..c074b88940fd 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_ASN1_METHOD.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_ASN1_METHOD.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,36 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_ASN1_METHOD 3" -.TH EVP_PKEY_ASN1_METHOD 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_PKEY_ASN1_METHOD 3ossl" +.TH EVP_PKEY_ASN1_METHOD 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_ASN1_METHOD, EVP_PKEY_asn1_new, EVP_PKEY_asn1_copy, EVP_PKEY_asn1_free, EVP_PKEY_asn1_add0, EVP_PKEY_asn1_add_alias, EVP_PKEY_asn1_set_public, EVP_PKEY_asn1_set_private, EVP_PKEY_asn1_set_param, EVP_PKEY_asn1_set_free, EVP_PKEY_asn1_set_ctrl, EVP_PKEY_asn1_set_item, EVP_PKEY_asn1_set_siginf, EVP_PKEY_asn1_set_check, EVP_PKEY_asn1_set_public_check, EVP_PKEY_asn1_set_param_check, EVP_PKEY_asn1_set_security_bits, EVP_PKEY_asn1_set_set_priv_key, EVP_PKEY_asn1_set_set_pub_key, EVP_PKEY_asn1_set_get_priv_key, EVP_PKEY_asn1_set_get_pub_key, EVP_PKEY_get0_asn1 \&\- manipulating and registering EVP_PKEY_ASN1_METHOD structure +EVP_PKEY_ASN1_METHOD, +EVP_PKEY_asn1_new, +EVP_PKEY_asn1_copy, +EVP_PKEY_asn1_free, +EVP_PKEY_asn1_add0, +EVP_PKEY_asn1_add_alias, +EVP_PKEY_asn1_set_public, +EVP_PKEY_asn1_set_private, +EVP_PKEY_asn1_set_param, +EVP_PKEY_asn1_set_free, +EVP_PKEY_asn1_set_ctrl, +EVP_PKEY_asn1_set_item, +EVP_PKEY_asn1_set_siginf, +EVP_PKEY_asn1_set_check, +EVP_PKEY_asn1_set_public_check, +EVP_PKEY_asn1_set_param_check, +EVP_PKEY_asn1_set_security_bits, +EVP_PKEY_asn1_set_set_priv_key, +EVP_PKEY_asn1_set_set_pub_key, +EVP_PKEY_asn1_set_get_priv_key, +EVP_PKEY_asn1_set_get_pub_key, +EVP_PKEY_get0_asn1 +\&\- manipulating and registering EVP_PKEY_ASN1_METHOD structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -158,7 +178,7 @@ EVP_PKEY_ASN1_METHOD, EVP_PKEY_asn1_new, EVP_PKEY_asn1_copy, EVP_PKEY_asn1_free, \& \& void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, \& int (*pub_decode) (EVP_PKEY *pk, -\& X509_PUBKEY *pub), +\& const X509_PUBKEY *pub), \& int (*pub_encode) (X509_PUBKEY *pub, \& const EVP_PKEY *pk), \& int (*pub_cmp) (const EVP_PKEY *a, @@ -271,7 +291,7 @@ The methods are the underlying implementations of a particular public key algorithm present by the \fB\s-1EVP_PKEY\s0\fR object. .PP .Vb 5 -\& int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub); +\& int (*pub_decode) (EVP_PKEY *pk, const X509_PUBKEY *pub); \& int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk); \& int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); \& int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent, @@ -286,7 +306,7 @@ They're called by \fBX509_PUBKEY_get0\fR\|(3) and \fBX509_PUBKEY_set\fR\|(3). The \fBpub_cmp()\fR method is called when two public keys are to be compared. It \s-1MUST\s0 return 1 when the keys are equal, 0 otherwise. -It's called by \fBEVP_PKEY_cmp\fR\|(3). +It's called by \fBEVP_PKEY_eq\fR\|(3). .PP The \fBpub_print()\fR method is called to print a public key in humanly readable text to \fBout\fR, indented \fBindent\fR spaces. @@ -317,10 +337,10 @@ It's called by \fBEVP_PKEY_print_private\fR\|(3). .Ve .PP The \fBpkey_size()\fR method returns the key size in bytes. -It's called by \fBEVP_PKEY_size\fR\|(3). +It's called by \fBEVP_PKEY_get_size\fR\|(3). .PP The \fBpkey_bits()\fR method returns the key size in bits. -It's called by \fBEVP_PKEY_bits\fR\|(3). +It's called by \fBEVP_PKEY_get_bits\fR\|(3). .PP .Vb 8 \& int (*param_decode) (EVP_PKEY *pkey, @@ -350,7 +370,7 @@ It's called by \fBEVP_PKEY_copy_parameters\fR\|(3). The \fBparam_cmp()\fR method compares the parameters of keys \fBa\fR and \fBb\fR. It \s-1MUST\s0 return 1 when the keys are equal, 0 when not equal, or a negative number on error. -It's called by \fBEVP_PKEY_cmp_parameters\fR\|(3). +It's called by \fBEVP_PKEY_parameters_eq\fR\|(3). .PP The \fBparam_print()\fR method prints the private key parameters in humanly readable text to \fBout\fR, indented \fBindent\fR spaces. @@ -385,8 +405,8 @@ It's called by \fBEVP_PKEY_free\fR\|(3), \fBEVP_PKEY_set_type\fR\|(3), .PP The \fBpkey_ctrl()\fR method adds extra algorithm specific control. It's called by \fBEVP_PKEY_get_default_digest_nid\fR\|(3), -\&\fBEVP_PKEY_set1_tls_encodedpoint\fR\|(3), -\&\fBEVP_PKEY_get1_tls_encodedpoint\fR\|(3), \fBPKCS7_SIGNER_INFO_set\fR\|(3), +\&\fBEVP_PKEY_set1_encoded_public_key\fR\|(3), +\&\fBEVP_PKEY_get1_encoded_public_key\fR\|(3), \fBPKCS7_SIGNER_INFO_set\fR\|(3), \&\fBPKCS7_RECIP_INFO_set\fR\|(3), ... .PP .Vb 3 @@ -482,6 +502,18 @@ The \fBset_priv_key()\fR and \fBset_pub_key()\fR methods are used to set the raw public key data for an \s-1EVP_PKEY.\s0 They \s-1MUST\s0 return 0 on error, or 1 on success. They are called by \fBEVP_PKEY_new_raw_private_key\fR\|(3), and \&\fBEVP_PKEY_new_raw_public_key\fR\|(3) respectively. +.PP +.Vb 2 +\& size_t (*dirty) (const EVP_PKEY *pk); +\& void *(*export_to) (const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt); +.Ve +.PP +\&\fBdirty_cnt()\fR returns the internal key's dirty count. +This can be used to synchronise different copies of the same keys. +.PP +The \fBexport_to()\fR method exports the key material from the given key to +a provider, through the \s-1\fBEVP_KEYMGMT\s0\fR\|(3) interface, if that provider +supports importing key material. .SS "Functions" .IX Subsection "Functions" \&\fBEVP_PKEY_asn1_new()\fR creates and returns a new \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR @@ -543,11 +575,16 @@ or 1 on success. .PP \&\fBEVP_PKEY_get0_asn1()\fR returns \s-1NULL\s0 on error, or a pointer to a constant \&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object otherwise. +.SH "HISTORY" +.IX Header "HISTORY" +The signature of the \fIpub_decode\fR functional argument of +\&\fBEVP_PKEY_asn1_set_public()\fR has changed in OpenSSL 3.0 so its \fIpub\fR +parameter is now constified. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_ctrl.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_ctrl.3 index ce2f79fd5225..2d4cc4986a6e 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_ctrl.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_ctrl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,82 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_CTX_CTRL 3" -.TH EVP_PKEY_CTX_CTRL 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_PKEY_CTX_CTRL 3ossl" +.TH EVP_PKEY_CTX_CTRL 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_CTX_ctrl_uint64, EVP_PKEY_CTX_md, EVP_PKEY_CTX_set_signature_md, EVP_PKEY_CTX_get_signature_md, EVP_PKEY_CTX_set_mac_key, EVP_PKEY_CTX_set_rsa_padding, EVP_PKEY_CTX_get_rsa_padding, EVP_PKEY_CTX_set_rsa_pss_saltlen, EVP_PKEY_CTX_get_rsa_pss_saltlen, EVP_PKEY_CTX_set_rsa_keygen_bits, EVP_PKEY_CTX_set_rsa_keygen_pubexp, EVP_PKEY_CTX_set_rsa_keygen_primes, EVP_PKEY_CTX_set_rsa_mgf1_md, EVP_PKEY_CTX_get_rsa_mgf1_md, EVP_PKEY_CTX_set_rsa_oaep_md, EVP_PKEY_CTX_get_rsa_oaep_md, EVP_PKEY_CTX_set0_rsa_oaep_label, EVP_PKEY_CTX_get0_rsa_oaep_label, EVP_PKEY_CTX_set_dsa_paramgen_bits, EVP_PKEY_CTX_set_dsa_paramgen_q_bits, EVP_PKEY_CTX_set_dsa_paramgen_md, EVP_PKEY_CTX_set_dh_paramgen_prime_len, EVP_PKEY_CTX_set_dh_paramgen_subprime_len, EVP_PKEY_CTX_set_dh_paramgen_generator, EVP_PKEY_CTX_set_dh_paramgen_type, EVP_PKEY_CTX_set_dh_rfc5114, EVP_PKEY_CTX_set_dhx_rfc5114, EVP_PKEY_CTX_set_dh_pad, EVP_PKEY_CTX_set_dh_nid, EVP_PKEY_CTX_set_dh_kdf_type, EVP_PKEY_CTX_get_dh_kdf_type, EVP_PKEY_CTX_set0_dh_kdf_oid, EVP_PKEY_CTX_get0_dh_kdf_oid, EVP_PKEY_CTX_set_dh_kdf_md, EVP_PKEY_CTX_get_dh_kdf_md, EVP_PKEY_CTX_set_dh_kdf_outlen, EVP_PKEY_CTX_get_dh_kdf_outlen, EVP_PKEY_CTX_set0_dh_kdf_ukm, EVP_PKEY_CTX_get0_dh_kdf_ukm, EVP_PKEY_CTX_set_ec_paramgen_curve_nid, EVP_PKEY_CTX_set_ec_param_enc, EVP_PKEY_CTX_set_ecdh_cofactor_mode, EVP_PKEY_CTX_get_ecdh_cofactor_mode, EVP_PKEY_CTX_set_ecdh_kdf_type, EVP_PKEY_CTX_get_ecdh_kdf_type, EVP_PKEY_CTX_set_ecdh_kdf_md, EVP_PKEY_CTX_get_ecdh_kdf_md, EVP_PKEY_CTX_set_ecdh_kdf_outlen, EVP_PKEY_CTX_get_ecdh_kdf_outlen, EVP_PKEY_CTX_set0_ecdh_kdf_ukm, EVP_PKEY_CTX_get0_ecdh_kdf_ukm, EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len \&\- algorithm specific control operations +EVP_PKEY_CTX_ctrl, +EVP_PKEY_CTX_ctrl_str, +EVP_PKEY_CTX_ctrl_uint64, +EVP_PKEY_CTX_md, +EVP_PKEY_CTX_set_signature_md, +EVP_PKEY_CTX_get_signature_md, +EVP_PKEY_CTX_set_mac_key, +EVP_PKEY_CTX_set_group_name, +EVP_PKEY_CTX_get_group_name, +EVP_PKEY_CTX_set_rsa_padding, +EVP_PKEY_CTX_get_rsa_padding, +EVP_PKEY_CTX_set_rsa_pss_saltlen, +EVP_PKEY_CTX_get_rsa_pss_saltlen, +EVP_PKEY_CTX_set_rsa_keygen_bits, +EVP_PKEY_CTX_set_rsa_keygen_pubexp, +EVP_PKEY_CTX_set1_rsa_keygen_pubexp, +EVP_PKEY_CTX_set_rsa_keygen_primes, +EVP_PKEY_CTX_set_rsa_mgf1_md_name, +EVP_PKEY_CTX_set_rsa_mgf1_md, +EVP_PKEY_CTX_get_rsa_mgf1_md, +EVP_PKEY_CTX_get_rsa_mgf1_md_name, +EVP_PKEY_CTX_set_rsa_oaep_md_name, +EVP_PKEY_CTX_set_rsa_oaep_md, +EVP_PKEY_CTX_get_rsa_oaep_md, +EVP_PKEY_CTX_get_rsa_oaep_md_name, +EVP_PKEY_CTX_set0_rsa_oaep_label, +EVP_PKEY_CTX_get0_rsa_oaep_label, +EVP_PKEY_CTX_set_dsa_paramgen_bits, +EVP_PKEY_CTX_set_dsa_paramgen_q_bits, +EVP_PKEY_CTX_set_dsa_paramgen_md, +EVP_PKEY_CTX_set_dsa_paramgen_md_props, +EVP_PKEY_CTX_set_dsa_paramgen_gindex, +EVP_PKEY_CTX_set_dsa_paramgen_type, +EVP_PKEY_CTX_set_dsa_paramgen_seed, +EVP_PKEY_CTX_set_dh_paramgen_prime_len, +EVP_PKEY_CTX_set_dh_paramgen_subprime_len, +EVP_PKEY_CTX_set_dh_paramgen_generator, +EVP_PKEY_CTX_set_dh_paramgen_type, +EVP_PKEY_CTX_set_dh_paramgen_gindex, +EVP_PKEY_CTX_set_dh_paramgen_seed, +EVP_PKEY_CTX_set_dh_rfc5114, +EVP_PKEY_CTX_set_dhx_rfc5114, +EVP_PKEY_CTX_set_dh_pad, +EVP_PKEY_CTX_set_dh_nid, +EVP_PKEY_CTX_set_dh_kdf_type, +EVP_PKEY_CTX_get_dh_kdf_type, +EVP_PKEY_CTX_set0_dh_kdf_oid, +EVP_PKEY_CTX_get0_dh_kdf_oid, +EVP_PKEY_CTX_set_dh_kdf_md, +EVP_PKEY_CTX_get_dh_kdf_md, +EVP_PKEY_CTX_set_dh_kdf_outlen, +EVP_PKEY_CTX_get_dh_kdf_outlen, +EVP_PKEY_CTX_set0_dh_kdf_ukm, +EVP_PKEY_CTX_get0_dh_kdf_ukm, +EVP_PKEY_CTX_set_ec_paramgen_curve_nid, +EVP_PKEY_CTX_set_ec_param_enc, +EVP_PKEY_CTX_set_ecdh_cofactor_mode, +EVP_PKEY_CTX_get_ecdh_cofactor_mode, +EVP_PKEY_CTX_set_ecdh_kdf_type, +EVP_PKEY_CTX_get_ecdh_kdf_type, +EVP_PKEY_CTX_set_ecdh_kdf_md, +EVP_PKEY_CTX_get_ecdh_kdf_md, +EVP_PKEY_CTX_set_ecdh_kdf_outlen, +EVP_PKEY_CTX_get_ecdh_kdf_outlen, +EVP_PKEY_CTX_set0_ecdh_kdf_ukm, +EVP_PKEY_CTX_get0_ecdh_kdf_ukm, +EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len, +EVP_PKEY_CTX_set_kem_op +\&\- algorithm specific control operations .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -157,22 +223,36 @@ EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_CTX_ctrl_uint64, EVP_PKEY_CTX \& int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); \& int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd); \& -\& int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, unsigned char *key, int len); +\& int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, const unsigned char *key, +\& int len); +\& int EVP_PKEY_CTX_set_group_name(EVP_PKEY_CTX *ctx, const char *name); +\& int EVP_PKEY_CTX_get_group_name(EVP_PKEY_CTX *ctx, char *name, size_t namelen); +\& +\& int EVP_PKEY_CTX_set_kem_op(EVP_PKEY_CTX *ctx, const char *op); \& \& #include <openssl/rsa.h> \& \& int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad); \& int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad); -\& int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len); -\& int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *len); +\& int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int saltlen); +\& int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *saltlen); \& int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits); -\& int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); +\& int EVP_PKEY_CTX_set1_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); \& int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes); +\& int EVP_PKEY_CTX_set_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, const char *mdname, +\& const char *mdprops); \& int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); \& int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +\& int EVP_PKEY_CTX_get_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, char *name, +\& size_t namelen); +\& int EVP_PKEY_CTX_set_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, const char *mdname, +\& const char *mdprops); \& int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); \& int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); -\& int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char *label, int len); +\& int EVP_PKEY_CTX_get_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, char *name, +\& size_t namelen); +\& int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, +\& int len); \& int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); \& \& #include <openssl/dsa.h> @@ -180,6 +260,14 @@ EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_CTX_ctrl_uint64, EVP_PKEY_CTX \& int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits); \& int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits); \& int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_set_dsa_paramgen_md_props(EVP_PKEY_CTX *ctx, +\& const char *md_name, +\& const char *md_properties); +\& int EVP_PKEY_CTX_set_dsa_paramgen_type(EVP_PKEY_CTX *ctx, const char *name); +\& int EVP_PKEY_CTX_set_dsa_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex); +\& int EVP_PKEY_CTX_set_dsa_paramgen_seed(EVP_PKEY_CTX *ctx, +\& const unsigned char *seed, +\& size_t seedlen); \& \& #include <openssl/dh.h> \& @@ -191,6 +279,10 @@ EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_CTX_ctrl_uint64, EVP_PKEY_CTX \& int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid); \& int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114); \& int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114); +\& int EVP_PKEY_CTX_set_dh_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex); +\& int EVP_PKEY_CTX_set_dh_paramgen_seed(EVP_PKEY_CTX *ctx, +\& const unsigned char *seed, +\& size_t seedlen); \& int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf); \& int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx); \& int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid); @@ -200,7 +292,6 @@ EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_CTX_ctrl_uint64, EVP_PKEY_CTX \& int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int len); \& int EVP_PKEY_CTX_get_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); \& int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len); -\& int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); \& \& #include <openssl/ec.h> \& @@ -215,68 +306,94 @@ EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_CTX_ctrl_uint64, EVP_PKEY_CTX \& int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int len); \& int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); \& int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len); -\& int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); \& \& int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, void *id, size_t id_len); \& int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id); \& int EVP_PKEY_CTX_get1_id_len(EVP_PKEY_CTX *ctx, size_t *id_len); .Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& #include <openssl/rsa.h> +\& +\& int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); +\& +\& #include <openssl/dh.h> +\& +\& int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); +\& +\& #include <openssl/ec.h> +\& +\& int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fBEVP_PKEY_CTX_ctrl()\fR sends a control operation to the context -\&\fBctx\fR. The key type used must match \fBkeytype\fR if it is not \-1. The parameter -\&\fBoptype\fR is a mask indicating which operations the control can be applied to. -The control command is indicated in \fBcmd\fR and any additional arguments in -\&\fBp1\fR and \fBp2\fR. +\&\fBEVP_PKEY_CTX_ctrl()\fR sends a control operation to the context \fIctx\fR. The key +type used must match \fIkeytype\fR if it is not \-1. The parameter \fIoptype\fR is a +mask indicating which operations the control can be applied to. +The control command is indicated in \fIcmd\fR and any additional arguments in +\&\fIp1\fR and \fIp2\fR. .PP -For \fBcmd\fR = \fB\s-1EVP_PKEY_CTRL_SET_MAC_KEY\s0\fR, \fBp1\fR is the length of the \s-1MAC\s0 key, -and \fBp2\fR is \s-1MAC\s0 key. This is used by Poly1305, SipHash, \s-1HMAC\s0 and \s-1CMAC.\s0 +For \fIcmd\fR = \fB\s-1EVP_PKEY_CTRL_SET_MAC_KEY\s0\fR, \fIp1\fR is the length of the \s-1MAC\s0 key, +and \fIp2\fR is the \s-1MAC\s0 key. This is used by Poly1305, SipHash, \s-1HMAC\s0 and \s-1CMAC.\s0 .PP Applications will not normally call \fBEVP_PKEY_CTX_ctrl()\fR directly but will -instead call one of the algorithm specific macros below. +instead call one of the algorithm specific functions below. .PP -The function \fBEVP_PKEY_CTX_ctrl_uint64()\fR is a wrapper that directly passes a -uint64 value as \fBp2\fR to \fBEVP_PKEY_CTX_ctrl()\fR. +\&\fBEVP_PKEY_CTX_ctrl_uint64()\fR is a wrapper that directly passes a +uint64 value as \fIp2\fR to \fBEVP_PKEY_CTX_ctrl()\fR. .PP -The function \fBEVP_PKEY_CTX_ctrl_str()\fR allows an application to send an algorithm -specific control operation to a context \fBctx\fR in string form. This is +\&\fBEVP_PKEY_CTX_ctrl_str()\fR allows an application to send an algorithm +specific control operation to a context \fIctx\fR in string form. This is intended to be used for options specified on the command line or in text files. The commands supported are documented in the openssl utility -command line pages for the option \fB\-pkeyopt\fR which is supported by the -\&\fBpkeyutl\fR, \fBgenpkey\fR and \fBreq\fR commands. -.PP -The function \fBEVP_PKEY_CTX_md()\fR sends a message digest control operation -to the context \fBctx\fR. The message digest is specified by its name \fBmd\fR. +command line pages for the option \fI\-pkeyopt\fR which is supported by the +\&\fIpkeyutl\fR, \fIgenpkey\fR and \fIreq\fR commands. .PP -All the remaining \*(L"functions\*(R" are implemented as macros. +\&\fBEVP_PKEY_CTX_md()\fR sends a message digest control operation to the context +\&\fIctx\fR. The message digest is specified by its name \fImd\fR. .PP -The \fBEVP_PKEY_CTX_set_signature_md()\fR macro sets the message digest type used +\&\fBEVP_PKEY_CTX_set_signature_md()\fR sets the message digest type used in a signature. It can be used in the \s-1RSA, DSA\s0 and \s-1ECDSA\s0 algorithms. .PP -The \fBEVP_PKEY_CTX_get_signature_md()\fR macro gets the message digest type used in a -signature. It can be used in the \s-1RSA, DSA\s0 and \s-1ECDSA\s0 algorithms. +\&\fBEVP_PKEY_CTX_get_signature_md()\fRgets the message digest type used +in a signature. It can be used in the \s-1RSA, DSA\s0 and \s-1ECDSA\s0 algorithms. .PP Key generation typically involves setting up parameters to be used and generating the private and public key data. Some algorithm implementations -allow private key data to be set explicitly using the \fBEVP_PKEY_CTX_set_mac_key()\fR -macro. In this case key generation is simply the process of setting up the -parameters for the key and then setting the raw key data to the value explicitly -provided by that macro. Normally applications would call -\&\fBEVP_PKEY_new_raw_private_key\fR\|(3) or similar functions instead of this macro. -.PP -The \fBEVP_PKEY_CTX_set_mac_key()\fR macro can be used with any of the algorithms -supported by the \fBEVP_PKEY_new_raw_private_key\fR\|(3) function. +allow private key data to be set explicitly using \fBEVP_PKEY_CTX_set_mac_key()\fR. +In this case key generation is simply the process of setting up the +parameters for the key and then setting the raw key data to the value explicitly. +Normally applications would call \fBEVP_PKEY_new_raw_private_key\fR\|(3) or similar +functions instead. +.PP +\&\fBEVP_PKEY_CTX_set_mac_key()\fR can be used with any of the algorithms supported by +the \fBEVP_PKEY_new_raw_private_key\fR\|(3) function. +.PP +\&\fBEVP_PKEY_CTX_set_group_name()\fR sets the group name to \fIname\fR for parameter and +key generation. For example for \s-1EC\s0 keys this will set the curve name and for +\&\s-1DH\s0 keys it will set the name of the finite field group. +.PP +\&\fBEVP_PKEY_CTX_get_group_name()\fR finds the group name that's currently +set with \fIctx\fR, and writes it to the location that \fIname\fR points at, as long +as its size \fInamelen\fR is large enough to store that name, including a +terminating \s-1NUL\s0 byte. .SS "\s-1RSA\s0 parameters" .IX Subsection "RSA parameters" -The \fBEVP_PKEY_CTX_set_rsa_padding()\fR macro sets the \s-1RSA\s0 padding mode for \fBctx\fR. -The \fBpad\fR parameter can take the value \fB\s-1RSA_PKCS1_PADDING\s0\fR for PKCS#1 -padding, \fB\s-1RSA_SSLV23_PADDING\s0\fR for SSLv23 padding, \fB\s-1RSA_NO_PADDING\s0\fR for +\&\fBEVP_PKEY_CTX_set_rsa_padding()\fR sets the \s-1RSA\s0 padding mode for \fIctx\fR. +The \fIpad\fR parameter can take the value \fB\s-1RSA_PKCS1_PADDING\s0\fR for PKCS#1 +padding, \fB\s-1RSA_NO_PADDING\s0\fR for no padding, \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR for \s-1OAEP\s0 padding (encrypt and decrypt only), \fB\s-1RSA_X931_PADDING\s0\fR for X9.31 padding (signature operations -only) and \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR (sign and verify only). +only), \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR (sign and verify only) and +\&\fB\s-1RSA_PKCS1_WITH_TLS_PADDING\s0\fR for \s-1TLS RSA\s0 ClientKeyExchange message padding +(decryption only). .PP Two \s-1RSA\s0 padding modes behave differently if \fBEVP_PKEY_CTX_set_signature_md()\fR -is used. If this macro is called for PKCS#1 padding the plaintext buffer is +is used. If this function is called for PKCS#1 padding the plaintext buffer is an actual digest value and is encapsulated in a DigestInfo structure according to PKCS#1 when signing and this structure is expected (and stripped off) when verifying. If this control is not used with \s-1RSA\s0 and PKCS#1 padding then the @@ -285,169 +402,290 @@ padding for \s-1RSA\s0 the algorithm identifier byte is added or checked and rem if this control is called. If it is not called then the first byte of the plaintext buffer is expected to be the algorithm identifier byte. .PP -The \fBEVP_PKEY_CTX_get_rsa_padding()\fR macro gets the \s-1RSA\s0 padding mode for \fBctx\fR. -.PP -The \fBEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro sets the \s-1RSA PSS\s0 salt length to -\&\fBlen\fR. As its name implies it is only supported for \s-1PSS\s0 padding. Three special -values are supported: \fB\s-1RSA_PSS_SALTLEN_DIGEST\s0\fR sets the salt length to the -digest length, \fB\s-1RSA_PSS_SALTLEN_MAX\s0\fR sets the salt length to the maximum -permissible value. When verifying \fB\s-1RSA_PSS_SALTLEN_AUTO\s0\fR causes the salt length -to be automatically determined based on the \fB\s-1PSS\s0\fR block structure. If this -macro is not called maximum salt length is used when signing and auto detection -when verifying is used by default. -.PP -The \fBEVP_PKEY_CTX_get_rsa_pss_saltlen()\fR macro gets the \s-1RSA PSS\s0 salt length -for \fBctx\fR. The padding mode must have been set to \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. -.PP -The \fBEVP_PKEY_CTX_set_rsa_keygen_bits()\fR macro sets the \s-1RSA\s0 key length for -\&\s-1RSA\s0 key generation to \fBbits\fR. If not specified 1024 bits is used. -.PP -The \fBEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macro sets the public exponent value -for \s-1RSA\s0 key generation to \fBpubexp\fR. Currently it should be an odd integer. The -\&\fBpubexp\fR pointer is used internally by this function so it should not be -modified or freed after the call. If not specified 65537 is used. -.PP -The \fBEVP_PKEY_CTX_set_rsa_keygen_primes()\fR macro sets the number of primes for -\&\s-1RSA\s0 key generation to \fBprimes\fR. If not specified 2 is used. -.PP -The \fBEVP_PKEY_CTX_set_rsa_mgf1_md()\fR macro sets the \s-1MGF1\s0 digest for \s-1RSA\s0 padding -schemes to \fBmd\fR. If not explicitly set the signing digest is used. The -padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR +\&\fBEVP_PKEY_CTX_get_rsa_padding()\fR gets the \s-1RSA\s0 padding mode for \fIctx\fR. +.PP +\&\fBEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR sets the \s-1RSA PSS\s0 salt length to \fIsaltlen\fR. +As its name implies it is only supported for \s-1PSS\s0 padding. If this function is +not called then the maximum salt length is used when signing and auto detection +when verifying. Three special values are supported: +.IP "\fB\s-1RSA_PSS_SALTLEN_DIGEST\s0\fR" 4 +.IX Item "RSA_PSS_SALTLEN_DIGEST" +sets the salt length to the digest length. +.IP "\fB\s-1RSA_PSS_SALTLEN_MAX\s0\fR" 4 +.IX Item "RSA_PSS_SALTLEN_MAX" +sets the salt length to the maximum permissible value. +.IP "\fB\s-1RSA_PSS_SALTLEN_AUTO\s0\fR" 4 +.IX Item "RSA_PSS_SALTLEN_AUTO" +causes the salt length to be automatically determined based on the +\&\fB\s-1PSS\s0\fR block structure when verifying. When signing, it has the same +meaning as \fB\s-1RSA_PSS_SALTLEN_MAX\s0\fR. +.PP +\&\fBEVP_PKEY_CTX_get_rsa_pss_saltlen()\fR gets the \s-1RSA PSS\s0 salt length for \fIctx\fR. +The padding mode must already have been set to \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. +.PP +\&\fBEVP_PKEY_CTX_set_rsa_keygen_bits()\fR sets the \s-1RSA\s0 key length for +\&\s-1RSA\s0 key generation to \fIbits\fR. If not specified 2048 bits is used. +.PP +\&\fBEVP_PKEY_CTX_set1_rsa_keygen_pubexp()\fR sets the public exponent value for \s-1RSA\s0 key +generation to the value stored in \fIpubexp\fR. Currently it should be an odd +integer. In accordance with the OpenSSL naming convention, the \fIpubexp\fR pointer +must be freed independently of the \s-1EVP_PKEY_CTX\s0 (ie, it is internally copied). +If not specified 65537 is used. +.PP +\&\fBEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR does the same as +\&\fBEVP_PKEY_CTX_set1_rsa_keygen_pubexp()\fR except that there is no internal copy and +therefore \fIpubexp\fR should not be modified or freed after the call. +.PP +\&\fBEVP_PKEY_CTX_set_rsa_keygen_primes()\fR sets the number of primes for +\&\s-1RSA\s0 key generation to \fIprimes\fR. If not specified 2 is used. +.PP +\&\fBEVP_PKEY_CTX_set_rsa_mgf1_md_name()\fR sets the \s-1MGF1\s0 digest for \s-1RSA\s0 +padding schemes to the digest named \fImdname\fR. If the \s-1RSA\s0 algorithm +implementation for the selected provider supports it then the digest will be +fetched using the properties \fImdprops\fR. If not explicitly set the signing +digest is used. The padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR or \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. .PP -The \fBEVP_PKEY_CTX_get_rsa_mgf1_md()\fR macro gets the \s-1MGF1\s0 digest for \fBctx\fR. -If not explicitly set the signing digest is used. The padding mode must have -been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR or \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. -.PP -The \fBEVP_PKEY_CTX_set_rsa_oaep_md()\fR macro sets the message digest type used -in \s-1RSA OAEP\s0 to \fBmd\fR. The padding mode must have been set to -\&\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. -.PP -The \fBEVP_PKEY_CTX_get_rsa_oaep_md()\fR macro gets the message digest type used -in \s-1RSA OAEP\s0 to \fBmd\fR. The padding mode must have been set to +\&\fBEVP_PKEY_CTX_set_rsa_mgf1_md()\fR does the same as +\&\fBEVP_PKEY_CTX_set_rsa_mgf1_md_name()\fR except that the name of the digest is +inferred from the supplied \fImd\fR and it is not possible to specify any +properties. +.PP +\&\fBEVP_PKEY_CTX_get_rsa_mgf1_md_name()\fR gets the name of the \s-1MGF1\s0 +digest algorithm for \fIctx\fR. If not explicitly set the signing digest is used. +The padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR or +\&\fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. +.PP +\&\fBEVP_PKEY_CTX_get_rsa_mgf1_md()\fR does the same as +\&\fBEVP_PKEY_CTX_get_rsa_mgf1_md_name()\fR except that it returns a pointer to an +\&\s-1EVP_MD\s0 object instead. Note that only known, built-in \s-1EVP_MD\s0 objects will be +returned. The \s-1EVP_MD\s0 object may be \s-1NULL\s0 if the digest is not one of these (such +as a digest only implemented in a third party provider). +.PP +\&\fBEVP_PKEY_CTX_set_rsa_oaep_md_name()\fR sets the message digest type +used in \s-1RSA OAEP\s0 to the digest named \fImdname\fR. If the \s-1RSA\s0 algorithm +implementation for the selected provider supports it then the digest will be +fetched using the properties \fImdprops\fR. The padding mode must have been set to \&\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. .PP -The \fBEVP_PKEY_CTX_set0_rsa_oaep_label()\fR macro sets the \s-1RSA OAEP\s0 label to -\&\fBlabel\fR and its length to \fBlen\fR. If \fBlabel\fR is \s-1NULL\s0 or \fBlen\fR is 0, +\&\fBEVP_PKEY_CTX_set_rsa_oaep_md()\fR does the same as +\&\fBEVP_PKEY_CTX_set_rsa_oaep_md_name()\fR except that the name of the digest is +inferred from the supplied \fImd\fR and it is not possible to specify any +properties. +.PP +\&\fBEVP_PKEY_CTX_get_rsa_oaep_md_name()\fR gets the message digest +algorithm name used in \s-1RSA OAEP\s0 and stores it in the buffer \fIname\fR which is of +size \fInamelen\fR. The padding mode must have been set to +\&\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. The buffer should be sufficiently large for any +expected digest algorithm names or the function will fail. +.PP +\&\fBEVP_PKEY_CTX_get_rsa_oaep_md()\fR does the same as +\&\fBEVP_PKEY_CTX_get_rsa_oaep_md_name()\fR except that it returns a pointer to an +\&\s-1EVP_MD\s0 object instead. Note that only known, built-in \s-1EVP_MD\s0 objects will be +returned. The \s-1EVP_MD\s0 object may be \s-1NULL\s0 if the digest is not one of these (such +as a digest only implemented in a third party provider). +.PP +\&\fBEVP_PKEY_CTX_set0_rsa_oaep_label()\fR sets the \s-1RSA OAEP\s0 label to binary data +\&\fIlabel\fR and its length in bytes to \fIlen\fR. If \fIlabel\fR is \s-1NULL\s0 or \fIlen\fR is 0, the label is cleared. The library takes ownership of the label so the -caller should not free the original memory pointed to by \fBlabel\fR. +caller should not free the original memory pointed to by \fIlabel\fR. The padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. .PP -The \fBEVP_PKEY_CTX_get0_rsa_oaep_label()\fR macro gets the \s-1RSA OAEP\s0 label to -\&\fBlabel\fR. The return value is the label length. The padding mode +\&\fBEVP_PKEY_CTX_get0_rsa_oaep_label()\fR gets the \s-1RSA OAEP\s0 label to +\&\fIlabel\fR. The return value is the label length. The padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. The resulting pointer is owned by the library and should not be freed by the caller. +.PP +\&\fB\s-1RSA_PKCS1_WITH_TLS_PADDING\s0\fR is used when decrypting an \s-1RSA\s0 encrypted \s-1TLS\s0 +pre-master secret in a \s-1TLS\s0 ClientKeyExchange message. It is the same as +\&\s-1RSA_PKCS1_PADDING\s0 except that it additionally verifies that the result is the +correct length and the first two bytes are the protocol version initially +requested by the client. If the encrypted content is publicly invalid then the +decryption will fail. However, if the padding checks fail then decryption will +still appear to succeed but a random \s-1TLS\s0 premaster secret will be returned +instead. This padding mode accepts two parameters which can be set using the +\&\fBEVP_PKEY_CTX_set_params\fR\|(3) function. These are +\&\s-1OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\s0 and +\&\s-1OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION,\s0 both of which are expected to be +unsigned integers. Normally only the first of these will be set and represents +the \s-1TLS\s0 protocol version that was first requested by the client (e.g. 0x0303 for +TLSv1.2, 0x0302 for TLSv1.1 etc). Historically some buggy clients would use the +negotiated protocol version instead of the protocol version first requested. If +this behaviour should be tolerated then +\&\s-1OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION\s0 should be set to the actual +negotiated protocol version. Otherwise it should be left unset. .SS "\s-1DSA\s0 parameters" .IX Subsection "DSA parameters" -The \fBEVP_PKEY_CTX_set_dsa_paramgen_bits()\fR macro sets the number of bits used -for \s-1DSA\s0 parameter generation to \fBnbits\fR. If not specified, 1024 is used. -.PP -The \fBEVP_PKEY_CTX_set_dsa_paramgen_q_bits()\fR macro sets the number of bits in the -subprime parameter \fBq\fR for \s-1DSA\s0 parameter generation to \fBqbits\fR. If not -specified, 160 is used. If a digest function is specified below, this parameter -is ignored and instead, the number of bits in \fBq\fR matches the size of the -digest. -.PP -The \fBEVP_PKEY_CTX_set_dsa_paramgen_md()\fR macro sets the digest function used for -\&\s-1DSA\s0 parameter generation to \fBmd\fR. If not specified, one of \s-1SHA\-1, SHA\-224,\s0 or -\&\s-1SHA\-256\s0 is selected to match the bit length of \fBq\fR above. +\&\fBEVP_PKEY_CTX_set_dsa_paramgen_bits()\fR sets the number of bits used for \s-1DSA\s0 +parameter generation to \fBnbits\fR. If not specified, 2048 is used. +.PP +\&\fBEVP_PKEY_CTX_set_dsa_paramgen_q_bits()\fR sets the number of bits in the subprime +parameter \fIq\fR for \s-1DSA\s0 parameter generation to \fIqbits\fR. If not specified, 224 +is used. If a digest function is specified below, this parameter is ignored and +instead, the number of bits in \fIq\fR matches the size of the digest. +.PP +\&\fBEVP_PKEY_CTX_set_dsa_paramgen_md()\fR sets the digest function used for \s-1DSA\s0 +parameter generation to \fImd\fR. If not specified, one of \s-1SHA\-1, SHA\-224,\s0 or +\&\s-1SHA\-256\s0 is selected to match the bit length of \fIq\fR above. +.PP +\&\fBEVP_PKEY_CTX_set_dsa_paramgen_md_props()\fR sets the digest function used for \s-1DSA\s0 +parameter generation using \fImd_name\fR and \fImd_properties\fR to retrieve the +digest from a provider. +If not specified, \fImd_name\fR will be set to one of \s-1SHA\-1, SHA\-224,\s0 or +\&\s-1SHA\-256\s0 depending on the bit length of \fIq\fR above. \fImd_properties\fR is a +property query string that has a default value of '' if not specified. +.PP +\&\fBEVP_PKEY_CTX_set_dsa_paramgen_gindex()\fR sets the \fIgindex\fR used by the generator +G. The default value is \-1 which uses unverifiable g, otherwise a positive value +uses verifiable g. This value must be saved if key validation of g is required, +since it is not part of a persisted key. +.PP +\&\fBEVP_PKEY_CTX_set_dsa_paramgen_seed()\fR sets the \fIseed\fR to use for generation +rather than using a randomly generated value for the seed. This is useful for +testing purposes only and can fail if the seed does not produce primes for both +p & q on its first iteration. This value must be saved if key validation of +p, q, and verifiable g are required, since it is not part of a persisted key. +.PP +\&\fBEVP_PKEY_CTX_set_dsa_paramgen_type()\fR sets the generation type to use \s-1FIPS186\-4\s0 +generation if \fIname\fR is \*(L"fips186_4\*(R", or \s-1FIPS186\-2\s0 generation if \fIname\fR is +\&\*(L"fips186_2\*(R". The default value for the default provider is \*(L"fips186_2\*(R". The +default value for the \s-1FIPS\s0 provider is \*(L"fips186_4\*(R". .SS "\s-1DH\s0 parameters" .IX Subsection "DH parameters" -The \fBEVP_PKEY_CTX_set_dh_paramgen_prime_len()\fR macro sets the length of the \s-1DH\s0 -prime parameter \fBp\fR for \s-1DH\s0 parameter generation. If this macro is not called -then 1024 is used. Only accepts lengths greater than or equal to 256. -.PP -The \fBEVP_PKEY_CTX_set_dh_paramgen_subprime_len()\fR macro sets the length of the \s-1DH\s0 -optional subprime parameter \fBq\fR for \s-1DH\s0 parameter generation. The default is -256 if the prime is at least 2048 bits long or 160 otherwise. The \s-1DH\s0 -paramgen type must have been set to x9.42. -.PP -The \fBEVP_PKEY_CTX_set_dh_paramgen_generator()\fR macro sets \s-1DH\s0 generator to \fBgen\fR -for \s-1DH\s0 parameter generation. If not specified 2 is used. -.PP -The \fBEVP_PKEY_CTX_set_dh_paramgen_type()\fR macro sets the key type for \s-1DH\s0 -parameter generation. Use 0 for PKCS#3 \s-1DH\s0 and 1 for X9.42 \s-1DH.\s0 -The default is 0. -.PP -The \fBEVP_PKEY_CTX_set_dh_pad()\fR macro sets the \s-1DH\s0 padding mode. If \fBpad\fR is -1 the shared secret is padded with zeros up to the size of the \s-1DH\s0 prime \fBp\fR. -If \fBpad\fR is zero (the default) then no padding is performed. +\&\fBEVP_PKEY_CTX_set_dh_paramgen_prime_len()\fR sets the length of the \s-1DH\s0 prime +parameter \fIp\fR for \s-1DH\s0 parameter generation. If this function is not called then +2048 is used. Only accepts lengths greater than or equal to 256. +.PP +\&\fBEVP_PKEY_CTX_set_dh_paramgen_subprime_len()\fR sets the length of the \s-1DH\s0 +optional subprime parameter \fIq\fR for \s-1DH\s0 parameter generation. The default is +256 if the prime is at least 2048 bits long or 160 otherwise. The \s-1DH\s0 paramgen +type must have been set to \*(L"fips186_4\*(R". +.PP +\&\fBEVP_PKEY_CTX_set_dh_paramgen_generator()\fR sets \s-1DH\s0 generator to \fIgen\fR for \s-1DH\s0 +parameter generation. If not specified 2 is used. +.PP +\&\fBEVP_PKEY_CTX_set_dh_paramgen_type()\fR sets the key type for \s-1DH\s0 parameter +generation. The supported parameters are: +.IP "\fB\s-1DH_PARAMGEN_TYPE_GROUP\s0\fR" 4 +.IX Item "DH_PARAMGEN_TYPE_GROUP" +Use a named group. If only the safe prime parameter \fIp\fR is set this can be +used to select a ffdhe safe prime group of the correct size. +.IP "\fB\s-1DH_PARAMGEN_TYPE_FIPS_186_4\s0\fR" 4 +.IX Item "DH_PARAMGEN_TYPE_FIPS_186_4" +\&\s-1FIPS186\-4 FFC\s0 parameter generator. +.IP "\fB\s-1DH_PARAMGEN_TYPE_FIPS_186_2\s0\fR" 4 +.IX Item "DH_PARAMGEN_TYPE_FIPS_186_2" +\&\s-1FIPS186\-2 FFC\s0 parameter generator (X9.42 \s-1DH\s0). +.IP "\fB\s-1DH_PARAMGEN_TYPE_GENERATOR\s0\fR" 4 +.IX Item "DH_PARAMGEN_TYPE_GENERATOR" +Uses a safe prime generator g (PKCS#3 format). +.PP +The default in the default provider is \fB\s-1DH_PARAMGEN_TYPE_GENERATOR\s0\fR for the +\&\*(L"\s-1DH\*(R"\s0 keytype, and \fB\s-1DH_PARAMGEN_TYPE_FIPS_186_2\s0\fR for the \*(L"\s-1DHX\*(R"\s0 keytype. In the +\&\s-1FIPS\s0 provider the default value is \fB\s-1DH_PARAMGEN_TYPE_GROUP\s0\fR for the \*(L"\s-1DH\*(R"\s0 +keytype and <\fB\s-1DH_PARAMGEN_TYPE_FIPS_186_4\s0\fR for the \*(L"\s-1DHX\*(R"\s0 keytype. +.PP +\&\fBEVP_PKEY_CTX_set_dh_paramgen_gindex()\fR sets the \fIgindex\fR used by the generator G. +The default value is \-1 which uses unverifiable g, otherwise a positive value +uses verifiable g. This value must be saved if key validation of g is required, +since it is not part of a persisted key. +.PP +\&\fBEVP_PKEY_CTX_set_dh_paramgen_seed()\fR sets the \fIseed\fR to use for generation +rather than using a randomly generated value for the seed. This is useful for +testing purposes only and can fail if the seed does not produce primes for both +p & q on its first iteration. This value must be saved if key validation of p, q, +and verifiable g are required, since it is not part of a persisted key. +.PP +\&\fBEVP_PKEY_CTX_set_dh_pad()\fR sets the \s-1DH\s0 padding mode. +If \fIpad\fR is 1 the shared secret is padded with zeros up to the size of the \s-1DH\s0 +prime \fIp\fR. +If \fIpad\fR is zero (the default) then no padding is performed. .PP \&\fBEVP_PKEY_CTX_set_dh_nid()\fR sets the \s-1DH\s0 parameters to values corresponding to -\&\fBnid\fR as defined in \s-1RFC7919.\s0 The \fBnid\fR parameter must be \fBNID_ffdhe2048\fR, -\&\fBNID_ffdhe3072\fR, \fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR, \fBNID_ffdhe8192\fR -or \fBNID_undef\fR to clear the stored value. This macro can be called during -parameter or key generation. +\&\fInid\fR as defined in \s-1RFC7919\s0 or \s-1RFC3526.\s0 The \fInid\fR parameter must be +\&\fBNID_ffdhe2048\fR, \fBNID_ffdhe3072\fR, \fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR, +\&\fBNID_ffdhe8192\fR, \fBNID_modp_1536\fR, \fBNID_modp_2048\fR, \fBNID_modp_3072\fR, +\&\fBNID_modp_4096\fR, \fBNID_modp_6144\fR, \fBNID_modp_8192\fR or \fBNID_undef\fR to clear +the stored value. This function can be called during parameter or key generation. The nid parameter and the rfc5114 parameter are mutually exclusive. .PP -The \fBEVP_PKEY_CTX_set_dh_rfc5114()\fR and \fBEVP_PKEY_CTX_set_dhx_rfc5114()\fR macros are -synonymous. They set the \s-1DH\s0 parameters to the values defined in \s-1RFC5114.\s0 The -\&\fBrfc5114\fR parameter must be 1, 2 or 3 corresponding to \s-1RFC5114\s0 sections -2.1, 2.2 and 2.3. or 0 to clear the stored value. This macro can be called -during parameter generation. The \fBctx\fR must have a key type of -\&\fB\s-1EVP_PKEY_DHX\s0\fR. +\&\fBEVP_PKEY_CTX_set_dh_rfc5114()\fR and \fBEVP_PKEY_CTX_set_dhx_rfc5114()\fR both set the +\&\s-1DH\s0 parameters to the values defined in \s-1RFC5114.\s0 The \fIrfc5114\fR parameter must +be 1, 2 or 3 corresponding to \s-1RFC5114\s0 sections 2.1, 2.2 and 2.3. or 0 to clear +the stored value. This macro can be called during parameter generation. The +\&\fIctx\fR must have a key type of \fB\s-1EVP_PKEY_DHX\s0\fR. The rfc5114 parameter and the nid parameter are mutually exclusive. .SS "\s-1DH\s0 key derivation function parameters" .IX Subsection "DH key derivation function parameters" -Note that all of the following functions require that the \fBctx\fR parameter has +Note that all of the following functions require that the \fIctx\fR parameter has a private key type of \fB\s-1EVP_PKEY_DHX\s0\fR. When using key derivation, the output of \&\fBEVP_PKEY_derive()\fR is the output of the \s-1KDF\s0 instead of the \s-1DH\s0 shared secret. The \s-1KDF\s0 output is typically used as a Key Encryption Key (\s-1KEK\s0) that in turn encrypts a Content Encryption Key (\s-1CEK\s0). .PP -The \fBEVP_PKEY_CTX_set_dh_kdf_type()\fR macro sets the key derivation function type -to \fBkdf\fR for \s-1DH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_DH_KDF_NONE\s0\fR -and \fB\s-1EVP_PKEY_DH_KDF_X9_42\s0\fR which uses the key derivation specified in \s-1RFC2631\s0 +\&\fBEVP_PKEY_CTX_set_dh_kdf_type()\fR sets the key derivation function type to \fIkdf\fR +for \s-1DH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_DH_KDF_NONE\s0\fR and +\&\fB\s-1EVP_PKEY_DH_KDF_X9_42\s0\fR which uses the key derivation specified in \s-1RFC2631\s0 (based on the keying algorithm described in X9.42). When using key derivation, -the \fBkdf_oid\fR, \fBkdf_md\fR and \fBkdf_outlen\fR parameters must also be specified. +the \fIkdf_oid\fR, \fIkdf_md\fR and \fIkdf_outlen\fR parameters must also be specified. .PP -The \fBEVP_PKEY_CTX_get_dh_kdf_type()\fR macro gets the key derivation function type -for \fBctx\fR used for \s-1DH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_DH_KDF_NONE\s0\fR -and \fB\s-1EVP_PKEY_DH_KDF_X9_42\s0\fR. +\&\fBEVP_PKEY_CTX_get_dh_kdf_type()\fR gets the key derivation function type for \fIctx\fR +used for \s-1DH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_DH_KDF_NONE\s0\fR and +\&\fB\s-1EVP_PKEY_DH_KDF_X9_42\s0\fR. .PP -The \fBEVP_PKEY_CTX_set0_dh_kdf_oid()\fR macro sets the key derivation function -object identifier to \fBoid\fR for \s-1DH\s0 key derivation. This \s-1OID\s0 should identify -the algorithm to be used with the Content Encryption Key. +\&\fBEVP_PKEY_CTX_set0_dh_kdf_oid()\fR sets the key derivation function object +identifier to \fIoid\fR for \s-1DH\s0 key derivation. This \s-1OID\s0 should identify the +algorithm to be used with the Content Encryption Key. The library takes ownership of the object identifier so the caller should not -free the original memory pointed to by \fBoid\fR. +free the original memory pointed to by \fIoid\fR. .PP -The \fBEVP_PKEY_CTX_get0_dh_kdf_oid()\fR macro gets the key derivation function oid -for \fBctx\fR used for \s-1DH\s0 key derivation. The resulting pointer is owned by the -library and should not be freed by the caller. +\&\fBEVP_PKEY_CTX_get0_dh_kdf_oid()\fR gets the key derivation function oid for \fIctx\fR +used for \s-1DH\s0 key derivation. The resulting pointer is owned by the library and +should not be freed by the caller. .PP -The \fBEVP_PKEY_CTX_set_dh_kdf_md()\fR macro sets the key derivation function -message digest to \fBmd\fR for \s-1DH\s0 key derivation. Note that \s-1RFC2631\s0 specifies -that this digest should be \s-1SHA1\s0 but OpenSSL tolerates other digests. +\&\fBEVP_PKEY_CTX_set_dh_kdf_md()\fR sets the key derivation function message digest to +\&\fImd\fR for \s-1DH\s0 key derivation. Note that \s-1RFC2631\s0 specifies that this digest should +be \s-1SHA1\s0 but OpenSSL tolerates other digests. .PP -The \fBEVP_PKEY_CTX_get_dh_kdf_md()\fR macro gets the key derivation function -message digest for \fBctx\fR used for \s-1DH\s0 key derivation. +\&\fBEVP_PKEY_CTX_get_dh_kdf_md()\fR gets the key derivation function message digest for +\&\fIctx\fR used for \s-1DH\s0 key derivation. .PP -The \fBEVP_PKEY_CTX_set_dh_kdf_outlen()\fR macro sets the key derivation function -output length to \fBlen\fR for \s-1DH\s0 key derivation. +\&\fBEVP_PKEY_CTX_set_dh_kdf_outlen()\fR sets the key derivation function output length +to \fIlen\fR for \s-1DH\s0 key derivation. .PP -The \fBEVP_PKEY_CTX_get_dh_kdf_outlen()\fR macro gets the key derivation function -output length for \fBctx\fR used for \s-1DH\s0 key derivation. +\&\fBEVP_PKEY_CTX_get_dh_kdf_outlen()\fR gets the key derivation function output length +for \fIctx\fR used for \s-1DH\s0 key derivation. .PP -The \fBEVP_PKEY_CTX_set0_dh_kdf_ukm()\fR macro sets the user key material to -\&\fBukm\fR and its length to \fBlen\fR for \s-1DH\s0 key derivation. This parameter is optional -and corresponds to the partyAInfo field in \s-1RFC2631\s0 terms. The specification +\&\fBEVP_PKEY_CTX_set0_dh_kdf_ukm()\fR sets the user key material to \fIukm\fR and its +length to \fIlen\fR for \s-1DH\s0 key derivation. This parameter is optional and +corresponds to the partyAInfo field in \s-1RFC2631\s0 terms. The specification requires that it is 512 bits long but this is not enforced by OpenSSL. The library takes ownership of the user key material so the caller should not -free the original memory pointed to by \fBukm\fR. +free the original memory pointed to by \fIukm\fR. .PP -The \fBEVP_PKEY_CTX_get0_dh_kdf_ukm()\fR macro gets the user key material for \fBctx\fR. +\&\fBEVP_PKEY_CTX_get0_dh_kdf_ukm()\fR gets the user key material for \fIctx\fR. The return value is the user key material length. The resulting pointer is owned by the library and should not be freed by the caller. .SS "\s-1EC\s0 parameters" .IX Subsection "EC parameters" -The \fBEVP_PKEY_CTX_set_ec_paramgen_curve_nid()\fR sets the \s-1EC\s0 curve for \s-1EC\s0 parameter -generation to \fBnid\fR. For \s-1EC\s0 parameter generation this macro must be called -or an error occurs because there is no default curve. -This function can also be called to set the curve explicitly when +Use \fBEVP_PKEY_CTX_set_group_name()\fR (described above) to set the curve name to +\&\fIname\fR for parameter and key generation. +.PP +\&\fBEVP_PKEY_CTX_set_ec_paramgen_curve_nid()\fR does the same as +\&\fBEVP_PKEY_CTX_set_group_name()\fR, but is specific to \s-1EC\s0 and uses a \fInid\fR rather +than a name string. +.PP +For \s-1EC\s0 parameter generation, one of \fBEVP_PKEY_CTX_set_group_name()\fR +or \fBEVP_PKEY_CTX_set_ec_paramgen_curve_nid()\fR must be called or an error occurs +because there is no default curve. +These function can also be called to set the curve explicitly when generating an \s-1EC\s0 key. .PP -The \fBEVP_PKEY_CTX_set_ec_param_enc()\fR macro sets the \s-1EC\s0 parameter encoding to -\&\fBparam_enc\fR when generating \s-1EC\s0 parameters or an \s-1EC\s0 key. The encoding can be +\&\fBEVP_PKEY_CTX_get_group_name()\fR (described above) can be used to obtain the curve +name that's currently set with \fIctx\fR. +.PP +\&\fBEVP_PKEY_CTX_set_ec_param_enc()\fR sets the \s-1EC\s0 parameter encoding to \fIparam_enc\fR +when generating \s-1EC\s0 parameters or an \s-1EC\s0 key. The encoding can be \&\fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR for explicit parameters (the default in versions of OpenSSL before 1.1.0) or \fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR to use named curve form. For maximum compatibility the named curve form should be used. Note: the @@ -455,66 +693,73 @@ For maximum compatibility the named curve form should be used. Note: the versions should use 0 instead. .SS "\s-1ECDH\s0 parameters" .IX Subsection "ECDH parameters" -The \fBEVP_PKEY_CTX_set_ecdh_cofactor_mode()\fR macro sets the cofactor mode to -\&\fBcofactor_mode\fR for \s-1ECDH\s0 key derivation. Possible values are 1 to enable -cofactor key derivation, 0 to disable it and \-1 to clear the stored cofactor -mode and fallback to the private key cofactor mode. -.PP -The \fBEVP_PKEY_CTX_get_ecdh_cofactor_mode()\fR macro returns the cofactor mode for -\&\fBctx\fR used for \s-1ECDH\s0 key derivation. Possible values are 1 when cofactor key -derivation is enabled and 0 otherwise. +\&\fBEVP_PKEY_CTX_set_ecdh_cofactor_mode()\fR sets the cofactor mode to \fIcofactor_mode\fR +for \s-1ECDH\s0 key derivation. Possible values are 1 to enable cofactor +key derivation, 0 to disable it and \-1 to clear the stored cofactor mode and +fallback to the private key cofactor mode. +.PP +\&\fBEVP_PKEY_CTX_get_ecdh_cofactor_mode()\fR returns the cofactor mode for \fIctx\fR used +for \s-1ECDH\s0 key derivation. Possible values are 1 when cofactor key derivation is +enabled and 0 otherwise. .SS "\s-1ECDH\s0 key derivation function parameters" .IX Subsection "ECDH key derivation function parameters" -The \fBEVP_PKEY_CTX_set_ecdh_kdf_type()\fR macro sets the key derivation function type -to \fBkdf\fR for \s-1ECDH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_ECDH_KDF_NONE\s0\fR +\&\fBEVP_PKEY_CTX_set_ecdh_kdf_type()\fR sets the key derivation function type to +\&\fIkdf\fR for \s-1ECDH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_ECDH_KDF_NONE\s0\fR and \fB\s-1EVP_PKEY_ECDH_KDF_X9_63\s0\fR which uses the key derivation specified in X9.63. -When using key derivation, the \fBkdf_md\fR and \fBkdf_outlen\fR parameters must +When using key derivation, the \fIkdf_md\fR and \fIkdf_outlen\fR parameters must also be specified. .PP -The \fBEVP_PKEY_CTX_get_ecdh_kdf_type()\fR macro returns the key derivation function -type for \fBctx\fR used for \s-1ECDH\s0 key derivation. Possible values are +\&\fBEVP_PKEY_CTX_get_ecdh_kdf_type()\fR returns the key derivation function type for +\&\fIctx\fR used for \s-1ECDH\s0 key derivation. Possible values are \&\fB\s-1EVP_PKEY_ECDH_KDF_NONE\s0\fR and \fB\s-1EVP_PKEY_ECDH_KDF_X9_63\s0\fR. .PP -The \fBEVP_PKEY_CTX_set_ecdh_kdf_md()\fR macro sets the key derivation function -message digest to \fBmd\fR for \s-1ECDH\s0 key derivation. Note that X9.63 specifies -that this digest should be \s-1SHA1\s0 but OpenSSL tolerates other digests. +\&\fBEVP_PKEY_CTX_set_ecdh_kdf_md()\fR sets the key derivation function message digest +to \fImd\fR for \s-1ECDH\s0 key derivation. Note that X9.63 specifies that this digest +should be \s-1SHA1\s0 but OpenSSL tolerates other digests. .PP -The \fBEVP_PKEY_CTX_get_ecdh_kdf_md()\fR macro gets the key derivation function -message digest for \fBctx\fR used for \s-1ECDH\s0 key derivation. +\&\fBEVP_PKEY_CTX_get_ecdh_kdf_md()\fR gets the key derivation function message digest +for \fIctx\fR used for \s-1ECDH\s0 key derivation. .PP -The \fBEVP_PKEY_CTX_set_ecdh_kdf_outlen()\fR macro sets the key derivation function -output length to \fBlen\fR for \s-1ECDH\s0 key derivation. +\&\fBEVP_PKEY_CTX_set_ecdh_kdf_outlen()\fR sets the key derivation function output +length to \fIlen\fR for \s-1ECDH\s0 key derivation. .PP -The \fBEVP_PKEY_CTX_get_ecdh_kdf_outlen()\fR macro gets the key derivation function -output length for \fBctx\fR used for \s-1ECDH\s0 key derivation. +\&\fBEVP_PKEY_CTX_get_ecdh_kdf_outlen()\fR gets the key derivation function output +length for \fIctx\fR used for \s-1ECDH\s0 key derivation. .PP -The \fBEVP_PKEY_CTX_set0_ecdh_kdf_ukm()\fR macro sets the user key material to \fBukm\fR -for \s-1ECDH\s0 key derivation. This parameter is optional and corresponds to the -shared info in X9.63 terms. The library takes ownership of the user key material -so the caller should not free the original memory pointed to by \fBukm\fR. +\&\fBEVP_PKEY_CTX_set0_ecdh_kdf_ukm()\fR sets the user key material to \fIukm\fR for \s-1ECDH\s0 +key derivation. This parameter is optional and corresponds to the shared info in +X9.63 terms. The library takes ownership of the user key material so the caller +should not free the original memory pointed to by \fIukm\fR. .PP -The \fBEVP_PKEY_CTX_get0_ecdh_kdf_ukm()\fR macro gets the user key material for \fBctx\fR. +\&\fBEVP_PKEY_CTX_get0_ecdh_kdf_ukm()\fR gets the user key material for \fIctx\fR. The return value is the user key material length. The resulting pointer is owned by the library and should not be freed by the caller. .SS "Other parameters" .IX Subsection "Other parameters" -The \fBEVP_PKEY_CTX_set1_id()\fR, \fBEVP_PKEY_CTX_get1_id()\fR and \fBEVP_PKEY_CTX_get1_id_len()\fR -macros are used to manipulate the special identifier field for specific signature -algorithms such as \s-1SM2.\s0 The \fBEVP_PKEY_CTX_set1_id()\fR sets an \s-1ID\s0 pointed by \fBid\fR with -the length \fBid_len\fR to the library. The library takes a copy of the id so that -the caller can safely free the original memory pointed to by \fBid\fR. The -\&\fBEVP_PKEY_CTX_get1_id_len()\fR macro returns the length of the \s-1ID\s0 set via a previous -call to \fBEVP_PKEY_CTX_set1_id()\fR. The length is usually used to allocate adequate -memory for further calls to \fBEVP_PKEY_CTX_get1_id()\fR. The \fBEVP_PKEY_CTX_get1_id()\fR -macro returns the previously set \s-1ID\s0 value to caller in \fBid\fR. The caller should -allocate adequate memory space for the \fBid\fR before calling \fBEVP_PKEY_CTX_get1_id()\fR. +\&\fBEVP_PKEY_CTX_set1_id()\fR, \fBEVP_PKEY_CTX_get1_id()\fR and \fBEVP_PKEY_CTX_get1_id_len()\fR +are used to manipulate the special identifier field for specific signature +algorithms such as \s-1SM2.\s0 The \fBEVP_PKEY_CTX_set1_id()\fR sets an \s-1ID\s0 pointed by \fIid\fR with +the length \fIid_len\fR to the library. The library takes a copy of the id so that +the caller can safely free the original memory pointed to by \fIid\fR. +\&\fBEVP_PKEY_CTX_get1_id_len()\fR returns the length of the \s-1ID\s0 set via a previous call +to \fBEVP_PKEY_CTX_set1_id()\fR. The length is usually used to allocate adequate +memory for further calls to \fBEVP_PKEY_CTX_get1_id()\fR. \fBEVP_PKEY_CTX_get1_id()\fR +returns the previously set \s-1ID\s0 value to caller in \fIid\fR. The caller should +allocate adequate memory space for the \fIid\fR before calling \fBEVP_PKEY_CTX_get1_id()\fR. +.PP +\&\fBEVP_PKEY_CTX_set_kem_op()\fR sets the \s-1KEM\s0 operation to run. This can be set after +\&\fBEVP_PKEY_encapsulate_init()\fR or \fBEVP_PKEY_decapsulate_init()\fR to select the +kem operation. \s-1RSA\s0 is the only key type that supports encapsulation currently, +and as there is no default operation for the \s-1RSA\s0 type, this function must be +called before \fBEVP_PKEY_encapsulate()\fR or \fBEVP_PKEY_decapsulate()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBEVP_PKEY_CTX_ctrl()\fR and its macros return a positive value for success and 0 -or a negative value for failure. In particular a return value of \-2 +All other functions described on this page return a positive value for success +and 0 or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_set_params\fR\|(3), \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_encrypt\fR\|(3), \&\fBEVP_PKEY_decrypt\fR\|(3), @@ -523,16 +768,31 @@ indicates the operation is not supported by the public key algorithm. \&\fBEVP_PKEY_verify_recover\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3), \&\fBEVP_PKEY_keygen\fR\|(3) +\&\fBEVP_PKEY_encapsulate\fR\|(3) +\&\fBEVP_PKEY_decapsulate\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -The -\&\fBEVP_PKEY_CTX_set1_id()\fR, \fBEVP_PKEY_CTX_get1_id()\fR and \fBEVP_PKEY_CTX_get1_id_len()\fR -macros were added in 1.1.1, other functions were added in OpenSSL 1.0.0. +\&\fBEVP_PKEY_CTX_get_rsa_oaep_md_name()\fR, \fBEVP_PKEY_CTX_get_rsa_mgf1_md_name()\fR, +\&\fBEVP_PKEY_CTX_set_rsa_mgf1_md_name()\fR, \fBEVP_PKEY_CTX_set_rsa_oaep_md_name()\fR, +\&\fBEVP_PKEY_CTX_set_dsa_paramgen_md_props()\fR, \fBEVP_PKEY_CTX_set_dsa_paramgen_gindex()\fR, +\&\fBEVP_PKEY_CTX_set_dsa_paramgen_type()\fR, \fBEVP_PKEY_CTX_set_dsa_paramgen_seed()\fR, +\&\fBEVP_PKEY_CTX_set_group_name()\fR and \fBEVP_PKEY_CTX_get_group_name()\fR +were added in OpenSSL 3.0. +.PP +The \fBEVP_PKEY_CTX_set1_id()\fR, \fBEVP_PKEY_CTX_get1_id()\fR and +\&\fBEVP_PKEY_CTX_get1_id_len()\fR macros were added in 1.1.1, other functions were +added in OpenSSL 1.0.0. +.PP +In OpenSSL 1.1.1 and below the functions were mostly macros. +From OpenSSL 3.0 they are all functions. +.PP +\&\fBEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR, \fBEVP_PKEY_CTX_get0_dh_kdf_ukm()\fR, +and \fBEVP_PKEY_CTX_get0_ecdh_kdf_ukm()\fR were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_get0_libctx.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_get0_libctx.3 new file mode 100644 index 000000000000..ea9bf86e3b9a --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_get0_libctx.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_GET0_LIBCTX 3ossl" +.TH EVP_PKEY_CTX_GET0_LIBCTX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_get0_libctx, +EVP_PKEY_CTX_get0_propq, +EVP_PKEY_CTX_get0_provider +\&\- functions for getting diverse information from an EVP_PKEY_CTX +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& OSSL_LIB_CTX *EVP_PKEY_CTX_get0_libctx(EVP_PKEY_CTX *ctx); +\& const char *EVP_PKEY_CTX_get0_propq(const EVP_PKEY_CTX *ctx); +\& const OSSL_PROVIDER *EVP_PKEY_CTX_get0_provider(const EVP_PKEY_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEVP_PKEY_CTX_get0_libctx()\fR and \fBEVP_PKEY_CTX_get0_propq()\fR obtain the +\&\s-1OSSL_LIB_CTX\s0 and property query string values respectively that were +associated with the \s-1EVP_PKEY_CTX\s0 when it was constructed. +.PP +\&\fBEVP_PKEY_CTX_get0_provider()\fR returns the provider associated with the +ongoing \fB\s-1EVP_PKEY_CTX\s0\fR operation. If the operation is performed by +en \fB\s-1ENGINE\s0\fR, this function returns \s-1NULL.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_CTX_get0_libctx()\fR and \fBEVP_PKEY_CTX_get0_propq()\fR functions return the +\&\s-1OSSL_LIB_CTX\s0 and property query string associated with the \s-1EVP_PKEY_CTX\s0 or \s-1NULL\s0 +if they are not set. The returned values should not be freed by the caller. +.PP +\&\fBEVP_PKEY_CTX_get0_provider()\fR returns a provider if an operation performed by +a provider is ongoing, otherwise \s-1NULL.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All functions were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_get0_pkey.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_get0_pkey.3 new file mode 100644 index 000000000000..750611704d7b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_get0_pkey.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_GET0_PKEY 3ossl" +.TH EVP_PKEY_CTX_GET0_PKEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_get0_pkey, +EVP_PKEY_CTX_get0_peerkey +\&\- functions for accessing the EVP_PKEY associated with an EVP_PKEY_CTX +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx); +\& EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEVP_PKEY_CTX_get0_pkey()\fR is used to access the \fB\s-1EVP_PKEY\s0\fR +associated with the given \fB\s-1EVP_PKEY_CTX\s0\fR \fIctx\fR. +The \fB\s-1EVP_PKEY\s0\fR obtained is the one used for creating the \fB\s-1EVP_PKEY_CTX\s0\fR +using either \fBEVP_PKEY_CTX_new\fR\|(3) or \fBEVP_PKEY_CTX_new_from_pkey\fR\|(3). +.PP +\&\fBEVP_PKEY_CTX_get0_peerkey()\fR is used to access the peer \fB\s-1EVP_PKEY\s0\fR +associated with the given \fB\s-1EVP_PKEY_CTX\s0\fR \fIctx\fR. +The peer \fB\s-1EVP_PKEY\s0\fR obtained is the one set using +either \fBEVP_PKEY_derive_set_peer\fR\|(3) or \fBEVP_PKEY_derive_set_peer_ex\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_CTX_get0_pkey()\fR returns the \fB\s-1EVP_PKEY\s0\fR associated with the +\&\s-1EVP_PKEY_CTX\s0 or \s-1NULL\s0 if it is not set. +.PP +\&\fBEVP_PKEY_CTX_get0_peerkey()\fR returns the peer \fB\s-1EVP_PKEY\s0\fR associated with the +\&\s-1EVP_PKEY_CTX\s0 or \s-1NULL\s0 if it is not set. +.PP +The returned \s-1EVP_PKEY\s0 objects are owned by the \s-1EVP_PKEY_CTX,\s0 +and therefore should not explicitly be freed by the caller. +.PP +These functions do not affect the \s-1EVP_PKEY\s0 reference count. +They merely act as getter functions, and should be treated as such. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), \fBEVP_PKEY_CTX_new_from_pkey\fR\|(3), +\&\fBEVP_PKEY_derive_set_peer\fR\|(3), \fBEVP_PKEY_derive_set_peer_ex\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2022\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). +You may not use this file except in compliance with the License. +You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_new.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_new.3 index 91417b1468d4..da3aa0b1da56 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_new.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,17 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_CTX_NEW 3" -.TH EVP_PKEY_CTX_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_PKEY_CTX_NEW 3ossl" +.TH EVP_PKEY_CTX_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free \- public key algorithm context functions +EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_new_from_name, +EVP_PKEY_CTX_new_from_pkey, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free, +EVP_PKEY_CTX_is_a +\&\- public key algorithm context functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -147,46 +148,106 @@ EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free \- pu \& \& EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); \& EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); -\& EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx); +\& EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_name(OSSL_LIB_CTX *libctx, +\& const char *name, +\& const char *propquery); +\& EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_pkey(OSSL_LIB_CTX *libctx, +\& EVP_PKEY *pkey, +\& const char *propquery); +\& EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *ctx); \& void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_CTX_is_a(EVP_PKEY_CTX *ctx, const char *keytype); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBEVP_PKEY_CTX_new()\fR function allocates public key algorithm context using -the algorithm specified in \fBpkey\fR and \s-1ENGINE\s0 \fBe\fR. +the \fIpkey\fR key type and \s-1ENGINE\s0 \fIe\fR. .PP The \fBEVP_PKEY_CTX_new_id()\fR function allocates public key algorithm context -using the algorithm specified by \fBid\fR and \s-1ENGINE\s0 \fBe\fR. It is normally used -when no \fB\s-1EVP_PKEY\s0\fR structure is associated with the operations, for example -during parameter generation of key generation for some algorithms. +using the key type specified by \fIid\fR and \s-1ENGINE\s0 \fIe\fR. +.PP +The \fBEVP_PKEY_CTX_new_from_name()\fR function allocates a public key algorithm +context using the library context \fIlibctx\fR (see \s-1\fBOSSL_LIB_CTX\s0\fR\|(3)), the +key type specified by \fIname\fR and the property query \fIpropquery\fR. None +of the arguments are duplicated, so they must remain unchanged for the +lifetime of the returned \fB\s-1EVP_PKEY_CTX\s0\fR or of any of its duplicates. Read +further about the possible names in \*(L"\s-1NOTES\*(R"\s0 below. +.PP +The \fBEVP_PKEY_CTX_new_from_pkey()\fR function allocates a public key algorithm +context using the library context \fIlibctx\fR (see \s-1\fBOSSL_LIB_CTX\s0\fR\|(3)) and the +algorithm specified by \fIpkey\fR and the property query \fIpropquery\fR. None of the +arguments are duplicated, so they must remain unchanged for the lifetime of the +returned \fB\s-1EVP_PKEY_CTX\s0\fR or any of its duplicates. +.PP +\&\fBEVP_PKEY_CTX_new_id()\fR and \fBEVP_PKEY_CTX_new_from_name()\fR are normally +used when no \fB\s-1EVP_PKEY\s0\fR structure is associated with the operations, +for example during parameter generation or key generation for some +algorithms. .PP -\&\fBEVP_PKEY_CTX_dup()\fR duplicates the context \fBctx\fR. +\&\fBEVP_PKEY_CTX_dup()\fR duplicates the context \fIctx\fR. It is not supported for a +keygen operation. .PP -\&\fBEVP_PKEY_CTX_free()\fR frees up the context \fBctx\fR. -If \fBctx\fR is \s-1NULL,\s0 nothing is done. +\&\fBEVP_PKEY_CTX_free()\fR frees up the context \fIctx\fR. +If \fIctx\fR is \s-1NULL,\s0 nothing is done. +.PP +\&\fBEVP_PKEY_is_a()\fR checks if the key type associated with \fIctx\fR is \fIkeytype\fR. .SH "NOTES" .IX Header "NOTES" +.SS "On \fB\s-1EVP_PKEY_CTX\s0\fP" +.IX Subsection "On EVP_PKEY_CTX" The \fB\s-1EVP_PKEY_CTX\s0\fR structure is an opaque public key algorithm context used by the OpenSSL high-level public key \s-1API.\s0 Contexts \fB\s-1MUST NOT\s0\fR be shared between threads: that is it is not permissible to use the same context simultaneously in two threads. +.SS "On Key Types" +.IX Subsection "On Key Types" +We mention \*(L"key type\*(R" in this manual, which is the same +as \*(L"algorithm\*(R" in most cases, allowing either term to be used +interchangeably. There are algorithms where the \fIkey type\fR and the +\&\fIalgorithm\fR of the operations that use the keys are not the same, +such as \s-1EC\s0 keys being used for \s-1ECDSA\s0 and \s-1ECDH\s0 operations. +.PP +Key types are given in two different manners: +.IP "Legacy \s-1NID\s0 or \s-1EVP_PKEY\s0 type" 4 +.IX Item "Legacy NID or EVP_PKEY type" +This is the \fIid\fR used with \fBEVP_PKEY_CTX_new_id()\fR. +.Sp +These are \fB\s-1EVP_PKEY_RSA\s0\fR, \fB\s-1EVP_PKEY_RSA_PSS\s0\fR, \fB\s-1EVP_PKEY_DSA\s0\fR, +\&\fB\s-1EVP_PKEY_DH\s0\fR, \fB\s-1EVP_PKEY_EC\s0\fR, \fB\s-1EVP_PKEY_SM2\s0\fR, \fB\s-1EVP_PKEY_X25519\s0\fR, +\&\fB\s-1EVP_PKEY_X448\s0\fR, and are used by legacy methods. +.IP "Name strings" 4 +.IX Item "Name strings" +This is the \fIname\fR used with \fBEVP_PKEY_CTX_new_from_name()\fR. +.Sp +These are names like \*(L"\s-1RSA\*(R", \*(L"DSA\*(R",\s0 and what's available depends on what +providers are currently accessible. +.Sp +The OpenSSL providers offer a set of key types available this way, please +see \s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7) and \fBOSSL_PROVIDER\-default\fR\|(7) and related +documentation for more information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBEVP_PKEY_CTX_new()\fR, \fBEVP_PKEY_CTX_new_id()\fR, \fBEVP_PKEY_CTX_dup()\fR returns either -the newly allocated \fB\s-1EVP_PKEY_CTX\s0\fR structure of \fB\s-1NULL\s0\fR if an error occurred. +\&\fBEVP_PKEY_CTX_new()\fR, \fBEVP_PKEY_CTX_new_id()\fR and \fBEVP_PKEY_CTX_dup()\fR return either +the newly allocated \fB\s-1EVP_PKEY_CTX\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. .PP \&\fBEVP_PKEY_CTX_free()\fR does not return a value. +.PP +\&\fBEVP_PKEY_CTX_is_a()\fR returns 1 for true and 0 for false. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -These functions were added in OpenSSL 1.0.0. +The \fBEVP_PKEY_CTX_new()\fR, \fBEVP_PKEY_CTX_new_id()\fR, \fBEVP_PKEY_CTX_dup()\fR and +\&\fBEVP_PKEY_CTX_free()\fR functions were added in OpenSSL 1.0.0. +.PP +The \fBEVP_PKEY_CTX_new_from_name()\fR and \fBEVP_PKEY_CTX_new_from_pkey()\fR functions were +added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 index d35f15402ae1..1f51590c373a 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_CTX_SET1_PBE_PASS 3" -.TH EVP_PKEY_CTX_SET1_PBE_PASS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_PKEY_CTX_SET1_PBE_PASS 3ossl" +.TH EVP_PKEY_CTX_SET1_PBE_PASS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_CTX_set1_pbe_pass \&\- generic KDF support functions +EVP_PKEY_CTX_set1_pbe_pass +\&\- generic KDF support functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -160,9 +159,6 @@ There is also support for string based control operations via \&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). The \fBpassword\fR can be directly specified using the \fBtype\fR parameter \&\*(L"pass\*(R" or given in hex encoding using the \*(L"hexpass\*(R" parameter. -.SH "NOTES" -.IX Header "NOTES" -All these functions are implemented as macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" All these functions return 1 for success and 0 or a negative value for failure. @@ -173,11 +169,15 @@ the public key algorithm. \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBEVP_PKEY_CTX_set1_pbe_pass()\fR was converted from a macro to a function in +OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 index e42432852e06..20b5f1062e0f 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,20 +130,23 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_CTX_SET_HKDF_MD 3" -.TH EVP_PKEY_CTX_SET_HKDF_MD 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_PKEY_CTX_SET_HKDF_MD 3ossl" +.TH EVP_PKEY_CTX_SET_HKDF_MD 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_CTX_set_hkdf_md, EVP_PKEY_CTX_set1_hkdf_salt, EVP_PKEY_CTX_set1_hkdf_key, EVP_PKEY_CTX_add1_hkdf_info, EVP_PKEY_CTX_hkdf_mode \- HMAC\-based Extract\-and\-Expand key derivation algorithm +EVP_PKEY_CTX_set_hkdf_md, EVP_PKEY_CTX_set1_hkdf_salt, +EVP_PKEY_CTX_set1_hkdf_key, EVP_PKEY_CTX_add1_hkdf_info, +EVP_PKEY_CTX_set_hkdf_mode \- +HMAC\-based Extract\-and\-Expand key derivation algorithm .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/kdf.h> \& -\& int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *pctx, int mode); +\& int EVP_PKEY_CTX_set_hkdf_mode(EVP_PKEY_CTX *pctx, int mode); \& \& int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md); \& @@ -167,8 +168,8 @@ and \*(L"extracts\*(R" from it a fixed-length pseudorandom key K. The second sta \&\*(L"expands\*(R" the key K into several additional pseudorandom keys (the output of the \s-1KDF\s0). .PP -\&\fBEVP_PKEY_CTX_hkdf_mode()\fR sets the mode for the \s-1HKDF\s0 operation. There are three -modes that are currently defined: +\&\fBEVP_PKEY_CTX_set_hkdf_mode()\fR sets the mode for the \s-1HKDF\s0 operation. There +are three modes that are currently defined: .IP "\s-1EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND\s0" 4 .IX Item "EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND" This is the default mode. Calling \fBEVP_PKEY_derive\fR\|(3) on an \s-1EVP_PKEY_CTX\s0 set @@ -220,15 +221,13 @@ The names \*(L"hexsalt\*(R", \*(L"hexkey\*(R" and \*(L"hexinfo\*(R" are similar string which is converted to binary. .SH "NOTES" .IX Header "NOTES" -All these functions are implemented as macros. -.PP A context for \s-1HKDF\s0 can be obtained by calling: .PP .Vb 1 \& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); .Ve .PP -The total length of the info buffer cannot exceed 1024 bytes in length: this +The total length of the info buffer cannot exceed 2048 bytes in length: this should be more than enough for any normal use of \s-1HKDF.\s0 .PP The output length of an \s-1HKDF\s0 expand operation is specified via the length @@ -278,11 +277,15 @@ salt value \*(L"salt\*(R" and info value \*(L"label\*(R": \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of the functions described here were converted from macros to functions in +OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_params.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_params.3 new file mode 100644 index 000000000000..cdbb0cbe389c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_params.3 @@ -0,0 +1,222 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_SET_PARAMS 3ossl" +.TH EVP_PKEY_CTX_SET_PARAMS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_set_params, +EVP_PKEY_CTX_settable_params, +EVP_PKEY_CTX_get_params, +EVP_PKEY_CTX_gettable_params +\&\- provider parameter passing operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params); +\& const OSSL_PARAM *EVP_PKEY_CTX_settable_params(const EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); +\& const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(const EVP_PKEY_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_CTX_get_params()\fR and \fBEVP_PKEY_CTX_set_params()\fR functions allow +transfer of arbitrary key parameters to and from providers. +Not all parameters may be supported by all providers. +See \s-1\fBOSSL_PROVIDER\s0\fR\|(3) for more information on providers. +See \s-1\fBOSSL_PARAM\s0\fR\|(3) for more information on parameters. +These functions must only be called after the \s-1EVP_PKEY_CTX\s0 has been initialised +for use in an operation. +These methods replace the \fBEVP_PKEY_CTX_ctrl()\fR mechanism. (EVP_PKEY_CTX_ctrl now +calls these methods internally to interact with providers). +.PP +\&\fBEVP_PKEY_CTX_gettable_params()\fR and \fBEVP_PKEY_CTX_settable_params()\fR get a +constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the gettable and +settable parameters for the current algorithm implementation, i.e. parameters +that can be used with \fBEVP_PKEY_CTX_get_params()\fR and \fBEVP_PKEY_CTX_set_params()\fR +respectively. +These functions must only be called after the \s-1EVP_PKEY_CTX\s0 has been initialised +for use in an operation. +.SS "Parameters" +.IX Subsection "Parameters" +Examples of \s-1EVP_PKEY\s0 parameters include the following: +.PP +\&\*(L"Common parameters\*(R" in \fBprovider\-keymgmt\fR\|(7) +\&\*(L"Key Exchange parameters\*(R" in \fBprovider\-keyexch\fR\|(7) +\&\*(L"Signature parameters\*(R" in \fBprovider\-signature\fR\|(7) +.PP +\&\*(L"Common \s-1RSA\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-RSA\s0\fR\|(7) +\&\*(L"\s-1RSA\s0 key generation parameters\*(R" in \s-1\fBEVP_PKEY\-RSA\s0\fR\|(7) +\&\*(L"\s-1FFC\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-FFC\s0\fR\|(7) +\&\*(L"\s-1FFC\s0 key generation parameters\*(R" in \s-1\fBEVP_PKEY\-FFC\s0\fR\|(7) +\&\*(L"\s-1DSA\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-DSA\s0\fR\|(7) +\&\*(L"\s-1DSA\s0 key generation parameters\*(R" in \s-1\fBEVP_PKEY\-DSA\s0\fR\|(7) +\&\*(L"\s-1DH\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-DH\s0\fR\|(7) +\&\*(L"\s-1DH\s0 key generation parameters\*(R" in \s-1\fBEVP_PKEY\-DH\s0\fR\|(7) +\&\*(L"Common \s-1EC\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-EC\s0\fR\|(7) +\&\*(L"Common X25519, X448, \s-1ED25519\s0 and \s-1ED448\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-X25519\s0\fR\|(7) +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_CTX_set_params()\fR returns 1 for success or 0 otherwise. +\&\fBEVP_PKEY_CTX_settable_params()\fR returns an \s-1OSSL_PARAM\s0 array on success or \s-1NULL\s0 on +error. +It may also return \s-1NULL\s0 if there are no settable parameters available. +.PP +All other functions and macros described on this page return a positive value +for success and 0 or a negative value for failure. In particular a return value +of \-2 indicates the operation is not supported by the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3), +\&\fBEVP_PKEY_keygen\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All functions were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 index 8b4040c7b07f..520595a6f0ad 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,19 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3" -.TH EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3ossl" +.TH EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_CTX_set_rsa_pss_keygen_md, EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md, EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen \&\- EVP_PKEY RSA\-PSS algorithm support functions +EVP_PKEY_CTX_set_rsa_pss_keygen_md, +EVP_PKEY_CTX_set_rsa_pss_keygen_md_name, +EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md, +EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name, +EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen +\&\- EVP_PKEY RSA\-PSS algorithm support functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -147,8 +150,13 @@ EVP_PKEY_CTX_set_rsa_pss_keygen_md, EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md, EVP \& \& int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *pctx, \& const EVP_MD *md); +\& int EVP_PKEY_CTX_set_rsa_pss_keygen_md_name(EVP_PKEY_CTX *ctx, +\& const char *mdname, +\& const char *mdprops); \& int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *pctx, \& const EVP_MD *md); +\& int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name(EVP_PKEY_CTX *pctx, +\& const char *mdname); \& int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *pctx, \& int saltlen); .Ve @@ -168,10 +176,10 @@ to the \fB\s-1RSA\s0\fR operation except detection of the salt length (using \&\s-1RSA_PSS_SALTLEN_AUTO\s0) is not supported for verification if the key has usage restrictions. .PP -The \fBEVP_PKEY_CTX_set_signature_md()\fR and \fBEVP_PKEY_CTX_set_rsa_mgf1_md()\fR macros -are used to set the digest and \s-1MGF1\s0 algorithms respectively. If the key has -usage restrictions then an error is returned if an attempt is made to set the -digest to anything other than the restricted value. Otherwise these are +The \fBEVP_PKEY_CTX_set_signature_md\fR\|(3) and \fBEVP_PKEY_CTX_set_rsa_mgf1_md\fR\|(3) +functions are used to set the digest and \s-1MGF1\s0 algorithms respectively. If the +key has usage restrictions then an error is returned if an attempt is made to +set the digest to anything other than the restricted value. Otherwise these are similar to the \fB\s-1RSA\s0\fR versions. .SS "Key Generation" .IX Subsection "Key Generation" @@ -187,13 +195,17 @@ then they are reflected in the corresponding parameters of the public key when (for example) a certificate request is signed. .PP \&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_md()\fR restricts the digest algorithm the -generated key can use to \fBmd\fR. +generated key can use to \fImd\fR. +\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_md_name()\fR does the same thing, but +passes the algorithm by name rather than by \fB\s-1EVP_MD\s0\fR. .PP \&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md()\fR restricts the \s-1MGF1\s0 algorithm the -generated key can use to \fBmd\fR. +generated key can use to \fImd\fR. +\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name()\fR does the same thing, but +passes the algorithm by name rather than by \fB\s-1EVP_MD\s0\fR. .PP \&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_saltlen()\fR restricts the minimum salt length -to \fBsaltlen\fR. +to \fIsaltlen\fR. .SH "NOTES" .IX Header "NOTES" A context for the \fBRSA-PSS\fR algorithm can be obtained by calling: @@ -214,9 +226,9 @@ the public key algorithm. \&\fBEVP_PKEY_derive\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 index f683081f5ce7..4f8cd73ab865 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,19 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_CTX_SET_SCRYPT_N 3" -.TH EVP_PKEY_CTX_SET_SCRYPT_N 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_PKEY_CTX_SET_SCRYPT_N 3ossl" +.TH EVP_PKEY_CTX_SET_SCRYPT_N 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_CTX_set1_scrypt_salt, EVP_PKEY_CTX_set_scrypt_N, EVP_PKEY_CTX_set_scrypt_r, EVP_PKEY_CTX_set_scrypt_p, EVP_PKEY_CTX_set_scrypt_maxmem_bytes \&\- EVP_PKEY scrypt KDF support functions +EVP_PKEY_CTX_set1_scrypt_salt, +EVP_PKEY_CTX_set_scrypt_N, +EVP_PKEY_CTX_set_scrypt_r, +EVP_PKEY_CTX_set_scrypt_p, +EVP_PKEY_CTX_set_scrypt_maxmem_bytes +\&\- EVP_PKEY scrypt KDF support functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -161,7 +164,7 @@ EVP_PKEY_CTX_set1_scrypt_salt, EVP_PKEY_CTX_set_scrypt_N, EVP_PKEY_CTX_set_scryp .IX Header "DESCRIPTION" These functions are used to set up the necessary data to use the scrypt \s-1KDF.\s0 -For more information on scrypt, see \fBscrypt\fR\|(7). +For more information on scrypt, see \s-1\fBEVP_KDF\-SCRYPT\s0\fR\|(7). .PP \&\fBEVP_PKEY_CTX_set1_scrypt_salt()\fR sets the \fBsaltlen\fR bytes long salt value. @@ -184,11 +187,12 @@ set by using the parameters \*(L"N\*(R", \*(L"r\*(R", \*(L"p\*(R" and \*(L"maxme respectively. .SH "NOTES" .IX Header "NOTES" +There is a newer generic \s-1API\s0 for KDFs, \s-1\fBEVP_KDF\s0\fR\|(3), which is +preferred over the \s-1EVP_PKEY\s0 method. +.PP The scrypt \s-1KDF\s0 also uses \fBEVP_PKEY_CTX_set1_pbe_pass()\fR as well as the value from the string controls \*(L"pass\*(R" and \*(L"hexpass\*(R". See \fBEVP_PKEY_CTX_set1_pbe_pass\fR\|(3). -.PP -All the functions described here are implemented as macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" All these functions return 1 for success and 0 or a negative value for @@ -197,15 +201,19 @@ In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBscrypt\fR\|(7), +\&\s-1\fBEVP_KDF\s0\fR\|(3) \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of the functions described here were converted from macros to functions in +OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 index 3010afccdb5c..7b019d481478 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_CTX_SET_TLS1_PRF_MD 3" -.TH EVP_PKEY_CTX_SET_TLS1_PRF_MD 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_PKEY_CTX_SET_TLS1_PRF_MD 3ossl" +.TH EVP_PKEY_CTX_SET_TLS1_PRF_MD 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_CTX_set_tls1_prf_md, EVP_PKEY_CTX_set1_tls1_prf_secret, EVP_PKEY_CTX_add1_tls1_prf_seed \- TLS PRF key derivation algorithm +EVP_PKEY_CTX_set_tls1_prf_md, +EVP_PKEY_CTX_set1_tls1_prf_secret, EVP_PKEY_CTX_add1_tls1_prf_seed \- +TLS PRF key derivation algorithm .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -179,8 +179,6 @@ The names \*(L"hexsecret\*(R" and \*(L"hexseed\*(R" are similar except they take which is converted to binary. .SH "NOTES" .IX Header "NOTES" -All these functions are implemented as macros. -.PP A context for the \s-1TLS PRF\s0 can be obtained by calling: .PP .Vb 1 @@ -230,11 +228,15 @@ and seed value \*(L"seed\*(R": \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of the functions described here were converted from macros to functions in +OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_asn1_get_count.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_asn1_get_count.3 index 015866fce3d6..22d8bc710aa1 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_asn1_get_count.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_asn1_get_count.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,19 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_ASN1_GET_COUNT 3" -.TH EVP_PKEY_ASN1_GET_COUNT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_PKEY_ASN1_GET_COUNT 3ossl" +.TH EVP_PKEY_ASN1_GET_COUNT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_asn1_find, EVP_PKEY_asn1_find_str, EVP_PKEY_asn1_get_count, EVP_PKEY_asn1_get0, EVP_PKEY_asn1_get0_info \&\- enumerate public key ASN.1 methods +EVP_PKEY_asn1_find, +EVP_PKEY_asn1_find_str, +EVP_PKEY_asn1_get_count, +EVP_PKEY_asn1_get0, +EVP_PKEY_asn1_get0_info +\&\- enumerate public key ASN.1 methods .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -199,9 +202,9 @@ out of range. \&\fBEVP_PKEY_asn1_new\fR\|(3), \fBEVP_PKEY_asn1_add0\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_check.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_check.3 new file mode 100644 index 000000000000..55c6119668fa --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_check.3 @@ -0,0 +1,224 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CHECK 3ossl" +.TH EVP_PKEY_CHECK 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_check, EVP_PKEY_param_check, EVP_PKEY_param_check_quick, +EVP_PKEY_public_check, EVP_PKEY_public_check_quick, EVP_PKEY_private_check, +EVP_PKEY_pairwise_check +\&\- key and parameter validation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& int EVP_PKEY_check(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_param_check_quick(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_public_check_quick(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEVP_PKEY_param_check()\fR validates the parameters component of the key +given by \fBctx\fR. This check will always succeed for key types that do not have +parameters. +.PP +\&\fBEVP_PKEY_param_check_quick()\fR validates the parameters component of the key +given by \fBctx\fR like \fBEVP_PKEY_param_check()\fR does. However some algorithm +implementations may offer a quicker form of validation that omits some checks in +order to perform a lightweight sanity check of the key. If a quicker form is not +provided then this function call does the same thing as \fBEVP_PKEY_param_check()\fR. +.PP +\&\fBEVP_PKEY_public_check()\fR validates the public component of the key given by \fBctx\fR. +.PP +\&\fBEVP_PKEY_public_check_quick()\fR validates the public component of the key +given by \fBctx\fR like \fBEVP_PKEY_public_check()\fR does. However some algorithm +implementations may offer a quicker form of validation that omits some checks in +order to perform a lightweight sanity check of the key. If a quicker form is not +provided then this function call does the same thing as \fBEVP_PKEY_public_check()\fR. +.PP +\&\fBEVP_PKEY_private_check()\fR validates the private component of the key given by \fBctx\fR. +.PP +\&\fBEVP_PKEY_pairwise_check()\fR validates that the public and private components have +the correct mathematical relationship to each other for the key given by \fBctx\fR. +.PP +\&\fBEVP_PKEY_check()\fR is an alias for the \fBEVP_PKEY_pairwise_check()\fR function. +.SH "NOTES" +.IX Header "NOTES" +Key validation used by the OpenSSL \s-1FIPS\s0 provider complies with the rules +within \s-1SP800\-56A\s0 and \s-1SP800\-56B.\s0 For backwards compatibility reasons the OpenSSL +default provider may use checks that are not as restrictive for certain key types. +For further information see \*(L"\s-1DSA\s0 key validation\*(R" in \s-1\fBEVP_PKEY\-DSA\s0\fR\|(7), +\&\*(L"\s-1DH\s0 key validation\*(R" in \s-1\fBEVP_PKEY\-DH\s0\fR\|(7), \*(L"\s-1EC\s0 key validation\*(R" in \s-1\fBEVP_PKEY\-EC\s0\fR\|(7) and +\&\*(L"\s-1RSA\s0 key validation\*(R" in \s-1\fBEVP_PKEY\-RSA\s0\fR\|(7). +.PP +Refer to \s-1SP800\-56A\s0 and \s-1SP800\-56B\s0 for rules relating to when these functions +should be called during key establishment. +It is not necessary to call these functions after locally calling an approved key +generation method, but may be required for assurance purposes when receiving +keys from a third party. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All functions return 1 for success or others for failure. +They return \-2 if the operation is not supported for the specific algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_fromdata\fR\|(3), +\&\s-1\fBEVP_PKEY\-DH\s0\fR\|(7), +\&\s-1\fBEVP_PKEY\-FFC\s0\fR\|(7), +\&\s-1\fBEVP_PKEY\-DSA\s0\fR\|(7), +\&\s-1\fBEVP_PKEY\-EC\s0\fR\|(7), +\&\s-1\fBEVP_PKEY\-RSA\s0\fR\|(7), +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBEVP_PKEY_check()\fR, \fBEVP_PKEY_public_check()\fR and \fBEVP_PKEY_param_check()\fR were added +in OpenSSL 1.1.1. +.PP +\&\fBEVP_PKEY_param_check_quick()\fR, \fBEVP_PKEY_public_check_quick()\fR, +\&\fBEVP_PKEY_private_check()\fR and \fBEVP_PKEY_pairwise_check()\fR were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2022 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_cmp.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_copy_parameters.3 index 87d1cf5a573f..57a2bc873790 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_cmp.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_copy_parameters.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_CMP 3" -.TH EVP_PKEY_CMP 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_PKEY_COPY_PARAMETERS 3ossl" +.TH EVP_PKEY_COPY_PARAMETERS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters, EVP_PKEY_cmp \- public key parameter and comparison functions +EVP_PKEY_missing_parameters, EVP_PKEY_copy_parameters, EVP_PKEY_parameters_eq, +EVP_PKEY_cmp_parameters, EVP_PKEY_eq, +EVP_PKEY_cmp \- public key parameter and comparison functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -148,6 +148,15 @@ EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters, \& int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); \& int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); \& +\& int EVP_PKEY_parameters_eq(const EVP_PKEY *a, const EVP_PKEY *b); +\& int EVP_PKEY_eq(const EVP_PKEY *a, const EVP_PKEY *b); +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 2 \& int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); \& int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); .Ve @@ -162,11 +171,11 @@ The function \fBEVP_PKEY_copy_parameters()\fR copies the parameters from key \&\fBfrom\fR or present in both \fBfrom\fR and \fBto\fR and mismatch. If the parameters in \fBfrom\fR and \fBto\fR are both present and match this function has no effect. .PP -The function \fBEVP_PKEY_cmp_parameters()\fR compares the parameters of keys -\&\fBa\fR and \fBb\fR. +The function \fBEVP_PKEY_parameters_eq()\fR checks the parameters of keys +\&\fBa\fR and \fBb\fR for equality. .PP -The function \fBEVP_PKEY_cmp()\fR compares the public key components and parameters -(if present) of keys \fBa\fR and \fBb\fR. +The function \fBEVP_PKEY_eq()\fR checks the keys \fBa\fR and \fBb\fR for equality, +including their parameters if they are available. .SH "NOTES" .IX Header "NOTES" The main purpose of the functions \fBEVP_PKEY_missing_parameters()\fR and @@ -174,9 +183,23 @@ The main purpose of the functions \fBEVP_PKEY_missing_parameters()\fR and parameters are sometimes omitted from a public key if they are inherited from the \s-1CA\s0 that signed it. .PP -Since OpenSSL private keys contain public key components too the function -\&\fBEVP_PKEY_cmp()\fR can also be used to determine if a private key matches -a public key. +The deprecated functions \fBEVP_PKEY_cmp()\fR and \fBEVP_PKEY_cmp_parameters()\fR differ in +their return values compared to other \fB_cmp()\fR functions. They are aliases for +\&\fBEVP_PKEY_eq()\fR and \fBEVP_PKEY_parameters_eq()\fR. +.PP +The function \fBEVP_PKEY_cmp()\fR previously only checked the key parameters +(if there are any) and the public key, assuming that there always was +a public key and that private key equality could be derived from that. +Because it's no longer assumed that the private key in an \s-1\fBEVP_PKEY\s0\fR\|(3) is +always accompanied by a public key, the comparison can not rely on public +key comparison alone. +.PP +Instead, \fBEVP_PKEY_eq()\fR (and therefore also \fBEVP_PKEY_cmp()\fR) now compares: +.IP "1." 4 +the key parameters (if there are any) +.IP "2." 4 +the public keys or the private keys of the two \fB\s-1EVP_PKEY\s0\fRs, depending on +what they both contain. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The function \fBEVP_PKEY_missing_parameters()\fR returns 1 if the public key @@ -186,18 +209,26 @@ doesn't use parameters. These functions \fBEVP_PKEY_copy_parameters()\fR returns 1 for success and 0 for failure. .PP -The function \fBEVP_PKEY_cmp_parameters()\fR and \fBEVP_PKEY_cmp()\fR return 1 if the -keys match, 0 if they don't match, \-1 if the key types are different and +The functions \fBEVP_PKEY_cmp_parameters()\fR, \fBEVP_PKEY_parameters_eq()\fR, +\&\fBEVP_PKEY_cmp()\fR and \fBEVP_PKEY_eq()\fR return 1 if their +inputs match, 0 if they don't match, \-1 if the key types are different and \&\-2 if the operation is not supported. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_keygen\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBEVP_PKEY_cmp()\fR and \fBEVP_PKEY_cmp_parameters()\fR functions were deprecated in +OpenSSL 3.0. +.PP +The \fBEVP_PKEY_eq()\fR and \fBEVP_PKEY_parameters_eq()\fR were added in OpenSSL 3.0 to +replace \fBEVP_PKEY_cmp()\fR and \fBEVP_PKEY_cmp_parameters()\fR. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_decapsulate.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_decapsulate.3 new file mode 100644 index 000000000000..16cfa3d468b7 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_decapsulate.3 @@ -0,0 +1,229 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_DECAPSULATE 3ossl" +.TH EVP_PKEY_DECAPSULATE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_decapsulate_init, EVP_PKEY_decapsulate +\&\- Key decapsulation using a KEM algorithm with a private key +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); +\& int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx, +\& unsigned char *unwrapped, size_t *unwrappedlen, +\& const unsigned char *wrapped, size_t wrappedlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_decapsulate_init()\fR function initializes a private key algorithm +context \fIctx\fR for a decapsulation operation and then sets the \fIparams\fR +on the context in the same way as calling \fBEVP_PKEY_CTX_set_params\fR\|(3). +Note that \fIctx\fR usually is produced using \fBEVP_PKEY_CTX_new_from_pkey\fR\|(3), +specifying the private key to use. +.PP +The \fBEVP_PKEY_decapsulate()\fR function performs a private key decapsulation +operation using \fIctx\fR. The data to be decapsulated is specified using the +\&\fIwrapped\fR and \fIwrappedlen\fR parameters. +If \fIunwrapped\fR is \s-1NULL\s0 then the maximum size of the output secret buffer +is written to \fI*unwrappedlen\fR. If \fIunwrapped\fR is not \s-1NULL\s0 and the +call is successful then the decapsulated secret data is written to \fIunwrapped\fR +and the amount of data written to \fI*unwrappedlen\fR. +.SH "NOTES" +.IX Header "NOTES" +After the call to \fBEVP_PKEY_decapsulate_init()\fR algorithm-specific parameters +for the operation may be set or modified using \fBEVP_PKEY_CTX_set_params\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_decapsulate_init()\fR and \fBEVP_PKEY_decapsulate()\fR return 1 for +success and 0 or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the private key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Decapsulate data using \s-1RSA:\s0 +.PP +.Vb 1 +\& #include <openssl/evp.h> +\& +\& /* +\& * NB: assumes rsa_priv_key is an RSA private key, +\& * and that in, inlen are already set up to contain encapsulated data. +\& */ +\& +\& EVP_PKEY_CTX *ctx = NULL; +\& size_t secretlen = 0; +\& unsigned char *secret = NULL;; +\& +\& ctx = EVP_PKEY_CTX_new_from_pkey(libctx, rsa_priv_key, NULL); +\& if (ctx = NULL) +\& /* Error */ +\& if (EVP_PKEY_decapsulate_init(ctx, NULL) <= 0) +\& /* Error */ +\& +\& /* Set the mode \- only \*(AqRSASVE\*(Aq is currently supported */ +\& if (EVP_PKEY_CTX_set_kem_op(ctx, "RSASVE") <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_decapsulate(ctx, NULL, &secretlen, in, inlen) <= 0) +\& /* Error */ +\& +\& secret = OPENSSL_malloc(secretlen); +\& if (secret == NULL) +\& /* malloc failure */ +\& +\& /* Decapsulated secret data is secretlen bytes long */ +\& if (EVP_PKEY_decapsulaterctx, secret, &secretlen, in, inlen) <= 0) +\& /* Error */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new_from_pkey\fR\|(3), +\&\fBEVP_PKEY_encapsulate\fR\|(3), +\&\s-1\fBEVP_KEM\-RSA\s0\fR\|(7), +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_decrypt.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_decrypt.3 index 635fa5f66200..10528a4c842a 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_decrypt.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_decrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,20 +130,22 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_DECRYPT 3" -.TH EVP_PKEY_DECRYPT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_PKEY_DECRYPT 3ossl" +.TH EVP_PKEY_DECRYPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_decrypt_init, EVP_PKEY_decrypt \- decrypt using a public key algorithm +EVP_PKEY_decrypt_init, EVP_PKEY_decrypt_init_ex, +EVP_PKEY_decrypt \- decrypt using a public key algorithm .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> \& \& int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_decrypt_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); \& int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, \& unsigned char *out, size_t *outlen, \& const unsigned char *in, size_t inlen); @@ -153,28 +153,36 @@ EVP_PKEY_decrypt_init, EVP_PKEY_decrypt \- decrypt using a public key algorithm .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBEVP_PKEY_decrypt_init()\fR function initializes a public key algorithm -context using key \fBpkey\fR for a decryption operation. +context using key \fIpkey\fR for a decryption operation. +.PP +The \fBEVP_PKEY_decrypt_init_ex()\fR function initializes a public key algorithm +context using key \fIpkey\fR for a decryption operation and sets the +algorithm specific \fIparams\fR. .PP The \fBEVP_PKEY_decrypt()\fR function performs a public key decryption operation -using \fBctx\fR. The data to be decrypted is specified using the \fBin\fR and -\&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output -buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fB\s-1NULL\s0\fR then -before the call the \fBoutlen\fR parameter should contain the length of the -\&\fBout\fR buffer, if the call is successful the decrypted data is written to -\&\fBout\fR and the amount of data written to \fBoutlen\fR. +using \fIctx\fR. The data to be decrypted is specified using the \fIin\fR and +\&\fIinlen\fR parameters. If \fIout\fR is \s-1NULL\s0 then the minimum required size of +the output buffer is written to the \fI*outlen\fR parameter. +.PP +If \fIout\fR is not \s-1NULL\s0 then before the call the \fI*outlen\fR parameter must +contain the length of the \fIout\fR buffer. If the call is successful the +decrypted data is written to \fIout\fR and the amount of the decrypted data +written to \fI*outlen\fR, otherwise an error is returned. .SH "NOTES" .IX Header "NOTES" After the call to \fBEVP_PKEY_decrypt_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the -operation. +operation. These operations can be included in the \fBEVP_PKEY_decrypt_init_ex()\fR +call. .PP The function \fBEVP_PKEY_decrypt()\fR can be called more than once on the same context if several operations are performed using the same parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBEVP_PKEY_decrypt_init()\fR and \fBEVP_PKEY_decrypt()\fR return 1 for success and 0 -or a negative value for failure. In particular a return value of \-2 -indicates the operation is not supported by the public key algorithm. +\&\fBEVP_PKEY_decrypt_init()\fR, \fBEVP_PKEY_decrypt_init_ex()\fR and \fBEVP_PKEY_decrypt()\fR +return 1 for success and 0 or a negative value for failure. In particular a +return value of \-2 indicates the operation is not supported by the public key +algorithm. .SH "EXAMPLES" .IX Header "EXAMPLES" Decrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys): @@ -198,7 +206,7 @@ Decrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys): \& /* Error occurred */ \& if (EVP_PKEY_decrypt_init(ctx) <= 0) \& /* Error */ -\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0) +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0) \& /* Error */ \& \& /* Determine buffer length */ @@ -228,9 +236,9 @@ Decrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys): These functions were added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_derive.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_derive.3 index b4a3c1b88645..3942c345c62c 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_derive.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_derive.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,50 +130,66 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_DERIVE 3" -.TH EVP_PKEY_DERIVE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_PKEY_DERIVE 3ossl" +.TH EVP_PKEY_DERIVE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive \- derive public key algorithm shared secret +EVP_PKEY_derive_init, EVP_PKEY_derive_init_ex, +EVP_PKEY_derive_set_peer_ex, EVP_PKEY_derive_set_peer, EVP_PKEY_derive +\&\- derive public key algorithm shared secret .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> \& \& int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); +\& int EVP_PKEY_derive_set_peer_ex(EVP_PKEY_CTX *ctx, EVP_PKEY *peer, +\& int validate_peer); \& int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); \& int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fBEVP_PKEY_derive_init()\fR function initializes a public key algorithm -context using key \fBpkey\fR for shared secret derivation. +\&\fBEVP_PKEY_derive_init()\fR initializes a public key algorithm context \fIctx\fR for +shared secret derivation using the algorithm given when the context was created +using \fBEVP_PKEY_CTX_new\fR\|(3) or variants thereof. The algorithm is used to +fetch a \fB\s-1EVP_KEYEXCH\s0\fR method implicitly, see \*(L"Implicit fetch\*(R" in \fBprovider\fR\|(7) for +more information about implicit fetches. +.PP +\&\fBEVP_PKEY_derive_init_ex()\fR is the same as \fBEVP_PKEY_derive_init()\fR but additionally +sets the passed parameters \fIparams\fR on the context before returning. .PP -The \fBEVP_PKEY_derive_set_peer()\fR function sets the peer key: this will normally -be a public key. +\&\fBEVP_PKEY_derive_set_peer_ex()\fR sets the peer key: this will normally +be a public key. The \fIvalidate_peer\fR will validate the public key if this value +is non zero. .PP -The \fBEVP_PKEY_derive()\fR derives a shared secret using \fBctx\fR. -If \fBkey\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to -the \fBkeylen\fR parameter. If \fBkey\fR is not \fB\s-1NULL\s0\fR then before the call the -\&\fBkeylen\fR parameter should contain the length of the \fBkey\fR buffer, if the call -is successful the shared secret is written to \fBkey\fR and the amount of data -written to \fBkeylen\fR. +\&\fBEVP_PKEY_derive_set_peer()\fR is similar to \fBEVP_PKEY_derive_set_peer_ex()\fR with +\&\fIvalidate_peer\fR set to 1. +.PP +\&\fBEVP_PKEY_derive()\fR derives a shared secret using \fIctx\fR. +If \fIkey\fR is \s-1NULL\s0 then the maximum size of the output buffer is written to the +\&\fIkeylen\fR parameter. If \fIkey\fR is not \s-1NULL\s0 then before the call the \fIkeylen\fR +parameter should contain the length of the \fIkey\fR buffer, if the call is +successful the shared secret is written to \fIkey\fR and the amount of data +written to \fIkeylen\fR. .SH "NOTES" .IX Header "NOTES" -After the call to \fBEVP_PKEY_derive_init()\fR algorithm specific control -operations can be performed to set any appropriate parameters for the -operation. +After the call to \fBEVP_PKEY_derive_init()\fR, algorithm +specific control operations can be performed to set any appropriate parameters +for the operation. .PP The function \fBEVP_PKEY_derive()\fR can be called more than once on the same context if several operations are performed using the same parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBEVP_PKEY_derive_init()\fR and \fBEVP_PKEY_derive()\fR return 1 for success and 0 -or a negative value for failure. In particular a return value of \-2 -indicates the operation is not supported by the public key algorithm. +\&\fBEVP_PKEY_derive_init()\fR and \fBEVP_PKEY_derive()\fR return 1 +for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. .SH "EXAMPLES" .IX Header "EXAMPLES" Derive shared secret (for example \s-1DH\s0 or \s-1EC\s0 keys): @@ -221,14 +235,19 @@ Derive shared secret (for example \s-1DH\s0 or \s-1EC\s0 keys): \&\fBEVP_PKEY_sign\fR\|(3), \&\fBEVP_PKEY_verify\fR\|(3), \&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_KEYEXCH_fetch\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -These functions were added in OpenSSL 1.0.0. +The \fBEVP_PKEY_derive_init()\fR, \fBEVP_PKEY_derive_set_peer()\fR and \fBEVP_PKEY_derive()\fR +functions were originally added in OpenSSL 1.0.0. +.PP +The \fBEVP_PKEY_derive_init_ex()\fR and \fBEVP_PKEY_derive_set_peer_ex()\fR functions were +added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_digestsign_supports_digest.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_digestsign_supports_digest.3 new file mode 100644 index 000000000000..e4e8810b361f --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_digestsign_supports_digest.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_DIGESTSIGN_SUPPORTS_DIGEST 3ossl" +.TH EVP_PKEY_DIGESTSIGN_SUPPORTS_DIGEST 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_digestsign_supports_digest \- indicate support for signature digest +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 3 +\& #include <openssl/evp.h> +\& int EVP_PKEY_digestsign_supports_digest(EVP_PKEY *pkey, OSSL_LIB_CTX *libctx, +\& const char *name, const char *propq); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_digestsign_supports_digest()\fR function queries whether the message +digest \fIname\fR is supported for public key signature operations associated with +key \fIpkey\fR. The query is done within an optional library context \fIlibctx\fR and +with an optional property query \fIpropq\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fBEVP_PKEY_digestsign_supports_digest()\fR function returns 1 if the message +digest algorithm identified by \fIname\fR can be used for public key signature +operations associated with key \fIpkey\fR and 0 if it cannot be used. It returns +a negative value for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_DigestSignInit_ex\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +The \fBEVP_PKEY_digestsign_supports_digest()\fR function was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_encapsulate.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_encapsulate.3 new file mode 100644 index 000000000000..8d7aedb791ae --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_encapsulate.3 @@ -0,0 +1,239 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_ENCAPSULATE 3ossl" +.TH EVP_PKEY_ENCAPSULATE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_encapsulate_init, EVP_PKEY_encapsulate +\&\- Key encapsulation using a KEM algorithm with a public key +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); +\& int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx, +\& unsigned char *wrappedkey, size_t *wrappedkeylen, +\& unsigned char *genkey, size_t *genkeylen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_encapsulate_init()\fR function initializes a public key algorithm +context \fIctx\fR for an encapsulation operation and then sets the \fIparams\fR +on the context in the same way as calling \fBEVP_PKEY_CTX_set_params\fR\|(3). +Note that \fIctx\fR is usually is produced using \fBEVP_PKEY_CTX_new_from_pkey\fR\|(3), +specifying the public key to use. +.PP +The \fBEVP_PKEY_encapsulate()\fR function performs a public key encapsulation +operation using \fIctx\fR. +The symmetric secret generated in \fIgenkey\fR can be used as key material. +The ciphertext in \fIwrappedkey\fR is its encapsulated form, which can be sent +to another party, who can use \fBEVP_PKEY_decapsulate\fR\|(3) to retrieve it +using their private key. +If \fIwrappedkey\fR is \s-1NULL\s0 then the maximum size of the output buffer +is written to the \fI*wrappedkeylen\fR parameter unless \fIwrappedkeylen\fR is \s-1NULL\s0 +and the maximum size of the generated key buffer is written to \fI*genkeylen\fR +unless \fIgenkeylen\fR is \s-1NULL.\s0 +If \fIwrappedkey\fR is not \s-1NULL\s0 and the call is successful then the +internally generated key is written to \fIgenkey\fR and its size is written to +\&\fI*genkeylen\fR. The encapsulated version of the generated key is written to +\&\fIwrappedkey\fR and its size is written to \fI*wrappedkeylen\fR. +.SH "NOTES" +.IX Header "NOTES" +After the call to \fBEVP_PKEY_encapsulate_init()\fR algorithm-specific parameters +for the operation may be set or modified using \fBEVP_PKEY_CTX_set_params\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_encapsulate_init()\fR and \fBEVP_PKEY_encapsulate()\fR return 1 for +success and 0 or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Encapsulate an \s-1RSASVE\s0 key (for \s-1RSA\s0 keys). +.PP +.Vb 1 +\& #include <openssl/evp.h> +\& +\& /* +\& * NB: assumes rsa_pub_key is an public key of another party. +\& */ +\& +\& EVP_PKEY_CTX *ctx = NULL; +\& size_t secretlen = 0, outlen = 0; +\& unsigned char *out = NULL, *secret = NULL; +\& +\& ctx = EVP_PKEY_CTX_new_from_pkey(libctx, rsa_pub_key, NULL); +\& if (ctx = NULL) +\& /* Error */ +\& if (EVP_PKEY_encapsulate_init(ctx, NULL) <= 0) +\& /* Error */ +\& +\& /* Set the mode \- only \*(AqRSASVE\*(Aq is currently supported */ +\& if (EVP_PKEY_CTX_set_kem_op(ctx, "RSASVE") <= 0) +\& /* Error */ +\& /* Determine buffer length */ +\& if (EVP_PKEY_encapsulate(ctx, NULL, &outlen, NULL, &secretlen) <= 0) +\& /* Error */ +\& +\& out = OPENSSL_malloc(outlen); +\& secret = OPENSSL_malloc(secretlen); +\& if (out == NULL || secret == NULL) +\& /* malloc failure */ +\& +\& /* +\& * The generated \*(Aqsecret\*(Aq can be used as key material. +\& * The encapsulated \*(Aqout\*(Aq can be sent to another party who can +\& * decapsulate it using their private key to retrieve the \*(Aqsecret\*(Aq. +\& */ +\& if (EVP_PKEY_encapsulate(ctx, out, &outlen, secret, &secretlen) <= 0) +\& /* Error */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new_from_pkey\fR\|(3), +\&\fBEVP_PKEY_decapsulate\fR\|(3), +\&\s-1\fBEVP_KEM\-RSA\s0\fR\|(7), +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_encrypt.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_encrypt.3 index 2d8311f1a4f2..c8cc1b513cc5 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_encrypt.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,13 +130,14 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_ENCRYPT 3" -.TH EVP_PKEY_ENCRYPT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_PKEY_ENCRYPT 3ossl" +.TH EVP_PKEY_ENCRYPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" +EVP_PKEY_encrypt_init_ex, EVP_PKEY_encrypt_init, EVP_PKEY_encrypt \- encrypt using a public key algorithm .SH "SYNOPSIS" .IX Header "SYNOPSIS" @@ -146,6 +145,7 @@ EVP_PKEY_encrypt_init, EVP_PKEY_encrypt \- encrypt using a public key algorithm \& #include <openssl/evp.h> \& \& int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_encrypt_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); \& int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, \& unsigned char *out, size_t *outlen, \& const unsigned char *in, size_t inlen); @@ -155,6 +155,10 @@ EVP_PKEY_encrypt_init, EVP_PKEY_encrypt \- encrypt using a public key algorithm The \fBEVP_PKEY_encrypt_init()\fR function initializes a public key algorithm context using key \fBpkey\fR for an encryption operation. .PP +The \fBEVP_PKEY_encrypt_init_ex()\fR function initializes a public key algorithm +context using key \fBpkey\fR for an encryption operation and sets the +algorithm specific \fBparams\fR. +.PP The \fBEVP_PKEY_encrypt()\fR function performs a public key encryption operation using \fBctx\fR. The data to be encrypted is specified using the \fBin\fR and \&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output @@ -166,15 +170,17 @@ before the call the \fBoutlen\fR parameter should contain the length of the .IX Header "NOTES" After the call to \fBEVP_PKEY_encrypt_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the -operation. +operation. These operations can be included in the \fBEVP_PKEY_encrypt_init_ex()\fR +call. .PP The function \fBEVP_PKEY_encrypt()\fR can be called more than once on the same context if several operations are performed using the same parameters. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBEVP_PKEY_encrypt_init()\fR and \fBEVP_PKEY_encrypt()\fR return 1 for success and 0 -or a negative value for failure. In particular a return value of \-2 -indicates the operation is not supported by the public key algorithm. +\&\fBEVP_PKEY_encrypt_init()\fR, \fBEVP_PKEY_encrypt_init_ex()\fR and \fBEVP_PKEY_encrypt()\fR +return 1 for success and 0 or a negative value for failure. In particular a +return value of \-2 indicates the operation is not supported by the public key +algorithm. .SH "EXAMPLES" .IX Header "EXAMPLES" Encrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys). See also \fBPEM_read_PUBKEY\fR\|(3) or @@ -201,7 +207,7 @@ set 'eng = \s-1NULL\s0;' to start with the default OpenSSL \s-1RSA\s0 implementa \& /* Error occurred */ \& if (EVP_PKEY_encrypt_init(ctx) <= 0) \& /* Error */ -\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0) +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0) \& /* Error */ \& \& /* Determine buffer length */ @@ -233,9 +239,9 @@ set 'eng = \s-1NULL\s0;' to start with the default OpenSSL \s-1RSA\s0 implementa These functions were added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_fromdata.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_fromdata.3 new file mode 100644 index 000000000000..f08f0ec2f8ec --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_fromdata.3 @@ -0,0 +1,390 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_FROMDATA 3ossl" +.TH EVP_PKEY_FROMDATA 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_fromdata_init, EVP_PKEY_fromdata, EVP_PKEY_fromdata_settable +\&\- functions to create keys and key parameters from user data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, int selection, +\& OSSL_PARAM params[]); +\& const OSSL_PARAM *EVP_PKEY_fromdata_settable(EVP_PKEY_CTX *ctx, int selection); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions described here are used to create new keys from user +provided key data, such as \fIn\fR, \fIe\fR and \fId\fR for a minimal \s-1RSA\s0 +keypair. +.PP +These functions use an \fB\s-1EVP_PKEY_CTX\s0\fR context, which should primarily +be created with \fBEVP_PKEY_CTX_new_from_name\fR\|(3) or +\&\fBEVP_PKEY_CTX_new_id\fR\|(3). +.PP +The exact key data that the user can pass depends on the key type. +These are passed as an \s-1\fBOSSL_PARAM\s0\fR\|(3) array. +.PP +\&\fBEVP_PKEY_fromdata_init()\fR initializes a public key algorithm context +for creating a key or key parameters from user data. +.PP +\&\fBEVP_PKEY_fromdata()\fR creates the structure to store a key or key parameters, +given data from \fIparams\fR, \fIselection\fR and a context that's been initialized +with \fBEVP_PKEY_fromdata_init()\fR. The result is written to \fI*ppkey\fR. +\&\fIselection\fR is described in \*(L"Selections\*(R". +The parameters that can be used for various types of key are as described by the +diverse \*(L"Common parameters\*(R" sections of the +\&\fB\s-1EVP_PKEY\-RSA\s0\fR(7), +\&\fB\s-1EVP_PKEY\-DSA\s0\fR(7), +\&\fB\s-1EVP_PKEY\-DH\s0\fR(7), +\&\fB\s-1EVP_PKEY\-EC\s0\fR(7), +\&\fB\s-1EVP_PKEY\-ED448\s0\fR(7), +\&\fB\s-1EVP_PKEY\-X25519\s0\fR(7), +\&\fB\s-1EVP_PKEY\-X448\s0\fR(7), +and \fB\s-1EVP_PKEY\-ED25519\s0\fR(7) pages. +.PP +\&\fBEVP_PKEY_fromdata_settable()\fR gets a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes +the settable parameters that can be used with \fBEVP_PKEY_fromdata()\fR. +\&\fIselection\fR is described in \*(L"Selections\*(R". +.PP +Parameters in the \fIparams\fR array that are not among the settable parameters +for the given \fIselection\fR are ignored. +.SS "Selections" +.IX Subsection "Selections" +The following constants can be used for \fIselection\fR: +.IP "\fB\s-1EVP_PKEY_KEY_PARAMETERS\s0\fR" 4 +.IX Item "EVP_PKEY_KEY_PARAMETERS" +Only key parameters will be selected. +.IP "\fB\s-1EVP_PKEY_PUBLIC_KEY\s0\fR" 4 +.IX Item "EVP_PKEY_PUBLIC_KEY" +Only public key components will be selected. This includes optional key +parameters. +.IP "\fB\s-1EVP_PKEY_KEYPAIR\s0\fR" 4 +.IX Item "EVP_PKEY_KEYPAIR" +Any keypair components will be selected. This includes the private key, +public key and key parameters. +.SH "NOTES" +.IX Header "NOTES" +These functions only work with key management methods coming from a provider. +This is the mirror function to \fBEVP_PKEY_todata\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_fromdata_init()\fR and \fBEVP_PKEY_fromdata()\fR return 1 for success and 0 or +a negative value for failure. In particular a return value of \-2 indicates the +operation is not supported by the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +These examples are very terse for the sake of staying on topic, which +is the \fBEVP_PKEY_fromdata()\fR set of functions. In real applications, +BIGNUMs would be handled and converted to byte arrays with +\&\fBBN_bn2nativepad()\fR, but that's off topic here. +.SS "Creating an \s-1RSA\s0 keypair using raw key data" +.IX Subsection "Creating an RSA keypair using raw key data" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& /* +\& * These are extremely small to make this example simple. A real +\& * and secure application will not use such small numbers. A real +\& * and secure application is expected to use BIGNUMs, and to build +\& * this array dynamically. +\& */ +\& unsigned long rsa_n = 0xbc747fc5; +\& unsigned long rsa_e = 0x10001; +\& unsigned long rsa_d = 0x7b133399; +\& OSSL_PARAM params[] = { +\& OSSL_PARAM_ulong("n", &rsa_n), +\& OSSL_PARAM_ulong("e", &rsa_e), +\& OSSL_PARAM_ulong("d", &rsa_d), +\& OSSL_PARAM_END +\& }; +\& +\& int main() +\& { +\& EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL); +\& EVP_PKEY *pkey = NULL; +\& +\& if (ctx == NULL +\& || EVP_PKEY_fromdata_init(ctx) <= 0 +\& || EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) +\& exit(1); +\& +\& /* Do what you want with |pkey| */ +\& } +.Ve +.SS "Creating an \s-1ECC\s0 keypair using raw key data" +.IX Subsection "Creating an ECC keypair using raw key data" +.Vb 3 +\& #include <openssl/evp.h> +\& #include <openssl/param_build.h> +\& #include <openssl/ec.h> +\& +\& /* +\& * Fixed data to represent the private and public key. +\& */ +\& const unsigned char priv_data[] = { +\& 0xb9, 0x2f, 0x3c, 0xe6, 0x2f, 0xfb, 0x45, 0x68, +\& 0x39, 0x96, 0xf0, 0x2a, 0xaf, 0x6c, 0xda, 0xf2, +\& 0x89, 0x8a, 0x27, 0xbf, 0x39, 0x9b, 0x7e, 0x54, +\& 0x21, 0xc2, 0xa1, 0xe5, 0x36, 0x12, 0x48, 0x5d +\& }; +\& /* UNCOMPRESSED FORMAT */ +\& const unsigned char pub_data[] = { +\& POINT_CONVERSION_UNCOMPRESSED, +\& 0xcf, 0x20, 0xfb, 0x9a, 0x1d, 0x11, 0x6c, 0x5e, +\& 0x9f, 0xec, 0x38, 0x87, 0x6c, 0x1d, 0x2f, 0x58, +\& 0x47, 0xab, 0xa3, 0x9b, 0x79, 0x23, 0xe6, 0xeb, +\& 0x94, 0x6f, 0x97, 0xdb, 0xa3, 0x7d, 0xbd, 0xe5, +\& 0x26, 0xca, 0x07, 0x17, 0x8d, 0x26, 0x75, 0xff, +\& 0xcb, 0x8e, 0xb6, 0x84, 0xd0, 0x24, 0x02, 0x25, +\& 0x8f, 0xb9, 0x33, 0x6e, 0xcf, 0x12, 0x16, 0x2f, +\& 0x5c, 0xcd, 0x86, 0x71, 0xa8, 0xbf, 0x1a, 0x47 +\& }; +\& +\& int main() +\& { +\& EVP_PKEY_CTX *ctx; +\& EVP_PKEY *pkey = NULL; +\& BIGNUM *priv; +\& OSSL_PARAM_BLD *param_bld; +\& OSSL_PARAM *params = NULL; +\& int exitcode = 0; +\& +\& priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL); +\& +\& param_bld = OSSL_PARAM_BLD_new(); +\& if (priv != NULL && param_bld != NULL +\& && OSSL_PARAM_BLD_push_utf8_string(param_bld, "group", +\& "prime256v1", 0) +\& && OSSL_PARAM_BLD_push_BN(param_bld, "priv", priv) +\& && OSSL_PARAM_BLD_push_octet_string(param_bld, "pub", +\& pub_data, sizeof(pub_data))) +\& params = OSSL_PARAM_BLD_to_param(param_bld); +\& +\& ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL); +\& if (ctx == NULL +\& || params == NULL +\& || EVP_PKEY_fromdata_init(ctx) <= 0 +\& || EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) { +\& exitcode = 1; +\& } else { +\& /* Do what you want with |pkey| */ +\& } +\& +\& EVP_PKEY_free(pkey); +\& EVP_PKEY_CTX_free(ctx); +\& OSSL_PARAM_free(params); +\& OSSL_PARAM_BLD_free(param_bld); +\& BN_free(priv); +\& +\& exit(exitcode); +\& } +.Ve +.SS "Finding out params for an unknown key type" +.IX Subsection "Finding out params for an unknown key type" +.Vb 2 +\& #include <openssl/evp.h> +\& #include <openssl/core.h> +\& +\& /* Program expects a key type as first argument */ +\& int main(int argc, char *argv[]) +\& { +\& EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, argv[1], NULL); +\& const OSSL_PARAM *settable_params = NULL; +\& +\& if (ctx == NULL) +\& exit(1); +\& settable_params = EVP_PKEY_fromdata_settable(ctx, EVP_PKEY_KEYPAIR); +\& if (settable_params == NULL) +\& exit(1); +\& +\& for (; settable_params\->key != NULL; settable_params++) { +\& const char *datatype = NULL; +\& +\& switch (settable_params\->data_type) { +\& case OSSL_PARAM_INTEGER: +\& datatype = "integer"; +\& break; +\& case OSSL_PARAM_UNSIGNED_INTEGER: +\& datatype = "unsigned integer"; +\& break; +\& case OSSL_PARAM_UTF8_STRING: +\& datatype = "printable string (utf\-8 encoding expected)"; +\& break; +\& case OSSL_PARAM_UTF8_PTR: +\& datatype = "printable string pointer (utf\-8 encoding expected)"; +\& break; +\& case OSSL_PARAM_OCTET_STRING: +\& datatype = "octet string"; +\& break; +\& case OSSL_PARAM_OCTET_PTR: +\& datatype = "octet string pointer"; +\& break; +\& } +\& printf("%s : %s ", settable_params\->key, datatype); +\& if (settable_params\->data_size == 0) +\& printf("(unlimited size)\en"); +\& else +\& printf("(maximum size %zu)\en", settable_params\->data_size); +\& } +\& } +.Ve +.PP +The descriptor \s-1\fBOSSL_PARAM\s0\fR\|(3) returned by +\&\fBEVP_PKEY_fromdata_settable()\fR may also be used programmatically, for +example with \fBOSSL_PARAM_allocate_from_text\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), \fBprovider\fR\|(7), \fBEVP_PKEY_gettable_params\fR\|(3), +\&\s-1\fBOSSL_PARAM\s0\fR\|(3), \fBEVP_PKEY_todata\fR\|(3), +\&\s-1\fBEVP_PKEY\-RSA\s0\fR\|(7), \s-1\fBEVP_PKEY\-DSA\s0\fR\|(7), \s-1\fBEVP_PKEY\-DH\s0\fR\|(7), \s-1\fBEVP_PKEY\-EC\s0\fR\|(7), +\&\s-1\fBEVP_PKEY\-ED448\s0\fR\|(7), \s-1\fBEVP_PKEY\-X25519\s0\fR\|(7), \s-1\fBEVP_PKEY\-X448\s0\fR\|(7), +\&\s-1\fBEVP_PKEY\-ED25519\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2022 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_get_default_digest_nid.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_get_default_digest_nid.3 index 51efff318eaa..a67894f3d43b 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_get_default_digest_nid.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_get_default_digest_nid.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,40 +130,56 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_GET_DEFAULT_DIGEST_NID 3" -.TH EVP_PKEY_GET_DEFAULT_DIGEST_NID 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_PKEY_GET_DEFAULT_DIGEST_NID 3ossl" +.TH EVP_PKEY_GET_DEFAULT_DIGEST_NID 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_get_default_digest_nid \- get default signature digest +EVP_PKEY_get_default_digest_nid, EVP_PKEY_get_default_digest_name +\&\- get default signature digest .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 2 +.Vb 1 \& #include <openssl/evp.h> +\& +\& int EVP_PKEY_get_default_digest_name(EVP_PKEY *pkey, +\& char *mdname, size_t mdname_sz); \& int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fBEVP_PKEY_get_default_digest_nid()\fR function sets \fBpnid\fR to the default -message digest \s-1NID\s0 for the public key signature operations associated with key -\&\fBpkey\fR. Note that some signature algorithms (i.e. Ed25519 and Ed448) do not use -a digest during signing. In this case \fBpnid\fR will be set to NID_undef. +\&\fBEVP_PKEY_get_default_digest_name()\fR fills in the default message digest +name for the public key signature operations associated with key +\&\fIpkey\fR into \fImdname\fR, up to at most \fImdname_sz\fR bytes including the +ending \s-1NUL\s0 byte. The name could be \f(CW"UNDEF"\fR, signifying that a digest +must (for return value 2) or may (for return value 1) be left unspecified. +.PP +\&\fBEVP_PKEY_get_default_digest_nid()\fR sets \fIpnid\fR to the default message +digest \s-1NID\s0 for the public key signature operations associated with key +\&\fIpkey\fR. Note that some signature algorithms (i.e. Ed25519 and Ed448) +do not use a digest during signing. In this case \fIpnid\fR will be set +to NID_undef. This function is only reliable for legacy keys, which +are keys with a \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR; these keys have typically +been loaded from engines, or created with \fBEVP_PKEY_assign_RSA\fR\|(3) or +similar. .SH "NOTES" .IX Header "NOTES" -For all current standard OpenSSL public key algorithms \s-1SHA1\s0 is returned. +For all current standard OpenSSL public key algorithms \s-1SHA256\s0 is returned. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The \fBEVP_PKEY_get_default_digest_nid()\fR function returns 1 if the message digest -is advisory (that is other digests can be used) and 2 if it is mandatory (other -digests can not be used). It returns 0 or a negative value for failure. In -particular a return value of \-2 indicates the operation is not supported by the -public key algorithm. +\&\fBEVP_PKEY_get_default_digest_name()\fR and \fBEVP_PKEY_get_default_digest_nid()\fR +both return 1 if the message digest is advisory (that is other digests +can be used) and 2 if it is mandatory (other digests can not be used). +They return 0 or a negative value for failure. In particular a return +value of \-2 indicates the operation is not supported by the public key +algorithm. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_digestsign_supports_digest\fR\|(3), \&\fBEVP_PKEY_verify\fR\|(3), \&\fBEVP_PKEY_verify_recover\fR\|(3), .SH "HISTORY" @@ -173,9 +187,9 @@ public key algorithm. This function was added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_get_field_type.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_get_field_type.3 new file mode 100644 index 000000000000..14cf187d81a0 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_get_field_type.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_GET_FIELD_TYPE 3ossl" +.TH EVP_PKEY_GET_FIELD_TYPE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_get_field_type, EVP_PKEY_get_ec_point_conv_form \- get field type +or point conversion form of a key +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& int EVP_PKEY_get_field_type(const EVP_PKEY *pkey); +\& int EVP_PKEY_get_ec_point_conv_form(const EVP_PKEY *pkey); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEVP_PKEY_get_field_type()\fR returns the field type \s-1NID\s0 of the \fIpkey\fR, if +\&\fIpkey\fR's key type supports it. The types currently supported +by the built-in OpenSSL providers are either \fBNID_X9_62_prime_field\fR +for prime curves or \fBNID_X9_62_characteristic_two_field\fR for binary curves; +these values are defined in the \fI<openssl/obj_mac.h>\fR header file. +.PP +\&\fBEVP_PKEY_get_ec_point_conv_form()\fR returns the point conversion format +of the \fIpkey\fR, if \fIpkey\fR's key type supports it. +.SH "NOTES" +.IX Header "NOTES" +Among the standard OpenSSL key types, this is only supported for \s-1EC\s0 and +\&\s-1SM2\s0 keys. Other providers may support this for additional key types. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_get_field_type()\fR returns the field type \s-1NID\s0 or 0 on error. +.PP +\&\fBEVP_PKEY_get_ec_point_conv_form()\fR returns the point conversion format number +(see \fBEC_GROUP_copy\fR\|(3)) or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEC_GROUP_copy\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_get_group_name.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_get_group_name.3 new file mode 100644 index 000000000000..11ae97dba18b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_get_group_name.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_GET_GROUP_NAME 3ossl" +.TH EVP_PKEY_GET_GROUP_NAME 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_get_group_name \- get group name of a key +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& int EVP_PKEY_get_group_name(EVP_PKEY *pkey, char *gname, size_t gname_sz, +\& size_t *gname_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEVP_PKEY_get_group_name()\fR fills in the group name of the \fIpkey\fR into +\&\fIgname\fR, up to at most \fIgname_sz\fR bytes including the ending \s-1NUL\s0 byte +and assigns \fI*gname_len\fR the actual length of the name not including +the \s-1NUL\s0 byte, if \fIpkey\fR's key type supports it. +\&\fIgname\fR as well as \fIgname_len\fR may individually be \s-1NULL,\s0 and won't be +filled in or assigned in that case. +.SH "NOTES" +.IX Header "NOTES" +Among the standard OpenSSL key types, this is only supported for \s-1DH, EC\s0 and +\&\s-1SM2\s0 keys. Other providers may support this for additional key types. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_get_group_name()\fR returns 1 if the group name could be filled in, +otherwise 0. +.SH "HISTORY" +.IX Header "HISTORY" +This function was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_size.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_get_size.3 index 64d6aa8842fb..bbf65f83e1aa 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_size.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_get_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,26 +130,32 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_SIZE 3" -.TH EVP_PKEY_SIZE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_PKEY_GET_SIZE 3ossl" +.TH EVP_PKEY_GET_SIZE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_size, EVP_PKEY_bits, EVP_PKEY_security_bits \&\- EVP_PKEY information functions +EVP_PKEY_get_size, EVP_PKEY_get_bits, EVP_PKEY_get_security_bits, +EVP_PKEY_bits, EVP_PKEY_security_bits, EVP_PKEY_size +\&\- EVP_PKEY information functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> \& -\& int EVP_PKEY_size(const EVP_PKEY *pkey); -\& int EVP_PKEY_bits(const EVP_PKEY *pkey); -\& int EVP_PKEY_security_bits(const EVP_PKEY *pkey); +\& int EVP_PKEY_get_size(const EVP_PKEY *pkey); +\& int EVP_PKEY_get_bits(const EVP_PKEY *pkey); +\& int EVP_PKEY_get_security_bits(const EVP_PKEY *pkey); +\& +\& #define EVP_PKEY_bits EVP_PKEY_get_bits +\& #define EVP_PKEY_security_bits EVP_PKEY_get_security_bits +\& #define EVP_PKEY_size EVP_PKEY_get_size .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBEVP_PKEY_size()\fR returns the maximum suitable size for the output +\&\fBEVP_PKEY_get_size()\fR returns the maximum suitable size for the output buffers for almost all operations that can be done with \fIpkey\fR. The primary documented use is with \fBEVP_SignFinal\fR\|(3) and \&\fBEVP_SealInit\fR\|(3), but it isn't limited there. The returned size is @@ -160,36 +164,36 @@ also large enough for the output buffer of \fBEVP_PKEY_sign\fR\|(3), .PP It must be stressed that, unless the documentation for the operation that's being performed says otherwise, the size returned by -\&\fBEVP_PKEY_size()\fR is only preliminary and not exact, so the final +\&\fBEVP_PKEY_get_size()\fR is only preliminary and not exact, so the final contents of the target buffer may be smaller. It is therefore crucial to take note of the size given back by the function that performs the operation, such as \fBEVP_PKEY_sign\fR\|(3) (the \fIsiglen\fR argument will receive that length), to avoid bugs. .PP -\&\fBEVP_PKEY_bits()\fR returns the cryptographic length of the cryptosystem +\&\fBEVP_PKEY_get_bits()\fR returns the cryptographic length of the cryptosystem to which the key in \fIpkey\fR belongs, in bits. Note that the definition of cryptographic length is specific to the key cryptosystem. .PP -\&\fBEVP_PKEY_security_bits()\fR returns the number of security bits of the given +\&\fBEVP_PKEY_get_security_bits()\fR returns the number of security bits of the given \&\fIpkey\fR, bits of security is defined in \s-1NIST SP800\-57.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBEVP_PKEY_size()\fR, \fBEVP_PKEY_bits()\fR and \fBEVP_PKEY_security_bits()\fR return a -positive number, or 0 if this size isn't available. +\&\fBEVP_PKEY_get_size()\fR, \fBEVP_PKEY_get_bits()\fR and \fBEVP_PKEY_get_security_bits()\fR +return a positive number, or 0 if this size isn't available. .SH "NOTES" .IX Header "NOTES" Most functions that have an output buffer and are mentioned with -\&\fBEVP_PKEY_size()\fR have a functionality where you can pass \s-1NULL\s0 for the +\&\fBEVP_PKEY_get_size()\fR have a functionality where you can pass \s-1NULL\s0 for the buffer and still pass a pointer to an integer and get the exact size that this function call delivers in the context that it's called in. This allows those functions to be called twice, once to find out the exact buffer size, then allocate the buffer in between, and call that function again actually output the data. For those functions, it -isn't strictly necessary to call \fBEVP_PKEY_size()\fR to find out the +isn't strictly necessary to call \fBEVP_PKEY_get_size()\fR to find out the buffer size, but may be useful in cases where it's desirable to know the upper limit in advance. .PP -It should also be especially noted that \fBEVP_PKEY_size()\fR shouldn't be +It should also be especially noted that \fBEVP_PKEY_get_size()\fR shouldn't be used to get the output size for \fBEVP_DigestSignFinal()\fR, according to \&\*(L"\s-1NOTES\*(R"\s0 in \fBEVP_DigestSignFinal\fR\|(3). .SH "SEE ALSO" @@ -200,9 +204,14 @@ used to get the output size for \fBEVP_DigestSignFinal()\fR, according to \&\fBEVP_PKEY_encrypt\fR\|(3), \&\fBEVP_PKEY_decrypt\fR\|(3), \&\fBEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBEVP_PKEY_bits()\fR, \fBEVP_PKEY_security_bits()\fR, and \fBEVP_PKEY_size()\fR functions +were renamed to include \f(CW\*(C`get\*(C'\fR in their names in OpenSSL 3.0, respectively. +The old names are kept as non-deprecated alias macros. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_gettable_params.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_gettable_params.3 new file mode 100644 index 000000000000..a010ef157935 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_gettable_params.3 @@ -0,0 +1,264 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_GETTABLE_PARAMS 3ossl" +.TH EVP_PKEY_GETTABLE_PARAMS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_gettable_params, EVP_PKEY_get_params, +EVP_PKEY_get_int_param, EVP_PKEY_get_size_t_param, +EVP_PKEY_get_bn_param, EVP_PKEY_get_utf8_string_param, +EVP_PKEY_get_octet_string_param +\&\- retrieve key parameters from a key +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& const OSSL_PARAM *EVP_PKEY_gettable_params(EVP_PKEY *pkey); +\& int EVP_PKEY_get_params(const EVP_PKEY *pkey, OSSL_PARAM params[]); +\& int EVP_PKEY_get_int_param(const EVP_PKEY *pkey, const char *key_name, +\& int *out); +\& int EVP_PKEY_get_size_t_param(const EVP_PKEY *pkey, const char *key_name, +\& size_t *out); +\& int EVP_PKEY_get_bn_param(const EVP_PKEY *pkey, const char *key_name, +\& BIGNUM **bn); +\& int EVP_PKEY_get_utf8_string_param(const EVP_PKEY *pkey, const char *key_name, +\& char *str, size_t max_buf_sz, +\& size_t *out_len); +\& int EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey, const char *key_name, +\& unsigned char *buf, size_t max_buf_sz, +\& size_t *out_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +See \s-1\fBOSSL_PARAM\s0\fR\|(3) for information about parameters. +.PP +\&\fBEVP_PKEY_get_params()\fR retrieves parameters from the key \fIpkey\fR, according to +the contents of \fIparams\fR. +.PP +\&\fBEVP_PKEY_gettable_params()\fR returns a constant list of \fIparams\fR indicating +the names and types of key parameters that can be retrieved. +.PP +An \s-1\fBOSSL_PARAM\s0\fR\|(3) of type \fB\s-1OSSL_PARAM_INTEGER\s0\fR or +\&\fB\s-1OSSL_PARAM_UNSIGNED_INTEGER\s0\fR is of arbitrary length. Such a parameter can be +obtained using any of the functions \fBEVP_PKEY_get_int_param()\fR, +\&\fBEVP_PKEY_get_size_t_param()\fR or \fBEVP_PKEY_get_bn_param()\fR. Attempting to +obtain an integer value that does not fit into a native C \fBint\fR type will cause +\&\fBEVP_PKEY_get_int_param()\fR to fail. Similarly attempting to obtain an integer +value that is negative or does not fit into a native C \fBsize_t\fR type using +\&\fBEVP_PKEY_get_size_t_param()\fR will also fail. +.PP +\&\fBEVP_PKEY_get_int_param()\fR retrieves a key \fIpkey\fR integer value \fI*out\fR +associated with a name of \fIkey_name\fR if it fits into \f(CW\*(C`int\*(C'\fR type. For +parameters that do not fit into \f(CW\*(C`int\*(C'\fR use \fBEVP_PKEY_get_bn_param()\fR. +.PP +\&\fBEVP_PKEY_get_size_t_param()\fR retrieves a key \fIpkey\fR size_t value \fI*out\fR +associated with a name of \fIkey_name\fR if it fits into \f(CW\*(C`size_t\*(C'\fR type. For +parameters that do not fit into \f(CW\*(C`size_t\*(C'\fR use \fBEVP_PKEY_get_bn_param()\fR. +.PP +\&\fBEVP_PKEY_get_bn_param()\fR retrieves a key \fIpkey\fR \s-1BIGNUM\s0 value \fI**bn\fR +associated with a name of \fIkey_name\fR. If \fI*bn\fR is \s-1NULL\s0 then the \s-1BIGNUM\s0 +is allocated by the method. +.PP +\&\fBEVP_PKEY_get_utf8_string_param()\fR get a key \fIpkey\fR \s-1UTF8\s0 string value into a +buffer \fIstr\fR of maximum size \fImax_buf_sz\fR associated with a name of +\&\fIkey_name\fR. The maximum size must be large enough to accommodate the string +value including a terminating \s-1NUL\s0 byte, or this function will fail. +If \fIout_len\fR is not \s-1NULL,\s0 \fI*out_len\fR is set to the length of the string +not including the terminating \s-1NUL\s0 byte. The required buffer size not including +the terminating \s-1NUL\s0 byte can be obtained from \fI*out_len\fR by calling the +function with \fIstr\fR set to \s-1NULL.\s0 +.PP +\&\fBEVP_PKEY_get_octet_string_param()\fR get a key \fIpkey\fR's octet string value into a +buffer \fIbuf\fR of maximum size \fImax_buf_sz\fR associated with a name of \fIkey_name\fR. +If \fIout_len\fR is not \s-1NULL,\s0 \fI*out_len\fR is set to the length of the contents. +The required buffer size can be obtained from \fI*out_len\fR by calling the +function with \fIbuf\fR set to \s-1NULL.\s0 +.SH "NOTES" +.IX Header "NOTES" +These functions only work for \fB\s-1EVP_PKEY\s0\fRs that contain a provider side key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_gettable_params()\fR returns \s-1NULL\s0 on error or if it is not supported. +.PP +All other methods return 1 if a value associated with the key's \fIkey_name\fR was +successfully returned, or 0 if there was an error. +An error may be returned by methods \fBEVP_PKEY_get_utf8_string_param()\fR and +\&\fBEVP_PKEY_get_octet_string_param()\fR if \fImax_buf_sz\fR is not big enough to hold the +value. If \fIout_len\fR is not \s-1NULL,\s0 \fI*out_len\fR will be assigned the required +buffer size to hold the value. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& char curve_name[64]; +\& unsigned char pub[256]; +\& BIGNUM *bn_priv = NULL; +\& +\& /* +\& * NB: assumes \*(Aqkey\*(Aq is set up before the next step. In this example the key +\& * is an EC key. +\& */ +\& +\& if (!EVP_PKEY_get_utf8_string_param(key, OSSL_PKEY_PARAM_GROUP_NAME, +\& curve_name, sizeof(curve_name), &len)) { +\& /* Error */ +\& } +\& if (!EVP_PKEY_get_octet_string_param(key, OSSL_PKEY_PARAM_PUB_KEY, +\& pub, sizeof(pub), &len)) { +\& /* Error */ +\& } +\& if (!EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_PRIV_KEY, &bn_priv)) { +\& /* Error */ +\& } +\& +\& BN_clear_free(bn_priv); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), \fBprovider\-keymgmt\fR\|(7), \s-1\fBOSSL_PARAM\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_is_a.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_is_a.3 new file mode 100644 index 000000000000..ea5cab554ab5 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_is_a.3 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_IS_A 3ossl" +.TH EVP_PKEY_IS_A 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_is_a, EVP_PKEY_can_sign, EVP_PKEY_type_names_do_all, +EVP_PKEY_get0_type_name, EVP_PKEY_get0_description, EVP_PKEY_get0_provider +\&\- key type and capabilities functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& int EVP_PKEY_is_a(const EVP_PKEY *pkey, const char *name); +\& int EVP_PKEY_can_sign(const EVP_PKEY *pkey); +\& int EVP_PKEY_type_names_do_all(const EVP_PKEY *pkey, +\& void (*fn)(const char *name, void *data), +\& void *data); +\& const char *EVP_PKEY_get0_type_name(const EVP_PKEY *key); +\& const char *EVP_PKEY_get0_description(const EVP_PKEY *key); +\& const OSSL_PROVIDER *EVP_PKEY_get0_provider(const EVP_PKEY *key); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEVP_PKEY_is_a()\fR checks if the key type of \fIpkey\fR is \fIname\fR. +.PP +\&\fBEVP_PKEY_can_sign()\fR checks if the functionality for the key type of +\&\fIpkey\fR supports signing. No other check is done, such as whether +\&\fIpkey\fR contains a private key. +.PP +\&\fBEVP_PKEY_type_names_do_all()\fR traverses all names for \fIpkey\fR's key type, and +calls \fIfn\fR with each name and \fIdata\fR. For example, an \s-1RSA\s0 \fB\s-1EVP_PKEY\s0\fR may +be named both \f(CW\*(C`RSA\*(C'\fR and \f(CW\*(C`rsaEncryption\*(C'\fR. +The order of the names depends on the provider implementation that holds +the key. +.PP +\&\fBEVP_PKEY_get0_type_name()\fR returns the first key type name that is found +for the given \fIpkey\fR. Note that the \fIpkey\fR may have multiple synonyms +associated with it. In this case it depends on the provider implementation +that holds the key which one will be returned. +Ownership of the returned string is retained by the \fIpkey\fR object and should +not be freed by the caller. +.PP +\&\fBEVP_PKEY_get0_description()\fR returns a description of the type of \fB\s-1EVP_PKEY\s0\fR, +meant for display and human consumption. The description is at the +discretion of the key type implementation. +.PP +\&\fBEVP_PKEY_get0_provider()\fR returns the provider of the \fB\s-1EVP_PKEY\s0\fR's +\&\s-1\fBEVP_KEYMGMT\s0\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_is_a()\fR returns 1 if \fIpkey\fR has the key type \fIname\fR, +otherwise 0. +.PP +\&\fBEVP_PKEY_can_sign()\fR returns 1 if the \fIpkey\fR key type functionality +supports signing, otherwise 0. +.PP +\&\fBEVP_PKEY_get0_type_name()\fR returns the name that is found or \s-1NULL\s0 on error. +.PP +\&\fBEVP_PKEY_get0_description()\fR returns the description if found or \s-1NULL\s0 if not. +.PP +\&\fBEVP_PKEY_get0_provider()\fR returns the provider if found or \s-1NULL\s0 if not. +.PP +\&\fBEVP_PKEY_type_names_do_all()\fR returns 1 if the callback was called for all +names. A return value of 0 means that the callback was not called for any +names. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +.SS "\fBEVP_PKEY_is_a()\fP" +.IX Subsection "EVP_PKEY_is_a()" +The loaded providers and what key types they support will ultimately +determine what \fIname\fR is possible to use with \fBEVP_PKEY_is_a()\fR. We do know +that the default provider supports \s-1RSA, DH, DSA\s0 and \s-1EC\s0 keys, so we can use +this as an crude example: +.PP +.Vb 1 +\& #include <openssl/evp.h> +\& +\& ... +\& /* |pkey| is an EVP_PKEY* */ +\& if (EVP_PKEY_is_a(pkey, "RSA")) { +\& BIGNUM *modulus = NULL; +\& if (EVP_PKEY_get_bn_param(pkey, "n", &modulus)) +\& /* do whatever with the modulus */ +\& BN_free(modulus); +\& } +.Ve +.SS "\fBEVP_PKEY_can_sign()\fP" +.IX Subsection "EVP_PKEY_can_sign()" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& ... +\& /* |pkey| is an EVP_PKEY* */ +\& if (!EVP_PKEY_can_sign(pkey)) { +\& fprintf(stderr, "Not a signing key!"); +\& exit(1); +\& } +\& /* Sign something... */ +.Ve +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_keygen.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_keygen.3 index 9dfd8612da1b..42e362116f09 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_keygen.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_keygen.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,23 +130,34 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_KEYGEN 3" -.TH EVP_PKEY_KEYGEN 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_PKEY_KEYGEN 3ossl" +.TH EVP_PKEY_KEYGEN 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data, EVP_PKEY_CTX_get_app_data, EVP_PKEY_gen_cb, EVP_PKEY_check, EVP_PKEY_public_check, EVP_PKEY_param_check \&\- key and parameter generation and check functions +EVP_PKEY_Q_keygen, +EVP_PKEY_keygen_init, EVP_PKEY_paramgen_init, EVP_PKEY_generate, +EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, +EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data, +EVP_PKEY_CTX_get_app_data, +EVP_PKEY_gen_cb, +EVP_PKEY_paramgen, EVP_PKEY_keygen +\&\- key and parameter generation and check functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> \& +\& EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq, +\& const char *type, ...); +\& \& int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); -\& int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); \& int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_generate(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); \& int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +\& int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); \& \& typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); \& @@ -159,31 +168,54 @@ EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen \& \& void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); \& void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); -\& -\& int EVP_PKEY_check(EVP_PKEY_CTX *ctx); -\& int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx); -\& int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fBEVP_PKEY_keygen_init()\fR function initializes a public key algorithm -context using key \fBpkey\fR for a key generation operation. +Generating keys is sometimes straight forward, just generate the key's +numbers and be done with it. However, there are certain key types that need +key parameters, often called domain parameters but not necessarily limited +to that, that also need to be generated. In addition to this, the caller +may want to set user provided generation parameters that further affect key +parameter or key generation, such as the desired key size. +.PP +To flexibly allow all that's just been described, key parameter and key +generation is divided into an initialization of a key algorithm context, +functions to set user provided parameters, and finally the key parameter or +key generation function itself. .PP -The \fBEVP_PKEY_keygen()\fR function performs a key generation operation, the -generated key is written to \fBppkey\fR. +The key algorithm context must be created using \fBEVP_PKEY_CTX_new\fR\|(3) or +variants thereof, see that manual for details. .PP -The functions \fBEVP_PKEY_paramgen_init()\fR and \fBEVP_PKEY_paramgen()\fR are similar -except parameters are generated. +\&\fBEVP_PKEY_keygen_init()\fR initializes a public key algorithm context \fIctx\fR +for a key generation operation. +.PP +\&\fBEVP_PKEY_paramgen_init()\fR is similar to \fBEVP_PKEY_keygen_init()\fR except key +parameters are generated. +.PP +After initialization, generation parameters may be provided with +\&\fBEVP_PKEY_CTX_ctrl\fR\|(3) or \fBEVP_PKEY_CTX_set_params\fR\|(3), or any other +function described in those manuals. +.PP +\&\fBEVP_PKEY_generate()\fR performs the generation operation, the resulting key +parameters or key are written to \fI*ppkey\fR. If \fI*ppkey\fR is \s-1NULL\s0 when this +function is called, it will be allocated, and should be freed by the caller +when no longer useful, using \fBEVP_PKEY_free\fR\|(3). +.PP +\&\fBEVP_PKEY_paramgen()\fR and \fBEVP_PKEY_keygen()\fR do exactly the same thing as +\&\fBEVP_PKEY_generate()\fR, after checking that the corresponding \fBEVP_PKEY_paramgen_init()\fR +or \fBEVP_PKEY_keygen_init()\fR was used to initialize \fIctx\fR. +These are older functions that are kept for backward compatibility. +It is safe to use \fBEVP_PKEY_generate()\fR instead. .PP The function \fBEVP_PKEY_set_cb()\fR sets the key or parameter generation callback -to \fBcb\fR. The function \fBEVP_PKEY_CTX_get_cb()\fR returns the key or parameter +to \fIcb\fR. The function \fBEVP_PKEY_CTX_get_cb()\fR returns the key or parameter generation callback. .PP The function \fBEVP_PKEY_CTX_get_keygen_info()\fR returns parameters associated -with the generation operation. If \fBidx\fR is \-1 the total number of +with the generation operation. If \fIidx\fR is \-1 the total number of parameters available is returned. Any non negative value returns the value of that parameter. \fBEVP_PKEY_CTX_gen_keygen_info()\fR with a nonnegative value for -\&\fBidx\fR should only be called within the generation callback. +\&\fIidx\fR should only be called within the generation callback. .PP If the callback returns 0 then the key generation operation is aborted and an error occurs. This might occur during a time consuming operation where @@ -194,17 +226,25 @@ and retrieve an opaque pointer. This can be used to set some application defined value which can be retrieved in the callback: for example a handle which is used to update a \*(L"progress dialog\*(R". .PP -\&\fBEVP_PKEY_check()\fR validates the key-pair given by \fBctx\fR. This function first tries -to use customized key check method in \fB\s-1EVP_PKEY_METHOD\s0\fR if it's present; otherwise -it calls a default one defined in \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR. -.PP -\&\fBEVP_PKEY_public_check()\fR validates the public component of the key-pair given by \fBctx\fR. -This function first tries to use customized key check method in \fB\s-1EVP_PKEY_METHOD\s0\fR -if it's present; otherwise it calls a default one defined in \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR. +\&\fBEVP_PKEY_Q_keygen()\fR abstracts from the explicit use of \fB\s-1EVP_PKEY_CTX\s0\fR while +providing a 'quick' but limited way of generating a new asymmetric key pair. +It provides shorthands for simple and common cases of key generation. +As usual, the library context \fIlibctx\fR and property query \fIpropq\fR +can be given for fetching algorithms from providers. +If \fItype\fR is \f(CW\*(C`RSA\*(C'\fR, +a \fBsize_t\fR parameter must be given to specify the size of the \s-1RSA\s0 key. +If \fItype\fR is \f(CW\*(C`EC\*(C'\fR, +a string parameter must be given to specify the name of the \s-1EC\s0 curve. +If \fItype\fR is \f(CW\*(C`X25519\*(C'\fR, \f(CW\*(C`X448\*(C'\fR, \f(CW\*(C`ED25519\*(C'\fR, \f(CW\*(C`ED448\*(C'\fR, or \f(CW\*(C`SM2\*(C'\fR +no further parameter is needed. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_keygen_init()\fR, \fBEVP_PKEY_paramgen_init()\fR, \fBEVP_PKEY_keygen()\fR and +\&\fBEVP_PKEY_paramgen()\fR return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. .PP -\&\fBEVP_PKEY_param_check()\fR validates the algorithm parameters of the key-pair given by \fBctx\fR. -This function first tries to use customized key check method in \fB\s-1EVP_PKEY_METHOD\s0\fR -if it's present; otherwise it calls a default one defined in \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR. +\&\fBEVP_PKEY_Q_keygen()\fR returns an \fB\s-1EVP_PKEY\s0\fR, or \s-1NULL\s0 on failure. .SH "NOTES" .IX Header "NOTES" After the call to \fBEVP_PKEY_keygen_init()\fR or \fBEVP_PKEY_paramgen_init()\fR algorithm @@ -228,16 +268,6 @@ In OpenSSL an \s-1EVP_PKEY\s0 structure containing a private key also contains t public key components and parameters (if any). An OpenSSL private key is equivalent to what some libraries call a \*(L"key pair\*(R". A private key can be used in functions which require the use of a public key or parameters. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEVP_PKEY_keygen_init()\fR, \fBEVP_PKEY_paramgen_init()\fR, \fBEVP_PKEY_keygen()\fR and -\&\fBEVP_PKEY_paramgen()\fR return 1 for success and 0 or a negative value for failure. -In particular a return value of \-2 indicates the operation is not supported by -the public key algorithm. -.PP -\&\fBEVP_PKEY_check()\fR, \fBEVP_PKEY_public_check()\fR and \fBEVP_PKEY_param_check()\fR return 1 -for success or others for failure. They return \-2 if the operation is not supported -for the specific algorithm. .SH "EXAMPLES" .IX Header "EXAMPLES" Generate a 2048 bit \s-1RSA\s0 key: @@ -312,6 +342,7 @@ Example of generation callback for OpenSSL public key implementations: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBEVP_RSA_gen\fR\|(3), \fBEVP_EC_gen\fR\|(3), \&\fBEVP_PKEY_CTX_new\fR\|(3), \&\fBEVP_PKEY_encrypt\fR\|(3), \&\fBEVP_PKEY_decrypt\fR\|(3), @@ -321,15 +352,18 @@ Example of generation callback for OpenSSL public key implementations: \&\fBEVP_PKEY_derive\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -These functions were added in OpenSSL 1.0.0. +\&\fBEVP_PKEY_keygen_init()\fR, int \fBEVP_PKEY_paramgen_init()\fR, \fBEVP_PKEY_keygen()\fR, +\&\fBEVP_PKEY_paramgen()\fR, \fBEVP_PKEY_gen_cb()\fR, \fBEVP_PKEY_CTX_set_cb()\fR, +\&\fBEVP_PKEY_CTX_get_cb()\fR, \fBEVP_PKEY_CTX_get_keygen_info()\fR, +\&\fBEVP_PKEY_CTX_set_app_data()\fR and \fBEVP_PKEY_CTX_get_app_data()\fR were added in +OpenSSL 1.0.0. .PP -\&\fBEVP_PKEY_check()\fR, \fBEVP_PKEY_public_check()\fR and \fBEVP_PKEY_param_check()\fR were added -in OpenSSL 1.1.1. +\&\fBEVP_PKEY_Q_keygen()\fR and \fBEVP_PKEY_generate()\fR were added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_get_count.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_get_count.3 index 23d0eacf16a3..abba5a6dfb26 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_get_count.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_get_count.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_METH_GET_COUNT 3" -.TH EVP_PKEY_METH_GET_COUNT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_PKEY_METH_GET_COUNT 3ossl" +.TH EVP_PKEY_METH_GET_COUNT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,7 +142,13 @@ EVP_PKEY_meth_get_count, EVP_PKEY_meth_get0, EVP_PKEY_meth_get0_info \- enumerat .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 4 \& size_t EVP_PKEY_meth_get_count(void); \& const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); \& void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, @@ -152,6 +156,9 @@ EVP_PKEY_meth_get_count, EVP_PKEY_meth_get0, EVP_PKEY_meth_get0_info \- enumerat .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use the \s-1OSSL_PROVIDER\s0 APIs. +.PP \&\fBEVP_PKEY_meth_count()\fR returns a count of the number of public key methods available: it includes standard methods and any methods added by the application. @@ -172,11 +179,14 @@ out of range. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_PKEY_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2002\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_new.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_new.3 index 2a875c0f3d73..922e5e3e6eb8 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_new.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,46 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_METH_NEW 3" -.TH EVP_PKEY_METH_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_PKEY_METH_NEW 3ossl" +.TH EVP_PKEY_METH_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_meth_new, EVP_PKEY_meth_free, EVP_PKEY_meth_copy, EVP_PKEY_meth_find, EVP_PKEY_meth_add0, EVP_PKEY_METHOD, EVP_PKEY_meth_set_init, EVP_PKEY_meth_set_copy, EVP_PKEY_meth_set_cleanup, EVP_PKEY_meth_set_paramgen, EVP_PKEY_meth_set_keygen, EVP_PKEY_meth_set_sign, EVP_PKEY_meth_set_verify, EVP_PKEY_meth_set_verify_recover, EVP_PKEY_meth_set_signctx, EVP_PKEY_meth_set_verifyctx, EVP_PKEY_meth_set_encrypt, EVP_PKEY_meth_set_decrypt, EVP_PKEY_meth_set_derive, EVP_PKEY_meth_set_ctrl, EVP_PKEY_meth_set_digestsign, EVP_PKEY_meth_set_digestverify, EVP_PKEY_meth_set_check, EVP_PKEY_meth_set_public_check, EVP_PKEY_meth_set_param_check, EVP_PKEY_meth_set_digest_custom, EVP_PKEY_meth_get_init, EVP_PKEY_meth_get_copy, EVP_PKEY_meth_get_cleanup, EVP_PKEY_meth_get_paramgen, EVP_PKEY_meth_get_keygen, EVP_PKEY_meth_get_sign, EVP_PKEY_meth_get_verify, EVP_PKEY_meth_get_verify_recover, EVP_PKEY_meth_get_signctx, EVP_PKEY_meth_get_verifyctx, EVP_PKEY_meth_get_encrypt, EVP_PKEY_meth_get_decrypt, EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl, EVP_PKEY_meth_get_digestsign, EVP_PKEY_meth_get_digestverify, EVP_PKEY_meth_get_check, EVP_PKEY_meth_get_public_check, EVP_PKEY_meth_get_param_check, EVP_PKEY_meth_get_digest_custom, EVP_PKEY_meth_remove \&\- manipulating EVP_PKEY_METHOD structure +EVP_PKEY_meth_new, EVP_PKEY_meth_free, EVP_PKEY_meth_copy, EVP_PKEY_meth_find, +EVP_PKEY_meth_add0, EVP_PKEY_METHOD, +EVP_PKEY_meth_set_init, EVP_PKEY_meth_set_copy, EVP_PKEY_meth_set_cleanup, +EVP_PKEY_meth_set_paramgen, EVP_PKEY_meth_set_keygen, EVP_PKEY_meth_set_sign, +EVP_PKEY_meth_set_verify, EVP_PKEY_meth_set_verify_recover, EVP_PKEY_meth_set_signctx, +EVP_PKEY_meth_set_verifyctx, EVP_PKEY_meth_set_encrypt, EVP_PKEY_meth_set_decrypt, +EVP_PKEY_meth_set_derive, EVP_PKEY_meth_set_ctrl, +EVP_PKEY_meth_set_digestsign, EVP_PKEY_meth_set_digestverify, +EVP_PKEY_meth_set_check, +EVP_PKEY_meth_set_public_check, EVP_PKEY_meth_set_param_check, +EVP_PKEY_meth_set_digest_custom, +EVP_PKEY_meth_get_init, EVP_PKEY_meth_get_copy, EVP_PKEY_meth_get_cleanup, +EVP_PKEY_meth_get_paramgen, EVP_PKEY_meth_get_keygen, EVP_PKEY_meth_get_sign, +EVP_PKEY_meth_get_verify, EVP_PKEY_meth_get_verify_recover, EVP_PKEY_meth_get_signctx, +EVP_PKEY_meth_get_verifyctx, EVP_PKEY_meth_get_encrypt, EVP_PKEY_meth_get_decrypt, +EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl, +EVP_PKEY_meth_get_digestsign, EVP_PKEY_meth_get_digestverify, +EVP_PKEY_meth_get_check, +EVP_PKEY_meth_get_public_check, EVP_PKEY_meth_get_param_check, +EVP_PKEY_meth_get_digest_custom, +EVP_PKEY_meth_remove +\&\- manipulating EVP_PKEY_METHOD structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 \& typedef struct evp_pkey_method_st EVP_PKEY_METHOD; \& \& EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); @@ -158,7 +183,7 @@ EVP_PKEY_meth_new, EVP_PKEY_meth_free, EVP_PKEY_meth_copy, EVP_PKEY_meth_find, E \& int (*init) (EVP_PKEY_CTX *ctx)); \& void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, \& int (*copy) (EVP_PKEY_CTX *dst, -\& EVP_PKEY_CTX *src)); +\& const EVP_PKEY_CTX *src)); \& void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, \& void (*cleanup) (EVP_PKEY_CTX *ctx)); \& void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, @@ -332,13 +357,13 @@ EVP_PKEY_meth_new, EVP_PKEY_meth_free, EVP_PKEY_meth_copy, EVP_PKEY_meth_find, E \& int (**pctrl_str) (EVP_PKEY_CTX *ctx, \& const char *type, \& const char *value)); -\& void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth, +\& void EVP_PKEY_meth_get_digestsign(const EVP_PKEY_METHOD *pmeth, \& int (**digestsign) (EVP_MD_CTX *ctx, \& unsigned char *sig, \& size_t *siglen, \& const unsigned char *tbs, \& size_t tbslen)); -\& void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth, +\& void EVP_PKEY_meth_get_digestverify(const EVP_PKEY_METHOD *pmeth, \& int (**digestverify) (EVP_MD_CTX *ctx, \& const unsigned char *sig, \& size_t siglen, @@ -350,12 +375,15 @@ EVP_PKEY_meth_new, EVP_PKEY_meth_free, EVP_PKEY_meth_copy, EVP_PKEY_meth_find, E \& int (**pcheck) (EVP_PKEY *pkey)); \& void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, \& int (**pcheck) (EVP_PKEY *pkey)); -\& void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth, +\& void EVP_PKEY_meth_get_digest_custom(const EVP_PKEY_METHOD *pmeth, \& int (**pdigest_custom) (EVP_PKEY_CTX *ctx, \& EVP_MD_CTX *mctx)); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use the \s-1OSSL_PROVIDER\s0 APIs. +.PP \&\fB\s-1EVP_PKEY_METHOD\s0\fR is a structure which holds a set of methods for a specific public key cryptographic algorithm. Those methods are usually used to perform different jobs, such as generating a key, signing or @@ -375,7 +403,7 @@ algorithm present by the \fB\s-1EVP_PKEY_CTX\s0\fR object. .PP .Vb 3 \& int (*init) (EVP_PKEY_CTX *ctx); -\& int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); +\& int (*copy) (EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src); \& void (*cleanup) (EVP_PKEY_CTX *ctx); .Ve .PP @@ -584,11 +612,17 @@ if an error occurred. All EVP_PKEY_meth_set and EVP_PKEY_meth_get functions have no return values. For the 'get' functions, function pointers are returned by arguments. +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP +The signature of the \fIcopy\fR functional argument of \fBEVP_PKEY_meth_set_copy()\fR +has changed in OpenSSL 3.0 so its \fIsrc\fR parameter is now constified. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_new.3 index a8e26c4f22fe..7a0935b0803c 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_new.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,29 +130,53 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_NEW 3" -.TH EVP_PKEY_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_PKEY_NEW 3ossl" +.TH EVP_PKEY_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_new, EVP_PKEY_up_ref, EVP_PKEY_free, EVP_PKEY_new_raw_private_key, EVP_PKEY_new_raw_public_key, EVP_PKEY_new_CMAC_key, EVP_PKEY_new_mac_key, EVP_PKEY_get_raw_private_key, EVP_PKEY_get_raw_public_key \&\- public/private key allocation and raw key handling functions +EVP_PKEY, +EVP_PKEY_new, +EVP_PKEY_up_ref, +EVP_PKEY_dup, +EVP_PKEY_free, +EVP_PKEY_new_raw_private_key_ex, +EVP_PKEY_new_raw_private_key, +EVP_PKEY_new_raw_public_key_ex, +EVP_PKEY_new_raw_public_key, +EVP_PKEY_new_CMAC_key, +EVP_PKEY_new_mac_key, +EVP_PKEY_get_raw_private_key, +EVP_PKEY_get_raw_public_key +\&\- public/private key allocation and raw key handling functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> \& +\& typedef evp_pkey_st EVP_PKEY; +\& \& EVP_PKEY *EVP_PKEY_new(void); \& int EVP_PKEY_up_ref(EVP_PKEY *key); +\& EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *key); \& void EVP_PKEY_free(EVP_PKEY *key); \& +\& EVP_PKEY *EVP_PKEY_new_raw_private_key_ex(OSSL_LIB_CTX *libctx, +\& const char *keytype, +\& const char *propq, +\& const unsigned char *key, +\& size_t keylen); \& EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, \& const unsigned char *key, size_t keylen); +\& EVP_PKEY *EVP_PKEY_new_raw_public_key_ex(OSSL_LIB_CTX *libctx, +\& const char *keytype, +\& const char *propq, +\& const unsigned char *key, +\& size_t keylen); \& EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, \& const unsigned char *key, size_t keylen); -\& EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, -\& size_t len, const EVP_CIPHER *cipher); \& EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, \& int keylen); \& @@ -163,62 +185,115 @@ EVP_PKEY_new, EVP_PKEY_up_ref, EVP_PKEY_free, EVP_PKEY_new_raw_private_key, EVP_ \& int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, \& size_t *len); .Ve +.PP +The following function has been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, +\& size_t len, const EVP_CIPHER *cipher); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +\&\fB\s-1EVP_PKEY\s0\fR is a generic structure to hold diverse types of asymmetric keys +(also known as \*(L"key pairs\*(R"), and can be used for diverse operations, like +signing, verifying signatures, key derivation, etc. The asymmetric keys +themselves are often referred to as the \*(L"internal key\*(R", and are handled by +backends, such as providers (through \s-1\fBEVP_KEYMGMT\s0\fR\|(3)) or \fB\s-1ENGINE\s0\fRs. +.PP +Conceptually, an \fB\s-1EVP_PKEY\s0\fR internal key may hold a private key, a public +key, or both (a keypair), and along with those, key parameters if the key type +requires them. The presence of these components determine what operations can +be made; for example, signing normally requires the presence of a private key, +and verifying normally requires the presence of a public key. +.PP +\&\fB\s-1EVP_PKEY\s0\fR has also been used for \s-1MAC\s0 algorithm that were conceived as +producing signatures, although not being public key algorithms; \*(L"\s-1POLY1305\*(R", +\&\*(L"SIPHASH\*(R", \*(L"HMAC\*(R", \*(L"CMAC\*(R".\s0 This usage is considered legacy and is discouraged +in favor of the \s-1\fBEVP_MAC\s0\fR\|(3) \s-1API.\s0 +.PP The \fBEVP_PKEY_new()\fR function allocates an empty \fB\s-1EVP_PKEY\s0\fR structure which is used by OpenSSL to store public and private keys. The reference count is set to \&\fB1\fR. .PP -\&\fBEVP_PKEY_up_ref()\fR increments the reference count of \fBkey\fR. +\&\fBEVP_PKEY_up_ref()\fR increments the reference count of \fIkey\fR. +.PP +\&\fBEVP_PKEY_dup()\fR duplicates the \fIkey\fR. The \fIkey\fR must not be \s-1ENGINE\s0 based or +a raw key, otherwise the duplication will fail. +.PP +\&\fBEVP_PKEY_free()\fR decrements the reference count of \fIkey\fR and, if the reference +count is zero, frees it up. If \fIkey\fR is \s-1NULL,\s0 nothing is done. +.PP +\&\fBEVP_PKEY_new_raw_private_key_ex()\fR allocates a new \fB\s-1EVP_PKEY\s0\fR. Unless an +engine should be used for the key type, a provider for the key is found using +the library context \fIlibctx\fR and the property query string \fIpropq\fR. The +\&\fIkeytype\fR argument indicates what kind of key this is. The value should be a +string for a public key algorithm that supports raw private keys, i.e one of +\&\*(L"X25519\*(R", \*(L"\s-1ED25519\*(R", \*(L"X448\*(R"\s0 or \*(L"\s-1ED448\*(R".\s0 \fIkey\fR points to the raw private key +data for this \fB\s-1EVP_PKEY\s0\fR which should be of length \fIkeylen\fR. The length +should be appropriate for the type of the key. The public key data will be +automatically derived from the given private key data (if appropriate for the +algorithm type). +.PP +\&\fBEVP_PKEY_new_raw_private_key()\fR does the same as +\&\fBEVP_PKEY_new_raw_private_key_ex()\fR except that the default library context and +default property query are used instead. If \fIe\fR is non-NULL then the new +\&\fB\s-1EVP_PKEY\s0\fR structure is associated with the engine \fIe\fR. The \fItype\fR argument +indicates what kind of key this is. The value should be a \s-1NID\s0 for a public key +algorithm that supports raw private keys, i.e. one of \fB\s-1EVP_PKEY_X25519\s0\fR, +\&\fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. .PP -\&\fBEVP_PKEY_free()\fR decrements the reference count of \fBkey\fR and, if the reference -count is zero, frees it up. If \fBkey\fR is \s-1NULL,\s0 nothing is done. +\&\fBEVP_PKEY_new_raw_private_key_ex()\fR and \fBEVP_PKEY_new_raw_private_key()\fR may also +be used with most MACs implemented as public key algorithms, so key types such +as \*(L"\s-1HMAC\*(R", \*(L"POLY1305\*(R", \*(L"SIPHASH\*(R",\s0 or their \s-1NID\s0 form \fB\s-1EVP_PKEY_POLY1305\s0\fR, +\&\fB\s-1EVP_PKEY_SIPHASH\s0\fR, \fB\s-1EVP_PKEY_HMAC\s0\fR are also accepted. This usage is, +as mentioned above, discouraged in favor of the \s-1\fBEVP_MAC\s0\fR\|(3) \s-1API.\s0 .PP -\&\fBEVP_PKEY_new_raw_private_key()\fR allocates a new \fB\s-1EVP_PKEY\s0\fR. If \fBe\fR is non-NULL -then the new \fB\s-1EVP_PKEY\s0\fR structure is associated with the engine \fBe\fR. The -\&\fBtype\fR argument indicates what kind of key this is. The value should be a \s-1NID\s0 -for a public key algorithm that supports raw private keys, i.e. one of -\&\fB\s-1EVP_PKEY_HMAC\s0\fR, \fB\s-1EVP_PKEY_POLY1305\s0\fR, \fB\s-1EVP_PKEY_SIPHASH\s0\fR, \fB\s-1EVP_PKEY_X25519\s0\fR, -\&\fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. \fBkey\fR points to the -raw private key data for this \fB\s-1EVP_PKEY\s0\fR which should be of length \fBkeylen\fR. -The length should be appropriate for the type of the key. The public key data -will be automatically derived from the given private key data (if appropriate -for the algorithm type). +\&\fBEVP_PKEY_new_raw_public_key_ex()\fR works in the same way as +\&\fBEVP_PKEY_new_raw_private_key_ex()\fR except that \fIkey\fR points to the raw +public key data. The \fB\s-1EVP_PKEY\s0\fR structure will be initialised without any +private key information. Algorithm types that support raw public keys are +\&\*(L"X25519\*(R", \*(L"\s-1ED25519\*(R", \*(L"X448\*(R"\s0 or \*(L"\s-1ED448\*(R".\s0 .PP \&\fBEVP_PKEY_new_raw_public_key()\fR works in the same way as -\&\fBEVP_PKEY_new_raw_private_key()\fR except that \fBkey\fR points to the raw public key +\&\fBEVP_PKEY_new_raw_private_key()\fR except that \fIkey\fR points to the raw public key data. The \fB\s-1EVP_PKEY\s0\fR structure will be initialised without any private key information. Algorithm types that support raw public keys are \&\fB\s-1EVP_PKEY_X25519\s0\fR, \fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. .PP -\&\fBEVP_PKEY_new_CMAC_key()\fR works in the same way as \fBEVP_PKEY_new_raw_private_key()\fR -except it is only for the \fB\s-1EVP_PKEY_CMAC\s0\fR algorithm type. In addition to the -raw private key data, it also takes a cipher algorithm to be used during -creation of a \s-1CMAC\s0 in the \fBcipher\fR argument. The cipher should be a standard -encryption only cipher. For example \s-1AEAD\s0 and \s-1XTS\s0 ciphers should not be used. -.PP \&\fBEVP_PKEY_new_mac_key()\fR works in the same way as \fBEVP_PKEY_new_raw_private_key()\fR. New applications should use \fBEVP_PKEY_new_raw_private_key()\fR instead. .PP -\&\fBEVP_PKEY_get_raw_private_key()\fR fills the buffer provided by \fBpriv\fR with raw -private key data. The size of the \fBpriv\fR buffer should be in \fB*len\fR on entry -to the function, and on exit \fB*len\fR is updated with the number of bytes -actually written. If the buffer \fBpriv\fR is \s-1NULL\s0 then \fB*len\fR is populated with +\&\fBEVP_PKEY_get_raw_private_key()\fR fills the buffer provided by \fIpriv\fR with raw +private key data. The size of the \fIpriv\fR buffer should be in \fI*len\fR on entry +to the function, and on exit \fI*len\fR is updated with the number of bytes +actually written. If the buffer \fIpriv\fR is \s-1NULL\s0 then \fI*len\fR is populated with the number of bytes required to hold the key. The calling application is responsible for ensuring that the buffer is large enough to receive the private key data. This function only works for algorithms that support raw private keys. Currently this is: \fB\s-1EVP_PKEY_HMAC\s0\fR, \fB\s-1EVP_PKEY_POLY1305\s0\fR, \fB\s-1EVP_PKEY_SIPHASH\s0\fR, \&\fB\s-1EVP_PKEY_X25519\s0\fR, \fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. .PP -\&\fBEVP_PKEY_get_raw_public_key()\fR fills the buffer provided by \fBpub\fR with raw -public key data. The size of the \fBpub\fR buffer should be in \fB*len\fR on entry -to the function, and on exit \fB*len\fR is updated with the number of bytes -actually written. If the buffer \fBpub\fR is \s-1NULL\s0 then \fB*len\fR is populated with +\&\fBEVP_PKEY_get_raw_public_key()\fR fills the buffer provided by \fIpub\fR with raw +public key data. The size of the \fIpub\fR buffer should be in \fI*len\fR on entry +to the function, and on exit \fI*len\fR is updated with the number of bytes +actually written. If the buffer \fIpub\fR is \s-1NULL\s0 then \fI*len\fR is populated with the number of bytes required to hold the key. The calling application is responsible for ensuring that the buffer is large enough to receive the public key data. This function only works for algorithms that support raw public keys. Currently this is: \fB\s-1EVP_PKEY_X25519\s0\fR, \fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \&\fB\s-1EVP_PKEY_ED448\s0\fR. +.PP +\&\fBEVP_PKEY_new_CMAC_key()\fR works in the same way as \fBEVP_PKEY_new_raw_private_key()\fR +except it is only for the \fB\s-1EVP_PKEY_CMAC\s0\fR algorithm type. In addition to the +raw private key data, it also takes a cipher algorithm to be used during +creation of a \s-1CMAC\s0 in the \fBcipher\fR argument. The cipher should be a standard +encryption-only cipher. For example \s-1AEAD\s0 and \s-1XTS\s0 ciphers should not be used. +.PP +Applications should use the \s-1\fBEVP_MAC\s0\fR\|(3) \s-1API\s0 instead +and set the \fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR parameter on the \fB\s-1EVP_MAC_CTX\s0\fR object +with the name of the cipher being used. .SH "NOTES" .IX Header "NOTES" The \fB\s-1EVP_PKEY\s0\fR structure is used by various OpenSSL functions which require a @@ -226,20 +301,22 @@ general private key without reference to any particular algorithm. .PP The structure returned by \fBEVP_PKEY_new()\fR is empty. To add a private or public key to this empty structure use the appropriate functions described in -\&\fBEVP_PKEY_set1_RSA\fR\|(3), EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH or -EVP_PKEY_set1_EC_KEY. +\&\fBEVP_PKEY_set1_RSA\fR\|(3), \fBEVP_PKEY_set1_DSA\fR\|(3), \fBEVP_PKEY_set1_DH\fR\|(3) or +\&\fBEVP_PKEY_set1_EC_KEY\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_PKEY_new()\fR, \fBEVP_PKEY_new_raw_private_key()\fR, \fBEVP_PKEY_new_raw_public_key()\fR, \&\fBEVP_PKEY_new_CMAC_key()\fR and \fBEVP_PKEY_new_mac_key()\fR return either the newly -allocated \fB\s-1EVP_PKEY\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. +allocated \fB\s-1EVP_PKEY\s0\fR structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fBEVP_PKEY_dup()\fR returns the key duplicate or \s-1NULL\s0 if an error occurred. .PP \&\fBEVP_PKEY_up_ref()\fR, \fBEVP_PKEY_get_raw_private_key()\fR and \&\fBEVP_PKEY_get_raw_public_key()\fR return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBEVP_PKEY_set1_RSA\fR\|(3), EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH or -EVP_PKEY_set1_EC_KEY +\&\fBEVP_PKEY_set1_RSA\fR\|(3), \fBEVP_PKEY_set1_DSA\fR\|(3), \fBEVP_PKEY_set1_DH\fR\|(3) or +\&\fBEVP_PKEY_set1_EC_KEY\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The @@ -251,11 +328,21 @@ The \&\fBEVP_PKEY_new_raw_private_key()\fR, \fBEVP_PKEY_new_raw_public_key()\fR, \&\fBEVP_PKEY_new_CMAC_key()\fR, \fBEVP_PKEY_new_raw_private_key()\fR and \&\fBEVP_PKEY_get_raw_public_key()\fR functions were added in OpenSSL 1.1.1. +.PP +The \fBEVP_PKEY_dup()\fR, \fBEVP_PKEY_new_raw_private_key_ex()\fR, and +\&\fBEVP_PKEY_new_raw_public_key_ex()\fR +functions were added in OpenSSL 3.0. +.PP +The \fBEVP_PKEY_new_CMAC_key()\fR was deprecated in OpenSSL 3.0. +.PP +The documentation of \fB\s-1EVP_PKEY\s0\fR was amended in OpenSSL 3.0 to allow there to +be the private part of the keypair without the public part, where this was +previously implied to be disallowed. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_print_private.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_print_private.3 index 2dd8715b414a..147bcf3284b4 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_print_private.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_print_private.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_PRINT_PRIVATE 3" -.TH EVP_PKEY_PRINT_PRIVATE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_PKEY_PRINT_PRIVATE 3ossl" +.TH EVP_PKEY_PRINT_PRIVATE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params \- public key algorithm printing routines +EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params, +EVP_PKEY_print_public_fp, EVP_PKEY_print_private_fp, +EVP_PKEY_print_params_fp \- public key algorithm printing routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -147,24 +147,34 @@ EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params \- public k \& \& int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, \& int indent, ASN1_PCTX *pctx); +\& int EVP_PKEY_print_public_fp(FILE *fp, const EVP_PKEY *pkey, +\& int indent, ASN1_PCTX *pctx); \& int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, \& int indent, ASN1_PCTX *pctx); +\& int EVP_PKEY_print_private_fp(FILE *fp, const EVP_PKEY *pkey, +\& int indent, ASN1_PCTX *pctx); \& int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, \& int indent, ASN1_PCTX *pctx); +\& int EVP_PKEY_print_params_fp(FILE *fp, const EVP_PKEY *pkey, +\& int indent, ASN1_PCTX *pctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The functions \fBEVP_PKEY_print_public()\fR, \fBEVP_PKEY_print_private()\fR and \&\fBEVP_PKEY_print_params()\fR print out the public, private or parameter components -of key \fBpkey\fR respectively. The key is sent to \s-1BIO\s0 \fBout\fR in human readable -form. The parameter \fBindent\fR indicated how far the printout should be indented. +of key \fIpkey\fR respectively. The key is sent to \fB\s-1BIO\s0\fR \fIout\fR in human readable +form. The parameter \fIindent\fR indicates how far the printout should be indented. .PP -The \fBpctx\fR parameter allows the print output to be finely tuned by using -\&\s-1ASN1\s0 printing options. If \fBpctx\fR is set to \s-1NULL\s0 then default values will +The \fIpctx\fR parameter allows the print output to be finely tuned by using +\&\s-1ASN1\s0 printing options. If \fIpctx\fR is set to \s-1NULL\s0 then default values will be used. +.PP +The functions \fBEVP_PKEY_print_public_fp()\fR, \fBEVP_PKEY_print_private_fp()\fR and +\&\fBEVP_PKEY_print_params_fp()\fR do the same as the \fB\s-1BIO\s0\fR based functions +but use \fB\s-1FILE\s0\fR \fIfp\fR instead. .SH "NOTES" .IX Header "NOTES" -Currently no public key algorithms include any options in the \fBpctx\fR parameter. +Currently no public key algorithms include any options in the \fIpctx\fR parameter. .PP If the key does not include all the components indicated by the function then only those contained in the key will be printed. For example passing a public @@ -180,12 +190,16 @@ the public key algorithm. \&\fBEVP_PKEY_keygen\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -These functions were added in OpenSSL 1.0.0. +The functions \fBEVP_PKEY_print_public()\fR, \fBEVP_PKEY_print_private()\fR, +and \fBEVP_PKEY_print_params()\fR were added in OpenSSL 1.0.0. +.PP +The functions \fBEVP_PKEY_print_public_fp()\fR, \fBEVP_PKEY_print_private_fp()\fR, +and \fBEVP_PKEY_print_params_fp()\fR were added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2006\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_set1_RSA.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_set1_RSA.3 index 3df70a3313ef..d012ccc40128 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_set1_RSA.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_set1_RSA.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,41 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_SET1_RSA 3" -.TH EVP_PKEY_SET1_RSA 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_PKEY_SET1_RSA 3ossl" +.TH EVP_PKEY_SET1_RSA 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH, EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash, EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine, EVP_PKEY_get0_engine \- EVP_PKEY assignment functions +EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, +EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, +EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, +EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, +EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH, +EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash, +EVP_PKEY_get0, EVP_PKEY_type, EVP_PKEY_get_id, EVP_PKEY_get_base_id, +EVP_PKEY_set1_engine, EVP_PKEY_get0_engine, +EVP_PKEY_id, EVP_PKEY_base_id \- +EVP_PKEY assignment functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> \& +\& int EVP_PKEY_get_id(const EVP_PKEY *pkey); +\& int EVP_PKEY_get_base_id(const EVP_PKEY *pkey); +\& int EVP_PKEY_type(int type); +\& +\& #define EVP_PKEY_id EVP_PKEY_get_id +\& #define EVP_PKEY_base_id EVP_PKEY_get_base_id +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 4 \& int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key); \& int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key); \& int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key); @@ -158,10 +178,11 @@ EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EV \& const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); \& const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len); \& const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len); -\& RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); -\& DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); -\& DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey); -\& EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey); +\& const RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey); +\& const DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey); +\& const DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey); +\& const EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey); +\& void *EVP_PKEY_get0(const EVP_PKEY *pkey); \& \& int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key); \& int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key); @@ -170,75 +191,130 @@ EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EV \& int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key); \& int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key); \& -\& int EVP_PKEY_id(const EVP_PKEY *pkey); -\& int EVP_PKEY_base_id(const EVP_PKEY *pkey); -\& int EVP_PKEY_type(int type); -\& int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type); -\& \& ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey); \& int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *engine); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBEVP_PKEY_set1_RSA()\fR, \fBEVP_PKEY_set1_DSA()\fR, \fBEVP_PKEY_set1_DH()\fR and -\&\fBEVP_PKEY_set1_EC_KEY()\fR set the key referenced by \fBpkey\fR to \fBkey\fR. +\&\fBEVP_PKEY_get_base_id()\fR returns the type of \fIpkey\fR. For example +an \s-1RSA\s0 key will return \fB\s-1EVP_PKEY_RSA\s0\fR. .PP -\&\fBEVP_PKEY_get1_RSA()\fR, \fBEVP_PKEY_get1_DSA()\fR, \fBEVP_PKEY_get1_DH()\fR and -\&\fBEVP_PKEY_get1_EC_KEY()\fR return the referenced key in \fBpkey\fR or -\&\fB\s-1NULL\s0\fR if the key is not of the correct type. +\&\fBEVP_PKEY_get_id()\fR returns the actual \s-1NID\s0 associated with \fIpkey\fR +only if the \fIpkey\fR type isn't implemented just in a \fBprovider\fR\|(7). +Historically keys using the same algorithm could use different NIDs. +For example an \s-1RSA\s0 key could use the NIDs corresponding to +the NIDs \fBNID_rsaEncryption\fR (equivalent to \fB\s-1EVP_PKEY_RSA\s0\fR) or +\&\fBNID_rsa\fR (equivalent to \fB\s-1EVP_PKEY_RSA2\s0\fR). The use of +alternative non-standard NIDs is now rare so \fB\s-1EVP_PKEY_RSA2\s0\fR et al are not +often seen in practice. +\&\fBEVP_PKEY_get_id()\fR returns \-1 (\fB\s-1EVP_PKEY_KEYMGMT\s0\fR) if the \fIpkey\fR is +only implemented in a \fBprovider\fR\|(7). .PP -\&\fBEVP_PKEY_get0_hmac()\fR, \fBEVP_PKEY_get0_poly1305()\fR, \fBEVP_PKEY_get0_siphash()\fR, -\&\fBEVP_PKEY_get0_RSA()\fR, \fBEVP_PKEY_get0_DSA()\fR, \fBEVP_PKEY_get0_DH()\fR -and \fBEVP_PKEY_get0_EC_KEY()\fR also return the referenced key in \fBpkey\fR or \fB\s-1NULL\s0\fR -if the key is not of the correct type but the reference count of the -returned key is \fBnot\fR incremented and so must not be freed up after use. +\&\fBEVP_PKEY_type()\fR returns the underlying type of the \s-1NID\s0 \fItype\fR. For example +EVP_PKEY_type(\s-1EVP_PKEY_RSA2\s0) will return \fB\s-1EVP_PKEY_RSA\s0\fR. +.PP +\&\fBEVP_PKEY_set1_RSA()\fR, \fBEVP_PKEY_set1_DSA()\fR, \fBEVP_PKEY_set1_DH()\fR and +\&\fBEVP_PKEY_set1_EC_KEY()\fR set the key referenced by \fIpkey\fR to \fIkey\fR. These +functions are deprecated. Applications should instead use +\&\fBEVP_PKEY_fromdata\fR\|(3). .PP \&\fBEVP_PKEY_assign_RSA()\fR, \fBEVP_PKEY_assign_DSA()\fR, \fBEVP_PKEY_assign_DH()\fR, \&\fBEVP_PKEY_assign_EC_KEY()\fR, \fBEVP_PKEY_assign_POLY1305()\fR and -\&\fBEVP_PKEY_assign_SIPHASH()\fR also set the referenced key to \fBkey\fR -however these use the supplied \fBkey\fR internally and so \fBkey\fR -will be freed when the parent \fBpkey\fR is freed. +\&\fBEVP_PKEY_assign_SIPHASH()\fR set the referenced key to \fIkey\fR however these use +the supplied \fIkey\fR internally and so \fIkey\fR will be freed when the parent +\&\fIpkey\fR is freed. These macros are deprecated. Applications should instead read +an \s-1EVP_PKEY\s0 directly using the \s-1OSSL_DECODER\s0 APIs (see +\&\fBOSSL_DECODER_CTX_new_for_pkey\fR\|(3)), or construct an \s-1EVP_PKEY\s0 from data using +\&\fBEVP_PKEY_fromdata\fR\|(3). .PP -\&\fBEVP_PKEY_base_id()\fR returns the type of \fBpkey\fR. For example -an \s-1RSA\s0 key will return \fB\s-1EVP_PKEY_RSA\s0\fR. +\&\fBEVP_PKEY_get1_RSA()\fR, \fBEVP_PKEY_get1_DSA()\fR, \fBEVP_PKEY_get1_DH()\fR and +\&\fBEVP_PKEY_get1_EC_KEY()\fR return the referenced key in \fIpkey\fR or \s-1NULL\s0 if the +key is not of the correct type. The returned key must be freed after use. +These functions are deprecated. Applications should instead use the \s-1EVP_PKEY\s0 +directly where possible. If access to the low level key parameters is required +then applications should use \fBEVP_PKEY_get_params\fR\|(3) and other similar +functions. To write an \s-1EVP_PKEY\s0 out use the \s-1OSSL_ENCODER\s0 APIs (see +\&\fBOSSL_ENCODER_CTX_new_for_pkey\fR\|(3)). .PP -\&\fBEVP_PKEY_id()\fR returns the actual \s-1OID\s0 associated with \fBpkey\fR. Historically keys -using the same algorithm could use different OIDs. For example an \s-1RSA\s0 key could -use the OIDs corresponding to the NIDs \fBNID_rsaEncryption\fR (equivalent to -\&\fB\s-1EVP_PKEY_RSA\s0\fR) or \fBNID_rsa\fR (equivalent to \fB\s-1EVP_PKEY_RSA2\s0\fR). The use of -alternative non-standard OIDs is now rare so \fB\s-1EVP_PKEY_RSA2\s0\fR et al are not -often seen in practice. +\&\fBEVP_PKEY_get0_hmac()\fR, \fBEVP_PKEY_get0_poly1305()\fR, \fBEVP_PKEY_get0_siphash()\fR, +\&\fBEVP_PKEY_get0_RSA()\fR, \fBEVP_PKEY_get0_DSA()\fR, \fBEVP_PKEY_get0_DH()\fR and +\&\fBEVP_PKEY_get0_EC_KEY()\fR return the referenced key in \fIpkey\fR or \s-1NULL\s0 if the +key is not of the correct type. The reference count of the returned key is +\&\fBnot\fR incremented and so the key must not be freed after use. These functions +are deprecated. Applications should instead use the \s-1EVP_PKEY\s0 directly where +possible. If access to the low level key parameters is required then +applications should use \fBEVP_PKEY_get_params\fR\|(3) and other similar functions. +To write an \s-1EVP_PKEY\s0 out use the \s-1OSSL_ENCODER\s0 APIs (see +\&\fBOSSL_ENCODER_CTX_new_for_pkey\fR\|(3)). \fBEVP_PKEY_get0()\fR returns a pointer to the +legacy key or \s-1NULL\s0 if the key is not legacy. .PP -\&\fBEVP_PKEY_type()\fR returns the underlying type of the \s-1NID\s0 \fBtype\fR. For example -EVP_PKEY_type(\s-1EVP_PKEY_RSA2\s0) will return \fB\s-1EVP_PKEY_RSA\s0\fR. +Note that if an \s-1EVP_PKEY\s0 was not constructed using one of the deprecated +functions such as \fBEVP_PKEY_set1_RSA()\fR, \fBEVP_PKEY_set1_DSA()\fR, \fBEVP_PKEY_set1_DH()\fR +or \fBEVP_PKEY_set1_EC_KEY()\fR, or via the similarly named \fBEVP_PKEY_assign\fR macros +described above then the internal key will be managed by a provider (see +\&\fBprovider\fR\|(7)). In that case the key returned by \fBEVP_PKEY_get1_RSA()\fR, +\&\fBEVP_PKEY_get1_DSA()\fR, \fBEVP_PKEY_get1_DH()\fR, \fBEVP_PKEY_get1_EC_KEY()\fR, +\&\fBEVP_PKEY_get0_hmac()\fR, \fBEVP_PKEY_get0_poly1305()\fR, \fBEVP_PKEY_get0_siphash()\fR, +\&\fBEVP_PKEY_get0_RSA()\fR, \fBEVP_PKEY_get0_DSA()\fR, \fBEVP_PKEY_get0_DH()\fR or +\&\fBEVP_PKEY_get0_EC_KEY()\fR will be a cached copy of the provider's key. Subsequent +updates to the provider's key will not be reflected back in the cached copy, and +updates made by an application to the returned key will not be reflected back in +the provider's key. Subsequent calls to \fBEVP_PKEY_get1_RSA()\fR, +\&\fBEVP_PKEY_get1_DSA()\fR, \fBEVP_PKEY_get1_DH()\fR and \fBEVP_PKEY_get1_EC_KEY()\fR will always +return the cached copy returned by the first call. .PP -\&\fBEVP_PKEY_get0_engine()\fR returns a reference to the \s-1ENGINE\s0 handling \fBpkey\fR. +\&\fBEVP_PKEY_get0_engine()\fR returns a reference to the \s-1ENGINE\s0 handling \fIpkey\fR. This +function is deprecated. Applications should use providers instead of engines +(see \fBprovider\fR\|(7) for details). .PP -\&\fBEVP_PKEY_set1_engine()\fR sets the \s-1ENGINE\s0 handling \fBpkey\fR to \fBengine\fR. It +\&\fBEVP_PKEY_set1_engine()\fR sets the \s-1ENGINE\s0 handling \fIpkey\fR to \fIengine\fR. It must be called after the key algorithm and components are set up. -If \fBengine\fR does not include an \fB\s-1EVP_PKEY_METHOD\s0\fR for \fBpkey\fR an -error occurs. +If \fIengine\fR does not include an \fB\s-1EVP_PKEY_METHOD\s0\fR for \fIpkey\fR an +error occurs. This function is deprecated. Applications should use providers +instead of engines (see \fBprovider\fR\|(7) for details). +.SH "WARNINGS" +.IX Header "WARNINGS" +The following functions are only reliable with \fB\s-1EVP_PKEY\s0\fRs that have +been assigned an internal key with EVP_PKEY_assign_*(): .PP -\&\fBEVP_PKEY_set_alias_type()\fR allows modifying a \s-1EVP_PKEY\s0 to use a -different set of algorithms than the default. This is currently used -to support \s-1SM2\s0 keys, which use an identical encoding to \s-1ECDSA.\s0 +\&\fBEVP_PKEY_get_id()\fR, \fBEVP_PKEY_get_base_id()\fR, \fBEVP_PKEY_type()\fR +.PP +For \s-1EVP_PKEY\s0 key type checking purposes, \fBEVP_PKEY_is_a\fR\|(3) is more generic. +.PP +For purposes of retrieving the name of the \fB\s-1EVP_PKEY\s0\fR the function +\&\fBEVP_PKEY_get0_type_name\fR\|(3) is more generally useful. +.PP +The keys returned from the functions \fBEVP_PKEY_get0_RSA()\fR, \fBEVP_PKEY_get0_DSA()\fR, +\&\fBEVP_PKEY_get0_DH()\fR and \fBEVP_PKEY_get0_EC_KEY()\fR were changed to have a \*(L"const\*(R" +return type in OpenSSL 3.0. As described above the keys returned may be cached +copies of the key held in a provider. Due to this, and unlike in earlier +versions of OpenSSL, they should be considered read-only copies of the key. +Updates to these keys will not be reflected back in the provider side key. The +\&\fBEVP_PKEY_get1_RSA()\fR, \fBEVP_PKEY_get1_DSA()\fR, \fBEVP_PKEY_get1_DH()\fR and +\&\fBEVP_PKEY_get1_EC_KEY()\fR functions were not changed to have a \*(L"const\*(R" return type +in order that applications can \*(L"free\*(R" the return value. However applications +should still consider them as read-only copies. .SH "NOTES" .IX Header "NOTES" In accordance with the OpenSSL naming convention the key obtained -from or assigned to the \fBpkey\fR using the \fB1\fR functions must be -freed as well as \fBpkey\fR. +from or assigned to the \fIpkey\fR using the \fB1\fR functions must be +freed as well as \fIpkey\fR. .PP \&\fBEVP_PKEY_assign_RSA()\fR, \fBEVP_PKEY_assign_DSA()\fR, \fBEVP_PKEY_assign_DH()\fR, \&\fBEVP_PKEY_assign_EC_KEY()\fR, \fBEVP_PKEY_assign_POLY1305()\fR and \fBEVP_PKEY_assign_SIPHASH()\fR are implemented as macros. .PP +\&\fBEVP_PKEY_assign_EC_KEY()\fR looks at the curve name id to determine if +the passed \fB\s-1EC_KEY\s0\fR is an \s-1\fBSM2\s0\fR\|(7) key, and will set the \fB\s-1EVP_PKEY\s0\fR +type to \fB\s-1EVP_PKEY_SM2\s0\fR in that case, instead of \fB\s-1EVP_PKEY_EC\s0\fR. +.PP Most applications wishing to know a key type will simply call -\&\fBEVP_PKEY_base_id()\fR and will not care about the actual type: +\&\fBEVP_PKEY_get_base_id()\fR and will not care about the actual type: which will be identical in almost all cases. .PP Previous versions of this document suggested using EVP_PKEY_type(pkey\->type) to determine the type of a key. Since \fB\s-1EVP_PKEY\s0\fR is now opaque this -is no longer possible: the equivalent is EVP_PKEY_base_id(pkey). +is no longer possible: the equivalent is EVP_PKEY_get_base_id(pkey). .PP \&\fBEVP_PKEY_set1_engine()\fR is typically used by an \s-1ENGINE\s0 returning an \s-1HSM\s0 key as part of its routine to load a private key. @@ -248,35 +324,44 @@ key as part of its routine to load a private key. \&\fBEVP_PKEY_set1_EC_KEY()\fR return 1 for success or 0 for failure. .PP \&\fBEVP_PKEY_get1_RSA()\fR, \fBEVP_PKEY_get1_DSA()\fR, \fBEVP_PKEY_get1_DH()\fR and -\&\fBEVP_PKEY_get1_EC_KEY()\fR return the referenced key or \fB\s-1NULL\s0\fR if +\&\fBEVP_PKEY_get1_EC_KEY()\fR return the referenced key or \s-1NULL\s0 if an error occurred. .PP \&\fBEVP_PKEY_assign_RSA()\fR, \fBEVP_PKEY_assign_DSA()\fR, \fBEVP_PKEY_assign_DH()\fR, \&\fBEVP_PKEY_assign_EC_KEY()\fR, \fBEVP_PKEY_assign_POLY1305()\fR and \fBEVP_PKEY_assign_SIPHASH()\fR return 1 for success and 0 for failure. .PP -\&\fBEVP_PKEY_base_id()\fR, \fBEVP_PKEY_id()\fR and \fBEVP_PKEY_type()\fR return a key +\&\fBEVP_PKEY_get_base_id()\fR, \fBEVP_PKEY_get_id()\fR and \fBEVP_PKEY_type()\fR return a key type or \fBNID_undef\fR (equivalently \fB\s-1EVP_PKEY_NONE\s0\fR) on error. .PP \&\fBEVP_PKEY_set1_engine()\fR returns 1 for success and 0 for failure. -.PP -\&\fBEVP_PKEY_set_alias_type()\fR returns 1 for success and 0 for error. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -After loading an \s-1ECC\s0 key, it is possible to convert it to using \s-1SM2\s0 -algorithms with EVP_PKEY_set_alias_type: -.PP -.Vb 1 -\& EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); -.Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBEVP_PKEY_new\fR\|(3) +\&\fBEVP_PKEY_new\fR\|(3), \s-1\fBSM2\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBEVP_PKEY_id()\fR and \fBEVP_PKEY_base_id()\fR functions were renamed to +include \f(CW\*(C`get\*(C'\fR in their names in OpenSSL 3.0, respectively. The old names +are kept as non-deprecated alias macros. +.PP +EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, +EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, +EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, +EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, +EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH, +EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash, +EVP_PKEY_set1_engine and EVP_PKEY_get0_engine were deprecated in OpenSSL 3.0. +.PP +The return value from EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, +EVP_PKEY_get0_EC_KEY were made const in OpenSSL 3.0. +.PP +The function \fBEVP_PKEY_set_alias_type()\fR was previously documented on this page. +It was removed in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2002\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_set1_encoded_public_key.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_set1_encoded_public_key.3 new file mode 100644 index 000000000000..117c76533dc7 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_set1_encoded_public_key.3 @@ -0,0 +1,272 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_SET1_ENCODED_PUBLIC_KEY 3ossl" +.TH EVP_PKEY_SET1_ENCODED_PUBLIC_KEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_set1_encoded_public_key, EVP_PKEY_get1_encoded_public_key, +EVP_PKEY_set1_tls_encodedpoint, EVP_PKEY_get1_tls_encodedpoint +\&\- functions to set and get public key data within an EVP_PKEY +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& int EVP_PKEY_set1_encoded_public_key(EVP_PKEY *pkey, +\& const unsigned char *pub, size_t publen); +\& +\& size_t EVP_PKEY_get1_encoded_public_key(EVP_PKEY *pkey, unsigned char **ppub); +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey, +\& const unsigned char *pt, size_t ptlen); +\& +\& size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEVP_PKEY_set1_encoded_public_key()\fR can be used to set the public key value +within an existing \s-1EVP_PKEY\s0 object. For the built-in OpenSSL algorithms this +currently only works for those that support key exchange. Parameters are not +set as part of this operation, so typically an application will create an +\&\s-1EVP_PKEY\s0 first, set the parameters on it, and then call this function. +For example setting the parameters might be done using +\&\fBEVP_PKEY_copy_parameters\fR\|(3). +.PP +The format for the encoded public key will depend on the algorithm in use. For +\&\s-1DH\s0 it should be encoded as a positive integer in big-endian form. For \s-1EC\s0 is +should be a point conforming to Sec. 2.3.4 of the \s-1SECG SEC 1\s0 (\*(L"Elliptic +Curve Cryptography\*(R") standard. For X25519 and X448 it should be encoded in a +format as defined by \s-1RFC7748.\s0 +.PP +The key to be updated is supplied in \fBpkey\fR. The buffer containing the encoded +key is pointed to be \fBpub\fR. The length of the buffer is supplied in \fBpublen\fR. +.PP +\&\fBEVP_PKEY_get1_encoded_public_key()\fR does the equivalent operation except that +the encoded public key is returned to the application. The key containing the +public key data is supplied in \fBpkey\fR. A buffer containing the encoded key will +be allocated and stored in \fB*ppub\fR. The length of the encoded public key is +returned by the function. The application is responsible for freeing the +allocated buffer. +.PP +The macro \fBEVP_PKEY_set1_tls_encodedpoint()\fR is deprecated and simply calls +\&\fBEVP_PKEY_set1_encoded_public_key()\fR with all the same arguments. New applications +should use \fBEVP_PKEY_set1_encoded_public_key()\fR instead. +.PP +The macro \fBEVP_PKEY_get1_tls_encodedpoint()\fR is deprecated and simply calls +\&\fBEVP_PKEY_get1_encoded_public_key()\fR with all the same arguments. New applications +should use \fBEVP_PKEY_get1_encoded_public_key()\fR instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_set1_encoded_public_key()\fR returns 1 for success and 0 or a negative +value for failure. +.PP +\&\fBEVP_PKEY_get1_encoded_public_key()\fR returns the length of the encoded key or 0 for failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +See \fBEVP_PKEY_derive_init\fR\|(3) and \fBEVP_PKEY_derive\fR\|(3) for information about +performing a key exchange operation. +.SS "Set up a peer's \s-1EVP_PKEY\s0 ready for a key exchange operation" +.IX Subsection "Set up a peer's EVP_PKEY ready for a key exchange operation" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& int exchange(EVP_PKEY *ourkey, unsigned char *peer_pub, size_t peer_pub_len) +\& { +\& EVP_PKEY *peerkey = EVP_PKEY_new(); +\& +\& if (peerkey == NULL || EVP_PKEY_copy_parameters(peerkey, ourkey) <= 0) +\& return 0; +\& +\& if (EVP_PKEY_set1_encoded_public_key(peerkey, peer_pub, +\& peer_pub_len) <= 0) +\& return 0; +\& +\& /* Do the key exchange here */ +\& +\& EVP_PKEY_free(peerkey); +\& +\& return 1; +\& } +.Ve +.SS "Get an encoded public key to send to a peer" +.IX Subsection "Get an encoded public key to send to a peer" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& int get_encoded_pub_key(EVP_PKEY *ourkey) +\& { +\& unsigned char *pubkey; +\& size_t pubkey_len; +\& +\& pubkey_len = EVP_PKEY_get1_encoded_public_key(ourkey, &pubkey); +\& if (pubkey_len == 0) +\& return 0; +\& +\& /* +\& * Send the encoded public key stored in the buffer at "pubkey" and of +\& * length pubkey_len, to the peer. +\& */ +\& +\& OPENSSL_free(pubkey); +\& return 1; +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_new\fR\|(3), \fBEVP_PKEY_copy_parameters\fR\|(3), +\&\fBEVP_PKEY_derive_init\fR\|(3), \fBEVP_PKEY_derive\fR\|(3), +\&\s-1\fBEVP_PKEY\-DH\s0\fR\|(7), \s-1\fBEVP_PKEY\-EC\s0\fR\|(7), \s-1\fBEVP_PKEY\-X25519\s0\fR\|(7), \s-1\fBEVP_PKEY\-X448\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBEVP_PKEY_set1_encoded_public_key()\fR and \fBEVP_PKEY_get1_encoded_public_key()\fR were +added in OpenSSL 3.0. +.PP +\&\fBEVP_PKEY_set1_tls_encodedpoint()\fR and \fBEVP_PKEY_get1_tls_encodedpoint()\fR were +deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_set_type.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_set_type.3 new file mode 100644 index 000000000000..964fc264ddd3 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_set_type.3 @@ -0,0 +1,198 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_SET_TYPE 3ossl" +.TH EVP_PKEY_SET_TYPE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_set_type, EVP_PKEY_set_type_str, EVP_PKEY_set_type_by_keymgmt +\&\- functions to change the EVP_PKEY type +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); +\& int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); +\& int EVP_PKEY_set_type_by_keymgmt(EVP_PKEY *pkey, EVP_KEYMGMT *keymgmt); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All the functions described here behave the same in so far that they +clear all the previous key data and methods from \fIpkey\fR, and reset it +to be of the type of key given by the different arguments. If +\&\fIpkey\fR is \s-1NULL,\s0 these functions will still return the same return +values as if it wasn't. +.PP +\&\fBEVP_PKEY_set_type()\fR initialises \fIpkey\fR to contain an internal legacy +key. When doing this, it finds a \s-1\fBEVP_PKEY_ASN1_METHOD\s0\fR\|(3) +corresponding to \fItype\fR, and associates \fIpkey\fR with the findings. +It is an error if no \s-1\fBEVP_PKEY_ASN1_METHOD\s0\fR\|(3) could be found for +\&\fItype\fR. +.PP +\&\fBEVP_PKEY_set_type_str()\fR initialises \fIpkey\fR to contain an internal legacy +key. When doing this, it finds a \s-1\fBEVP_PKEY_ASN1_METHOD\s0\fR\|(3) +corresponding to \fIstr\fR that has then length \fIlen\fR, and associates +\&\fIpkey\fR with the findings. +It is an error if no \s-1\fBEVP_PKEY_ASN1_METHOD\s0\fR\|(3) could be found for +\&\fItype\fR. +.PP +For both \fBEVP_PKEY_set_type()\fR and \fBEVP_PKEY_set_type_str()\fR, \fIpkey\fR gets +a numeric type, which can be retrieved with \fBEVP_PKEY_get_id\fR\|(3). This +numeric type is taken from the \s-1\fBEVP_PKEY_ASN1_METHOD\s0\fR\|(3) that was +found, and is equal to or closely related to \fItype\fR in the case of +\&\fBEVP_PKEY_set_type()\fR, or related to \fIstr\fR in the case of +\&\fBEVP_PKEY_set_type_str()\fR. +.PP +\&\fBEVP_PKEY_set_type_by_keymgmt()\fR initialises \fIpkey\fR to contain an +internal provider side key. When doing this, it associates \fIpkey\fR +with \fIkeymgmt\fR. For keys initialised like this, the numeric type +retrieved with \fBEVP_PKEY_get_id\fR\|(3) will always be \fB\s-1EVP_PKEY_NONE\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All functions described here return 1 if successful, or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_assign\fR\|(3), \fBEVP_PKEY_get_id\fR\|(3), \fBEVP_PKEY_get0_RSA\fR\|(3), +\&\fBEVP_PKEY_copy_parameters\fR\|(3), \s-1\fBEVP_PKEY_ASN1_METHOD\s0\fR\|(3), +\&\s-1\fBEVP_KEYMGMT\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_settable_params.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_settable_params.3 new file mode 100644 index 000000000000..39b829c4aa62 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_settable_params.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_SETTABLE_PARAMS 3ossl" +.TH EVP_PKEY_SETTABLE_PARAMS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_settable_params, EVP_PKEY_set_params, +EVP_PKEY_set_int_param, EVP_PKEY_set_size_t_param, EVP_PKEY_set_bn_param, +EVP_PKEY_set_utf8_string_param, EVP_PKEY_set_octet_string_param +\&\- set key parameters into a key +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& const OSSL_PARAM *EVP_PKEY_settable_params(const EVP_PKEY *pkey); +\& int EVP_PKEY_set_params(EVP_PKEY *pkey, OSSL_PARAM params[]); +\& int EVP_PKEY_set_int_param(EVP_PKEY *pkey, const char *key_name, int in); +\& int EVP_PKEY_set_size_t_param(EVP_PKEY *pkey, const char *key_name, size_t in); +\& int EVP_PKEY_set_bn_param(EVP_PKEY *pkey, const char *key_name, +\& const BIGNUM *bn); +\& int EVP_PKEY_set_utf8_string_param(EVP_PKEY *pkey, const char *key_name, +\& const char *str); +\& int EVP_PKEY_set_octet_string_param(EVP_PKEY *pkey, const char *key_name, +\& const unsigned char *buf, size_t bsize); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions can be used to set additional parameters into an existing +\&\fB\s-1EVP_PKEY\s0\fR. +.PP +\&\fBEVP_PKEY_set_params()\fR sets one or more \fIparams\fR into a \fIpkey\fR. +See \s-1\fBOSSL_PARAM\s0\fR\|(3) for information about parameters. +.PP +\&\fBEVP_PKEY_settable_params()\fR returns a constant list of \fIparams\fR indicating +the names and types of key parameters that can be set. +See \s-1\fBOSSL_PARAM\s0\fR\|(3) for information about parameters. +.PP +\&\fBEVP_PKEY_set_int_param()\fR sets an integer value \fIin\fR into a key \fIpkey\fR for the +associated field \fIkey_name\fR. +.PP +\&\fBEVP_PKEY_set_size_t_param()\fR sets an size_t value \fIin\fR into a key \fIpkey\fR for +the associated field \fIkey_name\fR. +.PP +\&\fBEVP_PKEY_set_bn_param()\fR sets the \s-1BIGNUM\s0 value \fIbn\fR into a key \fIpkey\fR for the +associated field \fIkey_name\fR. +.PP +\&\fBEVP_PKEY_set_utf8_string_param()\fR sets the \s-1UTF8\s0 string \fIstr\fR into a key \fIpkey\fR +for the associated field \fIkey_name\fR. +.PP +\&\fBEVP_PKEY_set_octet_string_param()\fR sets the octet string value \fIbuf\fR with a +size \fIbsize\fR into a key \fIpkey\fR for the associated field \fIkey_name\fR. +.SH "NOTES" +.IX Header "NOTES" +These functions only work for \fB\s-1EVP_PKEY\s0\fRs that contain a provider side key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_settable_params()\fR returns \s-1NULL\s0 on error or if it is not supported, +.PP +All other methods return 1 if a value was successfully set, or 0 if +there was an error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_gettable_params\fR\|(3), +\&\fBEVP_PKEY_CTX_new\fR\|(3), \fBprovider\-keymgmt\fR\|(7), \s-1\fBOSSL_PARAM\s0\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_sign.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_sign.3 index 64a42b3db00e..e0357dbc07cd 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_sign.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,36 +130,44 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_SIGN 3" -.TH EVP_PKEY_SIGN 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_PKEY_SIGN 3ossl" +.TH EVP_PKEY_SIGN 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_sign_init, EVP_PKEY_sign \- sign using a public key algorithm +EVP_PKEY_sign_init, EVP_PKEY_sign_init_ex, EVP_PKEY_sign +\&\- sign using a public key algorithm .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> \& \& int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); \& int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, \& unsigned char *sig, size_t *siglen, \& const unsigned char *tbs, size_t tbslen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fBEVP_PKEY_sign_init()\fR function initializes a public key algorithm -context using key \fBpkey\fR for a signing operation. +\&\fBEVP_PKEY_sign_init()\fR initializes a public key algorithm context \fIctx\fR for +signing using the algorithm given when the context was created +using \fBEVP_PKEY_CTX_new\fR\|(3) or variants thereof. The algorithm is used to +fetch a \fB\s-1EVP_SIGNATURE\s0\fR method implicitly, see \*(L"Implicit fetch\*(R" in \fBprovider\fR\|(7) +for more information about implicit fetches. +.PP +\&\fBEVP_PKEY_sign_init_ex()\fR is the same as \fBEVP_PKEY_sign_init()\fR but additionally +sets the passed parameters \fIparams\fR on the context before returning. .PP The \fBEVP_PKEY_sign()\fR function performs a public key signing operation -using \fBctx\fR. The data to be signed is specified using the \fBtbs\fR and -\&\fBtbslen\fR parameters. If \fBsig\fR is \fB\s-1NULL\s0\fR then the maximum size of the output -buffer is written to the \fBsiglen\fR parameter. If \fBsig\fR is not \fB\s-1NULL\s0\fR then -before the call the \fBsiglen\fR parameter should contain the length of the -\&\fBsig\fR buffer, if the call is successful the signature is written to -\&\fBsig\fR and the amount of data written to \fBsiglen\fR. +using \fIctx\fR. The data to be signed is specified using the \fItbs\fR and +\&\fItbslen\fR parameters. If \fIsig\fR is \s-1NULL\s0 then the maximum size of the output +buffer is written to the \fIsiglen\fR parameter. If \fIsig\fR is not \s-1NULL\s0 then +before the call the \fIsiglen\fR parameter should contain the length of the +\&\fIsig\fR buffer, if the call is successful the signature is written to +\&\fIsig\fR and the amount of data written to \fIsiglen\fR. .SH "NOTES" .IX Header "NOTES" \&\fBEVP_PKEY_sign()\fR does not hash the data to be signed, and therefore is @@ -234,12 +240,15 @@ Sign data using \s-1RSA\s0 with PKCS#1 padding and \s-1SHA256\s0 digest: \&\fBEVP_PKEY_derive\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -These functions were added in OpenSSL 1.0.0. +The \fBEVP_PKEY_sign_init()\fR and \fBEVP_PKEY_sign()\fR functions were added in +OpenSSL 1.0.0. +.PP +The \fBEVP_PKEY_sign_init_ex()\fR function was added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_todata.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_todata.3 new file mode 100644 index 000000000000..9dcd9dbb1e10 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_todata.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_TODATA 3ossl" +.TH EVP_PKEY_TODATA 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_todata, EVP_PKEY_export +\&\- functions to return keys as an array of key parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& int EVP_PKEY_todata(const EVP_PKEY *pkey, int selection, OSSL_PARAM **params); +\& int EVP_PKEY_export(const EVP_PKEY *pkey, int selection, +\& OSSL_CALLBACK *export_cb, void *export_cbarg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions described here are used to extract \fB\s-1EVP_PKEY\s0\fR key values as an +array of \s-1\fBOSSL_PARAM\s0\fR\|(3). +.PP +\&\fBEVP_PKEY_todata()\fR extracts values from a key \fIpkey\fR using the \fIselection\fR. +\&\fIselection\fR is described in \*(L"Selections\*(R" in \fBEVP_PKEY_fromdata\fR\|(3). +\&\fBOSSL_PARAM_free\fR\|(3) should be used to free the returned parameters in +\&\fI*params\fR. +.PP +\&\fBEVP_PKEY_export()\fR is similar to \fBEVP_PKEY_todata()\fR but uses a callback +\&\fIexport_cb\fR that gets passed the value of \fIexport_cbarg\fR. +See \fBopenssl\-core.h\fR\|(7) for more information about the callback. Note that the +\&\s-1\fBOSSL_PARAM\s0\fR\|(3) array that is passed to the callback is not persistent after the +callback returns. The user must preserve the items of interest, or use +\&\fBEVP_PKEY_todata()\fR if persistence is required. +.SH "NOTES" +.IX Header "NOTES" +These functions only work with key management methods coming from a provider. +This is the mirror function to \fBEVP_PKEY_fromdata\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_todata()\fR and \fBEVP_PKEY_export()\fR return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBOSSL_PARAM\s0\fR\|(3), \fBopenssl\-core.h\fR\|(7), +\&\fBEVP_PKEY_fromdata\fR\|(3), +\&\s-1\fBEVP_PKEY\-RSA\s0\fR\|(7), \s-1\fBEVP_PKEY\-DSA\s0\fR\|(7), \s-1\fBEVP_PKEY\-DH\s0\fR\|(7), \s-1\fBEVP_PKEY\-EC\s0\fR\|(7), +\&\s-1\fBEVP_PKEY\-ED448\s0\fR\|(7), \s-1\fBEVP_PKEY\-X25519\s0\fR\|(7), \s-1\fBEVP_PKEY\-X448\s0\fR\|(7), +\&\s-1\fBEVP_PKEY\-ED25519\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2021\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_verify.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_verify.3 index 0b3975898918..adfaf1a543c2 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_verify.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_verify.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,33 +130,41 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_VERIFY 3" -.TH EVP_PKEY_VERIFY 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_PKEY_VERIFY 3ossl" +.TH EVP_PKEY_VERIFY 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_verify_init, EVP_PKEY_verify \- signature verification using a public key algorithm +EVP_PKEY_verify_init, EVP_PKEY_verify_init_ex, EVP_PKEY_verify +\&\- signature verification using a public key algorithm .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> \& \& int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); \& int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, \& const unsigned char *sig, size_t siglen, \& const unsigned char *tbs, size_t tbslen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fBEVP_PKEY_verify_init()\fR function initializes a public key algorithm -context using key \fBpkey\fR for a signature verification operation. +\&\fBEVP_PKEY_verify_init()\fR initializes a public key algorithm context \fIctx\fR for +signing using the algorithm given when the context was created +using \fBEVP_PKEY_CTX_new\fR\|(3) or variants thereof. The algorithm is used to +fetch a \fB\s-1EVP_SIGNATURE\s0\fR method implicitly, see \*(L"Implicit fetch\*(R" in \fBprovider\fR\|(7) +for more information about implicit fetches. +.PP +\&\fBEVP_PKEY_verify_init_ex()\fR is the same as \fBEVP_PKEY_verify_init()\fR but additionally +sets the passed parameters \fIparams\fR on the context before returning. .PP The \fBEVP_PKEY_verify()\fR function performs a public key verification operation -using \fBctx\fR. The signature is specified using the \fBsig\fR and -\&\fBsiglen\fR parameters. The verified data (i.e. the data believed originally -signed) is specified using the \fBtbs\fR and \fBtbslen\fR parameters. +using \fIctx\fR. The signature is specified using the \fIsig\fR and +\&\fIsiglen\fR parameters. The verified data (i.e. the data believed originally +signed) is specified using the \fItbs\fR and \fItbslen\fR parameters. .SH "NOTES" .IX Header "NOTES" After the call to \fBEVP_PKEY_verify_init()\fR algorithm specific control @@ -223,12 +229,15 @@ Verify signature using PKCS#1 and \s-1SHA256\s0 digest: \&\fBEVP_PKEY_derive\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -These functions were added in OpenSSL 1.0.0. +The \fBEVP_PKEY_verify_init()\fR and \fBEVP_PKEY_verify()\fR functions were added in +OpenSSL 1.0.0. +.PP +The \fBEVP_PKEY_verify_init_ex()\fR function was added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_verify_recover.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_verify_recover.3 index d8e689a5b8bb..8cc3f87a06b9 100644 --- a/secure/lib/libcrypto/man/man3/EVP_PKEY_verify_recover.3 +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_verify_recover.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,36 +130,47 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_PKEY_VERIFY_RECOVER 3" -.TH EVP_PKEY_VERIFY_RECOVER 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_PKEY_VERIFY_RECOVER 3ossl" +.TH EVP_PKEY_VERIFY_RECOVER 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover \- recover signature using a public key algorithm +EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover_init_ex, +EVP_PKEY_verify_recover +\&\- recover signature using a public key algorithm .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> \& \& int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx, +\& const OSSL_PARAM params[]); \& int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, \& unsigned char *rout, size_t *routlen, \& const unsigned char *sig, size_t siglen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fBEVP_PKEY_verify_recover_init()\fR function initializes a public key algorithm -context using key \fBpkey\fR for a verify recover operation. +\&\fBEVP_PKEY_verify_recover_init()\fR initializes a public key algorithm context +\&\fIctx\fR for signing using the algorithm given when the context was created +using \fBEVP_PKEY_CTX_new\fR\|(3) or variants thereof. The algorithm is used to +fetch a \fB\s-1EVP_SIGNATURE\s0\fR method implicitly, see \*(L"Implicit fetch\*(R" in \fBprovider\fR\|(7) +for more information about implicit fetches. +.PP +\&\fBEVP_PKEY_verify_recover_init_ex()\fR is the same as +\&\fBEVP_PKEY_verify_recover_init()\fR but additionally sets the passed parameters +\&\fIparams\fR on the context before returning. .PP The \fBEVP_PKEY_verify_recover()\fR function recovers signed data -using \fBctx\fR. The signature is specified using the \fBsig\fR and -\&\fBsiglen\fR parameters. If \fBrout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output -buffer is written to the \fBroutlen\fR parameter. If \fBrout\fR is not \fB\s-1NULL\s0\fR then -before the call the \fBroutlen\fR parameter should contain the length of the -\&\fBrout\fR buffer, if the call is successful recovered data is written to -\&\fBrout\fR and the amount of data written to \fBroutlen\fR. +using \fIctx\fR. The signature is specified using the \fIsig\fR and +\&\fIsiglen\fR parameters. If \fIrout\fR is \s-1NULL\s0 then the maximum size of the output +buffer is written to the \fIroutlen\fR parameter. If \fIrout\fR is not \s-1NULL\s0 then +before the call the \fIroutlen\fR parameter should contain the length of the +\&\fIrout\fR buffer, if the call is successful recovered data is written to +\&\fIrout\fR and the amount of data written to \fIroutlen\fR. .SH "NOTES" .IX Header "NOTES" Normally an application is only interested in whether a signature verification @@ -234,12 +243,15 @@ Recover digest originally signed using PKCS#1 and \s-1SHA256\s0 digest: \&\fBEVP_PKEY_derive\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -These functions were added in OpenSSL 1.0.0. +The \fBEVP_PKEY_verify_recover_init()\fR and \fBEVP_PKEY_verify_recover()\fR +functions were added in OpenSSL 1.0.0. +.PP +The \fBEVP_PKEY_verify_recover_init_ex()\fR function was added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2013\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_RAND.3 b/secure/lib/libcrypto/man/man3/EVP_RAND.3 new file mode 100644 index 000000000000..2358620a90f0 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_RAND.3 @@ -0,0 +1,534 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_RAND 3ossl" +.TH EVP_RAND 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_RAND, EVP_RAND_fetch, EVP_RAND_free, EVP_RAND_up_ref, EVP_RAND_CTX, +EVP_RAND_CTX_new, EVP_RAND_CTX_free, EVP_RAND_instantiate, +EVP_RAND_uninstantiate, EVP_RAND_generate, EVP_RAND_reseed, EVP_RAND_nonce, +EVP_RAND_enable_locking, EVP_RAND_verify_zeroization, EVP_RAND_get_strength, +EVP_RAND_get_state, +EVP_RAND_get0_provider, EVP_RAND_CTX_get0_rand, EVP_RAND_is_a, +EVP_RAND_get0_name, EVP_RAND_names_do_all, +EVP_RAND_get0_description, +EVP_RAND_CTX_get_params, +EVP_RAND_CTX_set_params, EVP_RAND_do_all_provided, EVP_RAND_get_params, +EVP_RAND_gettable_ctx_params, EVP_RAND_settable_ctx_params, +EVP_RAND_CTX_gettable_params, EVP_RAND_CTX_settable_params, +EVP_RAND_gettable_params, EVP_RAND_STATE_UNINITIALISED, EVP_RAND_STATE_READY, +EVP_RAND_STATE_ERROR \- EVP RAND routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& typedef struct evp_rand_st EVP_RAND; +\& typedef struct evp_rand_ctx_st EVP_RAND_CTX; +\& +\& EVP_RAND *EVP_RAND_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, +\& const char *properties); +\& int EVP_RAND_up_ref(EVP_RAND *rand); +\& void EVP_RAND_free(EVP_RAND *rand); +\& EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent); +\& void EVP_RAND_CTX_free(EVP_RAND_CTX *ctx); +\& EVP_RAND *EVP_RAND_CTX_get0_rand(EVP_RAND_CTX *ctx); +\& int EVP_RAND_get_params(EVP_RAND *rand, OSSL_PARAM params[]); +\& int EVP_RAND_CTX_get_params(EVP_RAND_CTX *ctx, OSSL_PARAM params[]); +\& int EVP_RAND_CTX_set_params(EVP_RAND_CTX *ctx, const OSSL_PARAM params[]); +\& const OSSL_PARAM *EVP_RAND_gettable_params(const EVP_RAND *rand); +\& const OSSL_PARAM *EVP_RAND_gettable_ctx_params(const EVP_RAND *rand); +\& const OSSL_PARAM *EVP_RAND_settable_ctx_params(const EVP_RAND *rand); +\& const OSSL_PARAM *EVP_RAND_CTX_gettable_params(EVP_RAND_CTX *ctx); +\& const OSSL_PARAM *EVP_RAND_CTX_settable_params(EVP_RAND_CTX *ctx); +\& const char *EVP_RAND_get0_name(const EVP_RAND *rand); +\& const char *EVP_RAND_get0_description(const EVP_RAND *rand); +\& int EVP_RAND_is_a(const EVP_RAND *rand, const char *name); +\& const OSSL_PROVIDER *EVP_RAND_get0_provider(const EVP_RAND *rand); +\& void EVP_RAND_do_all_provided(OSSL_LIB_CTX *libctx, +\& void (*fn)(EVP_RAND *rand, void *arg), +\& void *arg); +\& int EVP_RAND_names_do_all(const EVP_RAND *rand, +\& void (*fn)(const char *name, void *data), +\& void *data); +\& +\& int EVP_RAND_instantiate(EVP_RAND_CTX *ctx, unsigned int strength, +\& int prediction_resistance, +\& const unsigned char *pstr, size_t pstr_len, +\& const OSSL_PARAM params[]); +\& int EVP_RAND_uninstantiate(EVP_RAND_CTX *ctx); +\& int EVP_RAND_generate(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen, +\& unsigned int strength, int prediction_resistance, +\& const unsigned char *addin, size_t addin_len); +\& int EVP_RAND_reseed(EVP_RAND_CTX *ctx, int prediction_resistance, +\& const unsigned char *ent, size_t ent_len, +\& const unsigned char *addin, size_t addin_len); +\& int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen); +\& int EVP_RAND_enable_locking(EVP_RAND_CTX *ctx); +\& int EVP_RAND_verify_zeroization(EVP_RAND_CTX *ctx); +\& unsigned int EVP_RAND_get_strength(EVP_RAND_CTX *ctx); +\& int EVP_RAND_get_state(EVP_RAND_CTX *ctx); +\& +\& #define EVP_RAND_STATE_UNINITIALISED 0 +\& #define EVP_RAND_STATE_READY 1 +\& #define EVP_RAND_STATE_ERROR 2 +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP RAND\s0 routines are a high-level interface to random number generators +both deterministic and not. +If you just want to generate random bytes then you don't need to use +these functions: just call \fBRAND_bytes()\fR or \fBRAND_priv_bytes()\fR. +If you want to do more, these calls should be used instead of the older +\&\s-1RAND\s0 and \s-1RAND_DRBG\s0 functions. +.PP +After creating a \fB\s-1EVP_RAND_CTX\s0\fR for the required algorithm using +\&\fBEVP_RAND_CTX_new()\fR, inputs to the algorithm are supplied either by +passing them as part of the \fBEVP_RAND_instantiate()\fR call or using calls to +\&\fBEVP_RAND_CTX_set_params()\fR before calling \fBEVP_RAND_instantiate()\fR. Finally, +call \fBEVP_RAND_generate()\fR to produce cryptographically secure random bytes. +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1EVP_RAND\s0\fR is a type that holds the implementation of a \s-1RAND.\s0 +.PP +\&\fB\s-1EVP_RAND_CTX\s0\fR is a context type that holds the algorithm inputs. +\&\fB\s-1EVP_RAND_CTX\s0\fR structures are reference counted. +.SS "Algorithm implementation fetching" +.IX Subsection "Algorithm implementation fetching" +\&\fBEVP_RAND_fetch()\fR fetches an implementation of a \s-1RAND\s0 \fIalgorithm\fR, given +a library context \fIlibctx\fR and a set of \fIproperties\fR. +See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further information. +.PP +The returned value must eventually be freed with +\&\fBEVP_RAND_free\fR\|(3). +.PP +\&\fBEVP_RAND_up_ref()\fR increments the reference count of an already fetched +\&\s-1RAND.\s0 +.PP +\&\fBEVP_RAND_free()\fR frees a fetched algorithm. +\&\s-1NULL\s0 is a valid parameter, for which this function is a no-op. +.SS "Context manipulation functions" +.IX Subsection "Context manipulation functions" +\&\fBEVP_RAND_CTX_new()\fR creates a new context for the \s-1RAND\s0 implementation \fIrand\fR. +If not \s-1NULL,\s0 \fIparent\fR specifies the seed source for this implementation. +Not all random number generators need to have a seed source specified. +If a parent is required, a \s-1NULL\s0 \fIparent\fR will utilise the operating +system entropy sources. +It is recommended to minimise the number of random number generators that +rely on the operating system for their randomness because this is often scarce. +.PP +\&\fBEVP_RAND_CTX_free()\fR frees up the context \fIctx\fR. If \fIctx\fR is \s-1NULL,\s0 nothing +is done. +.PP +\&\fBEVP_RAND_CTX_get0_rand()\fR returns the \fB\s-1EVP_RAND\s0\fR associated with the context +\&\fIctx\fR. +.SS "Random Number Generator Functions" +.IX Subsection "Random Number Generator Functions" +\&\fBEVP_RAND_instantiate()\fR processes any parameters in \fIparams\fR and +then instantiates the \s-1RAND\s0 \fIctx\fR with a minimum security strength +of <strength> and personalisation string \fIpstr\fR of length <pstr_len>. +If \fIprediction_resistance\fR is specified, fresh entropy from a live source +will be sought. This call operates as per \s-1NIST SP 800\-90A\s0 and \s-1SP 800\-90C.\s0 +.PP +\&\fBEVP_RAND_uninstantiate()\fR uninstantiates the \s-1RAND\s0 \fIctx\fR as per +\&\s-1NIST SP 800\-90A\s0 and \s-1SP 800\-90C.\s0 Subsequent to this call, the \s-1RAND\s0 cannot +be used to generate bytes. It can only be freed or instantiated again. +.PP +\&\fBEVP_RAND_generate()\fR produces random bytes from the \s-1RAND\s0 \fIctx\fR with the +additional input \fIaddin\fR of length \fIaddin_len\fR. The bytes +produced will meet the security \fIstrength\fR. +If \fIprediction_resistance\fR is specified, fresh entropy from a live source +will be sought. This call operates as per \s-1NIST SP 800\-90A\s0 and \s-1SP 800\-90C.\s0 +.PP +\&\fBEVP_RAND_reseed()\fR reseeds the \s-1RAND\s0 with new entropy. +Entropy \fIent\fR of length \fIent_len\fR bytes can be supplied as can additional +input \fIaddin\fR of length \fIaddin_len\fR bytes. In the \s-1FIPS\s0 provider, both are +treated as additional input as per \s-1NIST\s0 SP\-800\-90Ar1, Sections 9.1 and 9.2. +Additional seed material is also drawn from the \s-1RAND\s0's parent or the +operating system. If \fIprediction_resistance\fR is specified, fresh entropy +from a live source will be sought. This call operates as per \s-1NIST SP 800\-90A\s0 +and \s-1SP 800\-90C.\s0 +.PP +\&\fBEVP_RAND_nonce()\fR creates a nonce in \fIout\fR of maximum length \fIoutlen\fR +bytes from the \s-1RAND\s0 \fIctx\fR. The function returns the length of the generated +nonce. If \fIout\fR is \s-1NULL,\s0 the length is still returned but no generation +takes place. This allows a caller to dynamically allocate a buffer of the +appropriate size. +.PP +\&\fBEVP_RAND_enable_locking()\fR enables locking for the \s-1RAND\s0 \fIctx\fR and all of +its parents. After this \fIctx\fR will operate in a thread safe manner, albeit +more slowly. This function is not itself thread safe if called with the same +\&\fIctx\fR from multiple threads. Typically locking should be enabled before a +\&\fIctx\fR is shared across multiple threads. +.PP +\&\fBEVP_RAND_get_params()\fR retrieves details about the implementation +\&\fIrand\fR. +The set of parameters given with \fIparams\fR determine exactly what +parameters should be retrieved. +Note that a parameter that is unknown in the underlying context is +simply ignored. +.PP +\&\fBEVP_RAND_CTX_get_params()\fR retrieves chosen parameters, given the +context \fIctx\fR and its underlying context. +The set of parameters given with \fIparams\fR determine exactly what +parameters should be retrieved. +Note that a parameter that is unknown in the underlying context is +simply ignored. +.PP +\&\fBEVP_RAND_CTX_set_params()\fR passes chosen parameters to the underlying +context, given a context \fIctx\fR. +The set of parameters given with \fIparams\fR determine exactly what +parameters are passed down. +Note that a parameter that is unknown in the underlying context is +simply ignored. +Also, what happens when a needed parameter isn't passed down is +defined by the implementation. +.PP +\&\fBEVP_RAND_gettable_params()\fR returns an \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes +the retrievable and settable parameters. \fBEVP_RAND_gettable_params()\fR returns +parameters that can be used with \fBEVP_RAND_get_params()\fR. +.PP +\&\fBEVP_RAND_gettable_ctx_params()\fR and \fBEVP_RAND_CTX_gettable_params()\fR return +constant \s-1\fBOSSL_PARAM\s0\fR\|(3) arrays that describe the retrievable parameters that +can be used with \fBEVP_RAND_CTX_get_params()\fR. \fBEVP_RAND_gettable_ctx_params()\fR +returns the parameters that can be retrieved from the algorithm, whereas +\&\fBEVP_RAND_CTX_gettable_params()\fR returns the parameters that can be retrieved +in the context's current state. +.PP +\&\fBEVP_RAND_settable_ctx_params()\fR and \fBEVP_RAND_CTX_settable_params()\fR return +constant \s-1\fBOSSL_PARAM\s0\fR\|(3) arrays that describe the settable parameters that +can be used with \fBEVP_RAND_CTX_set_params()\fR. \fBEVP_RAND_settable_ctx_params()\fR +returns the parameters that can be retrieved from the algorithm, whereas +\&\fBEVP_RAND_CTX_settable_params()\fR returns the parameters that can be retrieved +in the context's current state. +.SS "Information functions" +.IX Subsection "Information functions" +\&\fBEVP_RAND_get_strength()\fR returns the security strength of the \s-1RAND\s0 \fIctx\fR. +.PP +\&\fBEVP_RAND_get_state()\fR returns the current state of the \s-1RAND\s0 \fIctx\fR. +States defined by the OpenSSL RNGs are: +.IP "\(bu" 4 +\&\s-1EVP_RAND_STATE_UNINITIALISED:\s0 this \s-1RNG\s0 is currently uninitialised. +The instantiate call will change this to the ready state. +.IP "\(bu" 4 +\&\s-1EVP_RAND_STATE_READY:\s0 this \s-1RNG\s0 is currently ready to generate output. +.IP "\(bu" 4 +\&\s-1EVP_RAND_STATE_ERROR:\s0 this \s-1RNG\s0 is in an error state. +.PP +\&\fBEVP_RAND_is_a()\fR returns 1 if \fIrand\fR is an implementation of an +algorithm that's identifiable with \fIname\fR, otherwise 0. +.PP +\&\fBEVP_RAND_get0_provider()\fR returns the provider that holds the implementation +of the given \fIrand\fR. +.PP +\&\fBEVP_RAND_do_all_provided()\fR traverses all \s-1RAND\s0 implemented by all activated +providers in the given library context \fIlibctx\fR, and for each of the +implementations, calls the given function \fIfn\fR with the implementation method +and the given \fIarg\fR as argument. +.PP +\&\fBEVP_RAND_get0_name()\fR returns the canonical name of \fIrand\fR. +.PP +\&\fBEVP_RAND_names_do_all()\fR traverses all names for \fIrand\fR, and calls +\&\fIfn\fR with each name and \fIdata\fR. +.PP +\&\fBEVP_RAND_get0_description()\fR returns a description of the rand, meant for +display and human consumption. The description is at the discretion of +the rand implementation. +.PP +\&\fBEVP_RAND_verify_zeroization()\fR confirms if the internal \s-1DRBG\s0 state is +currently zeroed. This is used by the \s-1FIPS\s0 provider to support the mandatory +self tests. +.SH "PARAMETERS" +.IX Header "PARAMETERS" +The standard parameter names are: +.ie n .IP """state"" (\fB\s-1OSSL_RAND_PARAM_STATE\s0\fR) <integer>" 4 +.el .IP "``state'' (\fB\s-1OSSL_RAND_PARAM_STATE\s0\fR) <integer>" 4 +.IX Item "state (OSSL_RAND_PARAM_STATE) <integer>" +Returns the state of the random number generator. +.ie n .IP """strength"" (\fB\s-1OSSL_RAND_PARAM_STRENGTH\s0\fR) <unsigned integer>" 4 +.el .IP "``strength'' (\fB\s-1OSSL_RAND_PARAM_STRENGTH\s0\fR) <unsigned integer>" 4 +.IX Item "strength (OSSL_RAND_PARAM_STRENGTH) <unsigned integer>" +Returns the bit strength of the random number generator. +.PP +For rands that are also deterministic random bit generators (DRBGs), these +additional parameters are recognised. Not all +parameters are relevant to, or are understood by all \s-1DRBG\s0 rands: +.ie n .IP """reseed_requests"" (\fB\s-1OSSL_DRBG_PARAM_RESEED_REQUESTS\s0\fR) <unsigned integer>" 4 +.el .IP "``reseed_requests'' (\fB\s-1OSSL_DRBG_PARAM_RESEED_REQUESTS\s0\fR) <unsigned integer>" 4 +.IX Item "reseed_requests (OSSL_DRBG_PARAM_RESEED_REQUESTS) <unsigned integer>" +Reads or set the number of generate requests before reseeding the +associated \s-1RAND\s0 ctx. +.ie n .IP """reseed_time_interval"" (\fB\s-1OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL\s0\fR) <integer>" 4 +.el .IP "``reseed_time_interval'' (\fB\s-1OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL\s0\fR) <integer>" 4 +.IX Item "reseed_time_interval (OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL) <integer>" +Reads or set the number of elapsed seconds before reseeding the +associated \s-1RAND\s0 ctx. +.ie n .IP """max_request"" (\fB\s-1OSSL_DRBG_PARAM_RESEED_REQUESTS\s0\fR) <unsigned integer>" 4 +.el .IP "``max_request'' (\fB\s-1OSSL_DRBG_PARAM_RESEED_REQUESTS\s0\fR) <unsigned integer>" 4 +.IX Item "max_request (OSSL_DRBG_PARAM_RESEED_REQUESTS) <unsigned integer>" +Specifies the maximum number of bytes that can be generated in a single +call to OSSL_FUNC_rand_generate. +.ie n .IP """min_entropylen"" (\fB\s-1OSSL_DRBG_PARAM_MIN_ENTROPYLEN\s0\fR) <unsigned integer>" 4 +.el .IP "``min_entropylen'' (\fB\s-1OSSL_DRBG_PARAM_MIN_ENTROPYLEN\s0\fR) <unsigned integer>" 4 +.IX Item "min_entropylen (OSSL_DRBG_PARAM_MIN_ENTROPYLEN) <unsigned integer>" +.PD 0 +.ie n .IP """max_entropylen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_ENTROPYLEN\s0\fR) <unsigned integer>" 4 +.el .IP "``max_entropylen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_ENTROPYLEN\s0\fR) <unsigned integer>" 4 +.IX Item "max_entropylen (OSSL_DRBG_PARAM_MAX_ENTROPYLEN) <unsigned integer>" +.PD +Specify the minimum and maximum number of bytes of random material that +can be used to seed the \s-1DRBG.\s0 +.ie n .IP """min_noncelen"" (\fB\s-1OSSL_DRBG_PARAM_MIN_NONCELEN\s0\fR) <unsigned integer>" 4 +.el .IP "``min_noncelen'' (\fB\s-1OSSL_DRBG_PARAM_MIN_NONCELEN\s0\fR) <unsigned integer>" 4 +.IX Item "min_noncelen (OSSL_DRBG_PARAM_MIN_NONCELEN) <unsigned integer>" +.PD 0 +.ie n .IP """max_noncelen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_NONCELEN\s0\fR) <unsigned integer>" 4 +.el .IP "``max_noncelen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_NONCELEN\s0\fR) <unsigned integer>" 4 +.IX Item "max_noncelen (OSSL_DRBG_PARAM_MAX_NONCELEN) <unsigned integer>" +.PD +Specify the minimum and maximum number of bytes of nonce that can be used to +seed the \s-1DRBG.\s0 +.ie n .IP """max_perslen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_PERSLEN\s0\fR) <unsigned integer>" 4 +.el .IP "``max_perslen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_PERSLEN\s0\fR) <unsigned integer>" 4 +.IX Item "max_perslen (OSSL_DRBG_PARAM_MAX_PERSLEN) <unsigned integer>" +.PD 0 +.ie n .IP """max_adinlen"" (\fB\s-1OSSL_DRBG_PARAM_MAX_ADINLEN\s0\fR) <unsigned integer>" 4 +.el .IP "``max_adinlen'' (\fB\s-1OSSL_DRBG_PARAM_MAX_ADINLEN\s0\fR) <unsigned integer>" 4 +.IX Item "max_adinlen (OSSL_DRBG_PARAM_MAX_ADINLEN) <unsigned integer>" +.PD +Specify the minimum and maximum number of bytes of personalisation string +that can be used with the \s-1DRBG.\s0 +.ie n .IP """reseed_counter"" (\fB\s-1OSSL_DRBG_PARAM_RESEED_COUNTER\s0\fR) <unsigned integer>" 4 +.el .IP "``reseed_counter'' (\fB\s-1OSSL_DRBG_PARAM_RESEED_COUNTER\s0\fR) <unsigned integer>" 4 +.IX Item "reseed_counter (OSSL_DRBG_PARAM_RESEED_COUNTER) <unsigned integer>" +Specifies the number of times the \s-1DRBG\s0 has been seeded or reseeded. +.ie n .IP """properties"" (\fB\s-1OSSL_RAND_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_RAND_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_RAND_PARAM_PROPERTIES) <UTF8 string>" +.PD 0 +.ie n .IP """mac"" (\fB\s-1OSSL_RAND_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``mac'' (\fB\s-1OSSL_RAND_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "mac (OSSL_RAND_PARAM_MAC) <UTF8 string>" +.ie n .IP """digest"" (\fB\s-1OSSL_RAND_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_RAND_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_RAND_PARAM_DIGEST) <UTF8 string>" +.ie n .IP """cipher"" (\fB\s-1OSSL_RAND_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``cipher'' (\fB\s-1OSSL_RAND_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "cipher (OSSL_RAND_PARAM_CIPHER) <UTF8 string>" +.PD +For \s-1RAND\s0 implementations that use an underlying computation \s-1MAC,\s0 digest or +cipher, these parameters set what the algorithm should be. +.Sp +The value is always the name of the intended algorithm, +or the properties in the case of \fB\s-1OSSL_RAND_PARAM_PROPERTIES\s0\fR. +.SH "NOTES" +.IX Header "NOTES" +The use of a nonzero value for the \fIprediction_resistance\fR argument to +\&\fBEVP_RAND_instantiate()\fR, \fBEVP_RAND_generate()\fR or \fBEVP_RAND_reseed()\fR should +be used sparingly. In the default setup, this will cause all public and +private DRBGs to be reseeded on next use. Since, by default, public and +private DRBGs are allocated on a per thread basis, this can result in +significant overhead for highly multi-threaded applications. For normal +use-cases, the default \*(L"reseed_requests\*(R" and \*(L"reseed_time_interval\*(R" +thresholds ensure sufficient prediction resistance over time and you +can reduce those values if you think they are too high. Explicitly +requesting prediction resistance is intended for more special use-cases +like generating long-term secrets. +.PP +An \fB\s-1EVP_RAND_CTX\s0\fR needs to have locking enabled if it acts as the parent of +more than one child and the children can be accessed concurrently. This must +be done by explicitly calling \fBEVP_RAND_enable_locking()\fR. +.PP +The \s-1RAND\s0 life-cycle is described in \fBlife_cycle\-rand\fR\|(7). In the future, +the transitions described there will be enforced. When this is done, it will +not be considered a breaking change to the \s-1API.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_RAND_fetch()\fR returns a pointer to a newly fetched \fB\s-1EVP_RAND\s0\fR, or +\&\s-1NULL\s0 if allocation failed. +.PP +\&\fBEVP_RAND_get0_provider()\fR returns a pointer to the provider for the \s-1RAND,\s0 or +\&\s-1NULL\s0 on error. +.PP +\&\fBEVP_RAND_CTX_get0_rand()\fR returns a pointer to the \fB\s-1EVP_RAND\s0\fR associated +with the context. +.PP +\&\fBEVP_RAND_get0_name()\fR returns the name of the random number generation +algorithm. +.PP +\&\fBEVP_RAND_up_ref()\fR returns 1 on success, 0 on error. +.PP +\&\fBEVP_RAND_names_do_all()\fR returns 1 if the callback was called for all names. A +return value of 0 means that the callback was not called for any names. +.PP +\&\fBEVP_RAND_CTX_new()\fR returns either the newly allocated +\&\fB\s-1EVP_RAND_CTX\s0\fR structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fBEVP_RAND_CTX_free()\fR does not return a value. +.PP +\&\fBEVP_RAND_nonce()\fR returns the length of the nonce. +.PP +\&\fBEVP_RAND_get_strength()\fR returns the strength of the random number generator +in bits. +.PP +\&\fBEVP_RAND_gettable_params()\fR, \fBEVP_RAND_gettable_ctx_params()\fR and +\&\fBEVP_RAND_settable_ctx_params()\fR return an array of OSSL_PARAMs. +.PP +\&\fBEVP_RAND_verify_zeroization()\fR returns 1 if the internal \s-1DRBG\s0 state is +currently zeroed, and 0 if not. +.PP +The remaining functions return 1 for success and 0 or a negative value for +failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_bytes\fR\|(3), +\&\s-1\fBEVP_RAND\-CTR\-DRBG\s0\fR\|(7), +\&\s-1\fBEVP_RAND\-HASH\-DRBG\s0\fR\|(7), +\&\s-1\fBEVP_RAND\-HMAC\-DRBG\s0\fR\|(7), +\&\s-1\fBEVP_RAND\-TEST\-RAND\s0\fR\|(7), +\&\fBprovider\-rand\fR\|(7), +\&\fBlife_cycle\-rand\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +This functionality was added to OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_SIGNATURE.3 b/secure/lib/libcrypto/man/man3/EVP_SIGNATURE.3 new file mode 100644 index 000000000000..424120e08668 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_SIGNATURE.3 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SIGNATURE 3ossl" +.TH EVP_SIGNATURE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_SIGNATURE, +EVP_SIGNATURE_fetch, EVP_SIGNATURE_free, EVP_SIGNATURE_up_ref, +EVP_SIGNATURE_is_a, EVP_SIGNATURE_get0_provider, +EVP_SIGNATURE_do_all_provided, EVP_SIGNATURE_names_do_all, +EVP_SIGNATURE_get0_name, EVP_SIGNATURE_get0_description, +EVP_SIGNATURE_gettable_ctx_params, EVP_SIGNATURE_settable_ctx_params +\&\- Functions to manage EVP_SIGNATURE algorithm objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& typedef struct evp_signature_st EVP_SIGNATURE; +\& +\& EVP_SIGNATURE *EVP_SIGNATURE_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, +\& const char *properties); +\& void EVP_SIGNATURE_free(EVP_SIGNATURE *signature); +\& int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature); +\& const char *EVP_SIGNATURE_get0_name(const EVP_SIGNATURE *signature); +\& int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name); +\& OSSL_PROVIDER *EVP_SIGNATURE_get0_provider(const EVP_SIGNATURE *signature); +\& void EVP_SIGNATURE_do_all_provided(OSSL_LIB_CTX *libctx, +\& void (*fn)(EVP_SIGNATURE *signature, +\& void *arg), +\& void *arg); +\& int EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature, +\& void (*fn)(const char *name, void *data), +\& void *data); +\& const char *EVP_SIGNATURE_get0_name(const EVP_SIGNATURE *signature); +\& const char *EVP_SIGNATURE_get0_description(const EVP_SIGNATURE *signature); +\& const OSSL_PARAM *EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE *sig); +\& const OSSL_PARAM *EVP_SIGNATURE_settable_ctx_params(const EVP_SIGNATURE *sig); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEVP_SIGNATURE_fetch()\fR fetches the implementation for the given +\&\fBalgorithm\fR from any provider offering it, within the criteria given +by the \fBproperties\fR. +The algorithm will be one offering functions for performing signature related +tasks such as signing and verifying. +See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further information. +.PP +The returned value must eventually be freed with \fBEVP_SIGNATURE_free()\fR. +.PP +\&\fBEVP_SIGNATURE_free()\fR decrements the reference count for the \fB\s-1EVP_SIGNATURE\s0\fR +structure. Typically this structure will have been obtained from an earlier call +to \fBEVP_SIGNATURE_fetch()\fR. If the reference count drops to 0 then the +structure is freed. +.PP +\&\fBEVP_SIGNATURE_up_ref()\fR increments the reference count for an \fB\s-1EVP_SIGNATURE\s0\fR +structure. +.PP +\&\fBEVP_SIGNATURE_is_a()\fR returns 1 if \fIsignature\fR is an implementation of an +algorithm that's identifiable with \fIname\fR, otherwise 0. +.PP +\&\fBEVP_SIGNATURE_get0_provider()\fR returns the provider that \fIsignature\fR was +fetched from. +.PP +\&\fBEVP_SIGNATURE_do_all_provided()\fR traverses all \s-1SIGNATURE\s0 implemented by all +activated providers in the given library context \fIlibctx\fR, and for each of the +implementations, calls the given function \fIfn\fR with the implementation method +and the given \fIarg\fR as argument. +.PP +\&\fBEVP_SIGNATURE_get0_name()\fR returns the algorithm name from the provided +implementation for the given \fIsignature\fR. Note that the \fIsignature\fR may have +multiple synonyms associated with it. In this case the first name from the +algorithm definition is returned. Ownership of the returned string is retained +by the \fIsignature\fR object and should not be freed by the caller. +.PP +\&\fBEVP_SIGNATURE_names_do_all()\fR traverses all names for \fIsignature\fR, and calls +\&\fIfn\fR with each name and \fIdata\fR. +.PP +\&\fBEVP_SIGNATURE_get0_description()\fR returns a description of the \fIsignature\fR, +meant for display and human consumption. The description is at the +discretion of the \fIsignature\fR implementation. +.PP +\&\fBEVP_SIGNATURE_gettable_ctx_params()\fR and \fBEVP_SIGNATURE_settable_ctx_params()\fR +return a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the names and types of key +parameters that can be retrieved or set by a signature algorithm using +\&\fBEVP_PKEY_CTX_get_params\fR\|(3) and \fBEVP_PKEY_CTX_set_params\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_SIGNATURE_fetch()\fR returns a pointer to an \fB\s-1EVP_SIGNATURE\s0\fR for success +or \fB\s-1NULL\s0\fR for failure. +.PP +\&\fBEVP_SIGNATURE_up_ref()\fR returns 1 for success or 0 otherwise. +.PP +\&\fBEVP_SIGNATURE_names_do_all()\fR returns 1 if the callback was called for all names. +A return value of 0 means that the callback was not called for any names. +.PP +\&\fBEVP_SIGNATURE_gettable_ctx_params()\fR and \fBEVP_SIGNATURE_settable_ctx_params()\fR +return a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array or \s-1NULL\s0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7), \s-1\fBOSSL_PROVIDER\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_SealInit.3 b/secure/lib/libcrypto/man/man3/EVP_SealInit.3 index 679a1956079b..30e72e5e74d0 100644 --- a/secure/lib/libcrypto/man/man3/EVP_SealInit.3 +++ b/secure/lib/libcrypto/man/man3/EVP_SealInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_SEALINIT 3" -.TH EVP_SEALINIT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_SEALINIT 3ossl" +.TH EVP_SEALINIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -166,13 +164,13 @@ using one or more public keys, this allows the same encrypted data to be decrypted using any of the corresponding private keys. \fBek\fR is an array of buffers where the public key encrypted secret key will be written, each buffer must contain enough room for the corresponding encrypted key: that is -\&\fBek[i]\fR must have room for \fBEVP_PKEY_size(pubk[i])\fR bytes. The actual +\&\fBek[i]\fR must have room for \fBEVP_PKEY_get_size(pubk[i])\fR bytes. The actual size of each encrypted secret key is written to the array \fBekl\fR. \fBpubk\fR is an array of \fBnpubk\fR public keys. .PP The \fBiv\fR parameter is a buffer where the generated \s-1IV\s0 is written to. It must contain enough room for the corresponding cipher's \s-1IV,\s0 as determined by (for -example) EVP_CIPHER_iv_length(type). +example) EVP_CIPHER_get_iv_length(type). .PP If the cipher does not require an \s-1IV\s0 then the \fBiv\fR parameter is ignored and can be \fB\s-1NULL\s0\fR. @@ -215,9 +213,9 @@ with \fBtype\fR set to \s-1NULL.\s0 \&\s-1\fBRAND\s0\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_SignInit.3 b/secure/lib/libcrypto/man/man3/EVP_SignInit.3 index 4beef0334983..76fdea677cdf 100644 --- a/secure/lib/libcrypto/man/man3/EVP_SignInit.3 +++ b/secure/lib/libcrypto/man/man3/EVP_SignInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_SIGNINIT 3" -.TH EVP_SIGNINIT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_SIGNINIT 3ossl" +.TH EVP_SIGNINIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal \&\- EVP signing functions +EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, +EVP_SignFinal_ex, EVP_SignFinal +\&\- EVP signing functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -147,7 +147,10 @@ EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal \&\- EVP signing fu \& \& int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); \& int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); -\& int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sig, unsigned int *s, EVP_PKEY *pkey); +\& int EVP_SignFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, +\& EVP_PKEY *pkey, OSSL_LIB_CTX *libctx, const char *propq); +\& int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sig, unsigned int *s, +\& EVP_PKEY *pkey); \& \& void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); .Ve @@ -164,19 +167,24 @@ signatures. signature context \fIctx\fR. This function can be called several times on the same \fIctx\fR to include additional data. .PP -\&\fBEVP_SignFinal()\fR signs the data in \fIctx\fR using the private key \fIpkey\fR and -places the signature in \fIsig\fR. \fIsig\fR must be at least \f(CW\*(C`EVP_PKEY_size(pkey)\*(C'\fR -bytes in size. \fIs\fR is an \s-1OUT\s0 parameter, and not used as an \s-1IN\s0 parameter. +\&\fBEVP_SignFinal_ex()\fR signs the data in \fIctx\fR using the private key +\&\fIpkey\fR and places the signature in \fIsig\fR. The library context \fIlibctx\fR and +property query \fIpropq\fR are used when creating a context to use with the key +\&\fIpkey\fR. \fIsig\fR must be at least \f(CW\*(C`EVP_PKEY_get_size(pkey)\*(C'\fR bytes in size. +\&\fIs\fR is an \s-1OUT\s0 parameter, and not used as an \s-1IN\s0 parameter. The number of bytes of data written (i.e. the length of the signature) -will be written to the integer at \fIs\fR, at most \f(CW\*(C`EVP_PKEY_size(pkey)\*(C'\fR bytes -will be written. +will be written to the integer at \fIs\fR, at most \f(CW\*(C`EVP_PKEY_get_size(pkey)\*(C'\fR +bytes will be written. +.PP +\&\fBEVP_SignFinal()\fR is similar to \fBEVP_SignFinal_ex()\fR but uses default +values of \s-1NULL\s0 for the library context \fIlibctx\fR and the property query \fIpropq\fR. .PP \&\fBEVP_SignInit()\fR initializes a signing context \fIctx\fR to use the default implementation of digest \fItype\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBEVP_SignInit_ex()\fR, \fBEVP_SignUpdate()\fR and \fBEVP_SignFinal()\fR return 1 -for success and 0 for failure. +\&\fBEVP_SignInit_ex()\fR, \fBEVP_SignUpdate()\fR, \fBEVP_SignFinal_ex()\fR and +\&\fBEVP_SignFinal()\fR return 1 for success and 0 for failure. .PP The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "NOTES" @@ -185,10 +193,9 @@ The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be use preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. .PP -When signing with \s-1DSA\s0 private keys the random number generator must be seeded. -If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to -external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. -This requirement does not hold for \s-1RSA\s0 signatures. +When signing with some private key types the random number generator must +be seeded. If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails +due to external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. .PP The call to \fBEVP_SignFinal()\fR internally finalizes a copy of the digest context. This means that calls to \fBEVP_SignUpdate()\fR and \fBEVP_SignFinal()\fR can be called @@ -209,20 +216,24 @@ data have been passed through \fBEVP_SignUpdate()\fR. .PP It is not possible to change the signing parameters using these function. .PP -The previous two bugs are fixed in the newer EVP_SignDigest*() function. +The previous two bugs are fixed in the newer EVP_DigestSign*() functions. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBEVP_PKEY_size\fR\|(3), \fBEVP_PKEY_bits\fR\|(3), \fBEVP_PKEY_security_bits\fR\|(3), +\&\fBEVP_PKEY_get_size\fR\|(3), \fBEVP_PKEY_get_bits\fR\|(3), +\&\fBEVP_PKEY_get_security_bits\fR\|(3), \&\fBEVP_VerifyInit\fR\|(3), \&\fBEVP_DigestInit\fR\|(3), \&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), \&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), -\&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1) +\&\s-1\fBSHA1\s0\fR\|(3), \fBopenssl\-dgst\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The function \fBEVP_SignFinal_ex()\fR was added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_VerifyInit.3 b/secure/lib/libcrypto/man/man3/EVP_VerifyInit.3 index 66950e8013f6..d770409b8e4a 100644 --- a/secure/lib/libcrypto/man/man3/EVP_VerifyInit.3 +++ b/secure/lib/libcrypto/man/man3/EVP_VerifyInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_VERIFYINIT 3" -.TH EVP_VERIFYINIT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_VERIFYINIT 3ossl" +.TH EVP_VERIFYINIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_VerifyInit_ex, EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \&\- EVP signature verification functions +EVP_VerifyInit_ex, +EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal_ex, EVP_VerifyFinal +\&\- EVP signature verification functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -147,6 +147,9 @@ EVP_VerifyInit_ex, EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \&\- EVP si \& \& int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); \& int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); +\& int EVP_VerifyFinal_ex(EVP_MD_CTX *ctx, const unsigned char *sigbuf, +\& unsigned int siglen, EVP_PKEY *pkey, +\& OSSL_LIB_CTX *libctx, const char *propq); \& int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, unsigned int siglen, \& EVP_PKEY *pkey); \& @@ -157,26 +160,31 @@ EVP_VerifyInit_ex, EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \&\- EVP si The \s-1EVP\s0 signature verification routines are a high-level interface to digital signatures. .PP -\&\fBEVP_VerifyInit_ex()\fR sets up verification context \fBctx\fR to use digest -\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be created by calling +\&\fBEVP_VerifyInit_ex()\fR sets up verification context \fIctx\fR to use digest +\&\fItype\fR from \s-1ENGINE\s0 \fIimpl\fR. \fIctx\fR must be created by calling \&\fBEVP_MD_CTX_new()\fR before calling this function. .PP -\&\fBEVP_VerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the -verification context \fBctx\fR. This function can be called several times on the -same \fBctx\fR to include additional data. +\&\fBEVP_VerifyUpdate()\fR hashes \fIcnt\fR bytes of data at \fId\fR into the +verification context \fIctx\fR. This function can be called several times on the +same \fIctx\fR to include additional data. +.PP +\&\fBEVP_VerifyFinal_ex()\fR verifies the data in \fIctx\fR using the public key +\&\fIpkey\fR and \fIsiglen\fR bytes in \fIsigbuf\fR. +The library context \fIlibctx\fR and property query \fIpropq\fR are used when creating +a context to use with the key \fIpkey\fR. .PP -\&\fBEVP_VerifyFinal()\fR verifies the data in \fBctx\fR using the public key \fBpkey\fR -and against the \fBsiglen\fR bytes at \fBsigbuf\fR. +\&\fBEVP_VerifyFinal()\fR is similar to \fBEVP_VerifyFinal_ex()\fR but uses default +values of \s-1NULL\s0 for the library context \fIlibctx\fR and the property query \fIpropq\fR. .PP -\&\fBEVP_VerifyInit()\fR initializes verification context \fBctx\fR to use the default -implementation of digest \fBtype\fR. +\&\fBEVP_VerifyInit()\fR initializes verification context \fIctx\fR to use the default +implementation of digest \fItype\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBEVP_VerifyInit_ex()\fR and \fBEVP_VerifyUpdate()\fR return 1 for success and 0 for failure. .PP -\&\fBEVP_VerifyFinal()\fR returns 1 for a correct signature, 0 for failure and \-1 if some -other error occurred. +\&\fBEVP_VerifyFinal_ex()\fR and \fBEVP_VerifyFinal()\fR return 1 for a correct +signature, 0 for failure and a negative value if some other error occurred. .PP The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "NOTES" @@ -212,12 +220,15 @@ The previous two bugs are fixed in the newer EVP_DigestVerify*() function. \&\fBEVP_DigestInit\fR\|(3), \&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), \&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), -\&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1) +\&\s-1\fBSHA1\s0\fR\|(3), \fBopenssl\-dgst\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The function \fBEVP_VerifyFinal_ex()\fR was added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_aes.3 b/secure/lib/libcrypto/man/man3/EVP_aes_128_gcm.3 index ad7455563846..101d18726c4f 100644 --- a/secure/lib/libcrypto/man/man3/EVP_aes.3 +++ b/secure/lib/libcrypto/man/man3/EVP_aes_128_gcm.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,59 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_AES 3" -.TH EVP_AES 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_AES_128_GCM 3ossl" +.TH EVP_AES_128_GCM 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_aes_128_cbc, EVP_aes_192_cbc, EVP_aes_256_cbc, EVP_aes_128_cfb, EVP_aes_192_cfb, EVP_aes_256_cfb, EVP_aes_128_cfb1, EVP_aes_192_cfb1, EVP_aes_256_cfb1, EVP_aes_128_cfb8, EVP_aes_192_cfb8, EVP_aes_256_cfb8, EVP_aes_128_cfb128, EVP_aes_192_cfb128, EVP_aes_256_cfb128, EVP_aes_128_ctr, EVP_aes_192_ctr, EVP_aes_256_ctr, EVP_aes_128_ecb, EVP_aes_192_ecb, EVP_aes_256_ecb, EVP_aes_128_ofb, EVP_aes_192_ofb, EVP_aes_256_ofb, EVP_aes_128_cbc_hmac_sha1, EVP_aes_256_cbc_hmac_sha1, EVP_aes_128_cbc_hmac_sha256, EVP_aes_256_cbc_hmac_sha256, EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_aes_256_ccm, EVP_aes_128_gcm, EVP_aes_192_gcm, EVP_aes_256_gcm, EVP_aes_128_ocb, EVP_aes_192_ocb, EVP_aes_256_ocb, EVP_aes_128_wrap, EVP_aes_192_wrap, EVP_aes_256_wrap, EVP_aes_128_wrap_pad, EVP_aes_192_wrap_pad, EVP_aes_256_wrap_pad, EVP_aes_128_xts, EVP_aes_256_xts \&\- EVP AES cipher +EVP_aes_128_cbc, +EVP_aes_192_cbc, +EVP_aes_256_cbc, +EVP_aes_128_cfb, +EVP_aes_192_cfb, +EVP_aes_256_cfb, +EVP_aes_128_cfb1, +EVP_aes_192_cfb1, +EVP_aes_256_cfb1, +EVP_aes_128_cfb8, +EVP_aes_192_cfb8, +EVP_aes_256_cfb8, +EVP_aes_128_cfb128, +EVP_aes_192_cfb128, +EVP_aes_256_cfb128, +EVP_aes_128_ctr, +EVP_aes_192_ctr, +EVP_aes_256_ctr, +EVP_aes_128_ecb, +EVP_aes_192_ecb, +EVP_aes_256_ecb, +EVP_aes_128_ofb, +EVP_aes_192_ofb, +EVP_aes_256_ofb, +EVP_aes_128_cbc_hmac_sha1, +EVP_aes_256_cbc_hmac_sha1, +EVP_aes_128_cbc_hmac_sha256, +EVP_aes_256_cbc_hmac_sha256, +EVP_aes_128_ccm, +EVP_aes_192_ccm, +EVP_aes_256_ccm, +EVP_aes_128_gcm, +EVP_aes_192_gcm, +EVP_aes_256_gcm, +EVP_aes_128_ocb, +EVP_aes_192_ocb, +EVP_aes_256_ocb, +EVP_aes_128_wrap, +EVP_aes_192_wrap, +EVP_aes_256_wrap, +EVP_aes_128_wrap_pad, +EVP_aes_192_wrap_pad, +EVP_aes_256_wrap_pad, +EVP_aes_128_xts, +EVP_aes_256_xts +\&\- EVP AES cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -203,6 +246,12 @@ similarly with the \*(L"Decrypt\*(R" functions). .Sp The \fIiv\fR parameter to \fBEVP_EncryptInit_ex\fR\|(3) or \fBEVP_DecryptInit_ex\fR\|(3) is the \s-1XTS\s0 \*(L"tweak\*(R" value. +.SH "NOTES" +.IX Header "NOTES" +Developers should be aware of the negative performance implications of +calling these functions multiple times and should consider using +\&\fBEVP_CIPHER_fetch\fR\|(3) instead. +See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the @@ -215,9 +264,9 @@ details of the \fB\s-1EVP_CIPHER\s0\fR structure. \&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_aria.3 b/secure/lib/libcrypto/man/man3/EVP_aria_128_gcm.3 index 9080b908b6f0..e7465d37ae97 100644 --- a/secure/lib/libcrypto/man/man3/EVP_aria.3 +++ b/secure/lib/libcrypto/man/man3/EVP_aria_128_gcm.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,44 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_ARIA 3" -.TH EVP_ARIA 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_ARIA_128_GCM 3ossl" +.TH EVP_ARIA_128_GCM 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_aria_128_cbc, EVP_aria_192_cbc, EVP_aria_256_cbc, EVP_aria_128_cfb, EVP_aria_192_cfb, EVP_aria_256_cfb, EVP_aria_128_cfb1, EVP_aria_192_cfb1, EVP_aria_256_cfb1, EVP_aria_128_cfb8, EVP_aria_192_cfb8, EVP_aria_256_cfb8, EVP_aria_128_cfb128, EVP_aria_192_cfb128, EVP_aria_256_cfb128, EVP_aria_128_ctr, EVP_aria_192_ctr, EVP_aria_256_ctr, EVP_aria_128_ecb, EVP_aria_192_ecb, EVP_aria_256_ecb, EVP_aria_128_ofb, EVP_aria_192_ofb, EVP_aria_256_ofb, EVP_aria_128_ccm, EVP_aria_192_ccm, EVP_aria_256_ccm, EVP_aria_128_gcm, EVP_aria_192_gcm, EVP_aria_256_gcm, \&\- EVP ARIA cipher +EVP_aria_128_cbc, +EVP_aria_192_cbc, +EVP_aria_256_cbc, +EVP_aria_128_cfb, +EVP_aria_192_cfb, +EVP_aria_256_cfb, +EVP_aria_128_cfb1, +EVP_aria_192_cfb1, +EVP_aria_256_cfb1, +EVP_aria_128_cfb8, +EVP_aria_192_cfb8, +EVP_aria_256_cfb8, +EVP_aria_128_cfb128, +EVP_aria_192_cfb128, +EVP_aria_256_cfb128, +EVP_aria_128_ctr, +EVP_aria_192_ctr, +EVP_aria_256_ctr, +EVP_aria_128_ecb, +EVP_aria_192_ecb, +EVP_aria_256_ecb, +EVP_aria_128_ofb, +EVP_aria_192_ofb, +EVP_aria_256_ofb, +EVP_aria_128_ccm, +EVP_aria_192_ccm, +EVP_aria_256_ccm, +EVP_aria_128_gcm, +EVP_aria_192_gcm, +EVP_aria_256_gcm, +\&\- EVP ARIA cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -162,6 +190,12 @@ The \s-1ARIA\s0 encryption algorithm for \s-1EVP.\s0 \&\s-1ARIA\s0 for 128, 192 and 256 bit keys in CBC-MAC Mode (\s-1CCM\s0) and Galois Counter Mode (\s-1GCM\s0). These ciphers require additional control operations to function correctly, see the \*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3) section for details. +.SH "NOTES" +.IX Header "NOTES" +Developers should be aware of the negative performance implications of +calling these functions multiple times and should consider using +\&\fBEVP_CIPHER_fetch\fR\|(3) instead. +See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the @@ -174,9 +208,9 @@ details of the \fB\s-1EVP_CIPHER\s0\fR structure. \&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_bf_cbc.3 b/secure/lib/libcrypto/man/man3/EVP_bf_cbc.3 index bdb8670a9c1a..029b263fa6b3 100644 --- a/secure/lib/libcrypto/man/man3/EVP_bf_cbc.3 +++ b/secure/lib/libcrypto/man/man3/EVP_bf_cbc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,24 +130,29 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_BF_CBC 3" -.TH EVP_BF_CBC 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_BF_CBC 3ossl" +.TH EVP_BF_CBC 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_bf_cbc, EVP_bf_cfb, EVP_bf_cfb64, EVP_bf_ecb, EVP_bf_ofb \&\- EVP Blowfish cipher +EVP_bf_cbc, +EVP_bf_cfb, +EVP_bf_cfb64, +EVP_bf_ecb, +EVP_bf_ofb +\&\- EVP Blowfish cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> \& -\& const EVP_CIPHER *EVP_bf_cbc(void) -\& const EVP_CIPHER *EVP_bf_cfb(void) -\& const EVP_CIPHER *EVP_bf_cfb64(void) -\& const EVP_CIPHER *EVP_bf_ecb(void) -\& const EVP_CIPHER *EVP_bf_ofb(void) +\& const EVP_CIPHER *EVP_bf_cbc(void); +\& const EVP_CIPHER *EVP_bf_cfb(void); +\& const EVP_CIPHER *EVP_bf_cfb64(void); +\& const EVP_CIPHER *EVP_bf_ecb(void); +\& const EVP_CIPHER *EVP_bf_ofb(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -159,6 +162,12 @@ This is a variable key length cipher. .IP "\fBEVP_bf_cbc()\fR, \fBEVP_bf_cfb()\fR, \fBEVP_bf_cfb64()\fR, \fBEVP_bf_ecb()\fR, \fBEVP_bf_ofb()\fR" 4 .IX Item "EVP_bf_cbc(), EVP_bf_cfb(), EVP_bf_cfb64(), EVP_bf_ecb(), EVP_bf_ofb()" Blowfish encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. +.SH "NOTES" +.IX Header "NOTES" +Developers should be aware of the negative performance implications of +calling these functions multiple times and should consider using +\&\fBEVP_CIPHER_fetch\fR\|(3) instead. +See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the @@ -171,9 +180,9 @@ details of the \fB\s-1EVP_CIPHER\s0\fR structure. \&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_blake2b512.3 b/secure/lib/libcrypto/man/man3/EVP_blake2b512.3 index 12e691884c41..830a991fc596 100644 --- a/secure/lib/libcrypto/man/man3/EVP_blake2b512.3 +++ b/secure/lib/libcrypto/man/man3/EVP_blake2b512.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_BLAKE2B512 3" -.TH EVP_BLAKE2B512 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_BLAKE2B512 3ossl" +.TH EVP_BLAKE2B512 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_blake2b512, EVP_blake2s256 \&\- BLAKE2 For EVP +EVP_blake2b512, +EVP_blake2s256 +\&\- BLAKE2 For EVP .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -159,28 +159,33 @@ The BLAKE2s algorithm that produces a 256\-bit output from a given input. .IP "\fBEVP_blake2b512()\fR" 4 .IX Item "EVP_blake2b512()" The BLAKE2b algorithm that produces a 512\-bit output from a given input. +.SH "NOTES" +.IX Header "NOTES" +Developers should be aware of the negative performance implications of +calling these functions multiple times and should consider using +\&\fBEVP_MD_fetch\fR\|(3) instead. +See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. +.PP +While the BLAKE2b and BLAKE2s algorithms supports a variable length digest, +this implementation outputs a digest of a fixed length (the maximum length +supported), which is 512\-bits for BLAKE2b and 256\-bits for BLAKE2s. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +implementation of the message digest. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1RFC 7693.\s0 -.SH "NOTES" -.IX Header "NOTES" -While the BLAKE2b and BLAKE2s algorithms supports a variable length digest, -this implementation outputs a digest of a fixed length (the maximum length -supported), which is 512\-bits for BLAKE2b and 256\-bits for BLAKE2s. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), \&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_camellia.3 b/secure/lib/libcrypto/man/man3/EVP_camellia_128_ecb.3 index 933b63ebcf07..a99942a3ee75 100644 --- a/secure/lib/libcrypto/man/man3/EVP_camellia.3 +++ b/secure/lib/libcrypto/man/man3/EVP_camellia_128_ecb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,38 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_CAMELLIA 3" -.TH EVP_CAMELLIA 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_CAMELLIA_128_ECB 3ossl" +.TH EVP_CAMELLIA_128_ECB 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_camellia_128_cbc, EVP_camellia_192_cbc, EVP_camellia_256_cbc, EVP_camellia_128_cfb, EVP_camellia_192_cfb, EVP_camellia_256_cfb, EVP_camellia_128_cfb1, EVP_camellia_192_cfb1, EVP_camellia_256_cfb1, EVP_camellia_128_cfb8, EVP_camellia_192_cfb8, EVP_camellia_256_cfb8, EVP_camellia_128_cfb128, EVP_camellia_192_cfb128, EVP_camellia_256_cfb128, EVP_camellia_128_ctr, EVP_camellia_192_ctr, EVP_camellia_256_ctr, EVP_camellia_128_ecb, EVP_camellia_192_ecb, EVP_camellia_256_ecb, EVP_camellia_128_ofb, EVP_camellia_192_ofb, EVP_camellia_256_ofb \&\- EVP Camellia cipher +EVP_camellia_128_cbc, +EVP_camellia_192_cbc, +EVP_camellia_256_cbc, +EVP_camellia_128_cfb, +EVP_camellia_192_cfb, +EVP_camellia_256_cfb, +EVP_camellia_128_cfb1, +EVP_camellia_192_cfb1, +EVP_camellia_256_cfb1, +EVP_camellia_128_cfb8, +EVP_camellia_192_cfb8, +EVP_camellia_256_cfb8, +EVP_camellia_128_cfb128, +EVP_camellia_192_cfb128, +EVP_camellia_256_cfb128, +EVP_camellia_128_ctr, +EVP_camellia_192_ctr, +EVP_camellia_256_ctr, +EVP_camellia_128_ecb, +EVP_camellia_192_ecb, +EVP_camellia_256_ecb, +EVP_camellia_128_ofb, +EVP_camellia_192_ofb, +EVP_camellia_256_ofb +\&\- EVP Camellia cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -157,6 +179,12 @@ The Camellia encryption algorithm for \s-1EVP.\s0 .IX Item "EVP_camellia_128_cbc(), EVP_camellia_192_cbc(), EVP_camellia_256_cbc(), EVP_camellia_128_cfb(), EVP_camellia_192_cfb(), EVP_camellia_256_cfb(), EVP_camellia_128_cfb1(), EVP_camellia_192_cfb1(), EVP_camellia_256_cfb1(), EVP_camellia_128_cfb8(), EVP_camellia_192_cfb8(), EVP_camellia_256_cfb8(), EVP_camellia_128_cfb128(), EVP_camellia_192_cfb128(), EVP_camellia_256_cfb128(), EVP_camellia_128_ctr(), EVP_camellia_192_ctr(), EVP_camellia_256_ctr(), EVP_camellia_128_ecb(), EVP_camellia_192_ecb(), EVP_camellia_256_ecb(), EVP_camellia_128_ofb(), EVP_camellia_192_ofb(), EVP_camellia_256_ofb()" Camellia for 128, 192 and 256 bit keys in the following modes: \s-1CBC, CFB\s0 with 128\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR, ECB\s0 and \s-1OFB.\s0 +.SH "NOTES" +.IX Header "NOTES" +Developers should be aware of the negative performance implications of +calling these functions multiple times and should consider using +\&\fBEVP_CIPHER_fetch\fR\|(3) instead. +See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the @@ -169,9 +197,9 @@ details of the \fB\s-1EVP_CIPHER\s0\fR structure. \&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_cast5_cbc.3 b/secure/lib/libcrypto/man/man3/EVP_cast5_cbc.3 index a0c8cf7365cb..f368b5ca89ea 100644 --- a/secure/lib/libcrypto/man/man3/EVP_cast5_cbc.3 +++ b/secure/lib/libcrypto/man/man3/EVP_cast5_cbc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,24 +130,29 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_CAST5_CBC 3" -.TH EVP_CAST5_CBC 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_CAST5_CBC 3ossl" +.TH EVP_CAST5_CBC 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_cast5_cbc, EVP_cast5_cfb, EVP_cast5_cfb64, EVP_cast5_ecb, EVP_cast5_ofb \&\- EVP CAST cipher +EVP_cast5_cbc, +EVP_cast5_cfb, +EVP_cast5_cfb64, +EVP_cast5_ecb, +EVP_cast5_ofb +\&\- EVP CAST cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> \& -\& const EVP_CIPHER *EVP_cast5_cbc(void) -\& const EVP_CIPHER *EVP_cast5_cfb(void) -\& const EVP_CIPHER *EVP_cast5_cfb64(void) -\& const EVP_CIPHER *EVP_cast5_ecb(void) -\& const EVP_CIPHER *EVP_cast5_ofb(void) +\& const EVP_CIPHER *EVP_cast5_cbc(void); +\& const EVP_CIPHER *EVP_cast5_cfb(void); +\& const EVP_CIPHER *EVP_cast5_cfb64(void); +\& const EVP_CIPHER *EVP_cast5_ecb(void); +\& const EVP_CIPHER *EVP_cast5_ofb(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -159,6 +162,12 @@ This is a variable key length cipher. .IP "\fBEVP_cast5_cbc()\fR, \fBEVP_cast5_ecb()\fR, \fBEVP_cast5_cfb()\fR, \fBEVP_cast5_cfb64()\fR, \fBEVP_cast5_ofb()\fR" 4 .IX Item "EVP_cast5_cbc(), EVP_cast5_ecb(), EVP_cast5_cfb(), EVP_cast5_cfb64(), EVP_cast5_ofb()" \&\s-1CAST\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. +.SH "NOTES" +.IX Header "NOTES" +Developers should be aware of the negative performance implications of +calling these functions multiple times and should consider using +\&\fBEVP_CIPHER_fetch\fR\|(3) instead. +See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the @@ -171,9 +180,9 @@ details of the \fB\s-1EVP_CIPHER\s0\fR structure. \&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_chacha20.3 b/secure/lib/libcrypto/man/man3/EVP_chacha20.3 index 3513daa7ee13..db996e6d4422 100644 --- a/secure/lib/libcrypto/man/man3/EVP_chacha20.3 +++ b/secure/lib/libcrypto/man/man3/EVP_chacha20.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,21 +130,23 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_CHACHA20 3" -.TH EVP_CHACHA20 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_CHACHA20 3ossl" +.TH EVP_CHACHA20 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_chacha20, EVP_chacha20_poly1305 \&\- EVP ChaCha20 stream cipher +EVP_chacha20, +EVP_chacha20_poly1305 +\&\- EVP ChaCha20 stream cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> \& -\& const EVP_CIPHER *EVP_chacha20(void) -\& const EVP_CIPHER *EVP_chacha20_poly1305(void) +\& const EVP_CIPHER *EVP_chacha20(void); +\& const EVP_CIPHER *EVP_chacha20_poly1305(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -154,10 +154,10 @@ The ChaCha20 stream cipher for \s-1EVP.\s0 .IP "\fBEVP_chacha20()\fR" 4 .IX Item "EVP_chacha20()" The ChaCha20 stream cipher. The key length is 256 bits, the \s-1IV\s0 is 128 bits long. -The first 32 bits consists of a counter in little-endian order followed by a 96 +The first 64 bits consists of a counter in little-endian order followed by a 64 bit nonce. For example a nonce of: .Sp -000000000000000000000002 +0000000000000002 .Sp With an initial counter of 42 (2a in hex) would be expressed as: .Sp @@ -168,6 +168,15 @@ Authenticated encryption with ChaCha20\-Poly1305. Like \fBEVP_chacha20()\fR, the is 256 bits and the \s-1IV\s0 is 96 bits. This supports additional authenticated data (\s-1AAD\s0) and produces a 128\-bit authentication tag. See the \&\*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3) section for more information. +.SH "NOTES" +.IX Header "NOTES" +Developers should be aware of the negative performance implications of +calling these functions multiple times and should consider using +\&\fBEVP_CIPHER_fetch\fR\|(3) instead. +See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. +.PP +\&\s-1RFC 7539\s0 <https://www.rfc-editor.org/rfc/rfc7539.html#section-2.4> +uses a 32 bit counter and a 96 bit nonce for the \s-1IV.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the @@ -180,9 +189,9 @@ details of the \fB\s-1EVP_CIPHER\s0\fR structure. \&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_des.3 b/secure/lib/libcrypto/man/man3/EVP_des_cbc.3 index ae6cee4f1bc7..b81f969f5d5c 100644 --- a/secure/lib/libcrypto/man/man3/EVP_des.3 +++ b/secure/lib/libcrypto/man/man3/EVP_des_cbc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,36 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_DES 3" -.TH EVP_DES 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_DES_CBC 3ossl" +.TH EVP_DES_CBC 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_des_cbc, EVP_des_cfb, EVP_des_cfb1, EVP_des_cfb8, EVP_des_cfb64, EVP_des_ecb, EVP_des_ofb, EVP_des_ede, EVP_des_ede_cbc, EVP_des_ede_cfb, EVP_des_ede_cfb64, EVP_des_ede_ecb, EVP_des_ede_ofb, EVP_des_ede3, EVP_des_ede3_cbc, EVP_des_ede3_cfb, EVP_des_ede3_cfb1, EVP_des_ede3_cfb8, EVP_des_ede3_cfb64, EVP_des_ede3_ecb, EVP_des_ede3_ofb, EVP_des_ede3_wrap \&\- EVP DES cipher +EVP_des_cbc, +EVP_des_cfb, +EVP_des_cfb1, +EVP_des_cfb8, +EVP_des_cfb64, +EVP_des_ecb, +EVP_des_ofb, +EVP_des_ede, +EVP_des_ede_cbc, +EVP_des_ede_cfb, +EVP_des_ede_cfb64, +EVP_des_ede_ecb, +EVP_des_ede_ofb, +EVP_des_ede3, +EVP_des_ede3_cbc, +EVP_des_ede3_cfb, +EVP_des_ede3_cfb1, +EVP_des_ede3_cfb8, +EVP_des_ede3_cfb64, +EVP_des_ede3_ecb, +EVP_des_ede3_ofb, +EVP_des_ede3_wrap +\&\- EVP DES cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -157,6 +177,10 @@ The \s-1DES\s0 encryption algorithm for \s-1EVP.\s0 .IX Item "EVP_des_cbc(), EVP_des_ecb(), EVP_des_cfb(), EVP_des_cfb1(), EVP_des_cfb8(), EVP_des_cfb64(), EVP_des_ofb()" \&\s-1DES\s0 in \s-1CBC, ECB, CFB\s0 with 64\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift and \s-1OFB\s0 modes. +.Sp +None of these algorithms are provided by the OpenSSL default provider. +To use them it is necessary to load either the OpenSSL legacy provider or another +implementation. .IP "\fBEVP_des_ede()\fR, \fBEVP_des_ede_cbc()\fR, \fBEVP_des_ede_cfb()\fR, \fBEVP_des_ede_cfb64()\fR, \fBEVP_des_ede_ecb()\fR, \fBEVP_des_ede_ofb()\fR" 4 .IX Item "EVP_des_ede(), EVP_des_ede_cbc(), EVP_des_ede_cfb(), EVP_des_ede_cfb64(), EVP_des_ede_ecb(), EVP_des_ede_ofb()" Two key triple \s-1DES\s0 in \s-1ECB, CBC, CFB\s0 with 64\-bit shift and \s-1OFB\s0 modes. @@ -167,6 +191,12 @@ Three-key triple \s-1DES\s0 in \s-1ECB, CBC, CFB\s0 with 64\-bit shift, \s-1CFB\ .IP "\fBEVP_des_ede3_wrap()\fR" 4 .IX Item "EVP_des_ede3_wrap()" Triple-DES key wrap according to \s-1RFC 3217\s0 Section 3. +.SH "NOTES" +.IX Header "NOTES" +Developers should be aware of the negative performance implications of +calling these functions multiple times and should consider using +\&\fBEVP_CIPHER_fetch\fR\|(3) instead. +See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the @@ -179,9 +209,9 @@ details of the \fB\s-1EVP_CIPHER\s0\fR structure. \&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_desx_cbc.3 b/secure/lib/libcrypto/man/man3/EVP_desx_cbc.3 index 33fa16aa8e25..f954ba66a0cf 100644 --- a/secure/lib/libcrypto/man/man3/EVP_desx_cbc.3 +++ b/secure/lib/libcrypto/man/man3/EVP_desx_cbc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,20 +130,21 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_DESX_CBC 3" -.TH EVP_DESX_CBC 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_DESX_CBC 3ossl" +.TH EVP_DESX_CBC 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_desx_cbc \&\- EVP DES\-X cipher +EVP_desx_cbc +\&\- EVP DES\-X cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> \& -\& const EVP_CIPHER *EVP_desx_cbc(void) +\& const EVP_CIPHER *EVP_desx_cbc(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -155,6 +154,15 @@ All modes below use a key length of 128 bits and acts on blocks of 128\-bits. .IP "\fBEVP_desx_cbc()\fR" 4 .IX Item "EVP_desx_cbc()" The DES-X algorithm in \s-1CBC\s0 mode. +.Sp +This algorithm is not provided by the OpenSSL default provider. +To use it is necessary to load either the OpenSSL legacy provider or another +implementation. +.PP +Developers should be aware of the negative performance implications of +calling this function multiple times and should consider using +\&\fBEVP_CIPHER_fetch\fR\|(3) instead. +See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the @@ -167,9 +175,9 @@ details of the \fB\s-1EVP_CIPHER\s0\fR structure. \&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_idea_cbc.3 b/secure/lib/libcrypto/man/man3/EVP_idea_cbc.3 index 5556b76f756f..d4f8c3fb0f32 100644 --- a/secure/lib/libcrypto/man/man3/EVP_idea_cbc.3 +++ b/secure/lib/libcrypto/man/man3/EVP_idea_cbc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,24 +130,29 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_IDEA_CBC 3" -.TH EVP_IDEA_CBC 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_IDEA_CBC 3ossl" +.TH EVP_IDEA_CBC 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_idea_cbc, EVP_idea_cfb, EVP_idea_cfb64, EVP_idea_ecb, EVP_idea_ofb \&\- EVP IDEA cipher +EVP_idea_cbc, +EVP_idea_cfb, +EVP_idea_cfb64, +EVP_idea_ecb, +EVP_idea_ofb +\&\- EVP IDEA cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> \& -\& const EVP_CIPHER *EVP_idea_cbc(void) -\& const EVP_CIPHER *EVP_idea_cfb(void) -\& const EVP_CIPHER *EVP_idea_cfb64(void) -\& const EVP_CIPHER *EVP_idea_ecb(void) -\& const EVP_CIPHER *EVP_idea_ofb(void) +\& const EVP_CIPHER *EVP_idea_cbc(void); +\& const EVP_CIPHER *EVP_idea_cfb(void); +\& const EVP_CIPHER *EVP_idea_cfb64(void); +\& const EVP_CIPHER *EVP_idea_ecb(void); +\& const EVP_CIPHER *EVP_idea_ofb(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -157,6 +160,12 @@ The \s-1IDEA\s0 encryption algorithm for \s-1EVP.\s0 .IP "\fBEVP_idea_cbc()\fR, \fBEVP_idea_cfb()\fR, \fBEVP_idea_cfb64()\fR, \fBEVP_idea_ecb()\fR, \fBEVP_idea_ofb()\fR" 4 .IX Item "EVP_idea_cbc(), EVP_idea_cfb(), EVP_idea_cfb64(), EVP_idea_ecb(), EVP_idea_ofb()" The \s-1IDEA\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. +.SH "NOTES" +.IX Header "NOTES" +Developers should be aware of the negative performance implications of +calling these functions multiple times and should consider using +\&\fBEVP_CIPHER_fetch\fR\|(3) instead. +See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the @@ -169,9 +178,9 @@ details of the \fB\s-1EVP_CIPHER\s0\fR structure. \&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_md2.3 b/secure/lib/libcrypto/man/man3/EVP_md2.3 index 7ad9929b05e2..49e7a69e1b06 100644 --- a/secure/lib/libcrypto/man/man3/EVP_md2.3 +++ b/secure/lib/libcrypto/man/man3/EVP_md2.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_MD2 3" -.TH EVP_MD2 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_MD2 3ossl" +.TH EVP_MD2 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_md2 \&\- MD2 For EVP +EVP_md2 +\&\- MD2 For EVP .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -150,14 +149,20 @@ EVP_md2 \&\- MD2 For EVP .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\s-1MD2\s0 is a cryptographic hash function standardized in \s-1RFC 1319\s0 and designed by -Ronald Rivest. +Ronald Rivest. This implementation is only available with the legacy provider. .IP "\fBEVP_md2()\fR" 4 .IX Item "EVP_md2()" The \s-1MD2\s0 algorithm which produces a 128\-bit output from a given input. +.SH "NOTES" +.IX Header "NOTES" +Developers should be aware of the negative performance implications of +calling this function multiple times and should consider using +\&\fBEVP_MD_fetch\fR\|(3) instead. +See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +implementation of the message digest. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" @@ -165,12 +170,13 @@ details of the \fB\s-1EVP_MD\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), +\&\fBprovider\fR\|(7), \&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_md4.3 b/secure/lib/libcrypto/man/man3/EVP_md4.3 index d9716f650499..01ea0bb0f398 100644 --- a/secure/lib/libcrypto/man/man3/EVP_md4.3 +++ b/secure/lib/libcrypto/man/man3/EVP_md4.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_MD4 3" -.TH EVP_MD4 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_MD4 3ossl" +.TH EVP_MD4 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_md4 \&\- MD4 For EVP +EVP_md4 +\&\- MD4 For EVP .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -150,14 +149,21 @@ EVP_md4 \&\- MD4 For EVP .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\s-1MD4\s0 is a cryptographic hash function standardized in \s-1RFC 1320\s0 and designed by -Ronald Rivest, first published in 1990. +Ronald Rivest, first published in 1990. This implementation is only available +with the legacy provider. .IP "\fBEVP_md4()\fR" 4 .IX Item "EVP_md4()" The \s-1MD4\s0 algorithm which produces a 128\-bit output from a given input. +.SH "NOTES" +.IX Header "NOTES" +Developers should be aware of the negative performance implications of +calling this function multiple times and should consider using +\&\fBEVP_MD_fetch\fR\|(3) instead. +See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +implementation of the message digest. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" @@ -165,12 +171,13 @@ details of the \fB\s-1EVP_MD\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), +\&\fBprovider\fR\|(7), \&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_md5.3 b/secure/lib/libcrypto/man/man3/EVP_md5.3 index f3b4a0e061ac..f697683cfaaf 100644 --- a/secure/lib/libcrypto/man/man3/EVP_md5.3 +++ b/secure/lib/libcrypto/man/man3/EVP_md5.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_MD5 3" -.TH EVP_MD5 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_MD5 3ossl" +.TH EVP_MD5 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_md5, EVP_md5_sha1 \&\- MD5 For EVP +EVP_md5, +EVP_md5_sha1 +\&\- MD5 For EVP .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -164,10 +164,16 @@ A hash algorithm of \s-1SSL\s0 v3 that combines \s-1MD5\s0 with \s-1SHA\-1\s0 as 6101.\s0 .Sp \&\s-1WARNING:\s0 this algorithm is not intended for non-SSL usage. +.SH "NOTES" +.IX Header "NOTES" +Developers should be aware of the negative performance implications of +calling these functions multiple times and should consider using +\&\fBEVP_MD_fetch\fR\|(3) instead. +See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +implementation of the message digest. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" @@ -178,9 +184,9 @@ details of the \fB\s-1EVP_MD\s0\fR structure. \&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_mdc2.3 b/secure/lib/libcrypto/man/man3/EVP_mdc2.3 index e177ce4c0152..d8b657cc4783 100644 --- a/secure/lib/libcrypto/man/man3/EVP_mdc2.3 +++ b/secure/lib/libcrypto/man/man3/EVP_mdc2.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_MDC2 3" -.TH EVP_MDC2 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_MDC2 3ossl" +.TH EVP_MDC2 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_mdc2 \&\- MDC\-2 For EVP +EVP_mdc2 +\&\- MDC\-2 For EVP .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -150,15 +149,22 @@ EVP_mdc2 \&\- MDC\-2 For EVP .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\s-1MDC\-2\s0 (Modification Detection Code 2 or Meyer-Schilling) is a cryptographic -hash function based on a block cipher. +hash function based on a block cipher. This implementation is only available +with the legacy provider. .IP "\fBEVP_mdc2()\fR" 4 .IX Item "EVP_mdc2()" The \s-1MDC\-2DES\s0 algorithm of using \s-1MDC\-2\s0 with the \s-1DES\s0 block cipher. It produces a 128\-bit output from a given input. +.SH "NOTES" +.IX Header "NOTES" +Developers should be aware of the negative performance implications of +calling this function multiple times and should consider using +\&\fBEVP_MD_fetch\fR\|(3) instead. +See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +implementation of the message digest. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" @@ -166,12 +172,13 @@ details of the \fB\s-1EVP_MD\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), +\&\fBprovider\fR\|(7), \&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_rc2_cbc.3 b/secure/lib/libcrypto/man/man3/EVP_rc2_cbc.3 index fb2645808ea1..f98b84035be5 100644 --- a/secure/lib/libcrypto/man/man3/EVP_rc2_cbc.3 +++ b/secure/lib/libcrypto/man/man3/EVP_rc2_cbc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,26 +130,33 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_RC2_CBC 3" -.TH EVP_RC2_CBC 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_RC2_CBC 3ossl" +.TH EVP_RC2_CBC 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_rc2_cbc, EVP_rc2_cfb, EVP_rc2_cfb64, EVP_rc2_ecb, EVP_rc2_ofb, EVP_rc2_40_cbc, EVP_rc2_64_cbc \&\- EVP RC2 cipher +EVP_rc2_cbc, +EVP_rc2_cfb, +EVP_rc2_cfb64, +EVP_rc2_ecb, +EVP_rc2_ofb, +EVP_rc2_40_cbc, +EVP_rc2_64_cbc +\&\- EVP RC2 cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> \& -\& const EVP_CIPHER *EVP_rc2_cbc(void) -\& const EVP_CIPHER *EVP_rc2_cfb(void) -\& const EVP_CIPHER *EVP_rc2_cfb64(void) -\& const EVP_CIPHER *EVP_rc2_ecb(void) -\& const EVP_CIPHER *EVP_rc2_ofb(void) -\& const EVP_CIPHER *EVP_rc2_40_cbc(void) -\& const EVP_CIPHER *EVP_rc2_64_cbc(void) +\& const EVP_CIPHER *EVP_rc2_cbc(void); +\& const EVP_CIPHER *EVP_rc2_cfb(void); +\& const EVP_CIPHER *EVP_rc2_cfb64(void); +\& const EVP_CIPHER *EVP_rc2_ecb(void); +\& const EVP_CIPHER *EVP_rc2_ofb(void); +\& const EVP_CIPHER *EVP_rc2_40_cbc(void); +\& const EVP_CIPHER *EVP_rc2_64_cbc(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -169,6 +174,12 @@ bits\*(R" or \*(L"effective key length\*(R". By default both are set to 128 bits \&\s-1WARNING:\s0 these functions are obsolete. Their usage should be replaced with the \&\fBEVP_rc2_cbc()\fR, \fBEVP_CIPHER_CTX_set_key_length()\fR and \fBEVP_CIPHER_CTX_ctrl()\fR functions to set the key length and effective key length. +.SH "NOTES" +.IX Header "NOTES" +Developers should be aware of the negative performance implications of +calling these functions multiple times and should consider using +\&\fBEVP_CIPHER_fetch\fR\|(3) instead. +See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the @@ -181,9 +192,9 @@ details of the \fB\s-1EVP_CIPHER\s0\fR structure. \&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_rc4.3 b/secure/lib/libcrypto/man/man3/EVP_rc4.3 index 12830dd30c38..1e5bc73f49ec 100644 --- a/secure/lib/libcrypto/man/man3/EVP_rc4.3 +++ b/secure/lib/libcrypto/man/man3/EVP_rc4.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,22 +130,25 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_RC4 3" -.TH EVP_RC4 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_RC4 3ossl" +.TH EVP_RC4 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_rc4, EVP_rc4_40, EVP_rc4_hmac_md5 \&\- EVP RC4 stream cipher +EVP_rc4, +EVP_rc4_40, +EVP_rc4_hmac_md5 +\&\- EVP RC4 stream cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> \& -\& const EVP_CIPHER *EVP_rc4(void) -\& const EVP_CIPHER *EVP_rc4_40(void) -\& const EVP_CIPHER *EVP_rc4_hmac_md5(void) +\& const EVP_CIPHER *EVP_rc4(void); +\& const EVP_CIPHER *EVP_rc4_40(void); +\& const EVP_CIPHER *EVP_rc4_hmac_md5(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -169,6 +170,12 @@ Authenticated encryption with the \s-1RC4\s0 stream cipher with \s-1MD5\s0 as \s \&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP AEAD\s0 interface. +.SH "NOTES" +.IX Header "NOTES" +Developers should be aware of the negative performance implications of +calling these functions multiple times and should consider using +\&\fBEVP_CIPHER_fetch\fR\|(3) instead. +See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the @@ -181,9 +188,9 @@ details of the \fB\s-1EVP_CIPHER\s0\fR structure. \&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_rc5_32_12_16_cbc.3 b/secure/lib/libcrypto/man/man3/EVP_rc5_32_12_16_cbc.3 index b71657f41ac6..e5959e4af34e 100644 --- a/secure/lib/libcrypto/man/man3/EVP_rc5_32_12_16_cbc.3 +++ b/secure/lib/libcrypto/man/man3/EVP_rc5_32_12_16_cbc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,24 +130,29 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_RC5_32_12_16_CBC 3" -.TH EVP_RC5_32_12_16_CBC 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_RC5_32_12_16_CBC 3ossl" +.TH EVP_RC5_32_12_16_CBC 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_rc5_32_12_16_cbc, EVP_rc5_32_12_16_cfb, EVP_rc5_32_12_16_cfb64, EVP_rc5_32_12_16_ecb, EVP_rc5_32_12_16_ofb \&\- EVP RC5 cipher +EVP_rc5_32_12_16_cbc, +EVP_rc5_32_12_16_cfb, +EVP_rc5_32_12_16_cfb64, +EVP_rc5_32_12_16_ecb, +EVP_rc5_32_12_16_ofb +\&\- EVP RC5 cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> \& -\& const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void) -\& const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) -\& const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void) -\& const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void) -\& const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void) +\& const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); +\& const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); +\& const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void); +\& const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); +\& const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -176,6 +179,12 @@ is an int. .RE .RS 4 .RE +.SH "NOTES" +.IX Header "NOTES" +Developers should be aware of the negative performance implications of +calling these functions multiple times and should consider using +\&\fBEVP_CIPHER_fetch\fR\|(3) instead. +See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the @@ -188,9 +197,9 @@ details of the \fB\s-1EVP_CIPHER\s0\fR structure. \&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_ripemd160.3 b/secure/lib/libcrypto/man/man3/EVP_ripemd160.3 index 8b687436932f..d94953cc5209 100644 --- a/secure/lib/libcrypto/man/man3/EVP_ripemd160.3 +++ b/secure/lib/libcrypto/man/man3/EVP_ripemd160.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_RIPEMD160 3" -.TH EVP_RIPEMD160 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_RIPEMD160 3ossl" +.TH EVP_RIPEMD160 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_ripemd160 \&\- RIPEMD160 For EVP +EVP_ripemd160 +\&\- RIPEMD160 For EVP .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -151,13 +150,20 @@ EVP_ripemd160 \&\- RIPEMD160 For EVP .IX Header "DESCRIPTION" \&\s-1RIPEMD\-160\s0 is a cryptographic hash function first published in 1996 belonging to the \s-1RIPEMD\s0 family (\s-1RACE\s0 Integrity Primitives Evaluation Message Digest). +This implementation is only available with the legacy provider. .IP "\fBEVP_ripemd160()\fR" 4 .IX Item "EVP_ripemd160()" The \s-1RIPEMD\-160\s0 algorithm which produces a 160\-bit output from a given input. +.SH "NOTES" +.IX Header "NOTES" +Developers should be aware of the negative performance implications of +calling this function multiple times and should consider using +\&\fBEVP_MD_fetch\fR\|(3) instead. +See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +implementation of the message digest. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" @@ -165,12 +171,13 @@ details of the \fB\s-1EVP_MD\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), +\&\fBprovider\fR\|(7), \&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_seed_cbc.3 b/secure/lib/libcrypto/man/man3/EVP_seed_cbc.3 index 4166f663380b..e63a36f2a978 100644 --- a/secure/lib/libcrypto/man/man3/EVP_seed_cbc.3 +++ b/secure/lib/libcrypto/man/man3/EVP_seed_cbc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,24 +130,29 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_SEED_CBC 3" -.TH EVP_SEED_CBC 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_SEED_CBC 3ossl" +.TH EVP_SEED_CBC 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_seed_cbc, EVP_seed_cfb, EVP_seed_cfb128, EVP_seed_ecb, EVP_seed_ofb \&\- EVP SEED cipher +EVP_seed_cbc, +EVP_seed_cfb, +EVP_seed_cfb128, +EVP_seed_ecb, +EVP_seed_ofb +\&\- EVP SEED cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> \& -\& const EVP_CIPHER *EVP_seed_cbc(void) -\& const EVP_CIPHER *EVP_seed_cfb(void) -\& const EVP_CIPHER *EVP_seed_cfb128(void) -\& const EVP_CIPHER *EVP_seed_ecb(void) -\& const EVP_CIPHER *EVP_seed_ofb(void) +\& const EVP_CIPHER *EVP_seed_cbc(void); +\& const EVP_CIPHER *EVP_seed_cfb(void); +\& const EVP_CIPHER *EVP_seed_cfb128(void); +\& const EVP_CIPHER *EVP_seed_ecb(void); +\& const EVP_CIPHER *EVP_seed_ofb(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -159,6 +162,12 @@ All modes below use a key length of 128 bits and acts on blocks of 128\-bits. .IP "\fBEVP_seed_cbc()\fR, \fBEVP_seed_cfb()\fR, \fBEVP_seed_cfb128()\fR, \fBEVP_seed_ecb()\fR, \fBEVP_seed_ofb()\fR" 4 .IX Item "EVP_seed_cbc(), EVP_seed_cfb(), EVP_seed_cfb128(), EVP_seed_ecb(), EVP_seed_ofb()" The \s-1SEED\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. +.SH "NOTES" +.IX Header "NOTES" +Developers should be aware of the negative performance implications of +calling these functions multiple times and should consider using +\&\fBEVP_CIPHER_fetch\fR\|(3) instead. +See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the @@ -171,9 +180,9 @@ details of the \fB\s-1EVP_CIPHER\s0\fR structure. \&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_set_default_properties.3 b/secure/lib/libcrypto/man/man3/EVP_set_default_properties.3 new file mode 100644 index 000000000000..fd412b94f801 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_set_default_properties.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SET_DEFAULT_PROPERTIES 3ossl" +.TH EVP_SET_DEFAULT_PROPERTIES 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_set_default_properties, EVP_default_properties_enable_fips, +EVP_default_properties_is_fips_enabled +\&\- Set default properties for future algorithm fetches +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& int EVP_set_default_properties(OSSL_LIB_CTX *libctx, const char *propq); +\& int EVP_default_properties_enable_fips(OSSL_LIB_CTX *libctx, int enable); +\& int EVP_default_properties_is_fips_enabled(OSSL_LIB_CTX *libctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEVP_set_default_properties()\fR sets the default properties for all +future \s-1EVP\s0 algorithm fetches, implicit as well as explicit. See +\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for information about implicit and explicit +fetching. +.PP +EVP_set_default_properties stores the properties given with the string +\&\fIpropq\fR among the \s-1EVP\s0 data that's been stored in the library context +given with \fIlibctx\fR (\s-1NULL\s0 signifies the default library context). +.PP +Any previous default property for the specified library context will +be dropped. +.PP +\&\fBEVP_default_properties_enable_fips()\fR sets the 'fips=yes' to be a default property +if \fIenable\fR is non zero, otherwise it clears 'fips' from the default property +query for the given \fIlibctx\fR. It merges the fips default property query with any +existing query strings that have been set via \fBEVP_set_default_properties()\fR. +.PP +\&\fBEVP_default_properties_is_fips_enabled()\fR indicates if 'fips=yes' is a default +property for the given \fIlibctx\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fBEVP_set_default_properties()\fR and \fBEVP_default_properties_enable_fips()\fR are not +thread safe. They are intended to be called only during the initialisation +phase of a \fIlibctx\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_set_default_properties()\fR and \fBEVP_default_properties_enable_fips()\fR return 1 +on success, or 0 on failure. An error is placed on the error stack if a +failure occurs. +.PP +\&\fBEVP_default_properties_is_fips_enabled()\fR returns 1 if the 'fips=yes' default +property is set for the given \fIlibctx\fR, otherwise it returns 0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_MD_fetch\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2022 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_sha1.3 b/secure/lib/libcrypto/man/man3/EVP_sha1.3 index f94b7dba1b0b..dd35e2b52874 100644 --- a/secure/lib/libcrypto/man/man3/EVP_sha1.3 +++ b/secure/lib/libcrypto/man/man3/EVP_sha1.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_SHA1 3" -.TH EVP_SHA1 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_SHA1 3ossl" +.TH EVP_SHA1 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_sha1 \&\- SHA\-1 For EVP +EVP_sha1 +\&\- SHA\-1 For EVP .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -155,10 +154,16 @@ Security Agency and initially published in 1995. .IP "\fBEVP_sha1()\fR" 4 .IX Item "EVP_sha1()" The \s-1SHA\-1\s0 algorithm which produces a 160\-bit output from a given input. +.SH "NOTES" +.IX Header "NOTES" +Developers should be aware of the negative performance implications of +calling this function multiple times and should consider using +\&\fBEVP_MD_fetch\fR\|(3) instead. +See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +implementation of the message digest. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" @@ -169,9 +174,9 @@ details of the \fB\s-1EVP_MD\s0\fR structure. \&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_sha224.3 b/secure/lib/libcrypto/man/man3/EVP_sha224.3 index d6f06a2c753c..f9445a7af4f7 100644 --- a/secure/lib/libcrypto/man/man3/EVP_sha224.3 +++ b/secure/lib/libcrypto/man/man3/EVP_sha224.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,20 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_SHA224 3" -.TH EVP_SHA224 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_SHA224 3ossl" +.TH EVP_SHA224 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_sha224, EVP_sha256, EVP_sha512_224, EVP_sha512_256, EVP_sha384, EVP_sha512 \&\- SHA\-2 For EVP +EVP_sha224, +EVP_sha256, +EVP_sha512_224, +EVP_sha512_256, +EVP_sha384, +EVP_sha512 +\&\- SHA\-2 For EVP .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -165,10 +169,16 @@ respectively of output from a given input. The two algorithms: \s-1SHA\-512/224\s0 and \s-1SHA512/256\s0 are truncated forms of the \&\s-1SHA\-512\s0 algorithm. They are distinct from \s-1SHA\-224\s0 and \s-1SHA\-256\s0 even though their outputs are of the same size. +.SH "NOTES" +.IX Header "NOTES" +Developers should be aware of the negative performance implications of +calling these functions multiple times and should consider using +\&\fBEVP_MD_fetch\fR\|(3) instead. +See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +implementation of the message digest. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" @@ -179,9 +189,9 @@ details of the \fB\s-1EVP_MD\s0\fR structure. \&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_sha3_224.3 b/secure/lib/libcrypto/man/man3/EVP_sha3_224.3 index 45dc4d1825b0..c22506d9d48c 100644 --- a/secure/lib/libcrypto/man/man3/EVP_sha3_224.3 +++ b/secure/lib/libcrypto/man/man3/EVP_sha3_224.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,20 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_SHA3_224 3" -.TH EVP_SHA3_224 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_SHA3_224 3ossl" +.TH EVP_SHA3_224 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_sha3_224, EVP_sha3_256, EVP_sha3_384, EVP_sha3_512, EVP_shake128, EVP_shake256 \&\- SHA\-3 For EVP +EVP_sha3_224, +EVP_sha3_256, +EVP_sha3_384, +EVP_sha3_512, +EVP_shake128, +EVP_shake256 +\&\- SHA\-3 For EVP .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -170,10 +174,16 @@ a variable hash length. .Sp Specifically, \fBEVP_shake128\fR provides an overall security of 128 bits, while \&\fBEVP_shake256\fR provides that of 256 bits. +.SH "NOTES" +.IX Header "NOTES" +Developers should be aware of the negative performance implications of +calling these functions multiple times and should consider using +\&\fBEVP_MD_fetch\fR\|(3) instead. +See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +implementation of the message digest. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" @@ -184,9 +194,9 @@ details of the \fB\s-1EVP_MD\s0\fR structure. \&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_sm3.3 b/secure/lib/libcrypto/man/man3/EVP_sm3.3 index 49fb4a4826c7..8a4c76520a07 100644 --- a/secure/lib/libcrypto/man/man3/EVP_sm3.3 +++ b/secure/lib/libcrypto/man/man3/EVP_sm3.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_SM3 3" -.TH EVP_SM3 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_SM3 3ossl" +.TH EVP_SM3 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_sm3 \&\- SM3 for EVP +EVP_sm3 +\&\- SM3 for EVP .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -154,10 +153,16 @@ EVP_sm3 \&\- SM3 for EVP .IP "\fBEVP_sm3()\fR" 4 .IX Item "EVP_sm3()" The \s-1SM3\s0 hash function. +.SH "NOTES" +.IX Header "NOTES" +Developers should be aware of the negative performance implications of +calling this function multiple times and should consider using +\&\fBEVP_MD_fetch\fR\|(3) instead. +See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +implementation of the message digest. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" @@ -168,10 +173,10 @@ details of the \fB\s-1EVP_MD\s0\fR structure. \&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. Copyright 2017 Ribose Inc. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_sm4_cbc.3 b/secure/lib/libcrypto/man/man3/EVP_sm4_cbc.3 index 6e1a84b6d060..885be7b03cc4 100644 --- a/secure/lib/libcrypto/man/man3/EVP_sm4_cbc.3 +++ b/secure/lib/libcrypto/man/man3/EVP_sm4_cbc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,20 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_SM4_CBC 3" -.TH EVP_SM4_CBC 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_SM4_CBC 3ossl" +.TH EVP_SM4_CBC 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_sm4_cbc, EVP_sm4_ecb, EVP_sm4_cfb, EVP_sm4_cfb128, EVP_sm4_ofb, EVP_sm4_ctr \&\- EVP SM4 cipher +EVP_sm4_cbc, +EVP_sm4_ecb, +EVP_sm4_cfb, +EVP_sm4_cfb128, +EVP_sm4_ofb, +EVP_sm4_ctr +\&\- EVP SM4 cipher .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -161,6 +165,12 @@ All modes below use a key length of 128 bits and acts on blocks of 128 bits. .IX Item "EVP_sm4_cbc(), EVP_sm4_ecb(), EVP_sm4_cfb(), EVP_sm4_cfb128(), EVP_sm4_ofb(), EVP_sm4_ctr()" The \s-1SM4\s0 blockcipher with a 128\-bit key in \s-1CBC, ECB, CFB, OFB\s0 and \s-1CTR\s0 modes respectively. +.SH "NOTES" +.IX Header "NOTES" +Developers should be aware of the negative performance implications of +calling these functions multiple times and should consider using +\&\fBEVP_CIPHER_fetch\fR\|(3) instead. +See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_CIPHER\s0\fR structure that contains the @@ -173,10 +183,10 @@ details of the \fB\s-1EVP_CIPHER\s0\fR structure. \&\fBEVP_CIPHER_meth_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. Copyright 2017 Ribose Inc. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/EVP_whirlpool.3 b/secure/lib/libcrypto/man/man3/EVP_whirlpool.3 index cafa563d7fa2..2181ad119915 100644 --- a/secure/lib/libcrypto/man/man3/EVP_whirlpool.3 +++ b/secure/lib/libcrypto/man/man3/EVP_whirlpool.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EVP_WHIRLPOOL 3" -.TH EVP_WHIRLPOOL 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "EVP_WHIRLPOOL 3ossl" +.TH EVP_WHIRLPOOL 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -EVP_whirlpool \&\- WHIRLPOOL For EVP +EVP_whirlpool +\&\- WHIRLPOOL For EVP .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -150,15 +149,22 @@ EVP_whirlpool \&\- WHIRLPOOL For EVP .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\s-1WHIRLPOOL\s0 is a cryptographic hash function standardized in \s-1ISO/IEC 10118\-3:2004\s0 -designed by Vincent Rijmen and Paulo S. L. M. Barreto. +designed by Vincent Rijmen and Paulo S. L. M. Barreto. This implementation is +only available with the legacy provider. .IP "\fBEVP_whirlpool()\fR" 4 .IX Item "EVP_whirlpool()" The \s-1WHIRLPOOL\s0 algorithm that produces a message digest of 512\-bits from a given input. +.SH "NOTES" +.IX Header "NOTES" +Developers should be aware of the negative performance implications of +calling this function multiple times and should consider using +\&\fBEVP_MD_fetch\fR\|(3) instead. +See \*(L"Performance\*(R" in \fBcrypto\fR\|(7) for further information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +implementation of the message digest. See \fBEVP_MD_meth_new\fR\|(3) for details of the \fB\s-1EVP_MD\s0\fR structure. .SH "CONFORMING TO" .IX Header "CONFORMING TO" @@ -166,12 +172,13 @@ details of the \fB\s-1EVP_MD\s0\fR structure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBevp\fR\|(7), +\&\fBprovider\fR\|(7), \&\fBEVP_DigestInit\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/HMAC.3 b/secure/lib/libcrypto/man/man3/HMAC.3 index f066dba0e11a..15ab6c68203e 100644 --- a/secure/lib/libcrypto/man/man3/HMAC.3 +++ b/secure/lib/libcrypto/man/man3/HMAC.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,23 +130,41 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "HMAC 3" -.TH HMAC 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "HMAC 3ossl" +.TH HMAC 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -HMAC, HMAC_CTX_new, HMAC_CTX_reset, HMAC_CTX_free, HMAC_Init, HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_copy, HMAC_CTX_set_flags, HMAC_CTX_get_md, HMAC_size \&\- HMAC message authentication code +HMAC, +HMAC_CTX_new, +HMAC_CTX_reset, +HMAC_CTX_free, +HMAC_Init, +HMAC_Init_ex, +HMAC_Update, +HMAC_Final, +HMAC_CTX_copy, +HMAC_CTX_set_flags, +HMAC_CTX_get_md, +HMAC_size +\&\- HMAC message authentication code .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/hmac.h> \& -\& unsigned char *HMAC(const EVP_MD *evp_md, const void *key, -\& int key_len, const unsigned char *d, size_t n, +\& unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, +\& const unsigned char *data, size_t data_len, \& unsigned char *md, unsigned int *md_len); -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 2 \& HMAC_CTX *HMAC_CTX_new(void); \& int HMAC_CTX_reset(HMAC_CTX *ctx); \& @@ -166,13 +182,13 @@ HMAC, HMAC_CTX_new, HMAC_CTX_reset, HMAC_CTX_free, HMAC_Init, HMAC_Init_ex, HMAC \& size_t HMAC_size(const HMAC_CTX *e); .Ve .PP -Deprecated: +The following function has been deprecated since OpenSSL 1.1.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): .PP -.Vb 4 -\& #if OPENSSL_API_COMPAT < 0x10100000L +.Vb 2 \& int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, \& const EVP_MD *md); -\& #endif .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -180,23 +196,31 @@ Deprecated: function used for message authentication, which is based on a hash function. .PP -\&\s-1\fBHMAC\s0()\fR computes the message authentication code of the \fBn\fR bytes at -\&\fBd\fR using the hash function \fBevp_md\fR and the key \fBkey\fR which is -\&\fBkey_len\fR bytes long. +\&\s-1\fBHMAC\s0()\fR computes the message authentication code of the \fIdata_len\fR bytes at +\&\fIdata\fR using the hash function \fIevp_md\fR and the key \fIkey\fR which is +\&\fIkey_len\fR bytes long. The \fIkey\fR may also be \s-1NULL\s0 with \fIkey_len\fR being 0. .PP -It places the result in \fBmd\fR (which must have space for the output of +It places the result in \fImd\fR (which must have space for the output of the hash function, which is no more than \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes). -If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static array. The size of -the output is placed in \fBmd_len\fR, unless it is \fB\s-1NULL\s0\fR. Note: passing a \s-1NULL\s0 -value for \fBmd\fR to use the static array is not thread safe. +If \fImd\fR is \s-1NULL,\s0 the digest is placed in a static array. The size of +the output is placed in \fImd_len\fR, unless it is \s-1NULL.\s0 Note: passing a \s-1NULL\s0 +value for \fImd\fR to use the static array is not thread safe. .PP -\&\fBevp_md\fR is a message digest such as \fBEVP_sha1()\fR, \fBEVP_ripemd160()\fR etc. \s-1HMAC\s0 does -not support variable output length digests such as \fBEVP_shake128()\fR and +\&\fIevp_md\fR is a message digest such as \fBEVP_sha1()\fR, \fBEVP_ripemd160()\fR etc. +\&\s-1HMAC\s0 does not support variable output length digests such as \fBEVP_shake128()\fR and \&\fBEVP_shake256()\fR. .PP +\&\s-1\fBHMAC\s0()\fR uses the default \fB\s-1OSSL_LIB_CTX\s0\fR. +Use \fBEVP_Q_mac\fR\|(3) instead if a library context is required. +.PP +All of the functions described below are deprecated. +Applications should instead use \fBEVP_MAC_CTX_new\fR\|(3), \fBEVP_MAC_CTX_free\fR\|(3), +\&\fBEVP_MAC_init\fR\|(3), \fBEVP_MAC_update\fR\|(3) and \fBEVP_MAC_final\fR\|(3) +or the 'quick' single-shot \s-1MAC\s0 function \fBEVP_Q_mac\fR\|(3). +.PP \&\fBHMAC_CTX_new()\fR creates a new \s-1HMAC_CTX\s0 in heap memory. .PP -\&\fBHMAC_CTX_reset()\fR zeros an existing \fB\s-1HMAC_CTX\s0\fR and associated +\&\fBHMAC_CTX_reset()\fR clears an existing \fB\s-1HMAC_CTX\s0\fR and associated resources, making it suitable for new computations as if it was newly created with \fBHMAC_CTX_new()\fR. .PP @@ -208,27 +232,27 @@ The following functions may be used if the message is not completely stored in memory: .PP \&\fBHMAC_Init_ex()\fR initializes or reuses a \fB\s-1HMAC_CTX\s0\fR structure to use the hash -function \fBevp_md\fR and key \fBkey\fR. If both are \s-1NULL,\s0 or if \fBkey\fR is \s-1NULL\s0 -and \fBevp_md\fR is the same as the previous call, then the +function \fIevp_md\fR and key \fIkey\fR. If both are \s-1NULL,\s0 or if \fIkey\fR is \s-1NULL\s0 +and \fIevp_md\fR is the same as the previous call, then the existing key is -reused. \fBctx\fR must have been created with \fBHMAC_CTX_new()\fR before the first use +reused. \fIctx\fR must have been created with \fBHMAC_CTX_new()\fR before the first use of an \fB\s-1HMAC_CTX\s0\fR in this function. .PP -If \fBHMAC_Init_ex()\fR is called with \fBkey\fR \s-1NULL\s0 and \fBevp_md\fR is not the -same as the previous digest used by \fBctx\fR then an error is returned +If \fBHMAC_Init_ex()\fR is called with \fIkey\fR \s-1NULL\s0 and \fIevp_md\fR is not the +same as the previous digest used by \fIctx\fR then an error is returned because reuse of an existing key with a different digest is not supported. .PP \&\fBHMAC_Init()\fR initializes a \fB\s-1HMAC_CTX\s0\fR structure to use the hash -function \fBevp_md\fR and the key \fBkey\fR which is \fBkey_len\fR bytes +function \fIevp_md\fR and the key \fIkey\fR which is \fIkey_len\fR bytes long. .PP \&\fBHMAC_Update()\fR can be called repeatedly with chunks of the message to -be authenticated (\fBlen\fR bytes at \fBdata\fR). +be authenticated (\fIlen\fR bytes at \fIdata\fR). .PP -\&\fBHMAC_Final()\fR places the message authentication code in \fBmd\fR, which +\&\fBHMAC_Final()\fR places the message authentication code in \fImd\fR, which must have space for the hash function output. .PP -\&\fBHMAC_CTX_copy()\fR copies all of the internal state from \fBsctx\fR into \fBdctx\fR. +\&\fBHMAC_CTX_copy()\fR copies all of the internal state from \fIsctx\fR into \fIdctx\fR. .PP \&\fBHMAC_CTX_set_flags()\fR applies the specified flags to the internal EVP_MD_CTXs. These flags have the same meaning as for \fBEVP_MD_CTX_set_flags\fR\|(3). @@ -243,7 +267,7 @@ supplied \s-1HMAC_CTX.\s0 an error occurred. .PP \&\fBHMAC_CTX_new()\fR returns a pointer to a new \fB\s-1HMAC_CTX\s0\fR on success or -\&\fB\s-1NULL\s0\fR if an error occurred. +\&\s-1NULL\s0 if an error occurred. .PP \&\fBHMAC_CTX_reset()\fR, \fBHMAC_Init_ex()\fR, \fBHMAC_Update()\fR, \fBHMAC_Final()\fR and \&\fBHMAC_CTX_copy()\fR return 1 for success or 0 if an error occurred. @@ -258,9 +282,11 @@ or zero on error. \&\s-1RFC 2104\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\s-1\fBSHA1\s0\fR\|(3), \fBevp\fR\|(7) +\&\s-1\fBSHA1\s0\fR\|(3), \fBEVP_Q_mac\fR\|(3), \fBevp\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" +All functions except for \s-1\fBHMAC\s0()\fR were deprecated in OpenSSL 3.0. +.PP \&\fBHMAC_CTX_init()\fR was replaced with \fBHMAC_CTX_reset()\fR in OpenSSL 1.1.0. .PP \&\fBHMAC_CTX_cleanup()\fR existed in OpenSSL before version 1.1.0. @@ -271,9 +297,9 @@ or zero on error. OpenSSL before version 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/MD5.3 b/secure/lib/libcrypto/man/man3/MD5.3 index f18001b707b9..cdf581142d5a 100644 --- a/secure/lib/libcrypto/man/man3/MD5.3 +++ b/secure/lib/libcrypto/man/man3/MD5.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,26 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "MD5 3" -.TH MD5 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "MD5 3ossl" +.TH MD5 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update, MD4_Final, MD5_Init, MD5_Update, MD5_Final \- MD2, MD4, and MD5 hash functions +MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update, +MD4_Final, MD5_Init, MD5_Update, MD5_Final \- MD2, MD4, and MD5 hash functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/md2.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 \& unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md); \& \& int MD2_Init(MD2_CTX *c); @@ -153,7 +158,13 @@ MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update, MD4_Final, \& \& \& #include <openssl/md4.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 \& unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md); \& \& int MD4_Init(MD4_CTX *c); @@ -162,7 +173,13 @@ MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update, MD4_Final, \& \& \& #include <openssl/md5.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 \& unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md); \& \& int MD5_Init(MD5_CTX *c); @@ -171,6 +188,10 @@ MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update, MD4_Final, .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fBEVP_DigestInit_ex\fR\|(3), \fBEVP_DigestUpdate\fR\|(3) +and \fBEVP_DigestFinal_ex\fR\|(3). +.PP \&\s-1MD2, MD4,\s0 and \s-1MD5\s0 are cryptographic hash functions with a 128 bit output. .PP \&\s-1\fBMD2\s0()\fR, \s-1\fBMD4\s0()\fR, and \s-1\fBMD5\s0()\fR compute the \s-1MD2, MD4,\s0 and \s-1MD5\s0 message digest @@ -199,8 +220,8 @@ etc. instead of calling the hash functions directly. .SH "NOTE" .IX Header "NOTE" \&\s-1MD2, MD4,\s0 and \s-1MD5\s0 are recommended only for compatibility with existing -applications. In new applications, \s-1SHA\-1\s0 or \s-1RIPEMD\-160\s0 should be -preferred. +applications. In new applications, hashes from the \s-1SHA\-2\s0 or \s-1SHA\-3\s0 family +should be preferred. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\s-1\fBMD2\s0()\fR, \s-1\fBMD4\s0()\fR, and \s-1\fBMD5\s0()\fR return pointers to the hash value. @@ -213,12 +234,15 @@ success, 0 otherwise. \&\s-1RFC 1319, RFC 1320, RFC 1321\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBEVP_DigestInit\fR\|(3) +\&\fBEVP_DigestInit\fR\|(3), \s-1\fBEVP_MD\-SHA2\s0\fR\|(7), \s-1\fBEVP_MD\-SHA3\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/MDC2_Init.3 b/secure/lib/libcrypto/man/man3/MDC2_Init.3 index 825b66df0506..7eea4cf29a48 100644 --- a/secure/lib/libcrypto/man/man3/MDC2_Init.3 +++ b/secure/lib/libcrypto/man/man3/MDC2_Init.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "MDC2_INIT 3" -.TH MDC2_INIT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "MDC2_INIT 3ossl" +.TH MDC2_INIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,7 +142,13 @@ MDC2, MDC2_Init, MDC2_Update, MDC2_Final \- MDC2 hash function .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/mdc2.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 2 \& unsigned char *MDC2(const unsigned char *d, unsigned long n, \& unsigned char *md); \& @@ -155,6 +159,10 @@ MDC2, MDC2_Init, MDC2_Update, MDC2_Final \- MDC2 hash function .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fBEVP_DigestInit_ex\fR\|(3), \fBEVP_DigestUpdate\fR\|(3) +and \fBEVP_DigestFinal_ex\fR\|(3). +.PP \&\s-1MDC2\s0 is a method to construct hash functions with 128 bit output from block ciphers. These functions are an implementation of \s-1MDC2\s0 with \&\s-1DES.\s0 @@ -189,11 +197,14 @@ hash functions directly. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_DigestInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/Makefile b/secure/lib/libcrypto/man/man3/Makefile index 2dde7ceb9b8f..dfac5d5c5545 100644 --- a/secure/lib/libcrypto/man/man3/Makefile +++ b/secure/lib/libcrypto/man/man3/Makefile @@ -1,6 +1,7 @@ -# $FreeBSD$ MAN+= ADMISSIONS.3 +MAN+= ASN1_EXTERN_FUNCS.3 MAN+= ASN1_INTEGER_get_int64.3 +MAN+= ASN1_INTEGER_new.3 MAN+= ASN1_ITEM_lookup.3 MAN+= ASN1_OBJECT_new.3 MAN+= ASN1_STRING_TABLE_add.3 @@ -9,7 +10,11 @@ MAN+= ASN1_STRING_new.3 MAN+= ASN1_STRING_print_ex.3 MAN+= ASN1_TIME_set.3 MAN+= ASN1_TYPE_get.3 +MAN+= ASN1_aux_cb.3 MAN+= ASN1_generate_nconf.3 +MAN+= ASN1_item_d2i_bio.3 +MAN+= ASN1_item_new.3 +MAN+= ASN1_item_sign.3 MAN+= ASYNC_WAIT_CTX_new.3 MAN+= ASYNC_start_job.3 MAN+= BF_encrypt.3 @@ -22,6 +27,8 @@ MAN+= BIO_f_buffer.3 MAN+= BIO_f_cipher.3 MAN+= BIO_f_md.3 MAN+= BIO_f_null.3 +MAN+= BIO_f_prefix.3 +MAN+= BIO_f_readbuffer.3 MAN+= BIO_f_ssl.3 MAN+= BIO_find_type.3 MAN+= BIO_get_data.3 @@ -36,6 +43,8 @@ MAN+= BIO_read.3 MAN+= BIO_s_accept.3 MAN+= BIO_s_bio.3 MAN+= BIO_s_connect.3 +MAN+= BIO_s_core.3 +MAN+= BIO_s_datagram.3 MAN+= BIO_s_fd.3 MAN+= BIO_s_file.3 MAN+= BIO_s_mem.3 @@ -43,6 +52,7 @@ MAN+= BIO_s_null.3 MAN+= BIO_s_socket.3 MAN+= BIO_set_callback.3 MAN+= BIO_should_retry.3 +MAN+= BIO_socket_wait.3 MAN+= BN_BLINDING_new.3 MAN+= BN_CTX_new.3 MAN+= BN_CTX_start.3 @@ -52,6 +62,7 @@ MAN+= BN_bn2bin.3 MAN+= BN_cmp.3 MAN+= BN_copy.3 MAN+= BN_generate_prime.3 +MAN+= BN_mod_exp_mont.3 MAN+= BN_mod_inverse.3 MAN+= BN_mod_mul_montgomery.3 MAN+= BN_mod_mul_reciprocal.3 @@ -63,11 +74,16 @@ MAN+= BN_set_bit.3 MAN+= BN_swap.3 MAN+= BN_zero.3 MAN+= BUF_MEM_new.3 +MAN+= CMS_EncryptedData_decrypt.3 +MAN+= CMS_EncryptedData_encrypt.3 +MAN+= CMS_EnvelopedData_create.3 MAN+= CMS_add0_cert.3 MAN+= CMS_add1_recipient_cert.3 MAN+= CMS_add1_signer.3 MAN+= CMS_compress.3 +MAN+= CMS_data_create.3 MAN+= CMS_decrypt.3 +MAN+= CMS_digest_create.3 MAN+= CMS_encrypt.3 MAN+= CMS_final.3 MAN+= CMS_get0_RecipientInfos.3 @@ -114,6 +130,7 @@ MAN+= DTLS_get_data_mtu.3 MAN+= DTLS_set_timer_cb.3 MAN+= DTLSv1_listen.3 MAN+= ECDSA_SIG_new.3 +MAN+= ECDSA_sign.3 MAN+= ECPKParameters_print.3 MAN+= EC_GFp_simple_method.3 MAN+= EC_GROUP_copy.3 @@ -129,55 +146,83 @@ MAN+= ERR_error_string.3 MAN+= ERR_get_error.3 MAN+= ERR_load_crypto_strings.3 MAN+= ERR_load_strings.3 +MAN+= ERR_new.3 MAN+= ERR_print_errors.3 MAN+= ERR_put_error.3 MAN+= ERR_remove_state.3 MAN+= ERR_set_mark.3 +MAN+= EVP_ASYM_CIPHER_free.3 MAN+= EVP_BytesToKey.3 MAN+= EVP_CIPHER_CTX_get_cipher_data.3 +MAN+= EVP_CIPHER_CTX_get_original_iv.3 MAN+= EVP_CIPHER_meth_new.3 MAN+= EVP_DigestInit.3 MAN+= EVP_DigestSignInit.3 MAN+= EVP_DigestVerifyInit.3 MAN+= EVP_EncodeInit.3 MAN+= EVP_EncryptInit.3 +MAN+= EVP_KDF.3 +MAN+= EVP_KEM_free.3 +MAN+= EVP_KEYEXCH_free.3 +MAN+= EVP_KEYMGMT.3 +MAN+= EVP_MAC.3 MAN+= EVP_MD_meth_new.3 MAN+= EVP_OpenInit.3 +MAN+= EVP_PBE_CipherInit.3 +MAN+= EVP_PKEY2PKCS8.3 MAN+= EVP_PKEY_ASN1_METHOD.3 MAN+= EVP_PKEY_CTX_ctrl.3 +MAN+= EVP_PKEY_CTX_get0_libctx.3 +MAN+= EVP_PKEY_CTX_get0_pkey.3 MAN+= EVP_PKEY_CTX_new.3 MAN+= EVP_PKEY_CTX_set1_pbe_pass.3 MAN+= EVP_PKEY_CTX_set_hkdf_md.3 +MAN+= EVP_PKEY_CTX_set_params.3 MAN+= EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 MAN+= EVP_PKEY_CTX_set_scrypt_N.3 MAN+= EVP_PKEY_CTX_set_tls1_prf_md.3 MAN+= EVP_PKEY_asn1_get_count.3 -MAN+= EVP_PKEY_cmp.3 +MAN+= EVP_PKEY_check.3 +MAN+= EVP_PKEY_copy_parameters.3 +MAN+= EVP_PKEY_decapsulate.3 MAN+= EVP_PKEY_decrypt.3 MAN+= EVP_PKEY_derive.3 +MAN+= EVP_PKEY_digestsign_supports_digest.3 +MAN+= EVP_PKEY_encapsulate.3 MAN+= EVP_PKEY_encrypt.3 +MAN+= EVP_PKEY_fromdata.3 MAN+= EVP_PKEY_get_default_digest_nid.3 +MAN+= EVP_PKEY_get_field_type.3 +MAN+= EVP_PKEY_get_group_name.3 +MAN+= EVP_PKEY_get_size.3 +MAN+= EVP_PKEY_gettable_params.3 +MAN+= EVP_PKEY_is_a.3 MAN+= EVP_PKEY_keygen.3 MAN+= EVP_PKEY_meth_get_count.3 MAN+= EVP_PKEY_meth_new.3 MAN+= EVP_PKEY_new.3 MAN+= EVP_PKEY_print_private.3 MAN+= EVP_PKEY_set1_RSA.3 +MAN+= EVP_PKEY_set1_encoded_public_key.3 +MAN+= EVP_PKEY_set_type.3 +MAN+= EVP_PKEY_settable_params.3 MAN+= EVP_PKEY_sign.3 -MAN+= EVP_PKEY_size.3 +MAN+= EVP_PKEY_todata.3 MAN+= EVP_PKEY_verify.3 MAN+= EVP_PKEY_verify_recover.3 +MAN+= EVP_RAND.3 +MAN+= EVP_SIGNATURE.3 MAN+= EVP_SealInit.3 MAN+= EVP_SignInit.3 MAN+= EVP_VerifyInit.3 -MAN+= EVP_aes.3 -MAN+= EVP_aria.3 +MAN+= EVP_aes_128_gcm.3 +MAN+= EVP_aria_128_gcm.3 MAN+= EVP_bf_cbc.3 MAN+= EVP_blake2b512.3 -MAN+= EVP_camellia.3 +MAN+= EVP_camellia_128_ecb.3 MAN+= EVP_cast5_cbc.3 MAN+= EVP_chacha20.3 -MAN+= EVP_des.3 +MAN+= EVP_des_cbc.3 MAN+= EVP_desx_cbc.3 MAN+= EVP_idea_cbc.3 MAN+= EVP_md2.3 @@ -189,6 +234,7 @@ MAN+= EVP_rc4.3 MAN+= EVP_rc5_32_12_16_cbc.3 MAN+= EVP_ripemd160.3 MAN+= EVP_seed_cbc.3 +MAN+= EVP_set_default_properties.3 MAN+= EVP_sha1.3 MAN+= EVP_sha224.3 MAN+= EVP_sha3_224.3 @@ -198,6 +244,7 @@ MAN+= EVP_whirlpool.3 MAN+= HMAC.3 MAN+= MD5.3 MAN+= MDC2_Init.3 +MAN+= NCONF_new_ex.3 MAN+= OBJ_nid2obj.3 MAN+= OCSP_REQUEST_new.3 MAN+= OCSP_cert_to_id.3 @@ -206,24 +253,75 @@ MAN+= OCSP_resp_find_status.3 MAN+= OCSP_response_status.3 MAN+= OCSP_sendreq_new.3 MAN+= OPENSSL_Applink.3 +MAN+= OPENSSL_FILE.3 MAN+= OPENSSL_LH_COMPFUNC.3 MAN+= OPENSSL_LH_stats.3 -MAN+= OPENSSL_VERSION_NUMBER.3 MAN+= OPENSSL_config.3 MAN+= OPENSSL_fork_prepare.3 +MAN+= OPENSSL_gmtime.3 +MAN+= OPENSSL_hexchar2int.3 MAN+= OPENSSL_ia32cap.3 MAN+= OPENSSL_init_crypto.3 MAN+= OPENSSL_init_ssl.3 MAN+= OPENSSL_instrument_bus.3 MAN+= OPENSSL_load_builtin_modules.3 MAN+= OPENSSL_malloc.3 +MAN+= OPENSSL_s390xcap.3 MAN+= OPENSSL_secure_malloc.3 +MAN+= OPENSSL_strcasecmp.3 +MAN+= OSSL_ALGORITHM.3 +MAN+= OSSL_CALLBACK.3 +MAN+= OSSL_CMP_CTX_new.3 +MAN+= OSSL_CMP_HDR_get0_transactionID.3 +MAN+= OSSL_CMP_ITAV_set0.3 +MAN+= OSSL_CMP_MSG_get0_header.3 +MAN+= OSSL_CMP_MSG_http_perform.3 +MAN+= OSSL_CMP_SRV_CTX_new.3 +MAN+= OSSL_CMP_STATUSINFO_new.3 +MAN+= OSSL_CMP_exec_certreq.3 +MAN+= OSSL_CMP_log_open.3 +MAN+= OSSL_CMP_validate_msg.3 +MAN+= OSSL_CORE_MAKE_FUNC.3 +MAN+= OSSL_CRMF_MSG_get0_tmpl.3 +MAN+= OSSL_CRMF_MSG_set0_validity.3 +MAN+= OSSL_CRMF_MSG_set1_regCtrl_regToken.3 +MAN+= OSSL_CRMF_MSG_set1_regInfo_certReq.3 +MAN+= OSSL_CRMF_pbmp_new.3 +MAN+= OSSL_DECODER.3 +MAN+= OSSL_DECODER_CTX.3 +MAN+= OSSL_DECODER_CTX_new_for_pkey.3 +MAN+= OSSL_DECODER_from_bio.3 +MAN+= OSSL_DISPATCH.3 +MAN+= OSSL_ENCODER.3 +MAN+= OSSL_ENCODER_CTX.3 +MAN+= OSSL_ENCODER_CTX_new_for_pkey.3 +MAN+= OSSL_ENCODER_to_bio.3 +MAN+= OSSL_ESS_check_signing_certs.3 +MAN+= OSSL_HTTP_REQ_CTX.3 +MAN+= OSSL_HTTP_parse_url.3 +MAN+= OSSL_HTTP_transfer.3 +MAN+= OSSL_ITEM.3 +MAN+= OSSL_LIB_CTX.3 +MAN+= OSSL_PARAM.3 +MAN+= OSSL_PARAM_BLD.3 +MAN+= OSSL_PARAM_allocate_from_text.3 +MAN+= OSSL_PARAM_dup.3 +MAN+= OSSL_PARAM_int.3 +MAN+= OSSL_PROVIDER.3 +MAN+= OSSL_SELF_TEST_new.3 +MAN+= OSSL_SELF_TEST_set_callback.3 MAN+= OSSL_STORE_INFO.3 MAN+= OSSL_STORE_LOADER.3 MAN+= OSSL_STORE_SEARCH.3 +MAN+= OSSL_STORE_attach.3 MAN+= OSSL_STORE_expect.3 MAN+= OSSL_STORE_open.3 +MAN+= OSSL_trace_enabled.3 +MAN+= OSSL_trace_get_category_num.3 +MAN+= OSSL_trace_set_channel.3 MAN+= OpenSSL_add_all_algorithms.3 +MAN+= OpenSSL_version.3 +MAN+= PEM_X509_INFO_read_bio_ex.3 MAN+= PEM_bytes_read_bio.3 MAN+= PEM_read.3 MAN+= PEM_read_CMS.3 @@ -231,26 +329,44 @@ MAN+= PEM_read_bio_PrivateKey.3 MAN+= PEM_read_bio_ex.3 MAN+= PEM_write_bio_CMS_stream.3 MAN+= PEM_write_bio_PKCS7_stream.3 +MAN+= PKCS12_PBE_keyivgen.3 +MAN+= PKCS12_SAFEBAG_create_cert.3 +MAN+= PKCS12_SAFEBAG_get0_attrs.3 +MAN+= PKCS12_SAFEBAG_get1_cert.3 +MAN+= PKCS12_add1_attr_by_NID.3 +MAN+= PKCS12_add_CSPName_asc.3 +MAN+= PKCS12_add_cert.3 +MAN+= PKCS12_add_friendlyname_asc.3 +MAN+= PKCS12_add_localkeyid.3 +MAN+= PKCS12_add_safe.3 MAN+= PKCS12_create.3 +MAN+= PKCS12_decrypt_skey.3 +MAN+= PKCS12_gen_mac.3 +MAN+= PKCS12_get_friendlyname.3 +MAN+= PKCS12_init.3 +MAN+= PKCS12_item_decrypt_d2i.3 +MAN+= PKCS12_key_gen_utf8_ex.3 MAN+= PKCS12_newpass.3 +MAN+= PKCS12_pack_p7encdata.3 MAN+= PKCS12_parse.3 +MAN+= PKCS5_PBE_keyivgen.3 MAN+= PKCS5_PBKDF2_HMAC.3 MAN+= PKCS7_decrypt.3 MAN+= PKCS7_encrypt.3 +MAN+= PKCS7_get_octet_string.3 MAN+= PKCS7_sign.3 MAN+= PKCS7_sign_add_signer.3 +MAN+= PKCS7_type_is_other.3 MAN+= PKCS7_verify.3 -MAN+= RAND_DRBG_generate.3 -MAN+= RAND_DRBG_get0_master.3 -MAN+= RAND_DRBG_new.3 -MAN+= RAND_DRBG_reseed.3 -MAN+= RAND_DRBG_set_callbacks.3 -MAN+= RAND_DRBG_set_ex_data.3 +MAN+= PKCS8_encrypt.3 +MAN+= PKCS8_pkey_add1_attr.3 MAN+= RAND_add.3 MAN+= RAND_bytes.3 MAN+= RAND_cleanup.3 MAN+= RAND_egd.3 +MAN+= RAND_get0_primary.3 MAN+= RAND_load_file.3 +MAN+= RAND_set_DRBG_type.3 MAN+= RAND_set_rand_method.3 MAN+= RC4_set_key.3 MAN+= RIPEMD160_Init.3 @@ -272,10 +388,16 @@ MAN+= SCT_new.3 MAN+= SCT_print.3 MAN+= SCT_validate.3 MAN+= SHA256_Init.3 +MAN+= SMIME_read_ASN1.3 MAN+= SMIME_read_CMS.3 MAN+= SMIME_read_PKCS7.3 +MAN+= SMIME_write_ASN1.3 MAN+= SMIME_write_CMS.3 MAN+= SMIME_write_PKCS7.3 +MAN+= SRP_Calc_B.3 +MAN+= SRP_VBASE_new.3 +MAN+= SRP_create_verifier.3 +MAN+= SRP_user_pwd_new.3 MAN+= SSL_CIPHER_get_name.3 MAN+= SSL_COMP_add_compression_method.3 MAN+= SSL_CONF_CTX_new.3 @@ -315,7 +437,6 @@ MAN+= SSL_CTX_set_client_hello_cb.3 MAN+= SSL_CTX_set_ct_validation_callback.3 MAN+= SSL_CTX_set_ctlog_list_file.3 MAN+= SSL_CTX_set_default_passwd_cb.3 -MAN+= SSL_CTX_set_ex_data.3 MAN+= SSL_CTX_set_generate_session_id.3 MAN+= SSL_CTX_set_info_callback.3 MAN+= SSL_CTX_set_keylog_callback.3 @@ -334,6 +455,7 @@ MAN+= SSL_CTX_set_session_cache_mode.3 MAN+= SSL_CTX_set_session_id_context.3 MAN+= SSL_CTX_set_session_ticket_cb.3 MAN+= SSL_CTX_set_split_send_fragment.3 +MAN+= SSL_CTX_set_srp_password.3 MAN+= SSL_CTX_set_ssl_version.3 MAN+= SSL_CTX_set_stateless_cookie_generate_cb.3 MAN+= SSL_CTX_set_timeout.3 @@ -342,6 +464,7 @@ MAN+= SSL_CTX_set_tlsext_status_cb.3 MAN+= SSL_CTX_set_tlsext_ticket_key_cb.3 MAN+= SSL_CTX_set_tlsext_use_srtp.3 MAN+= SSL_CTX_set_tmp_dh_callback.3 +MAN+= SSL_CTX_set_tmp_ecdh.3 MAN+= SSL_CTX_set_verify.3 MAN+= SSL_CTX_use_certificate.3 MAN+= SSL_CTX_use_psk_identity_hint.3 @@ -352,7 +475,6 @@ MAN+= SSL_SESSION_get0_hostname.3 MAN+= SSL_SESSION_get0_id_context.3 MAN+= SSL_SESSION_get0_peer.3 MAN+= SSL_SESSION_get_compress_id.3 -MAN+= SSL_SESSION_get_ex_data.3 MAN+= SSL_SESSION_get_protocol_version.3 MAN+= SSL_SESSION_get_time.3 MAN+= SSL_SESSION_has_ticket.3 @@ -372,6 +494,7 @@ MAN+= SSL_free.3 MAN+= SSL_get0_peer_scts.3 MAN+= SSL_get_SSL_CTX.3 MAN+= SSL_get_all_async_fds.3 +MAN+= SSL_get_certificate.3 MAN+= SSL_get_ciphers.3 MAN+= SSL_get_client_random.3 MAN+= SSL_get_current_cipher.3 @@ -389,6 +512,7 @@ MAN+= SSL_get_session.3 MAN+= SSL_get_shared_sigalgs.3 MAN+= SSL_get_verify_result.3 MAN+= SSL_get_version.3 +MAN+= SSL_group_to_name.3 MAN+= SSL_in_init.3 MAN+= SSL_key_update.3 MAN+= SSL_library_init.3 @@ -400,9 +524,11 @@ MAN+= SSL_read_early_data.3 MAN+= SSL_rstate_string.3 MAN+= SSL_session_reused.3 MAN+= SSL_set1_host.3 +MAN+= SSL_set_async_callback.3 MAN+= SSL_set_bio.3 MAN+= SSL_set_connect_state.3 MAN+= SSL_set_fd.3 +MAN+= SSL_set_retry_verify.3 MAN+= SSL_set_session.3 MAN+= SSL_set_shutdown.3 MAN+= SSL_set_verify_result.3 @@ -410,11 +536,14 @@ MAN+= SSL_shutdown.3 MAN+= SSL_state_string.3 MAN+= SSL_want.3 MAN+= SSL_write.3 +MAN+= TS_RESP_CTX_new.3 +MAN+= TS_VERIFY_CTX_set_certs.3 MAN+= UI_STRING.3 MAN+= UI_UTIL_read_pw.3 MAN+= UI_create_method.3 MAN+= UI_new.3 MAN+= X509V3_get_d2i.3 +MAN+= X509V3_set_ctx.3 MAN+= X509_ALGOR_dup.3 MAN+= X509_CRL_get0_by_serial.3 MAN+= X509_EXTENSION_set_object.3 @@ -436,6 +565,7 @@ MAN+= X509_STORE_get0_param.3 MAN+= X509_STORE_new.3 MAN+= X509_STORE_set_verify_cb_func.3 MAN+= X509_VERIFY_PARAM_set_flags.3 +MAN+= X509_add_cert.3 MAN+= X509_check_ca.3 MAN+= X509_check_host.3 MAN+= X509_check_issued.3 @@ -445,6 +575,7 @@ MAN+= X509_cmp.3 MAN+= X509_cmp_time.3 MAN+= X509_digest.3 MAN+= X509_dup.3 +MAN+= X509_get0_distinguishing_id.3 MAN+= X509_get0_notBefore.3 MAN+= X509_get0_signature.3 MAN+= X509_get0_uids.3 @@ -453,114 +584,150 @@ MAN+= X509_get_pubkey.3 MAN+= X509_get_serialNumber.3 MAN+= X509_get_subject_name.3 MAN+= X509_get_version.3 +MAN+= X509_load_http.3 MAN+= X509_new.3 MAN+= X509_sign.3 +MAN+= X509_verify.3 MAN+= X509_verify_cert.3 MAN+= X509v3_get_ext_by_NID.3 -MAN+= d2i_DHparams.3 +MAN+= b2i_PVK_bio_ex.3 MAN+= d2i_PKCS8PrivateKey_bio.3 MAN+= d2i_PrivateKey.3 +MAN+= d2i_RSAPrivateKey.3 MAN+= d2i_SSL_SESSION.3 MAN+= d2i_X509.3 MAN+= i2d_CMS_bio_stream.3 MAN+= i2d_PKCS7_bio_stream.3 MAN+= i2d_re_X509_tbs.3 MAN+= o2i_SCT_LIST.3 +MAN+= s2i_ASN1_IA5STRING.3 +MLINKS+= X509_dup.3 ACCESS_DESCRIPTION_free.3 +MLINKS+= X509_dup.3 ACCESS_DESCRIPTION_new.3 +MLINKS+= X509_dup.3 ADMISSIONS_free.3 MLINKS+= ADMISSIONS.3 ADMISSIONS_get0_admissionAuthority.3 MLINKS+= ADMISSIONS.3 ADMISSIONS_get0_namingAuthority.3 MLINKS+= ADMISSIONS.3 ADMISSIONS_get0_professionInfos.3 +MLINKS+= X509_dup.3 ADMISSIONS_new.3 MLINKS+= ADMISSIONS.3 ADMISSIONS_set0_admissionAuthority.3 MLINKS+= ADMISSIONS.3 ADMISSIONS_set0_namingAuthority.3 MLINKS+= ADMISSIONS.3 ADMISSIONS_set0_professionInfos.3 MLINKS+= ADMISSIONS.3 ADMISSION_SYNTAX.3 +MLINKS+= X509_dup.3 ADMISSION_SYNTAX_free.3 MLINKS+= ADMISSIONS.3 ADMISSION_SYNTAX_get0_admissionAuthority.3 MLINKS+= ADMISSIONS.3 ADMISSION_SYNTAX_get0_contentsOfAdmissions.3 +MLINKS+= X509_dup.3 ADMISSION_SYNTAX_new.3 MLINKS+= ADMISSIONS.3 ADMISSION_SYNTAX_set0_admissionAuthority.3 MLINKS+= ADMISSIONS.3 ADMISSION_SYNTAX_set0_contentsOfAdmissions.3 -MLINKS+= ADMISSIONS.3 NAMING_AUTHORITY.3 -MLINKS+= ADMISSIONS.3 NAMING_AUTHORITY_get0_authorityId.3 -MLINKS+= ADMISSIONS.3 NAMING_AUTHORITY_get0_authorityText.3 -MLINKS+= ADMISSIONS.3 NAMING_AUTHORITY_get0_authorityURL.3 -MLINKS+= ADMISSIONS.3 NAMING_AUTHORITY_set0_authorityId.3 -MLINKS+= ADMISSIONS.3 NAMING_AUTHORITY_set0_authorityText.3 -MLINKS+= ADMISSIONS.3 NAMING_AUTHORITY_set0_authorityURL.3 -MLINKS+= ADMISSIONS.3 PROFESSION_INFO.3 -MLINKS+= ADMISSIONS.3 PROFESSION_INFOS.3 -MLINKS+= ADMISSIONS.3 PROFESSION_INFO_get0_addProfessionInfo.3 -MLINKS+= ADMISSIONS.3 PROFESSION_INFO_get0_namingAuthority.3 -MLINKS+= ADMISSIONS.3 PROFESSION_INFO_get0_professionItems.3 -MLINKS+= ADMISSIONS.3 PROFESSION_INFO_get0_professionOIDs.3 -MLINKS+= ADMISSIONS.3 PROFESSION_INFO_get0_registrationNumber.3 -MLINKS+= ADMISSIONS.3 PROFESSION_INFO_set0_addProfessionInfo.3 -MLINKS+= ADMISSIONS.3 PROFESSION_INFO_set0_namingAuthority.3 -MLINKS+= ADMISSIONS.3 PROFESSION_INFO_set0_professionItems.3 -MLINKS+= ADMISSIONS.3 PROFESSION_INFO_set0_professionOIDs.3 -MLINKS+= ADMISSIONS.3 PROFESSION_INFO_set0_registrationNumber.3 +MLINKS+= X509_dup.3 ASIdOrRange_free.3 +MLINKS+= X509_dup.3 ASIdOrRange_new.3 +MLINKS+= X509_dup.3 ASIdentifierChoice_free.3 +MLINKS+= X509_dup.3 ASIdentifierChoice_new.3 +MLINKS+= X509_dup.3 ASIdentifiers_free.3 +MLINKS+= X509_dup.3 ASIdentifiers_new.3 +MLINKS+= ASN1_aux_cb.3 ASN1_AUX.3 MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_ENUMERATED_get.3 MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_ENUMERATED_get_int64.3 MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_ENUMERATED_set.3 MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_ENUMERATED_set_int64.3 MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_ENUMERATED_to_BN.3 +MLINKS+= ASN1_TIME_set.3 ASN1_GENERALIZEDTIME_adj.3 +MLINKS+= ASN1_TIME_set.3 ASN1_GENERALIZEDTIME_check.3 +MLINKS+= ASN1_TIME_set.3 ASN1_GENERALIZEDTIME_dup.3 +MLINKS+= ASN1_TIME_set.3 ASN1_GENERALIZEDTIME_print.3 +MLINKS+= ASN1_TIME_set.3 ASN1_GENERALIZEDTIME_set.3 +MLINKS+= ASN1_TIME_set.3 ASN1_GENERALIZEDTIME_set_string.3 +MLINKS+= ASN1_INTEGER_new.3 ASN1_INTEGER_free.3 MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_INTEGER_get.3 MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_INTEGER_get_uint64.3 MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_INTEGER_set.3 MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_INTEGER_set_int64.3 MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_INTEGER_set_uint64.3 MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_INTEGER_to_BN.3 -MLINKS+= ASN1_INTEGER_get_int64.3 BN_to_ASN1_ENUMERATED.3 -MLINKS+= ASN1_INTEGER_get_int64.3 BN_to_ASN1_INTEGER.3 +MLINKS+= X509_dup.3 ASN1_ITEM.3 MLINKS+= ASN1_ITEM_lookup.3 ASN1_ITEM_get.3 MLINKS+= ASN1_OBJECT_new.3 ASN1_OBJECT_free.3 +MLINKS+= ASN1_aux_cb.3 ASN1_PRINT_ARG.3 +MLINKS+= ASN1_aux_cb.3 ASN1_STREAM_ARG.3 MLINKS+= ASN1_STRING_TABLE_add.3 ASN1_STRING_TABLE.3 MLINKS+= ASN1_STRING_TABLE_add.3 ASN1_STRING_TABLE_cleanup.3 MLINKS+= ASN1_STRING_TABLE_add.3 ASN1_STRING_TABLE_get.3 MLINKS+= ASN1_STRING_length.3 ASN1_STRING_cmp.3 MLINKS+= ASN1_STRING_length.3 ASN1_STRING_data.3 MLINKS+= ASN1_STRING_length.3 ASN1_STRING_dup.3 +MLINKS+= ASN1_STRING_new.3 ASN1_STRING_free.3 MLINKS+= ASN1_STRING_length.3 ASN1_STRING_get0_data.3 +MLINKS+= ASN1_STRING_print_ex.3 ASN1_STRING_print.3 +MLINKS+= ASN1_STRING_print_ex.3 ASN1_STRING_print_ex_fp.3 MLINKS+= ASN1_STRING_length.3 ASN1_STRING_set.3 MLINKS+= ASN1_STRING_length.3 ASN1_STRING_to_UTF8.3 MLINKS+= ASN1_STRING_length.3 ASN1_STRING_type.3 -MLINKS+= ASN1_STRING_new.3 ASN1_STRING_free.3 MLINKS+= ASN1_STRING_new.3 ASN1_STRING_type_new.3 -MLINKS+= ASN1_STRING_print_ex.3 ASN1_STRING_print.3 -MLINKS+= ASN1_STRING_print_ex.3 ASN1_STRING_print_ex_fp.3 -MLINKS+= ASN1_STRING_print_ex.3 ASN1_tag2str.3 -MLINKS+= ASN1_TIME_set.3 ASN1_GENERALIZEDTIME_adj.3 -MLINKS+= ASN1_TIME_set.3 ASN1_GENERALIZEDTIME_check.3 -MLINKS+= ASN1_TIME_set.3 ASN1_GENERALIZEDTIME_print.3 -MLINKS+= ASN1_TIME_set.3 ASN1_GENERALIZEDTIME_set.3 -MLINKS+= ASN1_TIME_set.3 ASN1_GENERALIZEDTIME_set_string.3 MLINKS+= ASN1_TIME_set.3 ASN1_TIME_adj.3 MLINKS+= ASN1_TIME_set.3 ASN1_TIME_check.3 MLINKS+= ASN1_TIME_set.3 ASN1_TIME_cmp_time_t.3 MLINKS+= ASN1_TIME_set.3 ASN1_TIME_compare.3 MLINKS+= ASN1_TIME_set.3 ASN1_TIME_diff.3 +MLINKS+= ASN1_TIME_set.3 ASN1_TIME_dup.3 MLINKS+= ASN1_TIME_set.3 ASN1_TIME_normalize.3 MLINKS+= ASN1_TIME_set.3 ASN1_TIME_print.3 +MLINKS+= ASN1_TIME_set.3 ASN1_TIME_print_ex.3 MLINKS+= ASN1_TIME_set.3 ASN1_TIME_set_string.3 MLINKS+= ASN1_TIME_set.3 ASN1_TIME_set_string_X509.3 MLINKS+= ASN1_TIME_set.3 ASN1_TIME_to_generalizedtime.3 MLINKS+= ASN1_TIME_set.3 ASN1_TIME_to_tm.3 +MLINKS+= ASN1_TYPE_get.3 ASN1_TYPE_cmp.3 +MLINKS+= ASN1_TYPE_get.3 ASN1_TYPE_pack_sequence.3 +MLINKS+= ASN1_TYPE_get.3 ASN1_TYPE_set.3 +MLINKS+= ASN1_TYPE_get.3 ASN1_TYPE_set1.3 +MLINKS+= ASN1_TYPE_get.3 ASN1_TYPE_unpack_sequence.3 MLINKS+= ASN1_TIME_set.3 ASN1_UTCTIME_adj.3 MLINKS+= ASN1_TIME_set.3 ASN1_UTCTIME_check.3 MLINKS+= ASN1_TIME_set.3 ASN1_UTCTIME_cmp_time_t.3 +MLINKS+= ASN1_TIME_set.3 ASN1_UTCTIME_dup.3 MLINKS+= ASN1_TIME_set.3 ASN1_UTCTIME_print.3 MLINKS+= ASN1_TIME_set.3 ASN1_UTCTIME_set.3 MLINKS+= ASN1_TIME_set.3 ASN1_UTCTIME_set_string.3 -MLINKS+= ASN1_TYPE_get.3 ASN1_TYPE_cmp.3 -MLINKS+= ASN1_TYPE_get.3 ASN1_TYPE_pack_sequence.3 -MLINKS+= ASN1_TYPE_get.3 ASN1_TYPE_set.3 -MLINKS+= ASN1_TYPE_get.3 ASN1_TYPE_set1.3 -MLINKS+= ASN1_TYPE_get.3 ASN1_TYPE_unpack_sequence.3 +MLINKS+= OPENSSL_load_builtin_modules.3 ASN1_add_oid_module.3 +MLINKS+= ASN1_aux_cb.3 ASN1_aux_const_cb.3 +MLINKS+= ASN1_EXTERN_FUNCS.3 ASN1_ex_d2i.3 +MLINKS+= ASN1_EXTERN_FUNCS.3 ASN1_ex_d2i_ex.3 +MLINKS+= ASN1_EXTERN_FUNCS.3 ASN1_ex_free_func.3 +MLINKS+= ASN1_EXTERN_FUNCS.3 ASN1_ex_i2d.3 +MLINKS+= ASN1_EXTERN_FUNCS.3 ASN1_ex_new_ex_func.3 +MLINKS+= ASN1_EXTERN_FUNCS.3 ASN1_ex_new_func.3 +MLINKS+= ASN1_EXTERN_FUNCS.3 ASN1_ex_print_func.3 MLINKS+= ASN1_generate_nconf.3 ASN1_generate_v3.3 +MLINKS+= ASN1_item_d2i_bio.3 ASN1_item_d2i.3 +MLINKS+= ASN1_item_d2i_bio.3 ASN1_item_d2i_bio_ex.3 +MLINKS+= ASN1_item_d2i_bio.3 ASN1_item_d2i_ex.3 +MLINKS+= ASN1_item_d2i_bio.3 ASN1_item_d2i_fp.3 +MLINKS+= ASN1_item_d2i_bio.3 ASN1_item_d2i_fp_ex.3 +MLINKS+= ASN1_item_d2i_bio.3 ASN1_item_i2d_mem_bio.3 +MLINKS+= ASN1_item_new.3 ASN1_item_new_ex.3 +MLINKS+= ASN1_item_sign.3 ASN1_item_sign_ctx.3 +MLINKS+= ASN1_item_sign.3 ASN1_item_sign_ex.3 +MLINKS+= ASN1_item_sign.3 ASN1_item_verify.3 +MLINKS+= ASN1_item_sign.3 ASN1_item_verify_ctx.3 +MLINKS+= ASN1_item_sign.3 ASN1_item_verify_ex.3 +MLINKS+= ASN1_STRING_print_ex.3 ASN1_tag2str.3 +MLINKS+= X509_dup.3 ASRange_free.3 +MLINKS+= X509_dup.3 ASRange_new.3 +MLINKS+= ASYNC_WAIT_CTX_new.3 ASYNC_STATUS_EAGAIN.3 +MLINKS+= ASYNC_WAIT_CTX_new.3 ASYNC_STATUS_ERR.3 +MLINKS+= ASYNC_WAIT_CTX_new.3 ASYNC_STATUS_OK.3 +MLINKS+= ASYNC_WAIT_CTX_new.3 ASYNC_STATUS_UNSUPPORTED.3 MLINKS+= ASYNC_WAIT_CTX_new.3 ASYNC_WAIT_CTX_clear_fd.3 MLINKS+= ASYNC_WAIT_CTX_new.3 ASYNC_WAIT_CTX_free.3 MLINKS+= ASYNC_WAIT_CTX_new.3 ASYNC_WAIT_CTX_get_all_fds.3 +MLINKS+= ASYNC_WAIT_CTX_new.3 ASYNC_WAIT_CTX_get_callback.3 MLINKS+= ASYNC_WAIT_CTX_new.3 ASYNC_WAIT_CTX_get_changed_fds.3 MLINKS+= ASYNC_WAIT_CTX_new.3 ASYNC_WAIT_CTX_get_fd.3 +MLINKS+= ASYNC_WAIT_CTX_new.3 ASYNC_WAIT_CTX_get_status.3 +MLINKS+= ASYNC_WAIT_CTX_new.3 ASYNC_WAIT_CTX_set_callback.3 +MLINKS+= ASYNC_WAIT_CTX_new.3 ASYNC_WAIT_CTX_set_status.3 MLINKS+= ASYNC_WAIT_CTX_new.3 ASYNC_WAIT_CTX_set_wait_fd.3 MLINKS+= ASYNC_start_job.3 ASYNC_block_pause.3 +MLINKS+= ASYNC_WAIT_CTX_new.3 ASYNC_callback_fn.3 MLINKS+= ASYNC_start_job.3 ASYNC_cleanup_thread.3 MLINKS+= ASYNC_start_job.3 ASYNC_get_current_job.3 MLINKS+= ASYNC_start_job.3 ASYNC_get_wait_ctx.3 @@ -568,6 +735,12 @@ MLINKS+= ASYNC_start_job.3 ASYNC_init_thread.3 MLINKS+= ASYNC_start_job.3 ASYNC_is_capable.3 MLINKS+= ASYNC_start_job.3 ASYNC_pause_job.3 MLINKS+= ASYNC_start_job.3 ASYNC_unblock_pause.3 +MLINKS+= X509_dup.3 AUTHORITY_INFO_ACCESS_free.3 +MLINKS+= X509_dup.3 AUTHORITY_INFO_ACCESS_new.3 +MLINKS+= X509_dup.3 AUTHORITY_KEYID_free.3 +MLINKS+= X509_dup.3 AUTHORITY_KEYID_new.3 +MLINKS+= X509_dup.3 BASIC_CONSTRAINTS_free.3 +MLINKS+= X509_dup.3 BASIC_CONSTRAINTS_new.3 MLINKS+= BF_encrypt.3 BF_cbc_encrypt.3 MLINKS+= BF_encrypt.3 BF_cfb64_encrypt.3 MLINKS+= BF_encrypt.3 BF_decrypt.3 @@ -575,6 +748,12 @@ MLINKS+= BF_encrypt.3 BF_ecb_encrypt.3 MLINKS+= BF_encrypt.3 BF_ofb64_encrypt.3 MLINKS+= BF_encrypt.3 BF_options.3 MLINKS+= BF_encrypt.3 BF_set_key.3 +MLINKS+= BIO_ADDRINFO.3 BIO_ADDRINFO_address.3 +MLINKS+= BIO_ADDRINFO.3 BIO_ADDRINFO_family.3 +MLINKS+= BIO_ADDRINFO.3 BIO_ADDRINFO_free.3 +MLINKS+= BIO_ADDRINFO.3 BIO_ADDRINFO_next.3 +MLINKS+= BIO_ADDRINFO.3 BIO_ADDRINFO_protocol.3 +MLINKS+= BIO_ADDRINFO.3 BIO_ADDRINFO_socktype.3 MLINKS+= BIO_ADDR.3 BIO_ADDR_clear.3 MLINKS+= BIO_ADDR.3 BIO_ADDR_family.3 MLINKS+= BIO_ADDR.3 BIO_ADDR_free.3 @@ -585,102 +764,85 @@ MLINKS+= BIO_ADDR.3 BIO_ADDR_rawaddress.3 MLINKS+= BIO_ADDR.3 BIO_ADDR_rawmake.3 MLINKS+= BIO_ADDR.3 BIO_ADDR_rawport.3 MLINKS+= BIO_ADDR.3 BIO_ADDR_service_string.3 -MLINKS+= BIO_ADDRINFO.3 BIO_ADDRINFO_address.3 -MLINKS+= BIO_ADDRINFO.3 BIO_ADDRINFO_family.3 -MLINKS+= BIO_ADDRINFO.3 BIO_ADDRINFO_free.3 -MLINKS+= BIO_ADDRINFO.3 BIO_ADDRINFO_next.3 -MLINKS+= BIO_ADDRINFO.3 BIO_ADDRINFO_protocol.3 -MLINKS+= BIO_ADDRINFO.3 BIO_ADDRINFO_socktype.3 -MLINKS+= BIO_ADDRINFO.3 BIO_lookup.3 -MLINKS+= BIO_ADDRINFO.3 BIO_lookup_ex.3 -MLINKS+= BIO_ADDRINFO.3 BIO_lookup_type.3 MLINKS+= BIO_connect.3 BIO_accept_ex.3 +MLINKS+= BIO_s_file.3 BIO_append_filename.3 MLINKS+= BIO_connect.3 BIO_bind.3 -MLINKS+= BIO_connect.3 BIO_closesocket.3 -MLINKS+= BIO_connect.3 BIO_listen.3 -MLINKS+= BIO_connect.3 BIO_socket.3 MLINKS+= BIO_ctrl.3 BIO_callback_ctrl.3 +MLINKS+= BIO_set_callback.3 BIO_callback_fn.3 +MLINKS+= BIO_set_callback.3 BIO_callback_fn_ex.3 +MLINKS+= BIO_connect.3 BIO_closesocket.3 +MLINKS+= BIO_s_datagram.3 BIO_ctrl_dgram_connect.3 +MLINKS+= BIO_s_bio.3 BIO_ctrl_get_read_request.3 +MLINKS+= BIO_s_bio.3 BIO_ctrl_get_write_guarantee.3 MLINKS+= BIO_ctrl.3 BIO_ctrl_pending.3 +MLINKS+= BIO_s_bio.3 BIO_ctrl_reset_read_request.3 +MLINKS+= BIO_s_datagram.3 BIO_ctrl_set_connected.3 MLINKS+= BIO_ctrl.3 BIO_ctrl_wpending.3 +MLINKS+= BIO_set_callback.3 BIO_debug_callback.3 +MLINKS+= BIO_set_callback.3 BIO_debug_callback_ex.3 +MLINKS+= BIO_s_bio.3 BIO_destroy_bio_pair.3 +MLINKS+= BIO_s_datagram.3 BIO_dgram_get_mtu_overhead.3 +MLINKS+= BIO_s_datagram.3 BIO_dgram_get_peer.3 +MLINKS+= BIO_s_datagram.3 BIO_dgram_recv_timedout.3 +MLINKS+= BIO_s_datagram.3 BIO_dgram_send_timedout.3 +MLINKS+= BIO_s_datagram.3 BIO_dgram_set_peer.3 +MLINKS+= BIO_s_accept.3 BIO_do_accept.3 +MLINKS+= BIO_s_connect.3 BIO_do_connect.3 +MLINKS+= BIO_socket_wait.3 BIO_do_connect_retry.3 +MLINKS+= BIO_f_ssl.3 BIO_do_handshake.3 MLINKS+= BIO_ctrl.3 BIO_eof.3 MLINKS+= BIO_ctrl.3 BIO_flush.3 +MLINKS+= BIO_new.3 BIO_free.3 +MLINKS+= BIO_new.3 BIO_free_all.3 +MLINKS+= BIO_s_accept.3 BIO_get_accept_ip_family.3 +MLINKS+= BIO_s_accept.3 BIO_get_accept_name.3 +MLINKS+= BIO_s_accept.3 BIO_get_accept_port.3 +MLINKS+= BIO_get_ex_new_index.3 BIO_get_app_data.3 +MLINKS+= BIO_s_accept.3 BIO_get_bind_mode.3 +MLINKS+= BIO_f_buffer.3 BIO_get_buffer_num_lines.3 +MLINKS+= BIO_set_callback.3 BIO_get_callback.3 +MLINKS+= BIO_set_callback.3 BIO_get_callback_arg.3 +MLINKS+= BIO_set_callback.3 BIO_get_callback_ex.3 +MLINKS+= BIO_f_cipher.3 BIO_get_cipher_ctx.3 +MLINKS+= BIO_f_cipher.3 BIO_get_cipher_status.3 MLINKS+= BIO_ctrl.3 BIO_get_close.3 +MLINKS+= BIO_s_connect.3 BIO_get_conn_address.3 +MLINKS+= BIO_s_connect.3 BIO_get_conn_hostname.3 +MLINKS+= BIO_s_connect.3 BIO_get_conn_ip_family.3 +MLINKS+= BIO_s_connect.3 BIO_get_conn_port.3 +MLINKS+= BIO_get_ex_new_index.3 BIO_get_ex_data.3 +MLINKS+= BIO_s_fd.3 BIO_get_fd.3 +MLINKS+= BIO_s_file.3 BIO_get_fp.3 +MLINKS+= BIO_f_prefix.3 BIO_get_indent.3 MLINKS+= BIO_ctrl.3 BIO_get_info_callback.3 +MLINKS+= BIO_get_data.3 BIO_get_init.3 MLINKS+= BIO_ctrl.3 BIO_get_ktls_recv.3 MLINKS+= BIO_ctrl.3 BIO_get_ktls_send.3 -MLINKS+= BIO_ctrl.3 BIO_info_cb.3 -MLINKS+= BIO_ctrl.3 BIO_int_ctrl.3 -MLINKS+= BIO_ctrl.3 BIO_pending.3 -MLINKS+= BIO_ctrl.3 BIO_ptr_ctrl.3 -MLINKS+= BIO_ctrl.3 BIO_reset.3 -MLINKS+= BIO_ctrl.3 BIO_seek.3 -MLINKS+= BIO_ctrl.3 BIO_set_close.3 -MLINKS+= BIO_ctrl.3 BIO_set_info_callback.3 -MLINKS+= BIO_ctrl.3 BIO_tell.3 -MLINKS+= BIO_ctrl.3 BIO_wpending.3 -MLINKS+= BIO_f_buffer.3 BIO_get_buffer_num_lines.3 -MLINKS+= BIO_f_buffer.3 BIO_set_buffer_read_data.3 -MLINKS+= BIO_f_buffer.3 BIO_set_buffer_size.3 -MLINKS+= BIO_f_buffer.3 BIO_set_read_buffer_size.3 -MLINKS+= BIO_f_buffer.3 BIO_set_write_buffer_size.3 -MLINKS+= BIO_f_cipher.3 BIO_get_cipher_ctx.3 -MLINKS+= BIO_f_cipher.3 BIO_get_cipher_status.3 -MLINKS+= BIO_f_cipher.3 BIO_set_cipher.3 +MLINKS+= BIO_read.3 BIO_get_line.3 MLINKS+= BIO_f_md.3 BIO_get_md.3 MLINKS+= BIO_f_md.3 BIO_get_md_ctx.3 -MLINKS+= BIO_f_md.3 BIO_set_md.3 -MLINKS+= BIO_f_ssl.3 BIO_do_handshake.3 +MLINKS+= BIO_s_mem.3 BIO_get_mem_data.3 +MLINKS+= BIO_s_mem.3 BIO_get_mem_ptr.3 +MLINKS+= BIO_meth_new.3 BIO_get_new_index.3 MLINKS+= BIO_f_ssl.3 BIO_get_num_renegotiates.3 -MLINKS+= BIO_f_ssl.3 BIO_get_ssl.3 -MLINKS+= BIO_f_ssl.3 BIO_new_buffer_ssl_connect.3 -MLINKS+= BIO_f_ssl.3 BIO_new_ssl.3 -MLINKS+= BIO_f_ssl.3 BIO_new_ssl_connect.3 -MLINKS+= BIO_f_ssl.3 BIO_set_ssl.3 -MLINKS+= BIO_f_ssl.3 BIO_set_ssl_mode.3 -MLINKS+= BIO_f_ssl.3 BIO_set_ssl_renegotiate_bytes.3 -MLINKS+= BIO_f_ssl.3 BIO_set_ssl_renegotiate_timeout.3 -MLINKS+= BIO_f_ssl.3 BIO_ssl_copy_session_id.3 -MLINKS+= BIO_f_ssl.3 BIO_ssl_shutdown.3 -MLINKS+= BIO_find_type.3 BIO_method_type.3 -MLINKS+= BIO_find_type.3 BIO_next.3 -MLINKS+= BIO_get_data.3 BIO_get_init.3 +MLINKS+= BIO_s_accept.3 BIO_get_peer_name.3 +MLINKS+= BIO_s_accept.3 BIO_get_peer_port.3 +MLINKS+= BIO_s_bio.3 BIO_get_read_request.3 +MLINKS+= BIO_should_retry.3 BIO_get_retry_BIO.3 +MLINKS+= BIO_should_retry.3 BIO_get_retry_reason.3 MLINKS+= BIO_get_data.3 BIO_get_shutdown.3 -MLINKS+= BIO_get_data.3 BIO_set_data.3 -MLINKS+= BIO_get_data.3 BIO_set_init.3 -MLINKS+= BIO_get_data.3 BIO_set_shutdown.3 -MLINKS+= BIO_get_ex_new_index.3 BIO_get_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 BIO_set_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 DH_get_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 DH_get_ex_new_index.3 -MLINKS+= BIO_get_ex_new_index.3 DH_set_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 DSA_get_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 DSA_get_ex_new_index.3 -MLINKS+= BIO_get_ex_new_index.3 DSA_set_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 ECDH_get_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 ECDH_get_ex_new_index.3 -MLINKS+= BIO_get_ex_new_index.3 ECDH_set_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 EC_KEY_get_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 EC_KEY_get_ex_new_index.3 -MLINKS+= BIO_get_ex_new_index.3 EC_KEY_set_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 ENGINE_get_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 ENGINE_get_ex_new_index.3 -MLINKS+= BIO_get_ex_new_index.3 ENGINE_set_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 RSA_get_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 RSA_get_ex_new_index.3 -MLINKS+= BIO_get_ex_new_index.3 RSA_set_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 UI_get_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 UI_get_ex_new_index.3 -MLINKS+= BIO_get_ex_new_index.3 UI_set_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 X509_STORE_CTX_get_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 X509_STORE_CTX_get_ex_new_index.3 -MLINKS+= BIO_get_ex_new_index.3 X509_STORE_CTX_set_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 X509_STORE_get_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 X509_STORE_get_ex_new_index.3 -MLINKS+= BIO_get_ex_new_index.3 X509_STORE_set_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 X509_get_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 X509_get_ex_new_index.3 -MLINKS+= BIO_get_ex_new_index.3 X509_set_ex_data.3 -MLINKS+= BIO_meth_new.3 BIO_get_new_index.3 +MLINKS+= BIO_f_ssl.3 BIO_get_ssl.3 +MLINKS+= BIO_s_bio.3 BIO_get_write_buf_size.3 +MLINKS+= BIO_s_bio.3 BIO_get_write_guarantee.3 +MLINKS+= BIO_read.3 BIO_gets.3 +MLINKS+= BIO_parse_hostserv.3 BIO_hostserv_priorities.3 +MLINKS+= BIO_ctrl.3 BIO_info_cb.3 +MLINKS+= BIO_ctrl.3 BIO_int_ctrl.3 +MLINKS+= BIO_connect.3 BIO_listen.3 +MLINKS+= BIO_ADDRINFO.3 BIO_lookup.3 +MLINKS+= BIO_ADDRINFO.3 BIO_lookup_ex.3 +MLINKS+= BIO_ADDRINFO.3 BIO_lookup_type.3 +MLINKS+= BIO_s_bio.3 BIO_make_bio_pair.3 MLINKS+= BIO_meth_new.3 BIO_meth_free.3 MLINKS+= BIO_meth_new.3 BIO_meth_get_callback_ctrl.3 MLINKS+= BIO_meth_new.3 BIO_meth_get_create.3 @@ -702,90 +864,90 @@ MLINKS+= BIO_meth_new.3 BIO_meth_set_read.3 MLINKS+= BIO_meth_new.3 BIO_meth_set_read_ex.3 MLINKS+= BIO_meth_new.3 BIO_meth_set_write.3 MLINKS+= BIO_meth_new.3 BIO_meth_set_write_ex.3 -MLINKS+= BIO_new.3 BIO_free.3 -MLINKS+= BIO_new.3 BIO_free_all.3 -MLINKS+= BIO_new.3 BIO_up_ref.3 -MLINKS+= BIO_new.3 BIO_vfree.3 -MLINKS+= BIO_parse_hostserv.3 BIO_hostserv_priorities.3 -MLINKS+= BIO_printf.3 BIO_snprintf.3 -MLINKS+= BIO_printf.3 BIO_vprintf.3 -MLINKS+= BIO_printf.3 BIO_vsnprintf.3 +MLINKS+= BIO_find_type.3 BIO_method_type.3 +MLINKS+= BIO_s_accept.3 BIO_new_accept.3 +MLINKS+= BIO_s_bio.3 BIO_new_bio_pair.3 +MLINKS+= BIO_f_ssl.3 BIO_new_buffer_ssl_connect.3 +MLINKS+= BIO_s_connect.3 BIO_new_connect.3 +MLINKS+= BIO_s_datagram.3 BIO_new_dgram.3 +MLINKS+= BIO_new.3 BIO_new_ex.3 +MLINKS+= BIO_s_fd.3 BIO_new_fd.3 +MLINKS+= BIO_s_file.3 BIO_new_file.3 +MLINKS+= BIO_s_file.3 BIO_new_fp.3 +MLINKS+= BIO_s_core.3 BIO_new_from_core_bio.3 +MLINKS+= BIO_s_mem.3 BIO_new_mem_buf.3 +MLINKS+= BIO_s_socket.3 BIO_new_socket.3 +MLINKS+= BIO_f_ssl.3 BIO_new_ssl.3 +MLINKS+= BIO_f_ssl.3 BIO_new_ssl_connect.3 +MLINKS+= BIO_find_type.3 BIO_next.3 +MLINKS+= BIO_ctrl.3 BIO_pending.3 MLINKS+= BIO_push.3 BIO_pop.3 -MLINKS+= BIO_push.3 BIO_set_next.3 -MLINKS+= BIO_read.3 BIO_gets.3 +MLINKS+= BIO_ctrl.3 BIO_ptr_ctrl.3 MLINKS+= BIO_read.3 BIO_puts.3 MLINKS+= BIO_read.3 BIO_read_ex.3 -MLINKS+= BIO_read.3 BIO_write.3 -MLINKS+= BIO_read.3 BIO_write_ex.3 -MLINKS+= BIO_s_accept.3 BIO_do_accept.3 -MLINKS+= BIO_s_accept.3 BIO_get_accept_ip_family.3 -MLINKS+= BIO_s_accept.3 BIO_get_accept_name.3 -MLINKS+= BIO_s_accept.3 BIO_get_accept_port.3 -MLINKS+= BIO_s_accept.3 BIO_get_bind_mode.3 -MLINKS+= BIO_s_accept.3 BIO_get_peer_name.3 -MLINKS+= BIO_s_accept.3 BIO_get_peer_port.3 -MLINKS+= BIO_s_accept.3 BIO_new_accept.3 +MLINKS+= BIO_s_file.3 BIO_read_filename.3 +MLINKS+= BIO_ctrl.3 BIO_reset.3 +MLINKS+= BIO_should_retry.3 BIO_retry_type.3 +MLINKS+= BIO_s_file.3 BIO_rw_filename.3 +MLINKS+= BIO_s_mem.3 BIO_s_secmem.3 +MLINKS+= BIO_ctrl.3 BIO_seek.3 MLINKS+= BIO_s_accept.3 BIO_set_accept_bios.3 MLINKS+= BIO_s_accept.3 BIO_set_accept_ip_family.3 MLINKS+= BIO_s_accept.3 BIO_set_accept_name.3 MLINKS+= BIO_s_accept.3 BIO_set_accept_port.3 +MLINKS+= BIO_get_ex_new_index.3 BIO_set_app_data.3 MLINKS+= BIO_s_accept.3 BIO_set_bind_mode.3 -MLINKS+= BIO_s_accept.3 BIO_set_nbio_accept.3 -MLINKS+= BIO_s_bio.3 BIO_ctrl_get_read_request.3 -MLINKS+= BIO_s_bio.3 BIO_ctrl_get_write_guarantee.3 -MLINKS+= BIO_s_bio.3 BIO_ctrl_reset_read_request.3 -MLINKS+= BIO_s_bio.3 BIO_destroy_bio_pair.3 -MLINKS+= BIO_s_bio.3 BIO_get_read_request.3 -MLINKS+= BIO_s_bio.3 BIO_get_write_buf_size.3 -MLINKS+= BIO_s_bio.3 BIO_get_write_guarantee.3 -MLINKS+= BIO_s_bio.3 BIO_make_bio_pair.3 -MLINKS+= BIO_s_bio.3 BIO_new_bio_pair.3 -MLINKS+= BIO_s_bio.3 BIO_set_write_buf_size.3 -MLINKS+= BIO_s_bio.3 BIO_shutdown_wr.3 -MLINKS+= BIO_s_connect.3 BIO_do_connect.3 -MLINKS+= BIO_s_connect.3 BIO_get_conn_address.3 -MLINKS+= BIO_s_connect.3 BIO_get_conn_hostname.3 -MLINKS+= BIO_s_connect.3 BIO_get_conn_ip_family.3 -MLINKS+= BIO_s_connect.3 BIO_get_conn_port.3 -MLINKS+= BIO_s_connect.3 BIO_new_connect.3 +MLINKS+= BIO_f_buffer.3 BIO_set_buffer_read_data.3 +MLINKS+= BIO_f_buffer.3 BIO_set_buffer_size.3 +MLINKS+= BIO_set_callback.3 BIO_set_callback_arg.3 +MLINKS+= BIO_set_callback.3 BIO_set_callback_ex.3 +MLINKS+= BIO_f_cipher.3 BIO_set_cipher.3 +MLINKS+= BIO_ctrl.3 BIO_set_close.3 MLINKS+= BIO_s_connect.3 BIO_set_conn_address.3 MLINKS+= BIO_s_connect.3 BIO_set_conn_hostname.3 MLINKS+= BIO_s_connect.3 BIO_set_conn_ip_family.3 MLINKS+= BIO_s_connect.3 BIO_set_conn_port.3 -MLINKS+= BIO_s_connect.3 BIO_set_nbio.3 -MLINKS+= BIO_s_fd.3 BIO_get_fd.3 -MLINKS+= BIO_s_fd.3 BIO_new_fd.3 +MLINKS+= BIO_get_data.3 BIO_set_data.3 +MLINKS+= BIO_get_ex_new_index.3 BIO_set_ex_data.3 MLINKS+= BIO_s_fd.3 BIO_set_fd.3 -MLINKS+= BIO_s_file.3 BIO_append_filename.3 -MLINKS+= BIO_s_file.3 BIO_get_fp.3 -MLINKS+= BIO_s_file.3 BIO_new_file.3 -MLINKS+= BIO_s_file.3 BIO_new_fp.3 -MLINKS+= BIO_s_file.3 BIO_read_filename.3 -MLINKS+= BIO_s_file.3 BIO_rw_filename.3 MLINKS+= BIO_s_file.3 BIO_set_fp.3 -MLINKS+= BIO_s_file.3 BIO_write_filename.3 -MLINKS+= BIO_s_mem.3 BIO_get_mem_data.3 -MLINKS+= BIO_s_mem.3 BIO_get_mem_ptr.3 -MLINKS+= BIO_s_mem.3 BIO_new_mem_buf.3 -MLINKS+= BIO_s_mem.3 BIO_s_secmem.3 +MLINKS+= BIO_f_prefix.3 BIO_set_indent.3 +MLINKS+= BIO_ctrl.3 BIO_set_info_callback.3 +MLINKS+= BIO_get_data.3 BIO_set_init.3 +MLINKS+= BIO_f_md.3 BIO_set_md.3 MLINKS+= BIO_s_mem.3 BIO_set_mem_buf.3 MLINKS+= BIO_s_mem.3 BIO_set_mem_eof_return.3 -MLINKS+= BIO_s_socket.3 BIO_new_socket.3 -MLINKS+= BIO_set_callback.3 BIO_callback_fn.3 -MLINKS+= BIO_set_callback.3 BIO_callback_fn_ex.3 -MLINKS+= BIO_set_callback.3 BIO_debug_callback.3 -MLINKS+= BIO_set_callback.3 BIO_get_callback.3 -MLINKS+= BIO_set_callback.3 BIO_get_callback_arg.3 -MLINKS+= BIO_set_callback.3 BIO_get_callback_ex.3 -MLINKS+= BIO_set_callback.3 BIO_set_callback_arg.3 -MLINKS+= BIO_set_callback.3 BIO_set_callback_ex.3 -MLINKS+= BIO_should_retry.3 BIO_get_retry_BIO.3 -MLINKS+= BIO_should_retry.3 BIO_get_retry_reason.3 -MLINKS+= BIO_should_retry.3 BIO_retry_type.3 +MLINKS+= BIO_s_connect.3 BIO_set_nbio.3 +MLINKS+= BIO_s_accept.3 BIO_set_nbio_accept.3 +MLINKS+= BIO_push.3 BIO_set_next.3 +MLINKS+= BIO_f_prefix.3 BIO_set_prefix.3 +MLINKS+= BIO_f_buffer.3 BIO_set_read_buffer_size.3 MLINKS+= BIO_should_retry.3 BIO_set_retry_reason.3 +MLINKS+= BIO_get_data.3 BIO_set_shutdown.3 +MLINKS+= BIO_f_ssl.3 BIO_set_ssl.3 +MLINKS+= BIO_f_ssl.3 BIO_set_ssl_mode.3 +MLINKS+= BIO_f_ssl.3 BIO_set_ssl_renegotiate_bytes.3 +MLINKS+= BIO_f_ssl.3 BIO_set_ssl_renegotiate_timeout.3 +MLINKS+= BIO_s_bio.3 BIO_set_write_buf_size.3 +MLINKS+= BIO_f_buffer.3 BIO_set_write_buffer_size.3 MLINKS+= BIO_should_retry.3 BIO_should_io_special.3 MLINKS+= BIO_should_retry.3 BIO_should_read.3 MLINKS+= BIO_should_retry.3 BIO_should_write.3 +MLINKS+= BIO_s_bio.3 BIO_shutdown_wr.3 +MLINKS+= BIO_printf.3 BIO_snprintf.3 +MLINKS+= BIO_connect.3 BIO_socket.3 +MLINKS+= BIO_f_ssl.3 BIO_ssl_copy_session_id.3 +MLINKS+= BIO_f_ssl.3 BIO_ssl_shutdown.3 +MLINKS+= BIO_ctrl.3 BIO_tell.3 +MLINKS+= BIO_new.3 BIO_up_ref.3 +MLINKS+= BIO_new.3 BIO_vfree.3 +MLINKS+= BIO_printf.3 BIO_vprintf.3 +MLINKS+= BIO_printf.3 BIO_vsnprintf.3 +MLINKS+= BIO_socket_wait.3 BIO_wait.3 +MLINKS+= BIO_ctrl.3 BIO_wpending.3 +MLINKS+= BIO_read.3 BIO_write.3 +MLINKS+= BIO_read.3 BIO_write_ex.3 +MLINKS+= BIO_s_file.3 BIO_write_filename.3 MLINKS+= BN_BLINDING_new.3 BN_BLINDING_convert.3 MLINKS+= BN_BLINDING_new.3 BN_BLINDING_convert_ex.3 MLINKS+= BN_BLINDING_new.3 BN_BLINDING_create_param.3 @@ -799,105 +961,142 @@ MLINKS+= BN_BLINDING_new.3 BN_BLINDING_set_current_thread.3 MLINKS+= BN_BLINDING_new.3 BN_BLINDING_set_flags.3 MLINKS+= BN_BLINDING_new.3 BN_BLINDING_unlock.3 MLINKS+= BN_BLINDING_new.3 BN_BLINDING_update.3 -MLINKS+= BN_CTX_new.3 BN_CTX_free.3 -MLINKS+= BN_CTX_new.3 BN_CTX_secure_new.3 MLINKS+= BN_CTX_start.3 BN_CTX_end.3 +MLINKS+= BN_CTX_new.3 BN_CTX_free.3 MLINKS+= BN_CTX_start.3 BN_CTX_get.3 -MLINKS+= BN_add.3 BN_div.3 -MLINKS+= BN_add.3 BN_exp.3 -MLINKS+= BN_add.3 BN_gcd.3 -MLINKS+= BN_add.3 BN_mod.3 -MLINKS+= BN_add.3 BN_mod_add.3 -MLINKS+= BN_add.3 BN_mod_exp.3 -MLINKS+= BN_add.3 BN_mod_mul.3 -MLINKS+= BN_add.3 BN_mod_sqr.3 -MLINKS+= BN_add.3 BN_mod_sqrt.3 -MLINKS+= BN_add.3 BN_mod_sub.3 -MLINKS+= BN_add.3 BN_mul.3 -MLINKS+= BN_add.3 BN_nnmod.3 -MLINKS+= BN_add.3 BN_sqr.3 -MLINKS+= BN_add.3 BN_sub.3 -MLINKS+= BN_add_word.3 BN_div_word.3 -MLINKS+= BN_add_word.3 BN_mod_word.3 -MLINKS+= BN_add_word.3 BN_mul_word.3 -MLINKS+= BN_add_word.3 BN_sub_word.3 -MLINKS+= BN_bn2bin.3 BN_bin2bn.3 -MLINKS+= BN_bn2bin.3 BN_bn2binpad.3 -MLINKS+= BN_bn2bin.3 BN_bn2dec.3 -MLINKS+= BN_bn2bin.3 BN_bn2hex.3 -MLINKS+= BN_bn2bin.3 BN_bn2lebinpad.3 -MLINKS+= BN_bn2bin.3 BN_bn2mpi.3 -MLINKS+= BN_bn2bin.3 BN_dec2bn.3 -MLINKS+= BN_bn2bin.3 BN_hex2bn.3 -MLINKS+= BN_bn2bin.3 BN_lebin2bn.3 -MLINKS+= BN_bn2bin.3 BN_mpi2bn.3 -MLINKS+= BN_bn2bin.3 BN_print.3 -MLINKS+= BN_bn2bin.3 BN_print_fp.3 -MLINKS+= BN_cmp.3 BN_abs_is_word.3 -MLINKS+= BN_cmp.3 BN_is_odd.3 -MLINKS+= BN_cmp.3 BN_is_one.3 -MLINKS+= BN_cmp.3 BN_is_word.3 -MLINKS+= BN_cmp.3 BN_is_zero.3 -MLINKS+= BN_cmp.3 BN_ucmp.3 -MLINKS+= BN_copy.3 BN_dup.3 -MLINKS+= BN_copy.3 BN_with_flags.3 +MLINKS+= BN_CTX_new.3 BN_CTX_new_ex.3 +MLINKS+= BN_CTX_new.3 BN_CTX_secure_new.3 +MLINKS+= BN_CTX_new.3 BN_CTX_secure_new_ex.3 MLINKS+= BN_generate_prime.3 BN_GENCB_call.3 MLINKS+= BN_generate_prime.3 BN_GENCB_free.3 MLINKS+= BN_generate_prime.3 BN_GENCB_get_arg.3 MLINKS+= BN_generate_prime.3 BN_GENCB_new.3 MLINKS+= BN_generate_prime.3 BN_GENCB_set.3 MLINKS+= BN_generate_prime.3 BN_GENCB_set_old.3 -MLINKS+= BN_generate_prime.3 BN_generate_prime_ex.3 -MLINKS+= BN_generate_prime.3 BN_is_prime.3 -MLINKS+= BN_generate_prime.3 BN_is_prime_ex.3 -MLINKS+= BN_generate_prime.3 BN_is_prime_fasttest.3 -MLINKS+= BN_generate_prime.3 BN_is_prime_fasttest_ex.3 MLINKS+= BN_mod_mul_montgomery.3 BN_MONT_CTX_copy.3 MLINKS+= BN_mod_mul_montgomery.3 BN_MONT_CTX_free.3 MLINKS+= BN_mod_mul_montgomery.3 BN_MONT_CTX_new.3 MLINKS+= BN_mod_mul_montgomery.3 BN_MONT_CTX_set.3 -MLINKS+= BN_mod_mul_montgomery.3 BN_from_montgomery.3 -MLINKS+= BN_mod_mul_montgomery.3 BN_to_montgomery.3 MLINKS+= BN_mod_mul_reciprocal.3 BN_RECP_CTX_free.3 MLINKS+= BN_mod_mul_reciprocal.3 BN_RECP_CTX_new.3 MLINKS+= BN_mod_mul_reciprocal.3 BN_RECP_CTX_set.3 -MLINKS+= BN_mod_mul_reciprocal.3 BN_div_recp.3 +MLINKS+= BN_cmp.3 BN_abs_is_word.3 +MLINKS+= BN_bn2bin.3 BN_bin2bn.3 +MLINKS+= BN_bn2bin.3 BN_bn2binpad.3 +MLINKS+= BN_bn2bin.3 BN_bn2dec.3 +MLINKS+= BN_bn2bin.3 BN_bn2hex.3 +MLINKS+= BN_bn2bin.3 BN_bn2lebinpad.3 +MLINKS+= BN_bn2bin.3 BN_bn2mpi.3 +MLINKS+= BN_bn2bin.3 BN_bn2nativepad.3 +MLINKS+= BN_generate_prime.3 BN_check_prime.3 MLINKS+= BN_new.3 BN_clear.3 +MLINKS+= BN_set_bit.3 BN_clear_bit.3 MLINKS+= BN_new.3 BN_clear_free.3 +MLINKS+= BN_bn2bin.3 BN_dec2bn.3 +MLINKS+= BN_add.3 BN_div.3 +MLINKS+= BN_mod_mul_reciprocal.3 BN_div_recp.3 +MLINKS+= BN_add_word.3 BN_div_word.3 +MLINKS+= BN_copy.3 BN_dup.3 +MLINKS+= BN_add.3 BN_exp.3 MLINKS+= BN_new.3 BN_free.3 -MLINKS+= BN_new.3 BN_secure_new.3 +MLINKS+= BN_mod_mul_montgomery.3 BN_from_montgomery.3 +MLINKS+= BN_add.3 BN_gcd.3 +MLINKS+= BN_generate_prime.3 BN_generate_prime_ex.3 +MLINKS+= BN_generate_prime.3 BN_generate_prime_ex2.3 +MLINKS+= DH_get_1024_160.3 BN_get0_nist_prime_192.3 +MLINKS+= DH_get_1024_160.3 BN_get0_nist_prime_224.3 +MLINKS+= DH_get_1024_160.3 BN_get0_nist_prime_256.3 +MLINKS+= DH_get_1024_160.3 BN_get0_nist_prime_384.3 +MLINKS+= DH_get_1024_160.3 BN_get0_nist_prime_521.3 +MLINKS+= DH_get_1024_160.3 BN_get_rfc2409_prime_1024.3 +MLINKS+= DH_get_1024_160.3 BN_get_rfc2409_prime_768.3 +MLINKS+= DH_get_1024_160.3 BN_get_rfc3526_prime_1536.3 +MLINKS+= DH_get_1024_160.3 BN_get_rfc3526_prime_2048.3 +MLINKS+= DH_get_1024_160.3 BN_get_rfc3526_prime_3072.3 +MLINKS+= DH_get_1024_160.3 BN_get_rfc3526_prime_4096.3 +MLINKS+= DH_get_1024_160.3 BN_get_rfc3526_prime_6144.3 +MLINKS+= DH_get_1024_160.3 BN_get_rfc3526_prime_8192.3 +MLINKS+= BN_zero.3 BN_get_word.3 +MLINKS+= BN_bn2bin.3 BN_hex2bn.3 +MLINKS+= BN_set_bit.3 BN_is_bit_set.3 +MLINKS+= BN_cmp.3 BN_is_odd.3 +MLINKS+= BN_cmp.3 BN_is_one.3 +MLINKS+= BN_generate_prime.3 BN_is_prime.3 +MLINKS+= BN_generate_prime.3 BN_is_prime_ex.3 +MLINKS+= BN_generate_prime.3 BN_is_prime_fasttest.3 +MLINKS+= BN_generate_prime.3 BN_is_prime_fasttest_ex.3 +MLINKS+= BN_cmp.3 BN_is_word.3 +MLINKS+= BN_cmp.3 BN_is_zero.3 +MLINKS+= BN_bn2bin.3 BN_lebin2bn.3 +MLINKS+= BN_set_bit.3 BN_lshift.3 +MLINKS+= BN_set_bit.3 BN_lshift1.3 +MLINKS+= BN_set_bit.3 BN_mask_bits.3 +MLINKS+= BN_add.3 BN_mod.3 +MLINKS+= BN_add.3 BN_mod_add.3 +MLINKS+= BN_add.3 BN_mod_exp.3 +MLINKS+= BN_mod_exp_mont.3 BN_mod_exp_mont_consttime.3 +MLINKS+= BN_mod_exp_mont.3 BN_mod_exp_mont_consttime_x2.3 +MLINKS+= BN_add.3 BN_mod_mul.3 +MLINKS+= BN_add.3 BN_mod_sqr.3 +MLINKS+= BN_add.3 BN_mod_sqrt.3 +MLINKS+= BN_add.3 BN_mod_sub.3 +MLINKS+= BN_add_word.3 BN_mod_word.3 +MLINKS+= BN_bn2bin.3 BN_mpi2bn.3 +MLINKS+= BN_add.3 BN_mul.3 +MLINKS+= BN_add_word.3 BN_mul_word.3 +MLINKS+= BN_bn2bin.3 BN_native2bn.3 +MLINKS+= BN_add.3 BN_nnmod.3 MLINKS+= BN_num_bytes.3 BN_num_bits.3 MLINKS+= BN_num_bytes.3 BN_num_bits_word.3 +MLINKS+= BN_zero.3 BN_one.3 +MLINKS+= BN_bn2bin.3 BN_print.3 +MLINKS+= BN_bn2bin.3 BN_print_fp.3 MLINKS+= BN_rand.3 BN_priv_rand.3 +MLINKS+= BN_rand.3 BN_priv_rand_ex.3 MLINKS+= BN_rand.3 BN_priv_rand_range.3 +MLINKS+= BN_rand.3 BN_priv_rand_range_ex.3 MLINKS+= BN_rand.3 BN_pseudo_rand.3 MLINKS+= BN_rand.3 BN_pseudo_rand_range.3 +MLINKS+= BN_rand.3 BN_rand_ex.3 MLINKS+= BN_rand.3 BN_rand_range.3 -MLINKS+= BN_set_bit.3 BN_clear_bit.3 -MLINKS+= BN_set_bit.3 BN_is_bit_set.3 -MLINKS+= BN_set_bit.3 BN_lshift.3 -MLINKS+= BN_set_bit.3 BN_lshift1.3 -MLINKS+= BN_set_bit.3 BN_mask_bits.3 +MLINKS+= BN_rand.3 BN_rand_range_ex.3 MLINKS+= BN_set_bit.3 BN_rshift.3 MLINKS+= BN_set_bit.3 BN_rshift1.3 -MLINKS+= BN_zero.3 BN_get_word.3 -MLINKS+= BN_zero.3 BN_one.3 +MLINKS+= BN_new.3 BN_secure_new.3 MLINKS+= BN_zero.3 BN_set_word.3 +MLINKS+= BN_add.3 BN_sqr.3 +MLINKS+= BN_add.3 BN_sub.3 +MLINKS+= BN_add_word.3 BN_sub_word.3 +MLINKS+= ASN1_INTEGER_get_int64.3 BN_to_ASN1_ENUMERATED.3 +MLINKS+= ASN1_INTEGER_get_int64.3 BN_to_ASN1_INTEGER.3 +MLINKS+= BN_mod_mul_montgomery.3 BN_to_montgomery.3 +MLINKS+= BN_cmp.3 BN_ucmp.3 MLINKS+= BN_zero.3 BN_value_one.3 +MLINKS+= BN_copy.3 BN_with_flags.3 MLINKS+= BUF_MEM_new.3 BUF_MEM_free.3 MLINKS+= BUF_MEM_new.3 BUF_MEM_grow.3 MLINKS+= BUF_MEM_new.3 BUF_MEM_grow_clean.3 MLINKS+= BUF_MEM_new.3 BUF_MEM_new_ex.3 MLINKS+= BUF_MEM_new.3 BUF_reverse.3 -MLINKS+= CMS_add0_cert.3 CMS_add0_crl.3 -MLINKS+= CMS_add0_cert.3 CMS_add1_cert.3 -MLINKS+= CMS_add0_cert.3 CMS_add1_crl.3 -MLINKS+= CMS_add0_cert.3 CMS_get1_certs.3 -MLINKS+= CMS_add0_cert.3 CMS_get1_crls.3 -MLINKS+= CMS_add1_recipient_cert.3 CMS_add0_recipient_key.3 -MLINKS+= CMS_add1_signer.3 CMS_SignerInfo_sign.3 +MLINKS+= X509_dup.3 CERTIFICATEPOLICIES_free.3 +MLINKS+= X509_dup.3 CERTIFICATEPOLICIES_new.3 +MLINKS+= CMS_EnvelopedData_create.3 CMS_AuthEnvelopedData_create.3 +MLINKS+= CMS_EnvelopedData_create.3 CMS_AuthEnvelopedData_create_ex.3 +MLINKS+= X509_dup.3 CMS_ContentInfo_free.3 +MLINKS+= X509_dup.3 CMS_ContentInfo_new.3 +MLINKS+= X509_dup.3 CMS_ContentInfo_new_ex.3 +MLINKS+= X509_dup.3 CMS_ContentInfo_print_ctx.3 +MLINKS+= CMS_EncryptedData_encrypt.3 CMS_EncryptedData_encrypt_ex.3 +MLINKS+= CMS_EnvelopedData_create.3 CMS_EnvelopedData_create_ex.3 +MLINKS+= CMS_get1_ReceiptRequest.3 CMS_ReceiptRequest_create0.3 +MLINKS+= CMS_get1_ReceiptRequest.3 CMS_ReceiptRequest_create0_ex.3 +MLINKS+= X509_dup.3 CMS_ReceiptRequest_free.3 +MLINKS+= CMS_get1_ReceiptRequest.3 CMS_ReceiptRequest_get0_values.3 +MLINKS+= X509_dup.3 CMS_ReceiptRequest_new.3 MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_decrypt.3 MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_encrypt.3 +MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_kari_set0_pkey.3 +MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_kari_set0_pkey_and_peer.3 MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_kekri_get0_id.3 MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_kekri_id_cmp.3 MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_ktri_cert_cmp.3 @@ -909,74 +1108,107 @@ MLINKS+= CMS_get0_SignerInfos.3 CMS_SignerInfo_cert_cmp.3 MLINKS+= CMS_get0_SignerInfos.3 CMS_SignerInfo_get0_signature.3 MLINKS+= CMS_get0_SignerInfos.3 CMS_SignerInfo_get0_signer_id.3 MLINKS+= CMS_get0_SignerInfos.3 CMS_SignerInfo_set1_signer_cert.3 +MLINKS+= CMS_add1_signer.3 CMS_SignerInfo_sign.3 +MLINKS+= CMS_add0_cert.3 CMS_add0_crl.3 +MLINKS+= CMS_add1_recipient_cert.3 CMS_add0_recipient_key.3 +MLINKS+= CMS_get1_ReceiptRequest.3 CMS_add1_ReceiptRequest.3 +MLINKS+= CMS_add0_cert.3 CMS_add1_cert.3 +MLINKS+= CMS_add0_cert.3 CMS_add1_crl.3 +MLINKS+= CMS_add1_recipient_cert.3 CMS_add1_recipient.3 +MLINKS+= CMS_data_create.3 CMS_data_create_ex.3 +MLINKS+= CMS_decrypt.3 CMS_decrypt_set1_password.3 +MLINKS+= CMS_decrypt.3 CMS_decrypt_set1_pkey.3 +MLINKS+= CMS_decrypt.3 CMS_decrypt_set1_pkey_and_peer.3 +MLINKS+= CMS_digest_create.3 CMS_digest_create_ex.3 +MLINKS+= CMS_encrypt.3 CMS_encrypt_ex.3 MLINKS+= CMS_get0_type.3 CMS_get0_content.3 MLINKS+= CMS_get0_type.3 CMS_get0_eContentType.3 -MLINKS+= CMS_get0_type.3 CMS_set1_eContentType.3 -MLINKS+= CMS_get1_ReceiptRequest.3 CMS_ReceiptRequest_create0.3 -MLINKS+= CMS_get1_ReceiptRequest.3 CMS_ReceiptRequest_get0_values.3 -MLINKS+= CMS_get1_ReceiptRequest.3 CMS_add1_ReceiptRequest.3 MLINKS+= CMS_verify.3 CMS_get0_signers.3 +MLINKS+= CMS_add0_cert.3 CMS_get1_certs.3 +MLINKS+= CMS_add0_cert.3 CMS_get1_crls.3 +MLINKS+= CMS_get0_type.3 CMS_set1_eContentType.3 +MLINKS+= CMS_sign.3 CMS_sign_ex.3 +MLINKS+= CONF_modules_load_file.3 CONF_get1_default_config_file.3 MLINKS+= CONF_modules_free.3 CONF_modules_finish.3 -MLINKS+= CONF_modules_free.3 CONF_modules_unload.3 MLINKS+= CONF_modules_load_file.3 CONF_modules_load.3 +MLINKS+= CONF_modules_load_file.3 CONF_modules_load_file_ex.3 +MLINKS+= CONF_modules_free.3 CONF_modules_unload.3 +MLINKS+= X509_dup.3 CRL_DIST_POINTS_free.3 +MLINKS+= X509_dup.3 CRL_DIST_POINTS_new.3 +MLINKS+= CRYPTO_get_ex_new_index.3 CRYPTO_EX_dup.3 +MLINKS+= CRYPTO_get_ex_new_index.3 CRYPTO_EX_free.3 +MLINKS+= CRYPTO_get_ex_new_index.3 CRYPTO_EX_new.3 MLINKS+= CRYPTO_THREAD_run_once.3 CRYPTO_THREAD_lock_free.3 MLINKS+= CRYPTO_THREAD_run_once.3 CRYPTO_THREAD_lock_new.3 MLINKS+= CRYPTO_THREAD_run_once.3 CRYPTO_THREAD_read_lock.3 MLINKS+= CRYPTO_THREAD_run_once.3 CRYPTO_THREAD_unlock.3 MLINKS+= CRYPTO_THREAD_run_once.3 CRYPTO_THREAD_write_lock.3 +MLINKS+= CRYPTO_get_ex_new_index.3 CRYPTO_alloc_ex_data.3 MLINKS+= CRYPTO_THREAD_run_once.3 CRYPTO_atomic_add.3 -MLINKS+= CRYPTO_get_ex_new_index.3 CRYPTO_EX_dup.3 -MLINKS+= CRYPTO_get_ex_new_index.3 CRYPTO_EX_free.3 -MLINKS+= CRYPTO_get_ex_new_index.3 CRYPTO_EX_new.3 +MLINKS+= CRYPTO_THREAD_run_once.3 CRYPTO_atomic_load.3 +MLINKS+= CRYPTO_THREAD_run_once.3 CRYPTO_atomic_or.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_clear_free.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_clear_realloc.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_free.3 MLINKS+= CRYPTO_get_ex_new_index.3 CRYPTO_free_ex_data.3 MLINKS+= CRYPTO_get_ex_new_index.3 CRYPTO_free_ex_index.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_free_fn.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_get_alloc_counts.3 MLINKS+= CRYPTO_get_ex_new_index.3 CRYPTO_get_ex_data.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_get_mem_functions.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_malloc.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_malloc_fn.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_mem_ctrl.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_mem_debug_pop.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_mem_debug_push.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_mem_leaks.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_mem_leaks_cb.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_mem_leaks_fp.3 MLINKS+= CRYPTO_get_ex_new_index.3 CRYPTO_new_ex_data.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_realloc.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_realloc_fn.3 +MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_allocated.3 +MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_clear_free.3 +MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_free.3 +MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_malloc.3 +MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_malloc_done.3 +MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_malloc_init.3 +MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_malloc_initialized.3 +MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_used.3 +MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_zalloc.3 MLINKS+= CRYPTO_get_ex_new_index.3 CRYPTO_set_ex_data.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_set_mem_debug.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_set_mem_functions.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_strdup.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_strndup.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_zalloc.3 MLINKS+= CTLOG_STORE_new.3 CTLOG_STORE_free.3 MLINKS+= CTLOG_STORE_new.3 CTLOG_STORE_load_default_file.3 MLINKS+= CTLOG_STORE_new.3 CTLOG_STORE_load_file.3 +MLINKS+= CTLOG_STORE_new.3 CTLOG_STORE_new_ex.3 MLINKS+= CTLOG_new.3 CTLOG_free.3 MLINKS+= CTLOG_new.3 CTLOG_get0_log_id.3 MLINKS+= CTLOG_new.3 CTLOG_get0_name.3 MLINKS+= CTLOG_new.3 CTLOG_get0_public_key.3 +MLINKS+= CTLOG_new.3 CTLOG_new_ex.3 MLINKS+= CTLOG_new.3 CTLOG_new_from_base64.3 +MLINKS+= CTLOG_new.3 CTLOG_new_from_base64_ex.3 MLINKS+= CT_POLICY_EVAL_CTX_new.3 CT_POLICY_EVAL_CTX_free.3 MLINKS+= CT_POLICY_EVAL_CTX_new.3 CT_POLICY_EVAL_CTX_get0_cert.3 MLINKS+= CT_POLICY_EVAL_CTX_new.3 CT_POLICY_EVAL_CTX_get0_issuer.3 MLINKS+= CT_POLICY_EVAL_CTX_new.3 CT_POLICY_EVAL_CTX_get0_log_store.3 MLINKS+= CT_POLICY_EVAL_CTX_new.3 CT_POLICY_EVAL_CTX_get_time.3 +MLINKS+= CT_POLICY_EVAL_CTX_new.3 CT_POLICY_EVAL_CTX_new_ex.3 MLINKS+= CT_POLICY_EVAL_CTX_new.3 CT_POLICY_EVAL_CTX_set1_cert.3 MLINKS+= CT_POLICY_EVAL_CTX_new.3 CT_POLICY_EVAL_CTX_set1_issuer.3 MLINKS+= CT_POLICY_EVAL_CTX_new.3 CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE.3 MLINKS+= CT_POLICY_EVAL_CTX_new.3 CT_POLICY_EVAL_CTX_set_time.3 +MLINKS+= X509_dup.3 DECLARE_ASN1_FUNCTIONS.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 DECLARE_LHASH_OF.3 +MLINKS+= PEM_read_CMS.3 DECLARE_PEM_rw.3 MLINKS+= DEFINE_STACK_OF.3 DEFINE_SPECIAL_STACK_OF.3 MLINKS+= DEFINE_STACK_OF.3 DEFINE_SPECIAL_STACK_OF_CONST.3 MLINKS+= DEFINE_STACK_OF.3 DEFINE_STACK_OF_CONST.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_deep_copy.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_delete.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_delete_ptr.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_dup.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_find.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_find_ex.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_free.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_insert.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_is_sorted.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_new.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_new_null.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_new_reserve.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_num.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_pop.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_pop_free.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_push.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_reserve.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_set.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_set_cmp_func.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_shift.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_sort.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_unshift.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_value.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_zero.3 MLINKS+= DES_random_key.3 DES_cbc_cksum.3 MLINKS+= DES_random_key.3 DES_cfb64_encrypt.3 MLINKS+= DES_random_key.3 DES_cfb_encrypt.3 @@ -1005,15 +1237,18 @@ MLINKS+= DES_random_key.3 DES_set_odd_parity.3 MLINKS+= DES_random_key.3 DES_string_to_2keys.3 MLINKS+= DES_random_key.3 DES_string_to_key.3 MLINKS+= DES_random_key.3 DES_xcbc_encrypt.3 -MLINKS+= DH_generate_key.3 DH_compute_key.3 -MLINKS+= DH_generate_key.3 DH_compute_key_padded.3 +MLINKS+= DH_set_method.3 DH_OpenSSL.3 +MLINKS+= DH_size.3 DH_bits.3 MLINKS+= DH_generate_parameters.3 DH_check.3 MLINKS+= DH_generate_parameters.3 DH_check_ex.3 MLINKS+= DH_generate_parameters.3 DH_check_params.3 MLINKS+= DH_generate_parameters.3 DH_check_params_ex.3 MLINKS+= DH_generate_parameters.3 DH_check_pub_key_ex.3 -MLINKS+= DH_generate_parameters.3 DH_generate_parameters_ex.3 MLINKS+= DH_get0_pqg.3 DH_clear_flags.3 +MLINKS+= DH_generate_key.3 DH_compute_key.3 +MLINKS+= DH_generate_key.3 DH_compute_key_padded.3 +MLINKS+= DH_new.3 DH_free.3 +MLINKS+= DH_generate_parameters.3 DH_generate_parameters_ex.3 MLINKS+= DH_get0_pqg.3 DH_get0_engine.3 MLINKS+= DH_get0_pqg.3 DH_get0_g.3 MLINKS+= DH_get0_pqg.3 DH_get0_key.3 @@ -1021,27 +1256,13 @@ MLINKS+= DH_get0_pqg.3 DH_get0_p.3 MLINKS+= DH_get0_pqg.3 DH_get0_priv_key.3 MLINKS+= DH_get0_pqg.3 DH_get0_pub_key.3 MLINKS+= DH_get0_pqg.3 DH_get0_q.3 -MLINKS+= DH_get0_pqg.3 DH_get_length.3 -MLINKS+= DH_get0_pqg.3 DH_set0_key.3 -MLINKS+= DH_get0_pqg.3 DH_set0_pqg.3 -MLINKS+= DH_get0_pqg.3 DH_set_flags.3 -MLINKS+= DH_get0_pqg.3 DH_set_length.3 -MLINKS+= DH_get0_pqg.3 DH_test_flags.3 -MLINKS+= DH_get_1024_160.3 BN_get0_nist_prime_192.3 -MLINKS+= DH_get_1024_160.3 BN_get0_nist_prime_224.3 -MLINKS+= DH_get_1024_160.3 BN_get0_nist_prime_256.3 -MLINKS+= DH_get_1024_160.3 BN_get0_nist_prime_384.3 -MLINKS+= DH_get_1024_160.3 BN_get0_nist_prime_521.3 -MLINKS+= DH_get_1024_160.3 BN_get_rfc2409_prime_1024.3 -MLINKS+= DH_get_1024_160.3 BN_get_rfc2409_prime_768.3 -MLINKS+= DH_get_1024_160.3 BN_get_rfc3526_prime_1536.3 -MLINKS+= DH_get_1024_160.3 BN_get_rfc3526_prime_2048.3 -MLINKS+= DH_get_1024_160.3 BN_get_rfc3526_prime_3072.3 -MLINKS+= DH_get_1024_160.3 BN_get_rfc3526_prime_4096.3 -MLINKS+= DH_get_1024_160.3 BN_get_rfc3526_prime_6144.3 -MLINKS+= DH_get_1024_160.3 BN_get_rfc3526_prime_8192.3 MLINKS+= DH_get_1024_160.3 DH_get_2048_224.3 MLINKS+= DH_get_1024_160.3 DH_get_2048_256.3 +MLINKS+= DH_set_method.3 DH_get_default_method.3 +MLINKS+= BIO_get_ex_new_index.3 DH_get_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 DH_get_ex_new_index.3 +MLINKS+= DH_get0_pqg.3 DH_get_length.3 +MLINKS+= DH_new_by_nid.3 DH_get_nid.3 MLINKS+= DH_meth_new.3 DH_meth_dup.3 MLINKS+= DH_meth_new.3 DH_meth_free.3 MLINKS+= DH_meth_new.3 DH_meth_get0_app_data.3 @@ -1062,20 +1283,34 @@ MLINKS+= DH_meth_new.3 DH_meth_set_flags.3 MLINKS+= DH_meth_new.3 DH_meth_set_generate_key.3 MLINKS+= DH_meth_new.3 DH_meth_set_generate_params.3 MLINKS+= DH_meth_new.3 DH_meth_set_init.3 -MLINKS+= DH_new.3 DH_free.3 -MLINKS+= DH_new_by_nid.3 DH_get_nid.3 -MLINKS+= DH_set_method.3 DH_OpenSSL.3 -MLINKS+= DH_set_method.3 DH_get_default_method.3 MLINKS+= DH_set_method.3 DH_new_method.3 -MLINKS+= DH_set_method.3 DH_set_default_method.3 -MLINKS+= DH_size.3 DH_bits.3 MLINKS+= DH_size.3 DH_security_bits.3 +MLINKS+= DH_get0_pqg.3 DH_set0_key.3 +MLINKS+= DH_get0_pqg.3 DH_set0_pqg.3 +MLINKS+= DH_set_method.3 DH_set_default_method.3 +MLINKS+= BIO_get_ex_new_index.3 DH_set_ex_data.3 +MLINKS+= DH_get0_pqg.3 DH_set_flags.3 +MLINKS+= DH_get0_pqg.3 DH_set_length.3 +MLINKS+= DH_get0_pqg.3 DH_test_flags.3 +MLINKS+= RSA_print.3 DHparams_print.3 +MLINKS+= RSA_print.3 DHparams_print_fp.3 +MLINKS+= X509_dup.3 DIRECTORYSTRING_free.3 +MLINKS+= X509_dup.3 DIRECTORYSTRING_new.3 +MLINKS+= X509_dup.3 DISPLAYTEXT_free.3 +MLINKS+= X509_dup.3 DISPLAYTEXT_new.3 +MLINKS+= X509_dup.3 DIST_POINT_NAME_free.3 +MLINKS+= X509_dup.3 DIST_POINT_NAME_new.3 +MLINKS+= X509_dup.3 DIST_POINT_free.3 +MLINKS+= X509_dup.3 DIST_POINT_new.3 +MLINKS+= DSA_set_method.3 DSA_OpenSSL.3 MLINKS+= DSA_SIG_new.3 DSA_SIG_free.3 MLINKS+= DSA_SIG_new.3 DSA_SIG_get0.3 MLINKS+= DSA_SIG_new.3 DSA_SIG_set0.3 +MLINKS+= DSA_size.3 DSA_bits.3 +MLINKS+= DSA_get0_pqg.3 DSA_clear_flags.3 MLINKS+= DSA_do_sign.3 DSA_do_verify.3 +MLINKS+= DSA_new.3 DSA_free.3 MLINKS+= DSA_generate_parameters.3 DSA_generate_parameters_ex.3 -MLINKS+= DSA_get0_pqg.3 DSA_clear_flags.3 MLINKS+= DSA_get0_pqg.3 DSA_get0_engine.3 MLINKS+= DSA_get0_pqg.3 DSA_get0_g.3 MLINKS+= DSA_get0_pqg.3 DSA_get0_key.3 @@ -1083,10 +1318,9 @@ MLINKS+= DSA_get0_pqg.3 DSA_get0_p.3 MLINKS+= DSA_get0_pqg.3 DSA_get0_priv_key.3 MLINKS+= DSA_get0_pqg.3 DSA_get0_pub_key.3 MLINKS+= DSA_get0_pqg.3 DSA_get0_q.3 -MLINKS+= DSA_get0_pqg.3 DSA_set0_key.3 -MLINKS+= DSA_get0_pqg.3 DSA_set0_pqg.3 -MLINKS+= DSA_get0_pqg.3 DSA_set_flags.3 -MLINKS+= DSA_get0_pqg.3 DSA_test_flags.3 +MLINKS+= DSA_set_method.3 DSA_get_default_method.3 +MLINKS+= BIO_get_ex_new_index.3 DSA_get_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 DSA_get_ex_new_index.3 MLINKS+= DSA_meth_new.3 DSA_meth_dup.3 MLINKS+= DSA_meth_new.3 DSA_meth_free.3 MLINKS+= DSA_meth_new.3 DSA_meth_get0_app_data.3 @@ -1113,30 +1347,47 @@ MLINKS+= DSA_meth_new.3 DSA_meth_set_paramgen.3 MLINKS+= DSA_meth_new.3 DSA_meth_set_sign.3 MLINKS+= DSA_meth_new.3 DSA_meth_set_sign_setup.3 MLINKS+= DSA_meth_new.3 DSA_meth_set_verify.3 -MLINKS+= DSA_new.3 DSA_free.3 -MLINKS+= DSA_set_method.3 DSA_OpenSSL.3 -MLINKS+= DSA_set_method.3 DSA_get_default_method.3 MLINKS+= DSA_set_method.3 DSA_new_method.3 +MLINKS+= RSA_print.3 DSA_print.3 +MLINKS+= RSA_print.3 DSA_print_fp.3 +MLINKS+= DSA_size.3 DSA_security_bits.3 +MLINKS+= DSA_get0_pqg.3 DSA_set0_key.3 +MLINKS+= DSA_get0_pqg.3 DSA_set0_pqg.3 MLINKS+= DSA_set_method.3 DSA_set_default_method.3 +MLINKS+= BIO_get_ex_new_index.3 DSA_set_ex_data.3 +MLINKS+= DSA_get0_pqg.3 DSA_set_flags.3 MLINKS+= DSA_sign.3 DSA_sign_setup.3 +MLINKS+= DSA_get0_pqg.3 DSA_test_flags.3 MLINKS+= DSA_sign.3 DSA_verify.3 -MLINKS+= DSA_size.3 DSA_bits.3 -MLINKS+= DSA_size.3 DSA_security_bits.3 +MLINKS+= X509_dup.3 DSAparams_dup.3 +MLINKS+= RSA_print.3 DSAparams_print.3 +MLINKS+= RSA_print.3 DSAparams_print_fp.3 +MLINKS+= SSL_CTX_new.3 DTLS_client_method.3 +MLINKS+= SSL_CTX_new.3 DTLS_method.3 +MLINKS+= SSL_CTX_new.3 DTLS_server_method.3 MLINKS+= DTLS_set_timer_cb.3 DTLS_timer_cb.3 -MLINKS+= DTLSv1_listen.3 SSL_stateless.3 +MLINKS+= SSL_CTX_new.3 DTLSv1_2_client_method.3 +MLINKS+= SSL_CTX_new.3 DTLSv1_2_method.3 +MLINKS+= SSL_CTX_new.3 DTLSv1_2_server_method.3 +MLINKS+= SSL_CTX_new.3 DTLSv1_client_method.3 +MLINKS+= SSL_CTX_new.3 DTLSv1_method.3 +MLINKS+= SSL_CTX_new.3 DTLSv1_server_method.3 MLINKS+= ECDSA_SIG_new.3 ECDSA_SIG_free.3 MLINKS+= ECDSA_SIG_new.3 ECDSA_SIG_get0.3 MLINKS+= ECDSA_SIG_new.3 ECDSA_SIG_get0_r.3 MLINKS+= ECDSA_SIG_new.3 ECDSA_SIG_get0_s.3 MLINKS+= ECDSA_SIG_new.3 ECDSA_SIG_set0.3 -MLINKS+= ECDSA_SIG_new.3 ECDSA_do_sign.3 -MLINKS+= ECDSA_SIG_new.3 ECDSA_do_sign_ex.3 -MLINKS+= ECDSA_SIG_new.3 ECDSA_do_verify.3 -MLINKS+= ECDSA_SIG_new.3 ECDSA_sign.3 -MLINKS+= ECDSA_SIG_new.3 ECDSA_sign_ex.3 -MLINKS+= ECDSA_SIG_new.3 ECDSA_sign_setup.3 -MLINKS+= ECDSA_SIG_new.3 ECDSA_size.3 -MLINKS+= ECDSA_SIG_new.3 ECDSA_verify.3 +MLINKS+= ECDSA_sign.3 ECDSA_do_sign.3 +MLINKS+= ECDSA_sign.3 ECDSA_do_sign_ex.3 +MLINKS+= ECDSA_sign.3 ECDSA_do_verify.3 +MLINKS+= ECDSA_sign.3 ECDSA_sign_ex.3 +MLINKS+= ECDSA_sign.3 ECDSA_sign_setup.3 +MLINKS+= ECDSA_sign.3 ECDSA_size.3 +MLINKS+= ECDSA_sign.3 ECDSA_verify.3 +MLINKS+= X509_dup.3 ECPARAMETERS_free.3 +MLINKS+= X509_dup.3 ECPARAMETERS_new.3 +MLINKS+= X509_dup.3 ECPKPARAMETERS_free.3 +MLINKS+= X509_dup.3 ECPKPARAMETERS_new.3 MLINKS+= ECPKParameters_print.3 ECPKParameters_print_fp.3 MLINKS+= EC_GFp_simple_method.3 EC_GF2m_simple_method.3 MLINKS+= EC_GFp_simple_method.3 EC_GFp_mont_method.3 @@ -1144,49 +1395,53 @@ MLINKS+= EC_GFp_simple_method.3 EC_GFp_nist_method.3 MLINKS+= EC_GFp_simple_method.3 EC_GFp_nistp224_method.3 MLINKS+= EC_GFp_simple_method.3 EC_GFp_nistp256_method.3 MLINKS+= EC_GFp_simple_method.3 EC_GFp_nistp521_method.3 -MLINKS+= EC_GFp_simple_method.3 EC_METHOD_get_field_type.3 MLINKS+= EC_GROUP_copy.3 EC_GROUP_check.3 MLINKS+= EC_GROUP_copy.3 EC_GROUP_check_discriminant.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_check_named_curve.3 +MLINKS+= EC_GROUP_new.3 EC_GROUP_clear_free.3 MLINKS+= EC_GROUP_copy.3 EC_GROUP_cmp.3 MLINKS+= EC_GROUP_copy.3 EC_GROUP_dup.3 +MLINKS+= EC_GROUP_new.3 EC_GROUP_free.3 MLINKS+= EC_GROUP_copy.3 EC_GROUP_get0_cofactor.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_get0_field.3 MLINKS+= EC_GROUP_copy.3 EC_GROUP_get0_generator.3 MLINKS+= EC_GROUP_copy.3 EC_GROUP_get0_order.3 MLINKS+= EC_GROUP_copy.3 EC_GROUP_get0_seed.3 MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_asn1_flag.3 MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_basis_type.3 MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_cofactor.3 +MLINKS+= EC_GROUP_new.3 EC_GROUP_get_curve.3 +MLINKS+= EC_GROUP_new.3 EC_GROUP_get_curve_GF2m.3 +MLINKS+= EC_GROUP_new.3 EC_GROUP_get_curve_GFp.3 MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_curve_name.3 MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_degree.3 +MLINKS+= EC_GROUP_new.3 EC_GROUP_get_ecparameters.3 +MLINKS+= EC_GROUP_new.3 EC_GROUP_get_ecpkparameters.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_field_type.3 MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_order.3 MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_pentanomial_basis.3 MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_point_conversion_form.3 MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_seed_len.3 MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_trinomial_basis.3 +MLINKS+= EC_POINT_add.3 EC_GROUP_have_precompute_mult.3 MLINKS+= EC_GROUP_copy.3 EC_GROUP_method_of.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_order_bits.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_set_asn1_flag.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_set_curve_name.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_set_generator.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_set_point_conversion_form.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_set_seed.3 -MLINKS+= EC_GROUP_new.3 EC_GROUP_clear_free.3 -MLINKS+= EC_GROUP_new.3 EC_GROUP_free.3 -MLINKS+= EC_GROUP_new.3 EC_GROUP_get_curve.3 -MLINKS+= EC_GROUP_new.3 EC_GROUP_get_curve_GF2m.3 -MLINKS+= EC_GROUP_new.3 EC_GROUP_get_curve_GFp.3 -MLINKS+= EC_GROUP_new.3 EC_GROUP_get_ecparameters.3 -MLINKS+= EC_GROUP_new.3 EC_GROUP_get_ecpkparameters.3 MLINKS+= EC_GROUP_new.3 EC_GROUP_new_by_curve_name.3 +MLINKS+= EC_GROUP_new.3 EC_GROUP_new_by_curve_name_ex.3 MLINKS+= EC_GROUP_new.3 EC_GROUP_new_curve_GF2m.3 MLINKS+= EC_GROUP_new.3 EC_GROUP_new_curve_GFp.3 MLINKS+= EC_GROUP_new.3 EC_GROUP_new_from_ecparameters.3 MLINKS+= EC_GROUP_new.3 EC_GROUP_new_from_ecpkparameters.3 +MLINKS+= EC_GROUP_new.3 EC_GROUP_new_from_params.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_order_bits.3 +MLINKS+= EC_POINT_add.3 EC_GROUP_precompute_mult.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_set_asn1_flag.3 MLINKS+= EC_GROUP_new.3 EC_GROUP_set_curve.3 MLINKS+= EC_GROUP_new.3 EC_GROUP_set_curve_GF2m.3 MLINKS+= EC_GROUP_new.3 EC_GROUP_set_curve_GFp.3 -MLINKS+= EC_GROUP_new.3 EC_get_builtin_curves.3 -MLINKS+= EC_KEY_get_enc_flags.3 EC_KEY_set_enc_flags.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_set_curve_name.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_set_generator.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_set_point_conversion_form.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_set_seed.3 MLINKS+= EC_KEY_new.3 EC_KEY_check_key.3 MLINKS+= EC_KEY_new.3 EC_KEY_clear_flags.3 MLINKS+= EC_KEY_new.3 EC_KEY_copy.3 @@ -1199,10 +1454,14 @@ MLINKS+= EC_KEY_new.3 EC_KEY_get0_group.3 MLINKS+= EC_KEY_new.3 EC_KEY_get0_private_key.3 MLINKS+= EC_KEY_new.3 EC_KEY_get0_public_key.3 MLINKS+= EC_KEY_new.3 EC_KEY_get_conv_form.3 +MLINKS+= BIO_get_ex_new_index.3 EC_KEY_get_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 EC_KEY_get_ex_new_index.3 MLINKS+= EC_KEY_new.3 EC_KEY_get_flags.3 MLINKS+= EC_KEY_new.3 EC_KEY_get_method.3 MLINKS+= EC_KEY_new.3 EC_KEY_key2buf.3 MLINKS+= EC_KEY_new.3 EC_KEY_new_by_curve_name.3 +MLINKS+= EC_KEY_new.3 EC_KEY_new_by_curve_name_ex.3 +MLINKS+= EC_KEY_new.3 EC_KEY_new_ex.3 MLINKS+= EC_KEY_new.3 EC_KEY_oct2key.3 MLINKS+= EC_KEY_new.3 EC_KEY_oct2priv.3 MLINKS+= EC_KEY_new.3 EC_KEY_precompute_mult.3 @@ -1210,6 +1469,8 @@ MLINKS+= EC_KEY_new.3 EC_KEY_priv2buf.3 MLINKS+= EC_KEY_new.3 EC_KEY_priv2oct.3 MLINKS+= EC_KEY_new.3 EC_KEY_set_asn1_flag.3 MLINKS+= EC_KEY_new.3 EC_KEY_set_conv_form.3 +MLINKS+= EC_KEY_get_enc_flags.3 EC_KEY_set_enc_flags.3 +MLINKS+= BIO_get_ex_new_index.3 EC_KEY_set_ex_data.3 MLINKS+= EC_KEY_new.3 EC_KEY_set_flags.3 MLINKS+= EC_KEY_new.3 EC_KEY_set_group.3 MLINKS+= EC_KEY_new.3 EC_KEY_set_method.3 @@ -1217,20 +1478,12 @@ MLINKS+= EC_KEY_new.3 EC_KEY_set_private_key.3 MLINKS+= EC_KEY_new.3 EC_KEY_set_public_key.3 MLINKS+= EC_KEY_new.3 EC_KEY_set_public_key_affine_coordinates.3 MLINKS+= EC_KEY_new.3 EC_KEY_up_ref.3 -MLINKS+= EC_POINT_add.3 EC_GROUP_have_precompute_mult.3 -MLINKS+= EC_POINT_add.3 EC_GROUP_precompute_mult.3 -MLINKS+= EC_POINT_add.3 EC_POINT_cmp.3 -MLINKS+= EC_POINT_add.3 EC_POINT_dbl.3 -MLINKS+= EC_POINT_add.3 EC_POINT_invert.3 -MLINKS+= EC_POINT_add.3 EC_POINT_is_at_infinity.3 -MLINKS+= EC_POINT_add.3 EC_POINT_is_on_curve.3 -MLINKS+= EC_POINT_add.3 EC_POINT_make_affine.3 -MLINKS+= EC_POINT_add.3 EC_POINT_mul.3 -MLINKS+= EC_POINT_add.3 EC_POINTs_make_affine.3 -MLINKS+= EC_POINT_add.3 EC_POINTs_mul.3 +MLINKS+= EC_GFp_simple_method.3 EC_METHOD_get_field_type.3 MLINKS+= EC_POINT_new.3 EC_POINT_bn2point.3 MLINKS+= EC_POINT_new.3 EC_POINT_clear_free.3 +MLINKS+= EC_POINT_add.3 EC_POINT_cmp.3 MLINKS+= EC_POINT_new.3 EC_POINT_copy.3 +MLINKS+= EC_POINT_add.3 EC_POINT_dbl.3 MLINKS+= EC_POINT_new.3 EC_POINT_dup.3 MLINKS+= EC_POINT_new.3 EC_POINT_free.3 MLINKS+= EC_POINT_new.3 EC_POINT_get_Jprojective_coordinates_GFp.3 @@ -1238,7 +1491,12 @@ MLINKS+= EC_POINT_new.3 EC_POINT_get_affine_coordinates.3 MLINKS+= EC_POINT_new.3 EC_POINT_get_affine_coordinates_GF2m.3 MLINKS+= EC_POINT_new.3 EC_POINT_get_affine_coordinates_GFp.3 MLINKS+= EC_POINT_new.3 EC_POINT_hex2point.3 +MLINKS+= EC_POINT_add.3 EC_POINT_invert.3 +MLINKS+= EC_POINT_add.3 EC_POINT_is_at_infinity.3 +MLINKS+= EC_POINT_add.3 EC_POINT_is_on_curve.3 +MLINKS+= EC_POINT_add.3 EC_POINT_make_affine.3 MLINKS+= EC_POINT_new.3 EC_POINT_method_of.3 +MLINKS+= EC_POINT_add.3 EC_POINT_mul.3 MLINKS+= EC_POINT_new.3 EC_POINT_oct2point.3 MLINKS+= EC_POINT_new.3 EC_POINT_point2bn.3 MLINKS+= EC_POINT_new.3 EC_POINT_point2buf.3 @@ -1252,6 +1510,12 @@ MLINKS+= EC_POINT_new.3 EC_POINT_set_compressed_coordinates.3 MLINKS+= EC_POINT_new.3 EC_POINT_set_compressed_coordinates_GF2m.3 MLINKS+= EC_POINT_new.3 EC_POINT_set_compressed_coordinates_GFp.3 MLINKS+= EC_POINT_new.3 EC_POINT_set_to_infinity.3 +MLINKS+= EC_POINT_add.3 EC_POINTs_make_affine.3 +MLINKS+= EC_POINT_add.3 EC_POINTs_mul.3 +MLINKS+= EC_GROUP_new.3 EC_get_builtin_curves.3 +MLINKS+= X509_dup.3 EDIPARTYNAME_free.3 +MLINKS+= X509_dup.3 EDIPARTYNAME_new.3 +MLINKS+= OPENSSL_load_builtin_modules.3 ENGINE_add_conf_module.3 MLINKS+= ENGINE_add.3 ENGINE_by_id.3 MLINKS+= ENGINE_add.3 ENGINE_cleanup.3 MLINKS+= ENGINE_add.3 ENGINE_cmd_is_executable.3 @@ -1277,6 +1541,8 @@ MLINKS+= ENGINE_add.3 ENGINE_get_destroy_function.3 MLINKS+= ENGINE_add.3 ENGINE_get_digest.3 MLINKS+= ENGINE_add.3 ENGINE_get_digest_engine.3 MLINKS+= ENGINE_add.3 ENGINE_get_digests.3 +MLINKS+= BIO_get_ex_new_index.3 ENGINE_get_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 ENGINE_get_ex_new_index.3 MLINKS+= ENGINE_add.3 ENGINE_get_finish_function.3 MLINKS+= ENGINE_add.3 ENGINE_get_first.3 MLINKS+= ENGINE_add.3 ENGINE_get_flags.3 @@ -1326,6 +1592,7 @@ MLINKS+= ENGINE_add.3 ENGINE_set_default_digests.3 MLINKS+= ENGINE_add.3 ENGINE_set_default_string.3 MLINKS+= ENGINE_add.3 ENGINE_set_destroy_function.3 MLINKS+= ENGINE_add.3 ENGINE_set_digests.3 +MLINKS+= BIO_get_ex_new_index.3 ENGINE_set_ex_data.3 MLINKS+= ENGINE_add.3 ENGINE_set_finish_function.3 MLINKS+= ENGINE_add.3 ENGINE_set_flags.3 MLINKS+= ENGINE_add.3 ENGINE_set_id.3 @@ -1342,31 +1609,136 @@ MLINKS+= ENGINE_add.3 ENGINE_unregister_ciphers.3 MLINKS+= ENGINE_add.3 ENGINE_unregister_digests.3 MLINKS+= ENGINE_add.3 ENGINE_up_ref.3 MLINKS+= ERR_GET_LIB.3 ERR_FATAL_ERROR.3 -MLINKS+= ERR_GET_LIB.3 ERR_GET_FUNC.3 MLINKS+= ERR_GET_LIB.3 ERR_GET_REASON.3 +MLINKS+= ERR_load_strings.3 ERR_PACK.3 +MLINKS+= ERR_put_error.3 ERR_add_error_data.3 +MLINKS+= ERR_put_error.3 ERR_add_error_mem_bio.3 +MLINKS+= ERR_put_error.3 ERR_add_error_txt.3 +MLINKS+= ERR_put_error.3 ERR_add_error_vdata.3 +MLINKS+= ERR_set_mark.3 ERR_clear_last_mark.3 MLINKS+= ERR_error_string.3 ERR_error_string_n.3 +MLINKS+= ERR_load_crypto_strings.3 ERR_free_strings.3 MLINKS+= ERR_error_string.3 ERR_func_error_string.3 -MLINKS+= ERR_error_string.3 ERR_lib_error_string.3 -MLINKS+= ERR_error_string.3 ERR_reason_error_string.3 +MLINKS+= ERR_get_error.3 ERR_get_error_all.3 MLINKS+= ERR_get_error.3 ERR_get_error_line.3 MLINKS+= ERR_get_error.3 ERR_get_error_line_data.3 +MLINKS+= ERR_load_strings.3 ERR_get_next_error_library.3 +MLINKS+= ERR_error_string.3 ERR_lib_error_string.3 MLINKS+= ERR_get_error.3 ERR_peek_error.3 +MLINKS+= ERR_get_error.3 ERR_peek_error_all.3 +MLINKS+= ERR_get_error.3 ERR_peek_error_data.3 +MLINKS+= ERR_get_error.3 ERR_peek_error_func.3 MLINKS+= ERR_get_error.3 ERR_peek_error_line.3 MLINKS+= ERR_get_error.3 ERR_peek_error_line_data.3 MLINKS+= ERR_get_error.3 ERR_peek_last_error.3 +MLINKS+= ERR_get_error.3 ERR_peek_last_error_all.3 +MLINKS+= ERR_get_error.3 ERR_peek_last_error_data.3 +MLINKS+= ERR_get_error.3 ERR_peek_last_error_func.3 MLINKS+= ERR_get_error.3 ERR_peek_last_error_line.3 MLINKS+= ERR_get_error.3 ERR_peek_last_error_line_data.3 -MLINKS+= ERR_load_crypto_strings.3 ERR_free_strings.3 -MLINKS+= ERR_load_crypto_strings.3 SSL_load_error_strings.3 -MLINKS+= ERR_load_strings.3 ERR_PACK.3 -MLINKS+= ERR_load_strings.3 ERR_get_next_error_library.3 +MLINKS+= ERR_set_mark.3 ERR_pop_to_mark.3 MLINKS+= ERR_print_errors.3 ERR_print_errors_cb.3 MLINKS+= ERR_print_errors.3 ERR_print_errors_fp.3 -MLINKS+= ERR_put_error.3 ERR_add_error_data.3 -MLINKS+= ERR_put_error.3 ERR_add_error_vdata.3 +MLINKS+= ERR_put_error.3 ERR_raise.3 +MLINKS+= ERR_put_error.3 ERR_raise_data.3 +MLINKS+= ERR_error_string.3 ERR_reason_error_string.3 MLINKS+= ERR_remove_state.3 ERR_remove_thread_state.3 -MLINKS+= ERR_set_mark.3 ERR_pop_to_mark.3 +MLINKS+= ERR_new.3 ERR_set_debug.3 +MLINKS+= ERR_new.3 ERR_set_error.3 +MLINKS+= ERR_new.3 ERR_vset_error.3 +MLINKS+= X509_dup.3 ESS_CERT_ID_V2_dup.3 +MLINKS+= X509_dup.3 ESS_CERT_ID_V2_free.3 +MLINKS+= X509_dup.3 ESS_CERT_ID_V2_new.3 +MLINKS+= X509_dup.3 ESS_CERT_ID_dup.3 +MLINKS+= X509_dup.3 ESS_CERT_ID_free.3 +MLINKS+= X509_dup.3 ESS_CERT_ID_new.3 +MLINKS+= X509_dup.3 ESS_ISSUER_SERIAL_dup.3 +MLINKS+= X509_dup.3 ESS_ISSUER_SERIAL_free.3 +MLINKS+= X509_dup.3 ESS_ISSUER_SERIAL_new.3 +MLINKS+= X509_dup.3 ESS_SIGNING_CERT_V2_dup.3 +MLINKS+= X509_dup.3 ESS_SIGNING_CERT_V2_free.3 +MLINKS+= X509_dup.3 ESS_SIGNING_CERT_V2_it.3 +MLINKS+= X509_dup.3 ESS_SIGNING_CERT_V2_new.3 +MLINKS+= X509_dup.3 ESS_SIGNING_CERT_dup.3 +MLINKS+= X509_dup.3 ESS_SIGNING_CERT_free.3 +MLINKS+= X509_dup.3 ESS_SIGNING_CERT_it.3 +MLINKS+= X509_dup.3 ESS_SIGNING_CERT_new.3 +MLINKS+= EVP_ASYM_CIPHER_free.3 EVP_ASYM_CIPHER_do_all_provided.3 +MLINKS+= EVP_ASYM_CIPHER_free.3 EVP_ASYM_CIPHER_fetch.3 +MLINKS+= EVP_ASYM_CIPHER_free.3 EVP_ASYM_CIPHER_get0_description.3 +MLINKS+= EVP_ASYM_CIPHER_free.3 EVP_ASYM_CIPHER_get0_name.3 +MLINKS+= EVP_ASYM_CIPHER_free.3 EVP_ASYM_CIPHER_get0_provider.3 +MLINKS+= EVP_ASYM_CIPHER_free.3 EVP_ASYM_CIPHER_gettable_ctx_params.3 +MLINKS+= EVP_ASYM_CIPHER_free.3 EVP_ASYM_CIPHER_is_a.3 +MLINKS+= EVP_ASYM_CIPHER_free.3 EVP_ASYM_CIPHER_names_do_all.3 +MLINKS+= EVP_ASYM_CIPHER_free.3 EVP_ASYM_CIPHER_settable_ctx_params.3 +MLINKS+= EVP_ASYM_CIPHER_free.3 EVP_ASYM_CIPHER_up_ref.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_block_size.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_cipher.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_clear_flags.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_ctrl.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_encrypting.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_flags.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_free.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_get0_cipher.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_get0_name.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_get1_cipher.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_get_app_data.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_get_block_size.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_get_iv_length.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_get_key_length.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_get_mode.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_get_nid.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_get_num.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_get_params.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_get_tag_length.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_get_type.3 +MLINKS+= EVP_CIPHER_CTX_get_original_iv.3 EVP_CIPHER_CTX_get_updated_iv.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_gettable_params.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_is_encrypting.3 +MLINKS+= EVP_CIPHER_CTX_get_original_iv.3 EVP_CIPHER_CTX_iv.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_iv_length.3 +MLINKS+= EVP_CIPHER_CTX_get_original_iv.3 EVP_CIPHER_CTX_iv_noconst.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_key_length.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_mode.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_new.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_nid.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_num.3 +MLINKS+= EVP_CIPHER_CTX_get_original_iv.3 EVP_CIPHER_CTX_original_iv.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_reset.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_set_app_data.3 MLINKS+= EVP_CIPHER_CTX_get_cipher_data.3 EVP_CIPHER_CTX_set_cipher_data.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_set_flags.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_set_key_length.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_set_num.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_set_padding.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_set_params.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_settable_params.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_tag_length.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_test_flags.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_type.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_asn1_to_param.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_block_size.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_do_all_provided.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_fetch.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_flags.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_free.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_get0_description.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_get0_name.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_get0_provider.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_get_block_size.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_get_flags.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_get_iv_length.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_get_key_length.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_get_mode.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_get_nid.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_get_params.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_get_type.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_gettable_ctx_params.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_gettable_params.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_is_a.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_iv_length.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_key_length.3 MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_dup.3 MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_free.3 MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_get_cleanup.3 @@ -1384,99 +1756,191 @@ MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_set_impl_ctx_size.3 MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_set_init.3 MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_set_iv_length.3 MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_set_set_asn1_params.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_mode.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_name.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_names_do_all.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_nid.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_param_to_asn1.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_settable_ctx_params.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_type.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_up_ref.3 +MLINKS+= EVP_EncryptInit.3 EVP_Cipher.3 +MLINKS+= EVP_EncryptInit.3 EVP_CipherFinal.3 +MLINKS+= EVP_EncryptInit.3 EVP_CipherFinal_ex.3 +MLINKS+= EVP_EncryptInit.3 EVP_CipherInit.3 +MLINKS+= EVP_EncryptInit.3 EVP_CipherInit_ex.3 +MLINKS+= EVP_EncryptInit.3 EVP_CipherInit_ex2.3 +MLINKS+= EVP_EncryptInit.3 EVP_CipherUpdate.3 +MLINKS+= EVP_EncodeInit.3 EVP_DecodeBlock.3 +MLINKS+= EVP_EncodeInit.3 EVP_DecodeFinal.3 +MLINKS+= EVP_EncodeInit.3 EVP_DecodeInit.3 +MLINKS+= EVP_EncodeInit.3 EVP_DecodeUpdate.3 +MLINKS+= EVP_EncryptInit.3 EVP_DecryptFinal.3 +MLINKS+= EVP_EncryptInit.3 EVP_DecryptFinal_ex.3 +MLINKS+= EVP_EncryptInit.3 EVP_DecryptInit.3 +MLINKS+= EVP_EncryptInit.3 EVP_DecryptInit_ex.3 +MLINKS+= EVP_EncryptInit.3 EVP_DecryptInit_ex2.3 +MLINKS+= EVP_EncryptInit.3 EVP_DecryptUpdate.3 MLINKS+= EVP_DigestInit.3 EVP_Digest.3 MLINKS+= EVP_DigestInit.3 EVP_DigestFinal.3 MLINKS+= EVP_DigestInit.3 EVP_DigestFinalXOF.3 MLINKS+= EVP_DigestInit.3 EVP_DigestFinal_ex.3 MLINKS+= EVP_DigestInit.3 EVP_DigestInit_ex.3 +MLINKS+= EVP_DigestInit.3 EVP_DigestInit_ex2.3 +MLINKS+= EVP_DigestSignInit.3 EVP_DigestSign.3 +MLINKS+= EVP_DigestSignInit.3 EVP_DigestSignFinal.3 +MLINKS+= EVP_DigestSignInit.3 EVP_DigestSignInit_ex.3 +MLINKS+= EVP_DigestSignInit.3 EVP_DigestSignUpdate.3 MLINKS+= EVP_DigestInit.3 EVP_DigestUpdate.3 +MLINKS+= EVP_DigestVerifyInit.3 EVP_DigestVerify.3 +MLINKS+= EVP_DigestVerifyInit.3 EVP_DigestVerifyFinal.3 +MLINKS+= EVP_DigestVerifyInit.3 EVP_DigestVerifyInit_ex.3 +MLINKS+= EVP_DigestVerifyInit.3 EVP_DigestVerifyUpdate.3 +MLINKS+= EC_KEY_new.3 EVP_EC_gen.3 +MLINKS+= EVP_EncodeInit.3 EVP_ENCODE_CTX_copy.3 +MLINKS+= EVP_EncodeInit.3 EVP_ENCODE_CTX_free.3 +MLINKS+= EVP_EncodeInit.3 EVP_ENCODE_CTX_new.3 +MLINKS+= EVP_EncodeInit.3 EVP_ENCODE_CTX_num.3 +MLINKS+= EVP_EncodeInit.3 EVP_EncodeBlock.3 +MLINKS+= EVP_EncodeInit.3 EVP_EncodeFinal.3 +MLINKS+= EVP_EncodeInit.3 EVP_EncodeUpdate.3 +MLINKS+= EVP_EncryptInit.3 EVP_EncryptFinal.3 +MLINKS+= EVP_EncryptInit.3 EVP_EncryptFinal_ex.3 +MLINKS+= EVP_EncryptInit.3 EVP_EncryptInit_ex.3 +MLINKS+= EVP_EncryptInit.3 EVP_EncryptInit_ex2.3 +MLINKS+= EVP_EncryptInit.3 EVP_EncryptUpdate.3 +MLINKS+= EVP_KDF.3 EVP_KDF_CTX.3 +MLINKS+= EVP_KDF.3 EVP_KDF_CTX_dup.3 +MLINKS+= EVP_KDF.3 EVP_KDF_CTX_free.3 +MLINKS+= EVP_KDF.3 EVP_KDF_CTX_get_kdf_size.3 +MLINKS+= EVP_KDF.3 EVP_KDF_CTX_get_params.3 +MLINKS+= EVP_KDF.3 EVP_KDF_CTX_gettable_params.3 +MLINKS+= EVP_KDF.3 EVP_KDF_CTX_kdf.3 +MLINKS+= EVP_KDF.3 EVP_KDF_CTX_new.3 +MLINKS+= EVP_KDF.3 EVP_KDF_CTX_reset.3 +MLINKS+= EVP_KDF.3 EVP_KDF_CTX_set_params.3 +MLINKS+= EVP_KDF.3 EVP_KDF_CTX_settable_params.3 +MLINKS+= EVP_KDF.3 EVP_KDF_derive.3 +MLINKS+= EVP_KDF.3 EVP_KDF_do_all_provided.3 +MLINKS+= EVP_KDF.3 EVP_KDF_fetch.3 +MLINKS+= EVP_KDF.3 EVP_KDF_free.3 +MLINKS+= EVP_KDF.3 EVP_KDF_get0_description.3 +MLINKS+= EVP_KDF.3 EVP_KDF_get0_name.3 +MLINKS+= EVP_KDF.3 EVP_KDF_get0_provider.3 +MLINKS+= EVP_KDF.3 EVP_KDF_get_params.3 +MLINKS+= EVP_KDF.3 EVP_KDF_gettable_ctx_params.3 +MLINKS+= EVP_KDF.3 EVP_KDF_gettable_params.3 +MLINKS+= EVP_KDF.3 EVP_KDF_is_a.3 +MLINKS+= EVP_KDF.3 EVP_KDF_names_do_all.3 +MLINKS+= EVP_KDF.3 EVP_KDF_settable_ctx_params.3 +MLINKS+= EVP_KDF.3 EVP_KDF_up_ref.3 +MLINKS+= EVP_KEM_free.3 EVP_KEM_do_all_provided.3 +MLINKS+= EVP_KEM_free.3 EVP_KEM_fetch.3 +MLINKS+= EVP_KEM_free.3 EVP_KEM_get0_description.3 +MLINKS+= EVP_KEM_free.3 EVP_KEM_get0_name.3 +MLINKS+= EVP_KEM_free.3 EVP_KEM_get0_provider.3 +MLINKS+= EVP_KEM_free.3 EVP_KEM_gettable_ctx_params.3 +MLINKS+= EVP_KEM_free.3 EVP_KEM_is_a.3 +MLINKS+= EVP_KEM_free.3 EVP_KEM_names_do_all.3 +MLINKS+= EVP_KEM_free.3 EVP_KEM_settable_ctx_params.3 +MLINKS+= EVP_KEM_free.3 EVP_KEM_up_ref.3 +MLINKS+= EVP_KEYEXCH_free.3 EVP_KEYEXCH_do_all_provided.3 +MLINKS+= EVP_KEYEXCH_free.3 EVP_KEYEXCH_fetch.3 +MLINKS+= EVP_KEYEXCH_free.3 EVP_KEYEXCH_get0_description.3 +MLINKS+= EVP_KEYEXCH_free.3 EVP_KEYEXCH_get0_name.3 +MLINKS+= EVP_KEYEXCH_free.3 EVP_KEYEXCH_get0_provider.3 +MLINKS+= EVP_KEYEXCH_free.3 EVP_KEYEXCH_gettable_ctx_params.3 +MLINKS+= EVP_KEYEXCH_free.3 EVP_KEYEXCH_is_a.3 +MLINKS+= EVP_KEYEXCH_free.3 EVP_KEYEXCH_names_do_all.3 +MLINKS+= EVP_KEYEXCH_free.3 EVP_KEYEXCH_settable_ctx_params.3 +MLINKS+= EVP_KEYEXCH_free.3 EVP_KEYEXCH_up_ref.3 +MLINKS+= EVP_KEYMGMT.3 EVP_KEYMGMT_do_all_provided.3 +MLINKS+= EVP_KEYMGMT.3 EVP_KEYMGMT_fetch.3 +MLINKS+= EVP_KEYMGMT.3 EVP_KEYMGMT_free.3 +MLINKS+= EVP_KEYMGMT.3 EVP_KEYMGMT_gen_settable_params.3 +MLINKS+= EVP_KEYMGMT.3 EVP_KEYMGMT_get0_description.3 +MLINKS+= EVP_KEYMGMT.3 EVP_KEYMGMT_get0_name.3 +MLINKS+= EVP_KEYMGMT.3 EVP_KEYMGMT_get0_provider.3 +MLINKS+= EVP_KEYMGMT.3 EVP_KEYMGMT_gettable_params.3 +MLINKS+= EVP_KEYMGMT.3 EVP_KEYMGMT_is_a.3 +MLINKS+= EVP_KEYMGMT.3 EVP_KEYMGMT_names_do_all.3 +MLINKS+= EVP_KEYMGMT.3 EVP_KEYMGMT_settable_params.3 +MLINKS+= EVP_KEYMGMT.3 EVP_KEYMGMT_up_ref.3 +MLINKS+= EVP_MAC.3 EVP_MAC_CTX.3 +MLINKS+= EVP_MAC.3 EVP_MAC_CTX_dup.3 +MLINKS+= EVP_MAC.3 EVP_MAC_CTX_free.3 +MLINKS+= EVP_MAC.3 EVP_MAC_CTX_get0_mac.3 +MLINKS+= EVP_MAC.3 EVP_MAC_CTX_get_block_size.3 +MLINKS+= EVP_MAC.3 EVP_MAC_CTX_get_mac_size.3 +MLINKS+= EVP_MAC.3 EVP_MAC_CTX_get_params.3 +MLINKS+= EVP_MAC.3 EVP_MAC_CTX_gettable_params.3 +MLINKS+= EVP_MAC.3 EVP_MAC_CTX_new.3 +MLINKS+= EVP_MAC.3 EVP_MAC_CTX_set_params.3 +MLINKS+= EVP_MAC.3 EVP_MAC_CTX_settable_params.3 +MLINKS+= EVP_MAC.3 EVP_MAC_do_all_provided.3 +MLINKS+= EVP_MAC.3 EVP_MAC_fetch.3 +MLINKS+= EVP_MAC.3 EVP_MAC_final.3 +MLINKS+= EVP_MAC.3 EVP_MAC_finalXOF.3 +MLINKS+= EVP_MAC.3 EVP_MAC_free.3 +MLINKS+= EVP_MAC.3 EVP_MAC_get0_description.3 +MLINKS+= EVP_MAC.3 EVP_MAC_get0_name.3 +MLINKS+= EVP_MAC.3 EVP_MAC_get0_provider.3 +MLINKS+= EVP_MAC.3 EVP_MAC_get_params.3 +MLINKS+= EVP_MAC.3 EVP_MAC_gettable_ctx_params.3 +MLINKS+= EVP_MAC.3 EVP_MAC_gettable_params.3 +MLINKS+= EVP_MAC.3 EVP_MAC_init.3 +MLINKS+= EVP_MAC.3 EVP_MAC_is_a.3 +MLINKS+= EVP_MAC.3 EVP_MAC_names_do_all.3 +MLINKS+= EVP_MAC.3 EVP_MAC_settable_ctx_params.3 +MLINKS+= EVP_MAC.3 EVP_MAC_up_ref.3 +MLINKS+= EVP_MAC.3 EVP_MAC_update.3 MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_block_size.3 MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_clear_flags.3 MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_copy.3 MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_copy_ex.3 MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_ctrl.3 MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_free.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_get0_md.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_get0_md_data.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_get0_name.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_get1_md.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_get_block_size.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_get_params.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_get_pkey_ctx.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_get_size.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_get_type.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_gettable_params.3 MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_md.3 MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_md_data.3 MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_new.3 MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_pkey_ctx.3 MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_reset.3 MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_set_flags.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_set_params.3 MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_set_pkey_ctx.3 MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_set_update_fn.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_settable_params.3 MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_size.3 MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_test_flags.3 MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_type.3 MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_update_fn.3 MLINKS+= EVP_DigestInit.3 EVP_MD_block_size.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_do_all_provided.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_fetch.3 MLINKS+= EVP_DigestInit.3 EVP_MD_flags.3 -MLINKS+= EVP_DigestInit.3 EVP_MD_pkey_type.3 -MLINKS+= EVP_DigestInit.3 EVP_MD_size.3 -MLINKS+= EVP_DigestInit.3 EVP_MD_type.3 -MLINKS+= EVP_DigestInit.3 EVP_get_digestbyname.3 -MLINKS+= EVP_DigestInit.3 EVP_get_digestbynid.3 -MLINKS+= EVP_DigestInit.3 EVP_get_digestbyobj.3 -MLINKS+= EVP_DigestInit.3 EVP_md_null.3 -MLINKS+= EVP_DigestSignInit.3 EVP_DigestSign.3 -MLINKS+= EVP_DigestSignInit.3 EVP_DigestSignFinal.3 -MLINKS+= EVP_DigestSignInit.3 EVP_DigestSignUpdate.3 -MLINKS+= EVP_DigestVerifyInit.3 EVP_DigestVerify.3 -MLINKS+= EVP_DigestVerifyInit.3 EVP_DigestVerifyFinal.3 -MLINKS+= EVP_DigestVerifyInit.3 EVP_DigestVerifyUpdate.3 -MLINKS+= EVP_EncodeInit.3 EVP_DecodeBlock.3 -MLINKS+= EVP_EncodeInit.3 EVP_DecodeFinal.3 -MLINKS+= EVP_EncodeInit.3 EVP_DecodeInit.3 -MLINKS+= EVP_EncodeInit.3 EVP_DecodeUpdate.3 -MLINKS+= EVP_EncodeInit.3 EVP_ENCODE_CTX_copy.3 -MLINKS+= EVP_EncodeInit.3 EVP_ENCODE_CTX_free.3 -MLINKS+= EVP_EncodeInit.3 EVP_ENCODE_CTX_new.3 -MLINKS+= EVP_EncodeInit.3 EVP_ENCODE_CTX_num.3 -MLINKS+= EVP_EncodeInit.3 EVP_EncodeBlock.3 -MLINKS+= EVP_EncodeInit.3 EVP_EncodeFinal.3 -MLINKS+= EVP_EncodeInit.3 EVP_EncodeUpdate.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_block_size.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_cipher.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_ctrl.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_flags.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_free.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_get_app_data.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_iv_length.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_key_length.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_mode.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_new.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_nid.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_reset.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_set_app_data.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_set_key_length.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_set_padding.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_type.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_asn1_to_param.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_block_size.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_flags.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_iv_length.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_key_length.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_mode.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_nid.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_param_to_asn1.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_type.3 -MLINKS+= EVP_EncryptInit.3 EVP_CipherFinal.3 -MLINKS+= EVP_EncryptInit.3 EVP_CipherFinal_ex.3 -MLINKS+= EVP_EncryptInit.3 EVP_CipherInit.3 -MLINKS+= EVP_EncryptInit.3 EVP_CipherInit_ex.3 -MLINKS+= EVP_EncryptInit.3 EVP_CipherUpdate.3 -MLINKS+= EVP_EncryptInit.3 EVP_DecryptFinal.3 -MLINKS+= EVP_EncryptInit.3 EVP_DecryptFinal_ex.3 -MLINKS+= EVP_EncryptInit.3 EVP_DecryptInit.3 -MLINKS+= EVP_EncryptInit.3 EVP_DecryptInit_ex.3 -MLINKS+= EVP_EncryptInit.3 EVP_DecryptUpdate.3 -MLINKS+= EVP_EncryptInit.3 EVP_EncryptFinal.3 -MLINKS+= EVP_EncryptInit.3 EVP_EncryptFinal_ex.3 -MLINKS+= EVP_EncryptInit.3 EVP_EncryptInit_ex.3 -MLINKS+= EVP_EncryptInit.3 EVP_EncryptUpdate.3 -MLINKS+= EVP_EncryptInit.3 EVP_enc_null.3 -MLINKS+= EVP_EncryptInit.3 EVP_get_cipherbyname.3 -MLINKS+= EVP_EncryptInit.3 EVP_get_cipherbynid.3 -MLINKS+= EVP_EncryptInit.3 EVP_get_cipherbyobj.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_free.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_get0_description.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_get0_name.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_get0_provider.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_get_block_size.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_get_flags.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_get_params.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_get_pkey_type.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_get_size.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_get_type.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_gettable_ctx_params.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_gettable_params.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_is_a.3 MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_dup.3 MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_free.3 MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_get_app_datasize.3 @@ -1499,37 +1963,43 @@ MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_set_init.3 MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_set_input_blocksize.3 MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_set_result_size.3 MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_set_update.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_name.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_names_do_all.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_nid.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_pkey_type.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_settable_ctx_params.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_size.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_type.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_up_ref.3 MLINKS+= EVP_OpenInit.3 EVP_OpenFinal.3 MLINKS+= EVP_OpenInit.3 EVP_OpenUpdate.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_add0.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_add_alias.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_copy.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_free.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_new.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_check.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_ctrl.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_free.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_get_priv_key.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_get_pub_key.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_item.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_param.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_param_check.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_private.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_public.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_public_check.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_security_bits.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_set_priv_key.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_set_pub_key.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_siginf.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_get0_asn1.3 +MLINKS+= EVP_PBE_CipherInit.3 EVP_PBE_CipherInit_ex.3 +MLINKS+= EVP_PBE_CipherInit.3 EVP_PBE_alg_add.3 +MLINKS+= EVP_PBE_CipherInit.3 EVP_PBE_alg_add_type.3 +MLINKS+= EVP_PBE_CipherInit.3 EVP_PBE_find.3 +MLINKS+= EVP_PBE_CipherInit.3 EVP_PBE_find_ex.3 +MLINKS+= PKCS5_PBE_keyivgen.3 EVP_PBE_scrypt.3 +MLINKS+= PKCS5_PBE_keyivgen.3 EVP_PBE_scrypt_ex.3 +MLINKS+= EVP_PKEY2PKCS8.3 EVP_PKCS82PKEY.3 +MLINKS+= EVP_PKEY2PKCS8.3 EVP_PKCS82PKEY_ex.3 +MLINKS+= EVP_PKEY_new.3 EVP_PKEY.3 +MLINKS+= EVP_PKEY_CTX_set_hkdf_md.3 EVP_PKEY_CTX_add1_hkdf_info.3 +MLINKS+= EVP_PKEY_CTX_set_tls1_prf_md.3 EVP_PKEY_CTX_add1_tls1_prf_seed.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_ctrl_str.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_ctrl_uint64.3 +MLINKS+= EVP_PKEY_CTX_new.3 EVP_PKEY_CTX_dup.3 +MLINKS+= EVP_PKEY_CTX_new.3 EVP_PKEY_CTX_free.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get0_dh_kdf_oid.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get0_dh_kdf_ukm.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get0_ecdh_kdf_ukm.3 +MLINKS+= EVP_PKEY_CTX_get0_pkey.3 EVP_PKEY_CTX_get0_peerkey.3 +MLINKS+= EVP_PKEY_CTX_get0_libctx.3 EVP_PKEY_CTX_get0_propq.3 +MLINKS+= EVP_PKEY_CTX_get0_libctx.3 EVP_PKEY_CTX_get0_provider.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get0_rsa_oaep_label.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get1_id.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get1_id_len.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_CTX_get_app_data.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_CTX_get_cb.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_dh_kdf_md.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_dh_kdf_outlen.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_dh_kdf_type.3 @@ -1537,91 +2007,180 @@ MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_ecdh_cofactor_mode.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_ecdh_kdf_md.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_ecdh_kdf_outlen.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_ecdh_kdf_type.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_group_name.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_CTX_get_keygen_info.3 +MLINKS+= EVP_PKEY_CTX_set_params.3 EVP_PKEY_CTX_get_params.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_rsa_mgf1_md.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_rsa_mgf1_md_name.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_rsa_oaep_md.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_rsa_oaep_md_name.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_rsa_padding.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_rsa_pss_saltlen.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_signature_md.3 +MLINKS+= EVP_PKEY_CTX_set_params.3 EVP_PKEY_CTX_gettable_params.3 +MLINKS+= EVP_PKEY_CTX_new.3 EVP_PKEY_CTX_is_a.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_md.3 +MLINKS+= EVP_PKEY_CTX_new.3 EVP_PKEY_CTX_new_from_name.3 +MLINKS+= EVP_PKEY_CTX_new.3 EVP_PKEY_CTX_new_from_pkey.3 +MLINKS+= EVP_PKEY_CTX_new.3 EVP_PKEY_CTX_new_id.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set0_dh_kdf_oid.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set0_dh_kdf_ukm.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set0_ecdh_kdf_ukm.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set0_rsa_oaep_label.3 +MLINKS+= EVP_PKEY_CTX_set_hkdf_md.3 EVP_PKEY_CTX_set1_hkdf_key.3 +MLINKS+= EVP_PKEY_CTX_set_hkdf_md.3 EVP_PKEY_CTX_set1_hkdf_salt.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set1_id.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set1_rsa_keygen_pubexp.3 +MLINKS+= EVP_PKEY_CTX_set_scrypt_N.3 EVP_PKEY_CTX_set1_scrypt_salt.3 +MLINKS+= EVP_PKEY_CTX_set_tls1_prf_md.3 EVP_PKEY_CTX_set1_tls1_prf_secret.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_CTX_set_app_data.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_CTX_set_cb.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_kdf_md.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_kdf_outlen.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_kdf_type.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_nid.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_pad.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_paramgen_generator.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_paramgen_gindex.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_paramgen_prime_len.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_paramgen_seed.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_paramgen_subprime_len.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_paramgen_type.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_rfc5114.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dhx_rfc5114.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dsa_paramgen_bits.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dsa_paramgen_gindex.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dsa_paramgen_md.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dsa_paramgen_md_props.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dsa_paramgen_q_bits.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dsa_paramgen_seed.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dsa_paramgen_type.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ec_param_enc.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ec_paramgen_curve_nid.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ecdh_cofactor_mode.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ecdh_kdf_md.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ecdh_kdf_outlen.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ecdh_kdf_type.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_group_name.3 +MLINKS+= EVP_PKEY_CTX_set_hkdf_md.3 EVP_PKEY_CTX_set_hkdf_mode.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_kem_op.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_mac_key.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_keygen_bits.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_keygen_primes.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_keygen_pubexp.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_mgf1_md.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_mgf1_md_name.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_oaep_md.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_oaep_md_name.3 MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_padding.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_pss_saltlen.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_signature_md.3 -MLINKS+= EVP_PKEY_CTX_new.3 EVP_PKEY_CTX_dup.3 -MLINKS+= EVP_PKEY_CTX_new.3 EVP_PKEY_CTX_free.3 -MLINKS+= EVP_PKEY_CTX_new.3 EVP_PKEY_CTX_new_id.3 -MLINKS+= EVP_PKEY_CTX_set_hkdf_md.3 EVP_PKEY_CTX_add1_hkdf_info.3 -MLINKS+= EVP_PKEY_CTX_set_hkdf_md.3 EVP_PKEY_CTX_hkdf_mode.3 -MLINKS+= EVP_PKEY_CTX_set_hkdf_md.3 EVP_PKEY_CTX_set1_hkdf_key.3 -MLINKS+= EVP_PKEY_CTX_set_hkdf_md.3 EVP_PKEY_CTX_set1_hkdf_salt.3 +MLINKS+= EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 EVP_PKEY_CTX_set_rsa_pss_keygen_md_name.3 MLINKS+= EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md.3 +MLINKS+= EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name.3 MLINKS+= EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen.3 -MLINKS+= EVP_PKEY_CTX_set_scrypt_N.3 EVP_PKEY_CTX_set1_scrypt_salt.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_pss_saltlen.3 MLINKS+= EVP_PKEY_CTX_set_scrypt_N.3 EVP_PKEY_CTX_set_scrypt_maxmem_bytes.3 MLINKS+= EVP_PKEY_CTX_set_scrypt_N.3 EVP_PKEY_CTX_set_scrypt_p.3 MLINKS+= EVP_PKEY_CTX_set_scrypt_N.3 EVP_PKEY_CTX_set_scrypt_r.3 -MLINKS+= EVP_PKEY_CTX_set_tls1_prf_md.3 EVP_PKEY_CTX_add1_tls1_prf_seed.3 -MLINKS+= EVP_PKEY_CTX_set_tls1_prf_md.3 EVP_PKEY_CTX_set1_tls1_prf_secret.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_signature_md.3 +MLINKS+= EVP_PKEY_CTX_set_params.3 EVP_PKEY_CTX_settable_params.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_METHOD.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_Q_keygen.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_add0.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_add_alias.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_copy.3 MLINKS+= EVP_PKEY_asn1_get_count.3 EVP_PKEY_asn1_find.3 MLINKS+= EVP_PKEY_asn1_get_count.3 EVP_PKEY_asn1_find_str.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_free.3 MLINKS+= EVP_PKEY_asn1_get_count.3 EVP_PKEY_asn1_get0.3 MLINKS+= EVP_PKEY_asn1_get_count.3 EVP_PKEY_asn1_get0_info.3 -MLINKS+= EVP_PKEY_cmp.3 EVP_PKEY_cmp_parameters.3 -MLINKS+= EVP_PKEY_cmp.3 EVP_PKEY_copy_parameters.3 -MLINKS+= EVP_PKEY_cmp.3 EVP_PKEY_missing_parameters.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_new.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_check.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_ctrl.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_free.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_get_priv_key.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_get_pub_key.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_item.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_param.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_param_check.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_private.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_public.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_public_check.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_security_bits.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_set_priv_key.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_set_pub_key.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_siginf.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_DH.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_DSA.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_EC_KEY.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_POLY1305.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_RSA.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_SIPHASH.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_base_id.3 +MLINKS+= EVP_PKEY_get_size.3 EVP_PKEY_bits.3 +MLINKS+= EVP_PKEY_is_a.3 EVP_PKEY_can_sign.3 +MLINKS+= EVP_PKEY_copy_parameters.3 EVP_PKEY_cmp.3 +MLINKS+= EVP_PKEY_copy_parameters.3 EVP_PKEY_cmp_parameters.3 +MLINKS+= EVP_PKEY_decapsulate.3 EVP_PKEY_decapsulate_init.3 MLINKS+= EVP_PKEY_decrypt.3 EVP_PKEY_decrypt_init.3 +MLINKS+= EVP_PKEY_decrypt.3 EVP_PKEY_decrypt_init_ex.3 MLINKS+= EVP_PKEY_derive.3 EVP_PKEY_derive_init.3 +MLINKS+= EVP_PKEY_derive.3 EVP_PKEY_derive_init_ex.3 MLINKS+= EVP_PKEY_derive.3 EVP_PKEY_derive_set_peer.3 +MLINKS+= EVP_PKEY_derive.3 EVP_PKEY_derive_set_peer_ex.3 +MLINKS+= EVP_PKEY_new.3 EVP_PKEY_dup.3 +MLINKS+= EVP_PKEY_encapsulate.3 EVP_PKEY_encapsulate_init.3 MLINKS+= EVP_PKEY_encrypt.3 EVP_PKEY_encrypt_init.3 -MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_CTX_get_app_data.3 -MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_CTX_get_cb.3 -MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_CTX_get_keygen_info.3 -MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_CTX_set_app_data.3 -MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_CTX_set_cb.3 -MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_check.3 +MLINKS+= EVP_PKEY_encrypt.3 EVP_PKEY_encrypt_init_ex.3 +MLINKS+= EVP_PKEY_copy_parameters.3 EVP_PKEY_eq.3 +MLINKS+= EVP_PKEY_todata.3 EVP_PKEY_export.3 +MLINKS+= EVP_PKEY_new.3 EVP_PKEY_free.3 +MLINKS+= EVP_PKEY_fromdata.3 EVP_PKEY_fromdata_init.3 +MLINKS+= EVP_PKEY_fromdata.3 EVP_PKEY_fromdata_settable.3 MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_gen_cb.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_generate.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_DH.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_DSA.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_EC_KEY.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_RSA.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_get0_asn1.3 +MLINKS+= EVP_PKEY_is_a.3 EVP_PKEY_get0_description.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_engine.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_hmac.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_poly1305.3 +MLINKS+= EVP_PKEY_is_a.3 EVP_PKEY_get0_provider.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_siphash.3 +MLINKS+= EVP_PKEY_is_a.3 EVP_PKEY_get0_type_name.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_DH.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_DSA.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_EC_KEY.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_RSA.3 +MLINKS+= EVP_PKEY_set1_encoded_public_key.3 EVP_PKEY_get1_encoded_public_key.3 +MLINKS+= EVP_PKEY_set1_encoded_public_key.3 EVP_PKEY_get1_tls_encodedpoint.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get_base_id.3 +MLINKS+= EVP_PKEY_get_size.3 EVP_PKEY_get_bits.3 +MLINKS+= EVP_PKEY_gettable_params.3 EVP_PKEY_get_bn_param.3 +MLINKS+= EVP_PKEY_get_default_digest_nid.3 EVP_PKEY_get_default_digest_name.3 +MLINKS+= EVP_PKEY_get_field_type.3 EVP_PKEY_get_ec_point_conv_form.3 +MLINKS+= BIO_get_ex_new_index.3 EVP_PKEY_get_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 EVP_PKEY_get_ex_new_index.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get_id.3 +MLINKS+= EVP_PKEY_gettable_params.3 EVP_PKEY_get_int_param.3 +MLINKS+= EVP_PKEY_gettable_params.3 EVP_PKEY_get_octet_string_param.3 +MLINKS+= EVP_PKEY_gettable_params.3 EVP_PKEY_get_params.3 +MLINKS+= EVP_PKEY_new.3 EVP_PKEY_get_raw_private_key.3 +MLINKS+= EVP_PKEY_new.3 EVP_PKEY_get_raw_public_key.3 +MLINKS+= EVP_PKEY_get_size.3 EVP_PKEY_get_security_bits.3 +MLINKS+= EVP_PKEY_gettable_params.3 EVP_PKEY_get_size_t_param.3 +MLINKS+= EVP_PKEY_gettable_params.3 EVP_PKEY_get_utf8_string_param.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_id.3 MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_keygen_init.3 -MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_param_check.3 -MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_paramgen.3 -MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_paramgen_init.3 -MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_public_check.3 -MLINKS+= EVP_PKEY_meth_get_count.3 EVP_PKEY_meth_get0.3 -MLINKS+= EVP_PKEY_meth_get_count.3 EVP_PKEY_meth_get0_info.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_METHOD.3 MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_add0.3 MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_copy.3 MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_find.3 MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_free.3 +MLINKS+= EVP_PKEY_meth_get_count.3 EVP_PKEY_meth_get0.3 +MLINKS+= EVP_PKEY_meth_get_count.3 EVP_PKEY_meth_get0_info.3 MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_check.3 MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_cleanup.3 MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_copy.3 @@ -1663,191 +2222,252 @@ MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_signctx.3 MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_verify.3 MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_verify_recover.3 MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_verifyctx.3 -MLINKS+= EVP_PKEY_new.3 EVP_PKEY_free.3 -MLINKS+= EVP_PKEY_new.3 EVP_PKEY_get_raw_private_key.3 -MLINKS+= EVP_PKEY_new.3 EVP_PKEY_get_raw_public_key.3 +MLINKS+= EVP_PKEY_copy_parameters.3 EVP_PKEY_missing_parameters.3 MLINKS+= EVP_PKEY_new.3 EVP_PKEY_new_CMAC_key.3 MLINKS+= EVP_PKEY_new.3 EVP_PKEY_new_mac_key.3 MLINKS+= EVP_PKEY_new.3 EVP_PKEY_new_raw_private_key.3 +MLINKS+= EVP_PKEY_new.3 EVP_PKEY_new_raw_private_key_ex.3 MLINKS+= EVP_PKEY_new.3 EVP_PKEY_new_raw_public_key.3 -MLINKS+= EVP_PKEY_new.3 EVP_PKEY_up_ref.3 +MLINKS+= EVP_PKEY_new.3 EVP_PKEY_new_raw_public_key_ex.3 +MLINKS+= EVP_PKEY_check.3 EVP_PKEY_pairwise_check.3 +MLINKS+= EVP_PKEY_check.3 EVP_PKEY_param_check.3 +MLINKS+= EVP_PKEY_check.3 EVP_PKEY_param_check_quick.3 +MLINKS+= EVP_PKEY_copy_parameters.3 EVP_PKEY_parameters_eq.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_paramgen.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_paramgen_init.3 MLINKS+= EVP_PKEY_print_private.3 EVP_PKEY_print_params.3 +MLINKS+= EVP_PKEY_print_private.3 EVP_PKEY_print_params_fp.3 +MLINKS+= EVP_PKEY_print_private.3 EVP_PKEY_print_private_fp.3 MLINKS+= EVP_PKEY_print_private.3 EVP_PKEY_print_public.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_DH.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_DSA.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_EC_KEY.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_POLY1305.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_RSA.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_SIPHASH.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_base_id.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_DH.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_DSA.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_EC_KEY.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_RSA.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_engine.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_hmac.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_poly1305.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_siphash.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_DH.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_DSA.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_EC_KEY.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_RSA.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_id.3 +MLINKS+= EVP_PKEY_print_private.3 EVP_PKEY_print_public_fp.3 +MLINKS+= EVP_PKEY_check.3 EVP_PKEY_private_check.3 +MLINKS+= EVP_PKEY_check.3 EVP_PKEY_public_check.3 +MLINKS+= EVP_PKEY_check.3 EVP_PKEY_public_check_quick.3 +MLINKS+= EVP_PKEY_get_size.3 EVP_PKEY_security_bits.3 MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_set1_DH.3 MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_set1_DSA.3 MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_set1_EC_KEY.3 MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_set1_engine.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_set_alias_type.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_type.3 +MLINKS+= EVP_PKEY_set1_encoded_public_key.3 EVP_PKEY_set1_tls_encodedpoint.3 +MLINKS+= EVP_PKEY_settable_params.3 EVP_PKEY_set_bn_param.3 +MLINKS+= BIO_get_ex_new_index.3 EVP_PKEY_set_ex_data.3 +MLINKS+= EVP_PKEY_settable_params.3 EVP_PKEY_set_int_param.3 +MLINKS+= EVP_PKEY_settable_params.3 EVP_PKEY_set_octet_string_param.3 +MLINKS+= EVP_PKEY_settable_params.3 EVP_PKEY_set_params.3 +MLINKS+= EVP_PKEY_settable_params.3 EVP_PKEY_set_size_t_param.3 +MLINKS+= EVP_PKEY_set_type.3 EVP_PKEY_set_type_by_keymgmt.3 +MLINKS+= EVP_PKEY_set_type.3 EVP_PKEY_set_type_str.3 +MLINKS+= EVP_PKEY_settable_params.3 EVP_PKEY_set_utf8_string_param.3 MLINKS+= EVP_PKEY_sign.3 EVP_PKEY_sign_init.3 -MLINKS+= EVP_PKEY_size.3 EVP_PKEY_bits.3 -MLINKS+= EVP_PKEY_size.3 EVP_PKEY_security_bits.3 +MLINKS+= EVP_PKEY_sign.3 EVP_PKEY_sign_init_ex.3 +MLINKS+= EVP_PKEY_get_size.3 EVP_PKEY_size.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_type.3 +MLINKS+= EVP_PKEY_is_a.3 EVP_PKEY_type_names_do_all.3 +MLINKS+= EVP_PKEY_new.3 EVP_PKEY_up_ref.3 MLINKS+= EVP_PKEY_verify.3 EVP_PKEY_verify_init.3 +MLINKS+= EVP_PKEY_verify.3 EVP_PKEY_verify_init_ex.3 MLINKS+= EVP_PKEY_verify_recover.3 EVP_PKEY_verify_recover_init.3 +MLINKS+= EVP_PKEY_verify_recover.3 EVP_PKEY_verify_recover_init_ex.3 +MLINKS+= EVP_DigestInit.3 EVP_Q_digest.3 +MLINKS+= EVP_MAC.3 EVP_Q_mac.3 +MLINKS+= EVP_RAND.3 EVP_RAND_CTX.3 +MLINKS+= EVP_RAND.3 EVP_RAND_CTX_free.3 +MLINKS+= EVP_RAND.3 EVP_RAND_CTX_get0_rand.3 +MLINKS+= EVP_RAND.3 EVP_RAND_CTX_get_params.3 +MLINKS+= EVP_RAND.3 EVP_RAND_CTX_gettable_params.3 +MLINKS+= EVP_RAND.3 EVP_RAND_CTX_new.3 +MLINKS+= EVP_RAND.3 EVP_RAND_CTX_set_params.3 +MLINKS+= EVP_RAND.3 EVP_RAND_CTX_settable_params.3 +MLINKS+= EVP_RAND.3 EVP_RAND_STATE_ERROR.3 +MLINKS+= EVP_RAND.3 EVP_RAND_STATE_READY.3 +MLINKS+= EVP_RAND.3 EVP_RAND_STATE_UNINITIALISED.3 +MLINKS+= EVP_RAND.3 EVP_RAND_do_all_provided.3 +MLINKS+= EVP_RAND.3 EVP_RAND_enable_locking.3 +MLINKS+= EVP_RAND.3 EVP_RAND_fetch.3 +MLINKS+= EVP_RAND.3 EVP_RAND_free.3 +MLINKS+= EVP_RAND.3 EVP_RAND_generate.3 +MLINKS+= EVP_RAND.3 EVP_RAND_get0_description.3 +MLINKS+= EVP_RAND.3 EVP_RAND_get0_name.3 +MLINKS+= EVP_RAND.3 EVP_RAND_get0_provider.3 +MLINKS+= EVP_RAND.3 EVP_RAND_get_params.3 +MLINKS+= EVP_RAND.3 EVP_RAND_get_state.3 +MLINKS+= EVP_RAND.3 EVP_RAND_get_strength.3 +MLINKS+= EVP_RAND.3 EVP_RAND_gettable_ctx_params.3 +MLINKS+= EVP_RAND.3 EVP_RAND_gettable_params.3 +MLINKS+= EVP_RAND.3 EVP_RAND_instantiate.3 +MLINKS+= EVP_RAND.3 EVP_RAND_is_a.3 +MLINKS+= EVP_RAND.3 EVP_RAND_names_do_all.3 +MLINKS+= EVP_RAND.3 EVP_RAND_nonce.3 +MLINKS+= EVP_RAND.3 EVP_RAND_reseed.3 +MLINKS+= EVP_RAND.3 EVP_RAND_settable_ctx_params.3 +MLINKS+= EVP_RAND.3 EVP_RAND_uninstantiate.3 +MLINKS+= EVP_RAND.3 EVP_RAND_up_ref.3 +MLINKS+= EVP_RAND.3 EVP_RAND_verify_zeroization.3 +MLINKS+= RSA_generate_key.3 EVP_RSA_gen.3 +MLINKS+= EVP_SIGNATURE.3 EVP_SIGNATURE_do_all_provided.3 +MLINKS+= EVP_SIGNATURE.3 EVP_SIGNATURE_fetch.3 +MLINKS+= EVP_SIGNATURE.3 EVP_SIGNATURE_free.3 +MLINKS+= EVP_SIGNATURE.3 EVP_SIGNATURE_get0_description.3 +MLINKS+= EVP_SIGNATURE.3 EVP_SIGNATURE_get0_name.3 +MLINKS+= EVP_SIGNATURE.3 EVP_SIGNATURE_get0_provider.3 +MLINKS+= EVP_SIGNATURE.3 EVP_SIGNATURE_gettable_ctx_params.3 +MLINKS+= EVP_SIGNATURE.3 EVP_SIGNATURE_is_a.3 +MLINKS+= EVP_SIGNATURE.3 EVP_SIGNATURE_names_do_all.3 +MLINKS+= EVP_SIGNATURE.3 EVP_SIGNATURE_settable_ctx_params.3 +MLINKS+= EVP_SIGNATURE.3 EVP_SIGNATURE_up_ref.3 MLINKS+= EVP_SealInit.3 EVP_SealFinal.3 MLINKS+= EVP_SealInit.3 EVP_SealUpdate.3 MLINKS+= EVP_SignInit.3 EVP_SignFinal.3 +MLINKS+= EVP_SignInit.3 EVP_SignFinal_ex.3 MLINKS+= EVP_SignInit.3 EVP_SignInit_ex.3 MLINKS+= EVP_SignInit.3 EVP_SignUpdate.3 MLINKS+= EVP_VerifyInit.3 EVP_VerifyFinal.3 +MLINKS+= EVP_VerifyInit.3 EVP_VerifyFinal_ex.3 MLINKS+= EVP_VerifyInit.3 EVP_VerifyInit_ex.3 MLINKS+= EVP_VerifyInit.3 EVP_VerifyUpdate.3 -MLINKS+= EVP_aes.3 EVP_aes_128_cbc.3 -MLINKS+= EVP_aes.3 EVP_aes_128_cbc_hmac_sha1.3 -MLINKS+= EVP_aes.3 EVP_aes_128_cbc_hmac_sha256.3 -MLINKS+= EVP_aes.3 EVP_aes_128_ccm.3 -MLINKS+= EVP_aes.3 EVP_aes_128_cfb.3 -MLINKS+= EVP_aes.3 EVP_aes_128_cfb1.3 -MLINKS+= EVP_aes.3 EVP_aes_128_cfb128.3 -MLINKS+= EVP_aes.3 EVP_aes_128_cfb8.3 -MLINKS+= EVP_aes.3 EVP_aes_128_ctr.3 -MLINKS+= EVP_aes.3 EVP_aes_128_ecb.3 -MLINKS+= EVP_aes.3 EVP_aes_128_gcm.3 -MLINKS+= EVP_aes.3 EVP_aes_128_ocb.3 -MLINKS+= EVP_aes.3 EVP_aes_128_ofb.3 -MLINKS+= EVP_aes.3 EVP_aes_128_wrap.3 -MLINKS+= EVP_aes.3 EVP_aes_128_wrap_pad.3 -MLINKS+= EVP_aes.3 EVP_aes_128_xts.3 -MLINKS+= EVP_aes.3 EVP_aes_192_cbc.3 -MLINKS+= EVP_aes.3 EVP_aes_192_ccm.3 -MLINKS+= EVP_aes.3 EVP_aes_192_cfb.3 -MLINKS+= EVP_aes.3 EVP_aes_192_cfb1.3 -MLINKS+= EVP_aes.3 EVP_aes_192_cfb128.3 -MLINKS+= EVP_aes.3 EVP_aes_192_cfb8.3 -MLINKS+= EVP_aes.3 EVP_aes_192_ctr.3 -MLINKS+= EVP_aes.3 EVP_aes_192_ecb.3 -MLINKS+= EVP_aes.3 EVP_aes_192_gcm.3 -MLINKS+= EVP_aes.3 EVP_aes_192_ocb.3 -MLINKS+= EVP_aes.3 EVP_aes_192_ofb.3 -MLINKS+= EVP_aes.3 EVP_aes_192_wrap.3 -MLINKS+= EVP_aes.3 EVP_aes_192_wrap_pad.3 -MLINKS+= EVP_aes.3 EVP_aes_256_cbc.3 -MLINKS+= EVP_aes.3 EVP_aes_256_cbc_hmac_sha1.3 -MLINKS+= EVP_aes.3 EVP_aes_256_cbc_hmac_sha256.3 -MLINKS+= EVP_aes.3 EVP_aes_256_ccm.3 -MLINKS+= EVP_aes.3 EVP_aes_256_cfb.3 -MLINKS+= EVP_aes.3 EVP_aes_256_cfb1.3 -MLINKS+= EVP_aes.3 EVP_aes_256_cfb128.3 -MLINKS+= EVP_aes.3 EVP_aes_256_cfb8.3 -MLINKS+= EVP_aes.3 EVP_aes_256_ctr.3 -MLINKS+= EVP_aes.3 EVP_aes_256_ecb.3 -MLINKS+= EVP_aes.3 EVP_aes_256_gcm.3 -MLINKS+= EVP_aes.3 EVP_aes_256_ocb.3 -MLINKS+= EVP_aes.3 EVP_aes_256_ofb.3 -MLINKS+= EVP_aes.3 EVP_aes_256_wrap.3 -MLINKS+= EVP_aes.3 EVP_aes_256_wrap_pad.3 -MLINKS+= EVP_aes.3 EVP_aes_256_xts.3 -MLINKS+= EVP_aria.3 EVP_aria_128_cbc.3 -MLINKS+= EVP_aria.3 EVP_aria_128_ccm.3 -MLINKS+= EVP_aria.3 EVP_aria_128_cfb.3 -MLINKS+= EVP_aria.3 EVP_aria_128_cfb1.3 -MLINKS+= EVP_aria.3 EVP_aria_128_cfb128.3 -MLINKS+= EVP_aria.3 EVP_aria_128_cfb8.3 -MLINKS+= EVP_aria.3 EVP_aria_128_ctr.3 -MLINKS+= EVP_aria.3 EVP_aria_128_ecb.3 -MLINKS+= EVP_aria.3 EVP_aria_128_gcm.3 -MLINKS+= EVP_aria.3 EVP_aria_128_ofb.3 -MLINKS+= EVP_aria.3 EVP_aria_192_cbc.3 -MLINKS+= EVP_aria.3 EVP_aria_192_ccm.3 -MLINKS+= EVP_aria.3 EVP_aria_192_cfb.3 -MLINKS+= EVP_aria.3 EVP_aria_192_cfb1.3 -MLINKS+= EVP_aria.3 EVP_aria_192_cfb128.3 -MLINKS+= EVP_aria.3 EVP_aria_192_cfb8.3 -MLINKS+= EVP_aria.3 EVP_aria_192_ctr.3 -MLINKS+= EVP_aria.3 EVP_aria_192_ecb.3 -MLINKS+= EVP_aria.3 EVP_aria_192_gcm.3 -MLINKS+= EVP_aria.3 EVP_aria_192_ofb.3 -MLINKS+= EVP_aria.3 EVP_aria_256_cbc.3 -MLINKS+= EVP_aria.3 EVP_aria_256_ccm.3 -MLINKS+= EVP_aria.3 EVP_aria_256_cfb.3 -MLINKS+= EVP_aria.3 EVP_aria_256_cfb1.3 -MLINKS+= EVP_aria.3 EVP_aria_256_cfb128.3 -MLINKS+= EVP_aria.3 EVP_aria_256_cfb8.3 -MLINKS+= EVP_aria.3 EVP_aria_256_ctr.3 -MLINKS+= EVP_aria.3 EVP_aria_256_ecb.3 -MLINKS+= EVP_aria.3 EVP_aria_256_gcm.3 -MLINKS+= EVP_aria.3 EVP_aria_256_ofb.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_128_cbc.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_128_cbc_hmac_sha1.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_128_cbc_hmac_sha256.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_128_ccm.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_128_cfb.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_128_cfb1.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_128_cfb128.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_128_cfb8.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_128_ctr.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_128_ecb.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_128_ocb.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_128_ofb.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_128_wrap.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_128_wrap_pad.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_128_xts.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_192_cbc.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_192_ccm.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_192_cfb.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_192_cfb1.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_192_cfb128.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_192_cfb8.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_192_ctr.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_192_ecb.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_192_gcm.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_192_ocb.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_192_ofb.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_192_wrap.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_192_wrap_pad.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_256_cbc.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_256_cbc_hmac_sha1.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_256_cbc_hmac_sha256.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_256_ccm.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_256_cfb.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_256_cfb1.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_256_cfb128.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_256_cfb8.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_256_ctr.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_256_ecb.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_256_gcm.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_256_ocb.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_256_ofb.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_256_wrap.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_256_wrap_pad.3 +MLINKS+= EVP_aes_128_gcm.3 EVP_aes_256_xts.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_128_cbc.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_128_ccm.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_128_cfb.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_128_cfb1.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_128_cfb128.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_128_cfb8.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_128_ctr.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_128_ecb.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_128_ofb.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_192_cbc.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_192_ccm.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_192_cfb.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_192_cfb1.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_192_cfb128.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_192_cfb8.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_192_ctr.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_192_ecb.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_192_gcm.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_192_ofb.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_256_cbc.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_256_ccm.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_256_cfb.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_256_cfb1.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_256_cfb128.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_256_cfb8.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_256_ctr.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_256_ecb.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_256_gcm.3 +MLINKS+= EVP_aria_128_gcm.3 EVP_aria_256_ofb.3 MLINKS+= EVP_bf_cbc.3 EVP_bf_cfb.3 MLINKS+= EVP_bf_cbc.3 EVP_bf_cfb64.3 MLINKS+= EVP_bf_cbc.3 EVP_bf_ecb.3 MLINKS+= EVP_bf_cbc.3 EVP_bf_ofb.3 MLINKS+= EVP_blake2b512.3 EVP_blake2s256.3 -MLINKS+= EVP_camellia.3 EVP_camellia_128_cbc.3 -MLINKS+= EVP_camellia.3 EVP_camellia_128_cfb.3 -MLINKS+= EVP_camellia.3 EVP_camellia_128_cfb1.3 -MLINKS+= EVP_camellia.3 EVP_camellia_128_cfb128.3 -MLINKS+= EVP_camellia.3 EVP_camellia_128_cfb8.3 -MLINKS+= EVP_camellia.3 EVP_camellia_128_ctr.3 -MLINKS+= EVP_camellia.3 EVP_camellia_128_ecb.3 -MLINKS+= EVP_camellia.3 EVP_camellia_128_ofb.3 -MLINKS+= EVP_camellia.3 EVP_camellia_192_cbc.3 -MLINKS+= EVP_camellia.3 EVP_camellia_192_cfb.3 -MLINKS+= EVP_camellia.3 EVP_camellia_192_cfb1.3 -MLINKS+= EVP_camellia.3 EVP_camellia_192_cfb128.3 -MLINKS+= EVP_camellia.3 EVP_camellia_192_cfb8.3 -MLINKS+= EVP_camellia.3 EVP_camellia_192_ctr.3 -MLINKS+= EVP_camellia.3 EVP_camellia_192_ecb.3 -MLINKS+= EVP_camellia.3 EVP_camellia_192_ofb.3 -MLINKS+= EVP_camellia.3 EVP_camellia_256_cbc.3 -MLINKS+= EVP_camellia.3 EVP_camellia_256_cfb.3 -MLINKS+= EVP_camellia.3 EVP_camellia_256_cfb1.3 -MLINKS+= EVP_camellia.3 EVP_camellia_256_cfb128.3 -MLINKS+= EVP_camellia.3 EVP_camellia_256_cfb8.3 -MLINKS+= EVP_camellia.3 EVP_camellia_256_ctr.3 -MLINKS+= EVP_camellia.3 EVP_camellia_256_ecb.3 -MLINKS+= EVP_camellia.3 EVP_camellia_256_ofb.3 +MLINKS+= EVP_camellia_128_ecb.3 EVP_camellia_128_cbc.3 +MLINKS+= EVP_camellia_128_ecb.3 EVP_camellia_128_cfb.3 +MLINKS+= EVP_camellia_128_ecb.3 EVP_camellia_128_cfb1.3 +MLINKS+= EVP_camellia_128_ecb.3 EVP_camellia_128_cfb128.3 +MLINKS+= EVP_camellia_128_ecb.3 EVP_camellia_128_cfb8.3 +MLINKS+= EVP_camellia_128_ecb.3 EVP_camellia_128_ctr.3 +MLINKS+= EVP_camellia_128_ecb.3 EVP_camellia_128_ofb.3 +MLINKS+= EVP_camellia_128_ecb.3 EVP_camellia_192_cbc.3 +MLINKS+= EVP_camellia_128_ecb.3 EVP_camellia_192_cfb.3 +MLINKS+= EVP_camellia_128_ecb.3 EVP_camellia_192_cfb1.3 +MLINKS+= EVP_camellia_128_ecb.3 EVP_camellia_192_cfb128.3 +MLINKS+= EVP_camellia_128_ecb.3 EVP_camellia_192_cfb8.3 +MLINKS+= EVP_camellia_128_ecb.3 EVP_camellia_192_ctr.3 +MLINKS+= EVP_camellia_128_ecb.3 EVP_camellia_192_ecb.3 +MLINKS+= EVP_camellia_128_ecb.3 EVP_camellia_192_ofb.3 +MLINKS+= EVP_camellia_128_ecb.3 EVP_camellia_256_cbc.3 +MLINKS+= EVP_camellia_128_ecb.3 EVP_camellia_256_cfb.3 +MLINKS+= EVP_camellia_128_ecb.3 EVP_camellia_256_cfb1.3 +MLINKS+= EVP_camellia_128_ecb.3 EVP_camellia_256_cfb128.3 +MLINKS+= EVP_camellia_128_ecb.3 EVP_camellia_256_cfb8.3 +MLINKS+= EVP_camellia_128_ecb.3 EVP_camellia_256_ctr.3 +MLINKS+= EVP_camellia_128_ecb.3 EVP_camellia_256_ecb.3 +MLINKS+= EVP_camellia_128_ecb.3 EVP_camellia_256_ofb.3 MLINKS+= EVP_cast5_cbc.3 EVP_cast5_cfb.3 MLINKS+= EVP_cast5_cbc.3 EVP_cast5_cfb64.3 MLINKS+= EVP_cast5_cbc.3 EVP_cast5_ecb.3 MLINKS+= EVP_cast5_cbc.3 EVP_cast5_ofb.3 MLINKS+= EVP_chacha20.3 EVP_chacha20_poly1305.3 -MLINKS+= EVP_des.3 EVP_des_cbc.3 -MLINKS+= EVP_des.3 EVP_des_cfb.3 -MLINKS+= EVP_des.3 EVP_des_cfb1.3 -MLINKS+= EVP_des.3 EVP_des_cfb64.3 -MLINKS+= EVP_des.3 EVP_des_cfb8.3 -MLINKS+= EVP_des.3 EVP_des_ecb.3 -MLINKS+= EVP_des.3 EVP_des_ede.3 -MLINKS+= EVP_des.3 EVP_des_ede3.3 -MLINKS+= EVP_des.3 EVP_des_ede3_cbc.3 -MLINKS+= EVP_des.3 EVP_des_ede3_cfb.3 -MLINKS+= EVP_des.3 EVP_des_ede3_cfb1.3 -MLINKS+= EVP_des.3 EVP_des_ede3_cfb64.3 -MLINKS+= EVP_des.3 EVP_des_ede3_cfb8.3 -MLINKS+= EVP_des.3 EVP_des_ede3_ecb.3 -MLINKS+= EVP_des.3 EVP_des_ede3_ofb.3 -MLINKS+= EVP_des.3 EVP_des_ede3_wrap.3 -MLINKS+= EVP_des.3 EVP_des_ede_cbc.3 -MLINKS+= EVP_des.3 EVP_des_ede_cfb.3 -MLINKS+= EVP_des.3 EVP_des_ede_cfb64.3 -MLINKS+= EVP_des.3 EVP_des_ede_ecb.3 -MLINKS+= EVP_des.3 EVP_des_ede_ofb.3 -MLINKS+= EVP_des.3 EVP_des_ofb.3 +MLINKS+= OpenSSL_add_all_algorithms.3 EVP_cleanup.3 +MLINKS+= EVP_set_default_properties.3 EVP_default_properties_enable_fips.3 +MLINKS+= EVP_set_default_properties.3 EVP_default_properties_is_fips_enabled.3 +MLINKS+= EVP_des_cbc.3 EVP_des_cfb.3 +MLINKS+= EVP_des_cbc.3 EVP_des_cfb1.3 +MLINKS+= EVP_des_cbc.3 EVP_des_cfb64.3 +MLINKS+= EVP_des_cbc.3 EVP_des_cfb8.3 +MLINKS+= EVP_des_cbc.3 EVP_des_ecb.3 +MLINKS+= EVP_des_cbc.3 EVP_des_ede.3 +MLINKS+= EVP_des_cbc.3 EVP_des_ede3.3 +MLINKS+= EVP_des_cbc.3 EVP_des_ede3_cbc.3 +MLINKS+= EVP_des_cbc.3 EVP_des_ede3_cfb.3 +MLINKS+= EVP_des_cbc.3 EVP_des_ede3_cfb1.3 +MLINKS+= EVP_des_cbc.3 EVP_des_ede3_cfb64.3 +MLINKS+= EVP_des_cbc.3 EVP_des_ede3_cfb8.3 +MLINKS+= EVP_des_cbc.3 EVP_des_ede3_ecb.3 +MLINKS+= EVP_des_cbc.3 EVP_des_ede3_ofb.3 +MLINKS+= EVP_des_cbc.3 EVP_des_ede3_wrap.3 +MLINKS+= EVP_des_cbc.3 EVP_des_ede_cbc.3 +MLINKS+= EVP_des_cbc.3 EVP_des_ede_cfb.3 +MLINKS+= EVP_des_cbc.3 EVP_des_ede_cfb64.3 +MLINKS+= EVP_des_cbc.3 EVP_des_ede_ecb.3 +MLINKS+= EVP_des_cbc.3 EVP_des_ede_ofb.3 +MLINKS+= EVP_des_cbc.3 EVP_des_ofb.3 +MLINKS+= EVP_EncryptInit.3 EVP_enc_null.3 +MLINKS+= EVP_EncryptInit.3 EVP_get_cipherbyname.3 +MLINKS+= EVP_EncryptInit.3 EVP_get_cipherbynid.3 +MLINKS+= EVP_EncryptInit.3 EVP_get_cipherbyobj.3 +MLINKS+= EVP_DigestInit.3 EVP_get_digestbyname.3 +MLINKS+= EVP_DigestInit.3 EVP_get_digestbynid.3 +MLINKS+= EVP_DigestInit.3 EVP_get_digestbyobj.3 MLINKS+= EVP_idea_cbc.3 EVP_idea_cfb.3 MLINKS+= EVP_idea_cbc.3 EVP_idea_cfb64.3 MLINKS+= EVP_idea_cbc.3 EVP_idea_ecb.3 MLINKS+= EVP_idea_cbc.3 EVP_idea_ofb.3 MLINKS+= EVP_md5.3 EVP_md5_sha1.3 +MLINKS+= EVP_DigestInit.3 EVP_md_null.3 MLINKS+= EVP_rc2_cbc.3 EVP_rc2_40_cbc.3 MLINKS+= EVP_rc2_cbc.3 EVP_rc2_64_cbc.3 MLINKS+= EVP_rc2_cbc.3 EVP_rc2_cfb.3 @@ -1866,12 +2486,12 @@ MLINKS+= EVP_seed_cbc.3 EVP_seed_ecb.3 MLINKS+= EVP_seed_cbc.3 EVP_seed_ofb.3 MLINKS+= EVP_sha224.3 EVP_sha256.3 MLINKS+= EVP_sha224.3 EVP_sha384.3 -MLINKS+= EVP_sha224.3 EVP_sha512.3 -MLINKS+= EVP_sha224.3 EVP_sha512_224.3 -MLINKS+= EVP_sha224.3 EVP_sha512_256.3 MLINKS+= EVP_sha3_224.3 EVP_sha3_256.3 MLINKS+= EVP_sha3_224.3 EVP_sha3_384.3 MLINKS+= EVP_sha3_224.3 EVP_sha3_512.3 +MLINKS+= EVP_sha224.3 EVP_sha512.3 +MLINKS+= EVP_sha224.3 EVP_sha512_224.3 +MLINKS+= EVP_sha224.3 EVP_sha512_256.3 MLINKS+= EVP_sha3_224.3 EVP_shake128.3 MLINKS+= EVP_sha3_224.3 EVP_shake256.3 MLINKS+= EVP_sm4_cbc.3 EVP_sm4_cfb.3 @@ -1879,6 +2499,17 @@ MLINKS+= EVP_sm4_cbc.3 EVP_sm4_cfb128.3 MLINKS+= EVP_sm4_cbc.3 EVP_sm4_ctr.3 MLINKS+= EVP_sm4_cbc.3 EVP_sm4_ecb.3 MLINKS+= EVP_sm4_cbc.3 EVP_sm4_ofb.3 +MLINKS+= X509_dup.3 EXTENDED_KEY_USAGE_free.3 +MLINKS+= X509_dup.3 EXTENDED_KEY_USAGE_new.3 +MLINKS+= OSSL_CORE_MAKE_FUNC.3 EXT_UTF8STRING.3 +MLINKS+= X509_dup.3 GENERAL_NAMES_free.3 +MLINKS+= X509_dup.3 GENERAL_NAMES_new.3 +MLINKS+= X509_dup.3 GENERAL_NAME_dup.3 +MLINKS+= X509_dup.3 GENERAL_NAME_free.3 +MLINKS+= X509_dup.3 GENERAL_NAME_new.3 +MLINKS+= X509_dup.3 GENERAL_SUBTREE_free.3 +MLINKS+= X509_dup.3 GENERAL_SUBTREE_new.3 +MLINKS+= SSL_CTX_set_generate_session_id.3 GEN_SESSION_CB.3 MLINKS+= HMAC.3 HMAC_CTX_copy.3 MLINKS+= HMAC.3 HMAC_CTX_free.3 MLINKS+= HMAC.3 HMAC_CTX_get_md.3 @@ -1890,6 +2521,26 @@ MLINKS+= HMAC.3 HMAC_Init.3 MLINKS+= HMAC.3 HMAC_Init_ex.3 MLINKS+= HMAC.3 HMAC_Update.3 MLINKS+= HMAC.3 HMAC_size.3 +MLINKS+= X509_dup.3 IMPLEMENT_ASN1_FUNCTIONS.3 +MLINKS+= ASN1_EXTERN_FUNCS.3 IMPLEMENT_EXTERN_ASN1.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 IMPLEMENT_LHASH_COMP_FN.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 IMPLEMENT_LHASH_HASH_FN.3 +MLINKS+= X509_dup.3 IPAddressChoice_free.3 +MLINKS+= X509_dup.3 IPAddressChoice_new.3 +MLINKS+= X509_dup.3 IPAddressFamily_free.3 +MLINKS+= X509_dup.3 IPAddressFamily_new.3 +MLINKS+= X509_dup.3 IPAddressOrRange_free.3 +MLINKS+= X509_dup.3 IPAddressOrRange_new.3 +MLINKS+= X509_dup.3 IPAddressRange_free.3 +MLINKS+= X509_dup.3 IPAddressRange_new.3 +MLINKS+= X509_dup.3 ISSUER_SIGN_TOOL_free.3 +MLINKS+= X509_dup.3 ISSUER_SIGN_TOOL_it.3 +MLINKS+= X509_dup.3 ISSUER_SIGN_TOOL_new.3 +MLINKS+= X509_dup.3 ISSUING_DIST_POINT_free.3 +MLINKS+= X509_dup.3 ISSUING_DIST_POINT_it.3 +MLINKS+= X509_dup.3 ISSUING_DIST_POINT_new.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 LHASH.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 LHASH_DOALL_ARG_FN_TYPE.3 MLINKS+= MD5.3 MD2.3 MLINKS+= MD5.3 MD2_Final.3 MLINKS+= MD5.3 MD2_Init.3 @@ -1904,6 +2555,33 @@ MLINKS+= MD5.3 MD5_Update.3 MLINKS+= MDC2_Init.3 MDC2.3 MLINKS+= MDC2_Init.3 MDC2_Final.3 MLINKS+= MDC2_Init.3 MDC2_Update.3 +MLINKS+= X509_dup.3 NAME_CONSTRAINTS_free.3 +MLINKS+= X509_dup.3 NAME_CONSTRAINTS_new.3 +MLINKS+= ADMISSIONS.3 NAMING_AUTHORITY.3 +MLINKS+= X509_dup.3 NAMING_AUTHORITY_free.3 +MLINKS+= ADMISSIONS.3 NAMING_AUTHORITY_get0_authorityId.3 +MLINKS+= ADMISSIONS.3 NAMING_AUTHORITY_get0_authorityText.3 +MLINKS+= ADMISSIONS.3 NAMING_AUTHORITY_get0_authorityURL.3 +MLINKS+= X509_dup.3 NAMING_AUTHORITY_new.3 +MLINKS+= ADMISSIONS.3 NAMING_AUTHORITY_set0_authorityId.3 +MLINKS+= ADMISSIONS.3 NAMING_AUTHORITY_set0_authorityText.3 +MLINKS+= ADMISSIONS.3 NAMING_AUTHORITY_set0_authorityURL.3 +MLINKS+= NCONF_new_ex.3 NCONF_default.3 +MLINKS+= NCONF_new_ex.3 NCONF_free.3 +MLINKS+= NCONF_new_ex.3 NCONF_get0_libctx.3 +MLINKS+= NCONF_new_ex.3 NCONF_get_section.3 +MLINKS+= NCONF_new_ex.3 NCONF_get_section_names.3 +MLINKS+= NCONF_new_ex.3 NCONF_load.3 +MLINKS+= NCONF_new_ex.3 NCONF_new.3 +MLINKS+= X509_dup.3 NETSCAPE_CERT_SEQUENCE_free.3 +MLINKS+= X509_dup.3 NETSCAPE_CERT_SEQUENCE_new.3 +MLINKS+= X509_dup.3 NETSCAPE_SPKAC_free.3 +MLINKS+= X509_dup.3 NETSCAPE_SPKAC_new.3 +MLINKS+= X509_dup.3 NETSCAPE_SPKI_free.3 +MLINKS+= X509_dup.3 NETSCAPE_SPKI_new.3 +MLINKS+= X509_dup.3 NOTICEREF_free.3 +MLINKS+= X509_dup.3 NOTICEREF_new.3 +MLINKS+= OBJ_nid2obj.3 OBJ_add_sigid.3 MLINKS+= OBJ_nid2obj.3 OBJ_cleanup.3 MLINKS+= OBJ_nid2obj.3 OBJ_cmp.3 MLINKS+= OBJ_nid2obj.3 OBJ_create.3 @@ -1918,23 +2596,63 @@ MLINKS+= OBJ_nid2obj.3 OBJ_obj2txt.3 MLINKS+= OBJ_nid2obj.3 OBJ_sn2nid.3 MLINKS+= OBJ_nid2obj.3 OBJ_txt2nid.3 MLINKS+= OBJ_nid2obj.3 OBJ_txt2obj.3 -MLINKS+= OBJ_nid2obj.3 i2t_ASN1_OBJECT.3 +MLINKS+= X509_dup.3 OCSP_BASICRESP_free.3 +MLINKS+= X509_dup.3 OCSP_BASICRESP_new.3 +MLINKS+= X509_dup.3 OCSP_CERTID_dup.3 +MLINKS+= OCSP_cert_to_id.3 OCSP_CERTID_free.3 +MLINKS+= X509_dup.3 OCSP_CERTID_new.3 +MLINKS+= X509_dup.3 OCSP_CERTSTATUS_free.3 +MLINKS+= X509_dup.3 OCSP_CERTSTATUS_new.3 +MLINKS+= X509_dup.3 OCSP_CRLID_free.3 +MLINKS+= X509_dup.3 OCSP_CRLID_new.3 +MLINKS+= X509_dup.3 OCSP_ONEREQ_free.3 +MLINKS+= X509_dup.3 OCSP_ONEREQ_new.3 +MLINKS+= X509_dup.3 OCSP_REQINFO_free.3 +MLINKS+= X509_dup.3 OCSP_REQINFO_new.3 MLINKS+= OCSP_REQUEST_new.3 OCSP_REQUEST_free.3 +MLINKS+= OCSP_sendreq_new.3 OCSP_REQ_CTX.3 +MLINKS+= OCSP_sendreq_new.3 OCSP_REQ_CTX_add1_header.3 +MLINKS+= OCSP_sendreq_new.3 OCSP_REQ_CTX_free.3 +MLINKS+= OCSP_sendreq_new.3 OCSP_REQ_CTX_i2d.3 +MLINKS+= OCSP_sendreq_new.3 OCSP_REQ_CTX_set1_req.3 +MLINKS+= X509_dup.3 OCSP_RESPBYTES_free.3 +MLINKS+= X509_dup.3 OCSP_RESPBYTES_new.3 +MLINKS+= X509_dup.3 OCSP_RESPDATA_free.3 +MLINKS+= X509_dup.3 OCSP_RESPDATA_new.3 +MLINKS+= X509_dup.3 OCSP_RESPID_free.3 +MLINKS+= OCSP_response_status.3 OCSP_RESPID_match.3 +MLINKS+= OCSP_response_status.3 OCSP_RESPID_match_ex.3 +MLINKS+= X509_dup.3 OCSP_RESPID_new.3 +MLINKS+= OCSP_response_status.3 OCSP_RESPID_set_by_key.3 +MLINKS+= OCSP_response_status.3 OCSP_RESPID_set_by_key_ex.3 +MLINKS+= OCSP_response_status.3 OCSP_RESPID_set_by_name.3 +MLINKS+= OCSP_response_status.3 OCSP_RESPONSE_free.3 +MLINKS+= X509_dup.3 OCSP_RESPONSE_new.3 +MLINKS+= X509_dup.3 OCSP_REVOKEDINFO_free.3 +MLINKS+= X509_dup.3 OCSP_REVOKEDINFO_new.3 +MLINKS+= X509_dup.3 OCSP_SERVICELOC_free.3 +MLINKS+= X509_dup.3 OCSP_SERVICELOC_new.3 +MLINKS+= X509_dup.3 OCSP_SIGNATURE_free.3 +MLINKS+= X509_dup.3 OCSP_SIGNATURE_new.3 +MLINKS+= X509_dup.3 OCSP_SINGLERESP_free.3 +MLINKS+= X509_dup.3 OCSP_SINGLERESP_new.3 +MLINKS+= OCSP_request_add1_nonce.3 OCSP_basic_add1_nonce.3 +MLINKS+= OCSP_response_status.3 OCSP_basic_sign.3 +MLINKS+= OCSP_response_status.3 OCSP_basic_sign_ctx.3 +MLINKS+= OCSP_resp_find_status.3 OCSP_basic_verify.3 +MLINKS+= OCSP_cert_to_id.3 OCSP_cert_id_new.3 +MLINKS+= OCSP_request_add1_nonce.3 OCSP_check_nonce.3 +MLINKS+= OCSP_resp_find_status.3 OCSP_check_validity.3 +MLINKS+= OCSP_request_add1_nonce.3 OCSP_copy_nonce.3 +MLINKS+= OCSP_cert_to_id.3 OCSP_id_cmp.3 +MLINKS+= OCSP_cert_to_id.3 OCSP_id_get0_info.3 +MLINKS+= OCSP_cert_to_id.3 OCSP_id_issuer_cmp.3 +MLINKS+= OSSL_HTTP_parse_url.3 OCSP_parse_url.3 MLINKS+= OCSP_REQUEST_new.3 OCSP_request_add0_id.3 MLINKS+= OCSP_REQUEST_new.3 OCSP_request_add1_cert.3 MLINKS+= OCSP_REQUEST_new.3 OCSP_request_onereq_count.3 MLINKS+= OCSP_REQUEST_new.3 OCSP_request_onereq_get0.3 MLINKS+= OCSP_REQUEST_new.3 OCSP_request_sign.3 -MLINKS+= OCSP_cert_to_id.3 OCSP_CERTID_free.3 -MLINKS+= OCSP_cert_to_id.3 OCSP_cert_id_new.3 -MLINKS+= OCSP_cert_to_id.3 OCSP_id_cmp.3 -MLINKS+= OCSP_cert_to_id.3 OCSP_id_get0_info.3 -MLINKS+= OCSP_cert_to_id.3 OCSP_id_issuer_cmp.3 -MLINKS+= OCSP_request_add1_nonce.3 OCSP_basic_add1_nonce.3 -MLINKS+= OCSP_request_add1_nonce.3 OCSP_check_nonce.3 -MLINKS+= OCSP_request_add1_nonce.3 OCSP_copy_nonce.3 -MLINKS+= OCSP_resp_find_status.3 OCSP_basic_verify.3 -MLINKS+= OCSP_resp_find_status.3 OCSP_check_validity.3 MLINKS+= OCSP_resp_find_status.3 OCSP_resp_count.3 MLINKS+= OCSP_resp_find_status.3 OCSP_resp_find.3 MLINKS+= OCSP_resp_find_status.3 OCSP_resp_get0.3 @@ -1946,109 +2664,526 @@ MLINKS+= OCSP_resp_find_status.3 OCSP_resp_get0_signature.3 MLINKS+= OCSP_resp_find_status.3 OCSP_resp_get0_signer.3 MLINKS+= OCSP_resp_find_status.3 OCSP_resp_get0_tbs_sigalg.3 MLINKS+= OCSP_resp_find_status.3 OCSP_resp_get1_id.3 -MLINKS+= OCSP_resp_find_status.3 OCSP_single_get0_status.3 -MLINKS+= OCSP_response_status.3 OCSP_RESPID_match.3 -MLINKS+= OCSP_response_status.3 OCSP_RESPID_set_by_key.3 -MLINKS+= OCSP_response_status.3 OCSP_RESPID_set_by_name.3 -MLINKS+= OCSP_response_status.3 OCSP_RESPONSE_free.3 -MLINKS+= OCSP_response_status.3 OCSP_basic_sign.3 -MLINKS+= OCSP_response_status.3 OCSP_basic_sign_ctx.3 MLINKS+= OCSP_response_status.3 OCSP_response_create.3 MLINKS+= OCSP_response_status.3 OCSP_response_get1_basic.3 -MLINKS+= OCSP_sendreq_new.3 OCSP_REQ_CTX_add1_header.3 -MLINKS+= OCSP_sendreq_new.3 OCSP_REQ_CTX_free.3 -MLINKS+= OCSP_sendreq_new.3 OCSP_REQ_CTX_i2d.3 -MLINKS+= OCSP_sendreq_new.3 OCSP_REQ_CTX_set1_req.3 MLINKS+= OCSP_sendreq_new.3 OCSP_sendreq_bio.3 MLINKS+= OCSP_sendreq_new.3 OCSP_sendreq_nbio.3 MLINKS+= OCSP_sendreq_new.3 OCSP_set_max_response_length.3 -MLINKS+= OPENSSL_LH_COMPFUNC.3 DECLARE_LHASH_OF.3 -MLINKS+= OPENSSL_LH_COMPFUNC.3 IMPLEMENT_LHASH_COMP_FN.3 -MLINKS+= OPENSSL_LH_COMPFUNC.3 IMPLEMENT_LHASH_HASH_FN.3 -MLINKS+= OPENSSL_LH_COMPFUNC.3 LHASH.3 -MLINKS+= OPENSSL_LH_COMPFUNC.3 LHASH_DOALL_ARG_FN_TYPE.3 +MLINKS+= OCSP_resp_find_status.3 OCSP_single_get0_status.3 +MLINKS+= OPENSSL_FILE.3 OPENSSL_FUNC.3 +MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_free.3 +MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_new.3 +MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_set_config_appname.3 +MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_set_config_file_flags.3 +MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_set_config_filename.3 MLINKS+= OPENSSL_LH_COMPFUNC.3 OPENSSL_LH_DOALL_FUNC.3 MLINKS+= OPENSSL_LH_COMPFUNC.3 OPENSSL_LH_HASHFUNC.3 -MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_delete.3 -MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_doall.3 -MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_doall_arg.3 -MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_error.3 -MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_free.3 -MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_insert.3 -MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_new.3 -MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_retrieve.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 OPENSSL_LH_delete.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 OPENSSL_LH_doall.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 OPENSSL_LH_doall_arg.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 OPENSSL_LH_error.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 OPENSSL_LH_flush.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 OPENSSL_LH_free.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 OPENSSL_LH_insert.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 OPENSSL_LH_new.3 MLINKS+= OPENSSL_LH_stats.3 OPENSSL_LH_node_stats.3 MLINKS+= OPENSSL_LH_stats.3 OPENSSL_LH_node_stats_bio.3 MLINKS+= OPENSSL_LH_stats.3 OPENSSL_LH_node_usage_stats.3 MLINKS+= OPENSSL_LH_stats.3 OPENSSL_LH_node_usage_stats_bio.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 OPENSSL_LH_retrieve.3 MLINKS+= OPENSSL_LH_stats.3 OPENSSL_LH_stats_bio.3 -MLINKS+= OPENSSL_VERSION_NUMBER.3 OPENSSL_VERSION_TEXT.3 -MLINKS+= OPENSSL_VERSION_NUMBER.3 OpenSSL_version.3 -MLINKS+= OPENSSL_VERSION_NUMBER.3 OpenSSL_version_num.3 -MLINKS+= OPENSSL_config.3 OPENSSL_no_config.3 -MLINKS+= OPENSSL_fork_prepare.3 OPENSSL_fork_child.3 -MLINKS+= OPENSSL_fork_prepare.3 OPENSSL_fork_parent.3 -MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_free.3 -MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_new.3 -MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_set_config_appname.3 -MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_set_config_file_flags.3 -MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_set_config_filename.3 -MLINKS+= OPENSSL_init_crypto.3 OPENSSL_atexit.3 -MLINKS+= OPENSSL_init_crypto.3 OPENSSL_cleanup.3 -MLINKS+= OPENSSL_init_crypto.3 OPENSSL_thread_stop.3 -MLINKS+= OPENSSL_instrument_bus.3 OPENSSL_instrument_bus2.3 -MLINKS+= OPENSSL_load_builtin_modules.3 ASN1_add_oid_module.3 -MLINKS+= OPENSSL_load_builtin_modules.3 ENGINE_add_conf_module.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_clear_free.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_clear_realloc.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_free.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_get_alloc_counts.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_get_mem_functions.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_malloc.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_mem_ctrl.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_mem_debug_pop.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_mem_debug_push.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_mem_leaks.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_mem_leaks_cb.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_mem_leaks_fp.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_realloc.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_set_mem_debug.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_set_mem_functions.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_strdup.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_strndup.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_zalloc.3 +MLINKS+= OPENSSL_FILE.3 OPENSSL_LINE.3 MLINKS+= OPENSSL_malloc.3 OPENSSL_MALLOC_FAILURES.3 MLINKS+= OPENSSL_malloc.3 OPENSSL_MALLOC_FD.3 -MLINKS+= OPENSSL_malloc.3 OPENSSL_buf2hexstr.3 +MLINKS+= OPENSSL_FILE.3 OPENSSL_MSTR.3 +MLINKS+= OPENSSL_FILE.3 OPENSSL_MSTR_HELPER.3 +MLINKS+= OpenSSL_version.3 OPENSSL_VERSION_BUILD_METADATA.3 +MLINKS+= OpenSSL_version.3 OPENSSL_VERSION_MAJOR.3 +MLINKS+= OpenSSL_version.3 OPENSSL_VERSION_MINOR.3 +MLINKS+= OpenSSL_version.3 OPENSSL_VERSION_NUMBER.3 +MLINKS+= OpenSSL_version.3 OPENSSL_VERSION_PATCH.3 +MLINKS+= OpenSSL_version.3 OPENSSL_VERSION_PREREQ.3 +MLINKS+= OpenSSL_version.3 OPENSSL_VERSION_PRE_RELEASE.3 +MLINKS+= OpenSSL_version.3 OPENSSL_VERSION_TEXT.3 +MLINKS+= OPENSSL_init_crypto.3 OPENSSL_atexit.3 +MLINKS+= OPENSSL_hexchar2int.3 OPENSSL_buf2hexstr.3 +MLINKS+= OPENSSL_hexchar2int.3 OPENSSL_buf2hexstr_ex.3 +MLINKS+= SSL_CIPHER_get_name.3 OPENSSL_cipher_name.3 MLINKS+= OPENSSL_malloc.3 OPENSSL_cleanse.3 +MLINKS+= OPENSSL_init_crypto.3 OPENSSL_cleanup.3 MLINKS+= OPENSSL_malloc.3 OPENSSL_clear_free.3 MLINKS+= OPENSSL_malloc.3 OPENSSL_clear_realloc.3 +MLINKS+= OPENSSL_fork_prepare.3 OPENSSL_fork_child.3 +MLINKS+= OPENSSL_fork_prepare.3 OPENSSL_fork_parent.3 MLINKS+= OPENSSL_malloc.3 OPENSSL_free.3 -MLINKS+= OPENSSL_malloc.3 OPENSSL_hexchar2int.3 -MLINKS+= OPENSSL_malloc.3 OPENSSL_hexstr2buf.3 +MLINKS+= OPENSSL_gmtime.3 OPENSSL_gmtime_adj.3 +MLINKS+= OPENSSL_gmtime.3 OPENSSL_gmtime_diff.3 +MLINKS+= OPENSSL_hexchar2int.3 OPENSSL_hexstr2buf.3 +MLINKS+= OPENSSL_hexchar2int.3 OPENSSL_hexstr2buf_ex.3 +MLINKS+= OpenSSL_version.3 OPENSSL_info.3 +MLINKS+= OPENSSL_instrument_bus.3 OPENSSL_instrument_bus2.3 MLINKS+= OPENSSL_malloc.3 OPENSSL_malloc_init.3 MLINKS+= OPENSSL_malloc.3 OPENSSL_mem_debug_pop.3 MLINKS+= OPENSSL_malloc.3 OPENSSL_mem_debug_push.3 MLINKS+= OPENSSL_malloc.3 OPENSSL_memdup.3 +MLINKS+= OPENSSL_config.3 OPENSSL_no_config.3 MLINKS+= OPENSSL_malloc.3 OPENSSL_realloc.3 +MLINKS+= OPENSSL_secure_malloc.3 OPENSSL_secure_actual_size.3 +MLINKS+= OPENSSL_secure_malloc.3 OPENSSL_secure_clear_free.3 +MLINKS+= OPENSSL_secure_malloc.3 OPENSSL_secure_free.3 +MLINKS+= OPENSSL_secure_malloc.3 OPENSSL_secure_zalloc.3 +MLINKS+= DEFINE_STACK_OF.3 OPENSSL_sk_deep_copy.3 +MLINKS+= DEFINE_STACK_OF.3 OPENSSL_sk_delete.3 +MLINKS+= DEFINE_STACK_OF.3 OPENSSL_sk_delete_ptr.3 +MLINKS+= DEFINE_STACK_OF.3 OPENSSL_sk_dup.3 +MLINKS+= DEFINE_STACK_OF.3 OPENSSL_sk_find.3 +MLINKS+= DEFINE_STACK_OF.3 OPENSSL_sk_find_all.3 +MLINKS+= DEFINE_STACK_OF.3 OPENSSL_sk_find_ex.3 +MLINKS+= DEFINE_STACK_OF.3 OPENSSL_sk_free.3 +MLINKS+= DEFINE_STACK_OF.3 OPENSSL_sk_insert.3 +MLINKS+= DEFINE_STACK_OF.3 OPENSSL_sk_is_sorted.3 +MLINKS+= DEFINE_STACK_OF.3 OPENSSL_sk_new.3 +MLINKS+= DEFINE_STACK_OF.3 OPENSSL_sk_new_null.3 +MLINKS+= DEFINE_STACK_OF.3 OPENSSL_sk_new_reserve.3 +MLINKS+= DEFINE_STACK_OF.3 OPENSSL_sk_num.3 +MLINKS+= DEFINE_STACK_OF.3 OPENSSL_sk_pop.3 +MLINKS+= DEFINE_STACK_OF.3 OPENSSL_sk_pop_free.3 +MLINKS+= DEFINE_STACK_OF.3 OPENSSL_sk_push.3 +MLINKS+= DEFINE_STACK_OF.3 OPENSSL_sk_reserve.3 +MLINKS+= DEFINE_STACK_OF.3 OPENSSL_sk_set.3 +MLINKS+= DEFINE_STACK_OF.3 OPENSSL_sk_set_cmp_func.3 +MLINKS+= DEFINE_STACK_OF.3 OPENSSL_sk_shift.3 +MLINKS+= DEFINE_STACK_OF.3 OPENSSL_sk_sort.3 +MLINKS+= DEFINE_STACK_OF.3 OPENSSL_sk_unshift.3 +MLINKS+= DEFINE_STACK_OF.3 OPENSSL_sk_value.3 +MLINKS+= DEFINE_STACK_OF.3 OPENSSL_sk_zero.3 MLINKS+= OPENSSL_malloc.3 OPENSSL_strdup.3 MLINKS+= OPENSSL_malloc.3 OPENSSL_strlcat.3 MLINKS+= OPENSSL_malloc.3 OPENSSL_strlcpy.3 +MLINKS+= OPENSSL_strcasecmp.3 OPENSSL_strncasecmp.3 MLINKS+= OPENSSL_malloc.3 OPENSSL_strndup.3 +MLINKS+= OPENSSL_init_crypto.3 OPENSSL_thread_stop.3 +MLINKS+= OPENSSL_init_crypto.3 OPENSSL_thread_stop_ex.3 +MLINKS+= OpenSSL_version.3 OPENSSL_version_build_metadata.3 +MLINKS+= OpenSSL_version.3 OPENSSL_version_major.3 +MLINKS+= OpenSSL_version.3 OPENSSL_version_minor.3 +MLINKS+= OpenSSL_version.3 OPENSSL_version_patch.3 +MLINKS+= OpenSSL_version.3 OPENSSL_version_pre_release.3 MLINKS+= OPENSSL_malloc.3 OPENSSL_zalloc.3 -MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_allocated.3 -MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_clear_free.3 -MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_free.3 -MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_malloc.3 -MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_malloc_done.3 -MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_malloc_init.3 -MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_malloc_initialized.3 -MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_used.3 -MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_zalloc.3 -MLINKS+= OPENSSL_secure_malloc.3 OPENSSL_secure_actual_size.3 -MLINKS+= OPENSSL_secure_malloc.3 OPENSSL_secure_clear_free.3 -MLINKS+= OPENSSL_secure_malloc.3 OPENSSL_secure_free.3 -MLINKS+= OPENSSL_secure_malloc.3 OPENSSL_secure_zalloc.3 +MLINKS+= OSSL_CMP_exec_certreq.3 OSSL_CMP_CR.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_build_cert_chain.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_free.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_get0_newCert.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_get0_newPkey.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_get0_statusString.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_get0_trustedStore.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_get0_untrusted.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_get1_caPubs.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_get1_extraCertsIn.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_get1_newChain.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_get_certConf_cb_arg.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_get_failInfoCode.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_get_http_cb_arg.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_get_option.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_get_status.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_get_transfer_cb_arg.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_print_errors.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_push0_geninfo_ITAV.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_push0_genm_ITAV.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_push0_policy.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_push1_subjectAltName.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_reinit.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_reqExtensions_have_SAN.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_reset_geninfo_ITAVs.3 +MLINKS+= OSSL_CMP_SRV_CTX_new.3 OSSL_CMP_CTX_server_perform.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set0_newPkey.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set0_reqExtensions.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set0_trustedStore.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set1_cert.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set1_expected_sender.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set1_extraCertsOut.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set1_issuer.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set1_no_proxy.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set1_oldCert.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set1_p10CSR.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set1_pkey.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set1_proxy.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set1_recipient.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set1_referenceValue.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set1_secretValue.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set1_senderNonce.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set1_server.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set1_serverPath.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set1_srvCert.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set1_subjectName.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set1_transactionID.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set1_untrusted.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set_certConf_cb.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set_certConf_cb_arg.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set_http_cb.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set_http_cb_arg.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set_log_cb.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set_log_verbosity.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set_option.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set_serverPort.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set_transfer_cb.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_CTX_set_transfer_cb_arg.3 +MLINKS+= OSSL_CMP_MSG_get0_header.3 OSSL_CMP_CTX_setup_CRM.3 +MLINKS+= OSSL_CMP_STATUSINFO_new.3 OSSL_CMP_CTX_snprint_PKIStatus.3 +MLINKS+= OSSL_CMP_HDR_get0_transactionID.3 OSSL_CMP_HDR_get0_recipNonce.3 +MLINKS+= OSSL_CMP_exec_certreq.3 OSSL_CMP_IR.3 +MLINKS+= OSSL_CMP_ITAV_set0.3 OSSL_CMP_ITAV_create.3 +MLINKS+= X509_dup.3 OSSL_CMP_ITAV_dup.3 +MLINKS+= X509_dup.3 OSSL_CMP_ITAV_free.3 +MLINKS+= OSSL_CMP_ITAV_set0.3 OSSL_CMP_ITAV_get0_type.3 +MLINKS+= OSSL_CMP_ITAV_set0.3 OSSL_CMP_ITAV_get0_value.3 +MLINKS+= OSSL_CMP_ITAV_set0.3 OSSL_CMP_ITAV_push0_stack_item.3 +MLINKS+= OSSL_CMP_exec_certreq.3 OSSL_CMP_KUR.3 +MLINKS+= OSSL_CMP_log_open.3 OSSL_CMP_LOG_ALERT.3 +MLINKS+= OSSL_CMP_log_open.3 OSSL_CMP_LOG_CRIT.3 +MLINKS+= OSSL_CMP_log_open.3 OSSL_CMP_LOG_DEBUG.3 +MLINKS+= OSSL_CMP_log_open.3 OSSL_CMP_LOG_EMERG.3 +MLINKS+= OSSL_CMP_log_open.3 OSSL_CMP_LOG_ERR.3 +MLINKS+= OSSL_CMP_log_open.3 OSSL_CMP_LOG_INFO.3 +MLINKS+= OSSL_CMP_log_open.3 OSSL_CMP_LOG_NOTICE.3 +MLINKS+= OSSL_CMP_log_open.3 OSSL_CMP_LOG_TRACE.3 +MLINKS+= OSSL_CMP_log_open.3 OSSL_CMP_LOG_WARNING.3 +MLINKS+= X509_dup.3 OSSL_CMP_MSG_dup.3 +MLINKS+= X509_dup.3 OSSL_CMP_MSG_free.3 +MLINKS+= OSSL_CMP_MSG_get0_header.3 OSSL_CMP_MSG_get_bodytype.3 +MLINKS+= X509_dup.3 OSSL_CMP_MSG_it.3 +MLINKS+= OSSL_CMP_MSG_get0_header.3 OSSL_CMP_MSG_read.3 +MLINKS+= OSSL_CMP_MSG_get0_header.3 OSSL_CMP_MSG_update_recipNonce.3 +MLINKS+= OSSL_CMP_MSG_get0_header.3 OSSL_CMP_MSG_update_transactionID.3 +MLINKS+= OSSL_CMP_MSG_get0_header.3 OSSL_CMP_MSG_write.3 +MLINKS+= OSSL_CMP_exec_certreq.3 OSSL_CMP_P10CR.3 +MLINKS+= X509_dup.3 OSSL_CMP_PKIHEADER_free.3 +MLINKS+= X509_dup.3 OSSL_CMP_PKIHEADER_it.3 +MLINKS+= X509_dup.3 OSSL_CMP_PKIHEADER_new.3 +MLINKS+= X509_dup.3 OSSL_CMP_PKISI_dup.3 +MLINKS+= X509_dup.3 OSSL_CMP_PKISI_free.3 +MLINKS+= X509_dup.3 OSSL_CMP_PKISI_it.3 +MLINKS+= X509_dup.3 OSSL_CMP_PKISI_new.3 +MLINKS+= X509_dup.3 OSSL_CMP_PKISTATUS_it.3 +MLINKS+= OSSL_CMP_SRV_CTX_new.3 OSSL_CMP_SRV_CTX_free.3 +MLINKS+= OSSL_CMP_SRV_CTX_new.3 OSSL_CMP_SRV_CTX_get0_cmp_ctx.3 +MLINKS+= OSSL_CMP_SRV_CTX_new.3 OSSL_CMP_SRV_CTX_get0_custom_ctx.3 +MLINKS+= OSSL_CMP_SRV_CTX_new.3 OSSL_CMP_SRV_CTX_init.3 +MLINKS+= OSSL_CMP_SRV_CTX_new.3 OSSL_CMP_SRV_CTX_set_accept_raverified.3 +MLINKS+= OSSL_CMP_SRV_CTX_new.3 OSSL_CMP_SRV_CTX_set_accept_unprotected.3 +MLINKS+= OSSL_CMP_SRV_CTX_new.3 OSSL_CMP_SRV_CTX_set_grant_implicit_confirm.3 +MLINKS+= OSSL_CMP_SRV_CTX_new.3 OSSL_CMP_SRV_CTX_set_send_unprotected_errors.3 +MLINKS+= OSSL_CMP_SRV_CTX_new.3 OSSL_CMP_SRV_certConf_cb_t.3 +MLINKS+= OSSL_CMP_SRV_CTX_new.3 OSSL_CMP_SRV_cert_request_cb_t.3 +MLINKS+= OSSL_CMP_SRV_CTX_new.3 OSSL_CMP_SRV_error_cb_t.3 +MLINKS+= OSSL_CMP_SRV_CTX_new.3 OSSL_CMP_SRV_genm_cb_t.3 +MLINKS+= OSSL_CMP_SRV_CTX_new.3 OSSL_CMP_SRV_pollReq_cb_t.3 +MLINKS+= OSSL_CMP_SRV_CTX_new.3 OSSL_CMP_SRV_process_request.3 +MLINKS+= OSSL_CMP_SRV_CTX_new.3 OSSL_CMP_SRV_rr_cb_t.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_certConf_cb.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_certConf_cb_t.3 +MLINKS+= OSSL_CMP_exec_certreq.3 OSSL_CMP_exec_CR_ses.3 +MLINKS+= OSSL_CMP_exec_certreq.3 OSSL_CMP_exec_GENM_ses.3 +MLINKS+= OSSL_CMP_exec_certreq.3 OSSL_CMP_exec_IR_ses.3 +MLINKS+= OSSL_CMP_exec_certreq.3 OSSL_CMP_exec_KUR_ses.3 +MLINKS+= OSSL_CMP_exec_certreq.3 OSSL_CMP_exec_P10CR_ses.3 +MLINKS+= OSSL_CMP_exec_certreq.3 OSSL_CMP_exec_RR_ses.3 +MLINKS+= OSSL_CMP_log_open.3 OSSL_CMP_log_cb_t.3 +MLINKS+= OSSL_CMP_log_open.3 OSSL_CMP_log_close.3 +MLINKS+= OSSL_CMP_log_open.3 OSSL_CMP_print_errors_cb.3 +MLINKS+= OSSL_CMP_log_open.3 OSSL_CMP_print_to_bio.3 +MLINKS+= OSSL_CMP_log_open.3 OSSL_CMP_severity.3 +MLINKS+= OSSL_CMP_STATUSINFO_new.3 OSSL_CMP_snprint_PKIStatusInfo.3 +MLINKS+= OSSL_CMP_CTX_new.3 OSSL_CMP_transfer_cb_t.3 +MLINKS+= OSSL_CMP_exec_certreq.3 OSSL_CMP_try_certreq.3 +MLINKS+= OSSL_CMP_validate_msg.3 OSSL_CMP_validate_cert_path.3 +MLINKS+= X509_dup.3 OSSL_CRMF_CERTID_dup.3 +MLINKS+= X509_dup.3 OSSL_CRMF_CERTID_free.3 +MLINKS+= OSSL_CRMF_MSG_set1_regCtrl_regToken.3 OSSL_CRMF_CERTID_gen.3 +MLINKS+= OSSL_CRMF_MSG_get0_tmpl.3 OSSL_CRMF_CERTID_get0_issuer.3 +MLINKS+= OSSL_CRMF_MSG_get0_tmpl.3 OSSL_CRMF_CERTID_get0_serialNumber.3 +MLINKS+= X509_dup.3 OSSL_CRMF_CERTID_it.3 +MLINKS+= X509_dup.3 OSSL_CRMF_CERTID_new.3 +MLINKS+= OSSL_CRMF_MSG_set0_validity.3 OSSL_CRMF_CERTTEMPLATE_fill.3 +MLINKS+= X509_dup.3 OSSL_CRMF_CERTTEMPLATE_free.3 +MLINKS+= OSSL_CRMF_MSG_get0_tmpl.3 OSSL_CRMF_CERTTEMPLATE_get0_extensions.3 +MLINKS+= OSSL_CRMF_MSG_get0_tmpl.3 OSSL_CRMF_CERTTEMPLATE_get0_issuer.3 +MLINKS+= OSSL_CRMF_MSG_get0_tmpl.3 OSSL_CRMF_CERTTEMPLATE_get0_serialNumber.3 +MLINKS+= OSSL_CRMF_MSG_get0_tmpl.3 OSSL_CRMF_CERTTEMPLATE_get0_subject.3 +MLINKS+= X509_dup.3 OSSL_CRMF_CERTTEMPLATE_it.3 +MLINKS+= X509_dup.3 OSSL_CRMF_CERTTEMPLATE_new.3 +MLINKS+= X509_dup.3 OSSL_CRMF_ENCRYPTEDVALUE_free.3 +MLINKS+= OSSL_CRMF_MSG_get0_tmpl.3 OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert.3 +MLINKS+= X509_dup.3 OSSL_CRMF_ENCRYPTEDVALUE_it.3 +MLINKS+= X509_dup.3 OSSL_CRMF_ENCRYPTEDVALUE_new.3 +MLINKS+= X509_dup.3 OSSL_CRMF_MSGS_free.3 +MLINKS+= X509_dup.3 OSSL_CRMF_MSGS_it.3 +MLINKS+= X509_dup.3 OSSL_CRMF_MSGS_new.3 +MLINKS+= OSSL_CRMF_MSG_set0_validity.3 OSSL_CRMF_MSGS_verify_popo.3 +MLINKS+= OSSL_CRMF_MSG_set1_regCtrl_regToken.3 OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo.3 +MLINKS+= OSSL_CRMF_MSG_set0_validity.3 OSSL_CRMF_MSG_create_popo.3 +MLINKS+= X509_dup.3 OSSL_CRMF_MSG_dup.3 +MLINKS+= X509_dup.3 OSSL_CRMF_MSG_free.3 +MLINKS+= OSSL_CRMF_MSG_set1_regCtrl_regToken.3 OSSL_CRMF_MSG_get0_regCtrl_authenticator.3 +MLINKS+= OSSL_CRMF_MSG_set1_regCtrl_regToken.3 OSSL_CRMF_MSG_get0_regCtrl_oldCertID.3 +MLINKS+= OSSL_CRMF_MSG_set1_regCtrl_regToken.3 OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo.3 +MLINKS+= OSSL_CRMF_MSG_set1_regCtrl_regToken.3 OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey.3 +MLINKS+= OSSL_CRMF_MSG_set1_regCtrl_regToken.3 OSSL_CRMF_MSG_get0_regCtrl_regToken.3 +MLINKS+= OSSL_CRMF_MSG_set1_regInfo_certReq.3 OSSL_CRMF_MSG_get0_regInfo_certReq.3 +MLINKS+= OSSL_CRMF_MSG_set1_regInfo_certReq.3 OSSL_CRMF_MSG_get0_regInfo_utf8Pairs.3 +MLINKS+= OSSL_CRMF_MSG_get0_tmpl.3 OSSL_CRMF_MSG_get_certReqId.3 +MLINKS+= X509_dup.3 OSSL_CRMF_MSG_it.3 +MLINKS+= X509_dup.3 OSSL_CRMF_MSG_new.3 +MLINKS+= OSSL_CRMF_MSG_set0_validity.3 OSSL_CRMF_MSG_push0_extension.3 +MLINKS+= OSSL_CRMF_MSG_set1_regCtrl_regToken.3 OSSL_CRMF_MSG_set0_SinglePubInfo.3 +MLINKS+= OSSL_CRMF_MSG_set0_validity.3 OSSL_CRMF_MSG_set0_extensions.3 +MLINKS+= OSSL_CRMF_MSG_set1_regCtrl_regToken.3 OSSL_CRMF_MSG_set1_regCtrl_authenticator.3 +MLINKS+= OSSL_CRMF_MSG_set1_regCtrl_regToken.3 OSSL_CRMF_MSG_set1_regCtrl_oldCertID.3 +MLINKS+= OSSL_CRMF_MSG_set1_regCtrl_regToken.3 OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo.3 +MLINKS+= OSSL_CRMF_MSG_set1_regCtrl_regToken.3 OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey.3 +MLINKS+= OSSL_CRMF_MSG_set1_regInfo_certReq.3 OSSL_CRMF_MSG_set1_regInfo_utf8Pairs.3 +MLINKS+= OSSL_CRMF_MSG_set1_regCtrl_regToken.3 OSSL_CRMF_MSG_set_PKIPublicationInfo_action.3 +MLINKS+= OSSL_CRMF_MSG_set0_validity.3 OSSL_CRMF_MSG_set_certReqId.3 +MLINKS+= X509_dup.3 OSSL_CRMF_PBMPARAMETER_free.3 +MLINKS+= X509_dup.3 OSSL_CRMF_PBMPARAMETER_it.3 +MLINKS+= X509_dup.3 OSSL_CRMF_PBMPARAMETER_new.3 +MLINKS+= X509_dup.3 OSSL_CRMF_PKIPUBLICATIONINFO_free.3 +MLINKS+= X509_dup.3 OSSL_CRMF_PKIPUBLICATIONINFO_it.3 +MLINKS+= X509_dup.3 OSSL_CRMF_PKIPUBLICATIONINFO_new.3 +MLINKS+= X509_dup.3 OSSL_CRMF_SINGLEPUBINFO_free.3 +MLINKS+= X509_dup.3 OSSL_CRMF_SINGLEPUBINFO_it.3 +MLINKS+= X509_dup.3 OSSL_CRMF_SINGLEPUBINFO_new.3 +MLINKS+= OSSL_CRMF_pbmp_new.3 OSSL_CRMF_pbm_new.3 +MLINKS+= OSSL_DECODER_CTX.3 OSSL_DECODER_CLEANUP.3 +MLINKS+= OSSL_DECODER_CTX.3 OSSL_DECODER_CONSTRUCT.3 +MLINKS+= OSSL_DECODER_CTX.3 OSSL_DECODER_CTX_add_decoder.3 +MLINKS+= OSSL_DECODER_CTX.3 OSSL_DECODER_CTX_add_extra.3 +MLINKS+= OSSL_DECODER_CTX.3 OSSL_DECODER_CTX_free.3 +MLINKS+= OSSL_DECODER_CTX.3 OSSL_DECODER_CTX_get_cleanup.3 +MLINKS+= OSSL_DECODER_CTX.3 OSSL_DECODER_CTX_get_construct.3 +MLINKS+= OSSL_DECODER_CTX.3 OSSL_DECODER_CTX_get_construct_data.3 +MLINKS+= OSSL_DECODER_CTX.3 OSSL_DECODER_CTX_get_num_decoders.3 +MLINKS+= OSSL_DECODER_CTX.3 OSSL_DECODER_CTX_new.3 +MLINKS+= OSSL_DECODER_CTX.3 OSSL_DECODER_CTX_set_cleanup.3 +MLINKS+= OSSL_DECODER_CTX.3 OSSL_DECODER_CTX_set_construct.3 +MLINKS+= OSSL_DECODER_CTX.3 OSSL_DECODER_CTX_set_construct_data.3 +MLINKS+= OSSL_DECODER_CTX.3 OSSL_DECODER_CTX_set_input_structure.3 +MLINKS+= OSSL_DECODER_CTX.3 OSSL_DECODER_CTX_set_input_type.3 +MLINKS+= OSSL_DECODER_CTX.3 OSSL_DECODER_CTX_set_params.3 +MLINKS+= OSSL_DECODER_CTX_new_for_pkey.3 OSSL_DECODER_CTX_set_passphrase.3 +MLINKS+= OSSL_DECODER_CTX_new_for_pkey.3 OSSL_DECODER_CTX_set_passphrase_cb.3 +MLINKS+= OSSL_DECODER_CTX_new_for_pkey.3 OSSL_DECODER_CTX_set_passphrase_ui.3 +MLINKS+= OSSL_DECODER_CTX_new_for_pkey.3 OSSL_DECODER_CTX_set_pem_password_cb.3 +MLINKS+= OSSL_DECODER_CTX.3 OSSL_DECODER_CTX_set_selection.3 +MLINKS+= OSSL_DECODER_CTX.3 OSSL_DECODER_INSTANCE.3 +MLINKS+= OSSL_DECODER_CTX.3 OSSL_DECODER_INSTANCE_get_decoder.3 +MLINKS+= OSSL_DECODER_CTX.3 OSSL_DECODER_INSTANCE_get_decoder_ctx.3 +MLINKS+= OSSL_DECODER_CTX.3 OSSL_DECODER_INSTANCE_get_input_structure.3 +MLINKS+= OSSL_DECODER_CTX.3 OSSL_DECODER_INSTANCE_get_input_type.3 +MLINKS+= OSSL_DECODER.3 OSSL_DECODER_do_all_provided.3 +MLINKS+= OSSL_DECODER_CTX.3 OSSL_DECODER_export.3 +MLINKS+= OSSL_DECODER.3 OSSL_DECODER_fetch.3 +MLINKS+= OSSL_DECODER.3 OSSL_DECODER_free.3 +MLINKS+= OSSL_DECODER_from_bio.3 OSSL_DECODER_from_data.3 +MLINKS+= OSSL_DECODER_from_bio.3 OSSL_DECODER_from_fp.3 +MLINKS+= OSSL_DECODER.3 OSSL_DECODER_get0_description.3 +MLINKS+= OSSL_DECODER.3 OSSL_DECODER_get0_name.3 +MLINKS+= OSSL_DECODER.3 OSSL_DECODER_get0_properties.3 +MLINKS+= OSSL_DECODER.3 OSSL_DECODER_get0_provider.3 +MLINKS+= OSSL_DECODER.3 OSSL_DECODER_get_params.3 +MLINKS+= OSSL_DECODER.3 OSSL_DECODER_gettable_params.3 +MLINKS+= OSSL_DECODER.3 OSSL_DECODER_is_a.3 +MLINKS+= OSSL_DECODER.3 OSSL_DECODER_names_do_all.3 +MLINKS+= OSSL_DECODER_CTX.3 OSSL_DECODER_settable_ctx_params.3 +MLINKS+= OSSL_DECODER.3 OSSL_DECODER_up_ref.3 +MLINKS+= EC_GROUP_new.3 OSSL_EC_curve_nid2name.3 +MLINKS+= OSSL_ENCODER_CTX.3 OSSL_ENCODER_CLEANUP.3 +MLINKS+= OSSL_ENCODER_CTX.3 OSSL_ENCODER_CONSTRUCT.3 +MLINKS+= OSSL_ENCODER_CTX.3 OSSL_ENCODER_CTX_add_encoder.3 +MLINKS+= OSSL_ENCODER_CTX.3 OSSL_ENCODER_CTX_add_extra.3 +MLINKS+= OSSL_ENCODER_CTX.3 OSSL_ENCODER_CTX_free.3 +MLINKS+= OSSL_ENCODER_CTX.3 OSSL_ENCODER_CTX_get_num_encoders.3 +MLINKS+= OSSL_ENCODER_CTX.3 OSSL_ENCODER_CTX_new.3 +MLINKS+= OSSL_ENCODER_CTX_new_for_pkey.3 OSSL_ENCODER_CTX_set_cipher.3 +MLINKS+= OSSL_ENCODER_CTX.3 OSSL_ENCODER_CTX_set_cleanup.3 +MLINKS+= OSSL_ENCODER_CTX.3 OSSL_ENCODER_CTX_set_construct.3 +MLINKS+= OSSL_ENCODER_CTX.3 OSSL_ENCODER_CTX_set_construct_data.3 +MLINKS+= OSSL_ENCODER_CTX.3 OSSL_ENCODER_CTX_set_output_structure.3 +MLINKS+= OSSL_ENCODER_CTX.3 OSSL_ENCODER_CTX_set_output_type.3 +MLINKS+= OSSL_ENCODER_CTX.3 OSSL_ENCODER_CTX_set_params.3 +MLINKS+= OSSL_ENCODER_CTX_new_for_pkey.3 OSSL_ENCODER_CTX_set_passphrase.3 +MLINKS+= OSSL_ENCODER_CTX_new_for_pkey.3 OSSL_ENCODER_CTX_set_passphrase_cb.3 +MLINKS+= OSSL_ENCODER_CTX_new_for_pkey.3 OSSL_ENCODER_CTX_set_passphrase_ui.3 +MLINKS+= OSSL_ENCODER_CTX_new_for_pkey.3 OSSL_ENCODER_CTX_set_pem_password_cb.3 +MLINKS+= OSSL_ENCODER_CTX.3 OSSL_ENCODER_CTX_set_selection.3 +MLINKS+= OSSL_ENCODER_CTX.3 OSSL_ENCODER_INSTANCE.3 +MLINKS+= OSSL_ENCODER_CTX.3 OSSL_ENCODER_INSTANCE_get_encoder.3 +MLINKS+= OSSL_ENCODER_CTX.3 OSSL_ENCODER_INSTANCE_get_encoder_ctx.3 +MLINKS+= OSSL_ENCODER_CTX.3 OSSL_ENCODER_INSTANCE_get_output_structure.3 +MLINKS+= OSSL_ENCODER_CTX.3 OSSL_ENCODER_INSTANCE_get_output_type.3 +MLINKS+= OSSL_ENCODER.3 OSSL_ENCODER_do_all_provided.3 +MLINKS+= OSSL_ENCODER.3 OSSL_ENCODER_fetch.3 +MLINKS+= OSSL_ENCODER.3 OSSL_ENCODER_free.3 +MLINKS+= OSSL_ENCODER.3 OSSL_ENCODER_get0_description.3 +MLINKS+= OSSL_ENCODER.3 OSSL_ENCODER_get0_name.3 +MLINKS+= OSSL_ENCODER.3 OSSL_ENCODER_get0_properties.3 +MLINKS+= OSSL_ENCODER.3 OSSL_ENCODER_get0_provider.3 +MLINKS+= OSSL_ENCODER.3 OSSL_ENCODER_get_params.3 +MLINKS+= OSSL_ENCODER.3 OSSL_ENCODER_gettable_params.3 +MLINKS+= OSSL_ENCODER.3 OSSL_ENCODER_is_a.3 +MLINKS+= OSSL_ENCODER.3 OSSL_ENCODER_names_do_all.3 +MLINKS+= OSSL_ENCODER_CTX.3 OSSL_ENCODER_settable_ctx_params.3 +MLINKS+= OSSL_ENCODER_to_bio.3 OSSL_ENCODER_to_data.3 +MLINKS+= OSSL_ENCODER_to_bio.3 OSSL_ENCODER_to_fp.3 +MLINKS+= OSSL_ENCODER.3 OSSL_ENCODER_up_ref.3 +MLINKS+= OSSL_ESS_check_signing_certs.3 OSSL_ESS_signing_cert_new_init.3 +MLINKS+= OSSL_ESS_check_signing_certs.3 OSSL_ESS_signing_cert_v2_new_init.3 +MLINKS+= OSSL_HTTP_REQ_CTX.3 OSSL_HTTP_REQ_CTX_add1_header.3 +MLINKS+= OSSL_HTTP_REQ_CTX.3 OSSL_HTTP_REQ_CTX_exchange.3 +MLINKS+= OSSL_HTTP_REQ_CTX.3 OSSL_HTTP_REQ_CTX_free.3 +MLINKS+= OSSL_HTTP_REQ_CTX.3 OSSL_HTTP_REQ_CTX_get0_mem_bio.3 +MLINKS+= OSSL_HTTP_REQ_CTX.3 OSSL_HTTP_REQ_CTX_get_resp_len.3 +MLINKS+= OSSL_HTTP_REQ_CTX.3 OSSL_HTTP_REQ_CTX_nbio.3 +MLINKS+= OSSL_HTTP_REQ_CTX.3 OSSL_HTTP_REQ_CTX_nbio_d2i.3 +MLINKS+= OSSL_HTTP_REQ_CTX.3 OSSL_HTTP_REQ_CTX_new.3 +MLINKS+= OSSL_HTTP_REQ_CTX.3 OSSL_HTTP_REQ_CTX_set1_req.3 +MLINKS+= OSSL_HTTP_REQ_CTX.3 OSSL_HTTP_REQ_CTX_set_expected.3 +MLINKS+= OSSL_HTTP_REQ_CTX.3 OSSL_HTTP_REQ_CTX_set_max_response_length.3 +MLINKS+= OSSL_HTTP_REQ_CTX.3 OSSL_HTTP_REQ_CTX_set_request_line.3 +MLINKS+= OSSL_HTTP_parse_url.3 OSSL_HTTP_adapt_proxy.3 +MLINKS+= OSSL_HTTP_transfer.3 OSSL_HTTP_bio_cb_t.3 +MLINKS+= OSSL_HTTP_transfer.3 OSSL_HTTP_close.3 +MLINKS+= OSSL_HTTP_transfer.3 OSSL_HTTP_exchange.3 +MLINKS+= OSSL_HTTP_transfer.3 OSSL_HTTP_get.3 +MLINKS+= OSSL_HTTP_REQ_CTX.3 OSSL_HTTP_is_alive.3 +MLINKS+= OSSL_HTTP_transfer.3 OSSL_HTTP_open.3 +MLINKS+= OSSL_HTTP_transfer.3 OSSL_HTTP_proxy_connect.3 +MLINKS+= OSSL_HTTP_transfer.3 OSSL_HTTP_set1_request.3 +MLINKS+= OSSL_LIB_CTX.3 OSSL_LIB_CTX_free.3 +MLINKS+= OSSL_LIB_CTX.3 OSSL_LIB_CTX_get0_global_default.3 +MLINKS+= OSSL_LIB_CTX.3 OSSL_LIB_CTX_load_config.3 +MLINKS+= OSSL_LIB_CTX.3 OSSL_LIB_CTX_new.3 +MLINKS+= OSSL_LIB_CTX.3 OSSL_LIB_CTX_new_child.3 +MLINKS+= OSSL_LIB_CTX.3 OSSL_LIB_CTX_new_from_dispatch.3 +MLINKS+= OSSL_LIB_CTX.3 OSSL_LIB_CTX_set0_default.3 +MLINKS+= OSSL_PARAM_BLD.3 OSSL_PARAM_BLD_free.3 +MLINKS+= OSSL_PARAM_BLD.3 OSSL_PARAM_BLD_new.3 +MLINKS+= OSSL_PARAM_BLD.3 OSSL_PARAM_BLD_push_BN.3 +MLINKS+= OSSL_PARAM_BLD.3 OSSL_PARAM_BLD_push_BN_pad.3 +MLINKS+= OSSL_PARAM_BLD.3 OSSL_PARAM_BLD_push_double.3 +MLINKS+= OSSL_PARAM_BLD.3 OSSL_PARAM_BLD_push_int.3 +MLINKS+= OSSL_PARAM_BLD.3 OSSL_PARAM_BLD_push_int32.3 +MLINKS+= OSSL_PARAM_BLD.3 OSSL_PARAM_BLD_push_int64.3 +MLINKS+= OSSL_PARAM_BLD.3 OSSL_PARAM_BLD_push_long.3 +MLINKS+= OSSL_PARAM_BLD.3 OSSL_PARAM_BLD_push_octet_ptr.3 +MLINKS+= OSSL_PARAM_BLD.3 OSSL_PARAM_BLD_push_octet_string.3 +MLINKS+= OSSL_PARAM_BLD.3 OSSL_PARAM_BLD_push_size_t.3 +MLINKS+= OSSL_PARAM_BLD.3 OSSL_PARAM_BLD_push_time_t.3 +MLINKS+= OSSL_PARAM_BLD.3 OSSL_PARAM_BLD_push_uint.3 +MLINKS+= OSSL_PARAM_BLD.3 OSSL_PARAM_BLD_push_uint32.3 +MLINKS+= OSSL_PARAM_BLD.3 OSSL_PARAM_BLD_push_uint64.3 +MLINKS+= OSSL_PARAM_BLD.3 OSSL_PARAM_BLD_push_ulong.3 +MLINKS+= OSSL_PARAM_BLD.3 OSSL_PARAM_BLD_push_utf8_ptr.3 +MLINKS+= OSSL_PARAM_BLD.3 OSSL_PARAM_BLD_push_utf8_string.3 +MLINKS+= OSSL_PARAM_BLD.3 OSSL_PARAM_BLD_to_param.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_BN.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_DEFN.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_END.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_UNMODIFIED.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_construct_BN.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_construct_double.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_construct_end.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_construct_int.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_construct_int32.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_construct_int64.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_construct_long.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_construct_octet_ptr.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_construct_octet_string.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_construct_size_t.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_construct_time_t.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_construct_uint.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_construct_uint32.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_construct_uint64.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_construct_ulong.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_construct_utf8_ptr.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_construct_utf8_string.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_double.3 +MLINKS+= OSSL_PARAM_dup.3 OSSL_PARAM_free.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_get_BN.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_get_double.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_get_int.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_get_int32.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_get_int64.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_get_long.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_get_octet_ptr.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_get_octet_string.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_get_octet_string_ptr.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_get_size_t.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_get_time_t.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_get_uint.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_get_uint32.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_get_uint64.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_get_ulong.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_get_utf8_ptr.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_get_utf8_string.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_get_utf8_string_ptr.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_int32.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_int64.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_locate.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_locate_const.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_long.3 +MLINKS+= OSSL_PARAM_dup.3 OSSL_PARAM_merge.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_modified.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_octet_ptr.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_octet_string.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_set_BN.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_set_all_unmodified.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_set_double.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_set_int.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_set_int32.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_set_int64.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_set_long.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_set_octet_ptr.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_set_octet_string.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_set_size_t.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_set_time_t.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_set_uint.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_set_uint32.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_set_uint64.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_set_ulong.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_set_utf8_ptr.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_set_utf8_string.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_size_t.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_time_t.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_uint.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_uint32.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_uint64.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_ulong.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_utf8_ptr.3 +MLINKS+= OSSL_PARAM_int.3 OSSL_PARAM_utf8_string.3 +MLINKS+= OSSL_CALLBACK.3 OSSL_PASSPHRASE_CALLBACK.3 +MLINKS+= OSSL_PROVIDER.3 OSSL_PROVIDER_add_builtin.3 +MLINKS+= OSSL_PROVIDER.3 OSSL_PROVIDER_available.3 +MLINKS+= OSSL_PROVIDER.3 OSSL_PROVIDER_do_all.3 +MLINKS+= OSSL_PROVIDER.3 OSSL_PROVIDER_get0_dispatch.3 +MLINKS+= OSSL_PROVIDER.3 OSSL_PROVIDER_get0_name.3 +MLINKS+= OSSL_PROVIDER.3 OSSL_PROVIDER_get0_provider_ctx.3 +MLINKS+= OSSL_PROVIDER.3 OSSL_PROVIDER_get_capabilities.3 +MLINKS+= OSSL_PROVIDER.3 OSSL_PROVIDER_get_params.3 +MLINKS+= OSSL_PROVIDER.3 OSSL_PROVIDER_gettable_params.3 +MLINKS+= OSSL_PROVIDER.3 OSSL_PROVIDER_load.3 +MLINKS+= OSSL_PROVIDER.3 OSSL_PROVIDER_query_operation.3 +MLINKS+= OSSL_PROVIDER.3 OSSL_PROVIDER_self_test.3 +MLINKS+= OSSL_PROVIDER.3 OSSL_PROVIDER_set_default_search_path.3 +MLINKS+= OSSL_PROVIDER.3 OSSL_PROVIDER_try_load.3 +MLINKS+= OSSL_PROVIDER.3 OSSL_PROVIDER_unload.3 +MLINKS+= OSSL_PROVIDER.3 OSSL_PROVIDER_unquery_operation.3 +MLINKS+= OSSL_SELF_TEST_new.3 OSSL_SELF_TEST_free.3 +MLINKS+= OSSL_SELF_TEST_set_callback.3 OSSL_SELF_TEST_get_callback.3 +MLINKS+= OSSL_SELF_TEST_new.3 OSSL_SELF_TEST_onbegin.3 +MLINKS+= OSSL_SELF_TEST_new.3 OSSL_SELF_TEST_oncorrupt_byte.3 +MLINKS+= OSSL_SELF_TEST_new.3 OSSL_SELF_TEST_onend.3 +MLINKS+= OSSL_STORE_open.3 OSSL_STORE_CTX.3 MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_free.3 MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get0_CERT.3 MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get0_CRL.3 @@ -2056,25 +3191,38 @@ MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get0_NAME.3 MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get0_NAME_description.3 MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get0_PARAMS.3 MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get0_PKEY.3 +MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get0_PUBKEY.3 +MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get0_data.3 MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get1_CERT.3 MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get1_CRL.3 MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get1_NAME.3 MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get1_NAME_description.3 MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get1_PARAMS.3 MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get1_PKEY.3 +MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get1_PUBKEY.3 MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get_type.3 +MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_new.3 MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_new_CERT.3 MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_new_CRL.3 MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_new_NAME.3 MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_new_PARAMS.3 MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_new_PKEY.3 +MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_new_PUBKEY.3 MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_set0_NAME_description.3 MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_type_string.3 MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_CTX.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_do_all_provided.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_fetch.3 MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_free.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_get0_description.3 MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_get0_engine.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_get0_properties.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_get0_provider.3 MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_get0_scheme.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_is_a.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_names_do_all.3 MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_new.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_set_attach.3 MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_set_close.3 MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_set_ctrl.3 MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_set_eof.3 @@ -2083,16 +3231,8 @@ MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_set_expect.3 MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_set_find.3 MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_set_load.3 MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_set_open.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_close_fn.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_ctrl_fn.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_eof_fn.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_error_fn.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_expect_fn.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_find_fn.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_load_fn.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_open_fn.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_register_loader.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_unregister_loader.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_set_open_ex.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_up_ref.3 MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_by_alias.3 MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_by_issuer_serial.3 MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_by_key_fingerprint.3 @@ -2104,168 +3244,361 @@ MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_get0_name.3 MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_get0_serial.3 MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_get0_string.3 MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_get_type.3 -MLINKS+= OSSL_STORE_expect.3 OSSL_STORE_find.3 -MLINKS+= OSSL_STORE_expect.3 OSSL_STORE_supports_search.3 -MLINKS+= OSSL_STORE_open.3 OSSL_STORE_CTX.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_attach_fn.3 MLINKS+= OSSL_STORE_open.3 OSSL_STORE_close.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_close_fn.3 MLINKS+= OSSL_STORE_open.3 OSSL_STORE_ctrl.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_ctrl_fn.3 MLINKS+= OSSL_STORE_open.3 OSSL_STORE_eof.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_eof_fn.3 MLINKS+= OSSL_STORE_open.3 OSSL_STORE_error.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_error_fn.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_expect_fn.3 +MLINKS+= OSSL_STORE_expect.3 OSSL_STORE_find.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_find_fn.3 MLINKS+= OSSL_STORE_open.3 OSSL_STORE_load.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_load_fn.3 +MLINKS+= OSSL_STORE_open.3 OSSL_STORE_open_ex.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_open_ex_fn.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_open_fn.3 MLINKS+= OSSL_STORE_open.3 OSSL_STORE_post_process_info_fn.3 -MLINKS+= OpenSSL_add_all_algorithms.3 EVP_cleanup.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_register_loader.3 +MLINKS+= OSSL_STORE_expect.3 OSSL_STORE_supports_search.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_unregister_loader.3 +MLINKS+= OSSL_trace_enabled.3 OSSL_TRACE.3 +MLINKS+= OSSL_trace_enabled.3 OSSL_TRACE1.3 +MLINKS+= OSSL_trace_enabled.3 OSSL_TRACE2.3 +MLINKS+= OSSL_trace_enabled.3 OSSL_TRACE3.3 +MLINKS+= OSSL_trace_enabled.3 OSSL_TRACE4.3 +MLINKS+= OSSL_trace_enabled.3 OSSL_TRACE5.3 +MLINKS+= OSSL_trace_enabled.3 OSSL_TRACE6.3 +MLINKS+= OSSL_trace_enabled.3 OSSL_TRACE7.3 +MLINKS+= OSSL_trace_enabled.3 OSSL_TRACE8.3 +MLINKS+= OSSL_trace_enabled.3 OSSL_TRACE9.3 +MLINKS+= OSSL_trace_enabled.3 OSSL_TRACEV.3 +MLINKS+= OSSL_trace_enabled.3 OSSL_TRACE_BEGIN.3 +MLINKS+= OSSL_trace_enabled.3 OSSL_TRACE_CANCEL.3 +MLINKS+= OSSL_trace_enabled.3 OSSL_TRACE_ENABLED.3 +MLINKS+= OSSL_trace_enabled.3 OSSL_TRACE_END.3 +MLINKS+= SSL_CTX_set_cipher_list.3 OSSL_default_cipher_list.3 +MLINKS+= SSL_CTX_set_cipher_list.3 OSSL_default_ciphersuites.3 +MLINKS+= OSSL_HTTP_parse_url.3 OSSL_parse_url.3 +MLINKS+= OSSL_trace_enabled.3 OSSL_trace_begin.3 +MLINKS+= OSSL_trace_set_channel.3 OSSL_trace_cb.3 +MLINKS+= OSSL_trace_enabled.3 OSSL_trace_end.3 +MLINKS+= OSSL_trace_get_category_num.3 OSSL_trace_get_category_name.3 +MLINKS+= OSSL_trace_set_channel.3 OSSL_trace_set_callback.3 +MLINKS+= OSSL_trace_set_channel.3 OSSL_trace_set_prefix.3 +MLINKS+= OSSL_trace_set_channel.3 OSSL_trace_set_suffix.3 +MLINKS+= X509_dup.3 OTHERNAME_free.3 +MLINKS+= X509_dup.3 OTHERNAME_new.3 MLINKS+= OpenSSL_add_all_algorithms.3 OpenSSL_add_all_ciphers.3 MLINKS+= OpenSSL_add_all_algorithms.3 OpenSSL_add_all_digests.3 +MLINKS+= SSL_library_init.3 OpenSSL_add_ssl_algorithms.3 +MLINKS+= OpenSSL_version.3 OpenSSL_version_num.3 +MLINKS+= X509_dup.3 PBE2PARAM_free.3 +MLINKS+= X509_dup.3 PBE2PARAM_new.3 +MLINKS+= X509_dup.3 PBEPARAM_free.3 +MLINKS+= X509_dup.3 PBEPARAM_new.3 +MLINKS+= X509_dup.3 PBKDF2PARAM_free.3 +MLINKS+= X509_dup.3 PBKDF2PARAM_new.3 +MLINKS+= PEM_read_bio_ex.3 PEM_FLAG_EAY_COMPATIBLE.3 +MLINKS+= PEM_read_bio_ex.3 PEM_FLAG_ONLY_B64.3 +MLINKS+= PEM_read_bio_ex.3 PEM_FLAG_SECURE.3 +MLINKS+= PEM_X509_INFO_read_bio_ex.3 PEM_X509_INFO_read.3 +MLINKS+= PEM_X509_INFO_read_bio_ex.3 PEM_X509_INFO_read_bio.3 +MLINKS+= PEM_X509_INFO_read_bio_ex.3 PEM_X509_INFO_read_ex.3 MLINKS+= PEM_bytes_read_bio.3 PEM_bytes_read_bio_secmem.3 MLINKS+= PEM_read.3 PEM_do_header.3 MLINKS+= PEM_read.3 PEM_get_EVP_CIPHER_INFO.3 -MLINKS+= PEM_read.3 PEM_read_bio.3 -MLINKS+= PEM_read.3 PEM_write.3 -MLINKS+= PEM_read.3 PEM_write_bio.3 -MLINKS+= PEM_read_CMS.3 DECLARE_PEM_rw.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_DHparams.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_DSAPrivateKey.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_DSA_PUBKEY.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_DSAparams.3 MLINKS+= PEM_read_CMS.3 PEM_read_ECPKParameters.3 MLINKS+= PEM_read_CMS.3 PEM_read_ECPrivateKey.3 MLINKS+= PEM_read_CMS.3 PEM_read_EC_PUBKEY.3 MLINKS+= PEM_read_CMS.3 PEM_read_NETSCAPE_CERT_SEQUENCE.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_PKCS7.3 MLINKS+= PEM_read_CMS.3 PEM_read_PKCS8.3 MLINKS+= PEM_read_CMS.3 PEM_read_PKCS8_PRIV_KEY_INFO.3 -MLINKS+= PEM_read_CMS.3 PEM_read_SSL_SESSION.3 -MLINKS+= PEM_read_CMS.3 PEM_read_bio_CMS.3 -MLINKS+= PEM_read_CMS.3 PEM_read_bio_ECPKParameters.3 -MLINKS+= PEM_read_CMS.3 PEM_read_bio_EC_PUBKEY.3 -MLINKS+= PEM_read_CMS.3 PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3 -MLINKS+= PEM_read_CMS.3 PEM_read_bio_PKCS8.3 -MLINKS+= PEM_read_CMS.3 PEM_read_bio_PKCS8_PRIV_KEY_INFO.3 -MLINKS+= PEM_read_CMS.3 PEM_read_bio_SSL_SESSION.3 -MLINKS+= PEM_read_CMS.3 PEM_write_CMS.3 -MLINKS+= PEM_read_CMS.3 PEM_write_DHxparams.3 -MLINKS+= PEM_read_CMS.3 PEM_write_ECPKParameters.3 -MLINKS+= PEM_read_CMS.3 PEM_write_ECPrivateKey.3 -MLINKS+= PEM_read_CMS.3 PEM_write_EC_PUBKEY.3 -MLINKS+= PEM_read_CMS.3 PEM_write_NETSCAPE_CERT_SEQUENCE.3 -MLINKS+= PEM_read_CMS.3 PEM_write_PKCS8.3 -MLINKS+= PEM_read_CMS.3 PEM_write_PKCS8_PRIV_KEY_INFO.3 -MLINKS+= PEM_read_CMS.3 PEM_write_SSL_SESSION.3 -MLINKS+= PEM_read_CMS.3 PEM_write_bio_CMS.3 -MLINKS+= PEM_read_CMS.3 PEM_write_bio_DHxparams.3 -MLINKS+= PEM_read_CMS.3 PEM_write_bio_ECPKParameters.3 -MLINKS+= PEM_read_CMS.3 PEM_write_bio_ECPrivateKey.3 -MLINKS+= PEM_read_CMS.3 PEM_write_bio_EC_PUBKEY.3 -MLINKS+= PEM_read_CMS.3 PEM_write_bio_NETSCAPE_CERT_SEQUENCE.3 -MLINKS+= PEM_read_CMS.3 PEM_write_bio_PKCS8.3 -MLINKS+= PEM_read_CMS.3 PEM_write_bio_PKCS8_PRIV_KEY_INFO.3 -MLINKS+= PEM_read_CMS.3 PEM_write_bio_SSL_SESSION.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_DHparams.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_DSAPrivateKey.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_DSA_PUBKEY.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_DSAparams.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_PKCS7.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_PUBKEY.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_PUBKEY_ex.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_PrivateKey.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_PrivateKey_ex.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_RSAPrivateKey.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_RSAPublicKey.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_RSA_PUBKEY.3 +MLINKS+= PEM_read_CMS.3 PEM_read_SSL_SESSION.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_X509.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_X509_AUX.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_X509_CRL.3 +MLINKS+= PEM_read_CMS.3 PEM_read_X509_PUBKEY.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_X509_REQ.3 +MLINKS+= PEM_read.3 PEM_read_bio.3 +MLINKS+= PEM_read_CMS.3 PEM_read_bio_CMS.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_DHparams.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_DSAPrivateKey.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_DSA_PUBKEY.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_DSAparams.3 +MLINKS+= PEM_read_CMS.3 PEM_read_bio_ECPKParameters.3 +MLINKS+= PEM_read_CMS.3 PEM_read_bio_EC_PUBKEY.3 +MLINKS+= PEM_read_CMS.3 PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_PKCS7.3 +MLINKS+= PEM_read_CMS.3 PEM_read_bio_PKCS8.3 +MLINKS+= PEM_read_CMS.3 PEM_read_bio_PKCS8_PRIV_KEY_INFO.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_PUBKEY.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_PUBKEY_ex.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_Parameters.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_Parameters_ex.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_PrivateKey_ex.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_RSAPrivateKey.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_RSAPublicKey.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_RSA_PUBKEY.3 +MLINKS+= PEM_read_CMS.3 PEM_read_bio_SSL_SESSION.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_X509.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_X509_AUX.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_X509_CRL.3 +MLINKS+= PEM_read_CMS.3 PEM_read_bio_X509_PUBKEY.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_X509_REQ.3 +MLINKS+= PEM_read.3 PEM_write.3 +MLINKS+= PEM_read_CMS.3 PEM_write_CMS.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_DHparams.3 +MLINKS+= PEM_read_CMS.3 PEM_write_DHxparams.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_DSAPrivateKey.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_DSA_PUBKEY.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_DSAparams.3 +MLINKS+= PEM_read_CMS.3 PEM_write_ECPKParameters.3 +MLINKS+= PEM_read_CMS.3 PEM_write_ECPrivateKey.3 +MLINKS+= PEM_read_CMS.3 PEM_write_EC_PUBKEY.3 +MLINKS+= PEM_read_CMS.3 PEM_write_NETSCAPE_CERT_SEQUENCE.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_PKCS7.3 +MLINKS+= PEM_read_CMS.3 PEM_write_PKCS8.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_PKCS8PrivateKey.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_PKCS8PrivateKey_nid.3 +MLINKS+= PEM_read_CMS.3 PEM_write_PKCS8_PRIV_KEY_INFO.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_PUBKEY.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_PUBKEY_ex.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_PrivateKey.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_PrivateKey_ex.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_RSAPrivateKey.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_RSAPublicKey.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_RSA_PUBKEY.3 +MLINKS+= PEM_read_CMS.3 PEM_write_SSL_SESSION.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_X509.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_X509_AUX.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_X509_CRL.3 +MLINKS+= PEM_read_CMS.3 PEM_write_X509_PUBKEY.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_X509_REQ.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_X509_REQ_NEW.3 +MLINKS+= PEM_read.3 PEM_write_bio.3 +MLINKS+= PEM_read_CMS.3 PEM_write_bio_CMS.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_DHparams.3 +MLINKS+= PEM_read_CMS.3 PEM_write_bio_DHxparams.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_DSAPrivateKey.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_DSA_PUBKEY.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_DSAparams.3 +MLINKS+= PEM_read_CMS.3 PEM_write_bio_ECPKParameters.3 +MLINKS+= PEM_read_CMS.3 PEM_write_bio_ECPrivateKey.3 +MLINKS+= PEM_read_CMS.3 PEM_write_bio_EC_PUBKEY.3 +MLINKS+= PEM_read_CMS.3 PEM_write_bio_NETSCAPE_CERT_SEQUENCE.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_PKCS7.3 +MLINKS+= PEM_read_CMS.3 PEM_write_bio_PKCS8.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_PKCS8PrivateKey.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_PKCS8PrivateKey_nid.3 +MLINKS+= PEM_read_CMS.3 PEM_write_bio_PKCS8_PRIV_KEY_INFO.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_PUBKEY.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_PUBKEY_ex.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_Parameters.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_PrivateKey.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_PrivateKey_ex.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_PrivateKey_traditional.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_RSAPrivateKey.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_RSAPublicKey.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_RSA_PUBKEY.3 +MLINKS+= PEM_read_CMS.3 PEM_write_bio_SSL_SESSION.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_X509.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_AUX.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_CRL.3 +MLINKS+= PEM_read_CMS.3 PEM_write_bio_X509_PUBKEY.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_REQ.3 MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_REQ_NEW.3 -MLINKS+= PEM_read_bio_PrivateKey.3 pem_password_cb.3 -MLINKS+= PEM_read_bio_ex.3 PEM_FLAG_EAY_COMPATIBLE.3 -MLINKS+= PEM_read_bio_ex.3 PEM_FLAG_ONLY_B64.3 -MLINKS+= PEM_read_bio_ex.3 PEM_FLAG_SECURE.3 +MLINKS+= X509_dup.3 PKCS12_BAGS_free.3 +MLINKS+= X509_dup.3 PKCS12_BAGS_new.3 +MLINKS+= X509_dup.3 PKCS12_MAC_DATA_free.3 +MLINKS+= X509_dup.3 PKCS12_MAC_DATA_new.3 +MLINKS+= PKCS12_PBE_keyivgen.3 PKCS12_PBE_keyivgen_ex.3 +MLINKS+= PKCS12_SAFEBAG_create_cert.3 PKCS12_SAFEBAG_create0_p8inf.3 +MLINKS+= PKCS12_SAFEBAG_create_cert.3 PKCS12_SAFEBAG_create0_pkcs8.3 +MLINKS+= PKCS12_SAFEBAG_create_cert.3 PKCS12_SAFEBAG_create_crl.3 +MLINKS+= PKCS12_SAFEBAG_create_cert.3 PKCS12_SAFEBAG_create_pkcs8_encrypt.3 +MLINKS+= PKCS12_SAFEBAG_create_cert.3 PKCS12_SAFEBAG_create_pkcs8_encrypt_ex.3 +MLINKS+= PKCS12_SAFEBAG_create_cert.3 PKCS12_SAFEBAG_create_secret.3 +MLINKS+= X509_dup.3 PKCS12_SAFEBAG_free.3 +MLINKS+= PKCS12_SAFEBAG_get1_cert.3 PKCS12_SAFEBAG_get0_attr.3 +MLINKS+= PKCS12_SAFEBAG_get1_cert.3 PKCS12_SAFEBAG_get0_bag_obj.3 +MLINKS+= PKCS12_SAFEBAG_get1_cert.3 PKCS12_SAFEBAG_get0_bag_type.3 +MLINKS+= PKCS12_SAFEBAG_get1_cert.3 PKCS12_SAFEBAG_get0_p8inf.3 +MLINKS+= PKCS12_SAFEBAG_get1_cert.3 PKCS12_SAFEBAG_get0_pkcs8.3 +MLINKS+= PKCS12_SAFEBAG_get1_cert.3 PKCS12_SAFEBAG_get0_safes.3 +MLINKS+= PKCS12_SAFEBAG_get1_cert.3 PKCS12_SAFEBAG_get0_type.3 +MLINKS+= PKCS12_SAFEBAG_get1_cert.3 PKCS12_SAFEBAG_get1_crl.3 +MLINKS+= PKCS12_SAFEBAG_get1_cert.3 PKCS12_SAFEBAG_get_bag_nid.3 +MLINKS+= PKCS12_SAFEBAG_get1_cert.3 PKCS12_SAFEBAG_get_nid.3 +MLINKS+= X509_dup.3 PKCS12_SAFEBAG_new.3 +MLINKS+= PKCS12_add1_attr_by_NID.3 PKCS12_add1_attr_by_txt.3 +MLINKS+= PKCS12_add_friendlyname_asc.3 PKCS12_add_friendlyname_uni.3 +MLINKS+= PKCS12_add_friendlyname_asc.3 PKCS12_add_friendlyname_utf8.3 +MLINKS+= PKCS12_add_cert.3 PKCS12_add_key.3 +MLINKS+= PKCS12_add_cert.3 PKCS12_add_key_ex.3 +MLINKS+= PKCS12_add_safe.3 PKCS12_add_safe_ex.3 +MLINKS+= PKCS12_add_safe.3 PKCS12_add_safes.3 +MLINKS+= PKCS12_add_safe.3 PKCS12_add_safes_ex.3 +MLINKS+= PKCS12_add_cert.3 PKCS12_add_secret.3 +MLINKS+= PKCS12_create.3 PKCS12_create_ex.3 +MLINKS+= PKCS12_decrypt_skey.3 PKCS12_decrypt_skey_ex.3 +MLINKS+= X509_dup.3 PKCS12_free.3 +MLINKS+= PKCS12_SAFEBAG_get0_attrs.3 PKCS12_get_attr_gen.3 +MLINKS+= PKCS12_init.3 PKCS12_init_ex.3 +MLINKS+= PKCS12_item_decrypt_d2i.3 PKCS12_item_decrypt_d2i_ex.3 +MLINKS+= PKCS12_item_decrypt_d2i.3 PKCS12_item_i2d_encrypt.3 +MLINKS+= PKCS12_item_decrypt_d2i.3 PKCS12_item_i2d_encrypt_ex.3 +MLINKS+= PKCS12_key_gen_utf8_ex.3 PKCS12_key_gen_asc.3 +MLINKS+= PKCS12_key_gen_utf8_ex.3 PKCS12_key_gen_asc_ex.3 +MLINKS+= PKCS12_key_gen_utf8_ex.3 PKCS12_key_gen_uni.3 +MLINKS+= PKCS12_key_gen_utf8_ex.3 PKCS12_key_gen_uni_ex.3 +MLINKS+= PKCS12_key_gen_utf8_ex.3 PKCS12_key_gen_utf8.3 +MLINKS+= X509_dup.3 PKCS12_new.3 +MLINKS+= PKCS12_pack_p7encdata.3 PKCS12_pack_p7encdata_ex.3 +MLINKS+= PKCS12_PBE_keyivgen.3 PKCS12_pbe_crypt.3 +MLINKS+= PKCS12_PBE_keyivgen.3 PKCS12_pbe_crypt_ex.3 +MLINKS+= PKCS12_gen_mac.3 PKCS12_set_mac.3 +MLINKS+= PKCS12_gen_mac.3 PKCS12_setup_mac.3 +MLINKS+= PKCS12_gen_mac.3 PKCS12_verify_mac.3 +MLINKS+= PKCS5_PBE_keyivgen.3 PKCS5_PBE_keyivgen_ex.3 MLINKS+= PKCS5_PBKDF2_HMAC.3 PKCS5_PBKDF2_HMAC_SHA1.3 +MLINKS+= PKCS5_PBE_keyivgen.3 PKCS5_pbe2_set.3 +MLINKS+= PKCS5_PBE_keyivgen.3 PKCS5_pbe2_set_iv.3 +MLINKS+= PKCS5_PBE_keyivgen.3 PKCS5_pbe2_set_iv_ex.3 +MLINKS+= PKCS5_PBE_keyivgen.3 PKCS5_pbe2_set_scrypt.3 +MLINKS+= PKCS5_PBE_keyivgen.3 PKCS5_pbe_set.3 +MLINKS+= PKCS5_PBE_keyivgen.3 PKCS5_pbe_set0_algor.3 +MLINKS+= PKCS5_PBE_keyivgen.3 PKCS5_pbe_set0_algor_ex.3 +MLINKS+= PKCS5_PBE_keyivgen.3 PKCS5_pbe_set_ex.3 +MLINKS+= PKCS5_PBE_keyivgen.3 PKCS5_pbkdf2_set.3 +MLINKS+= PKCS5_PBE_keyivgen.3 PKCS5_pbkdf2_set_ex.3 +MLINKS+= PKCS5_PBE_keyivgen.3 PKCS5_v2_PBE_keyivgen.3 +MLINKS+= PKCS5_PBE_keyivgen.3 PKCS5_v2_PBE_keyivgen_ex.3 +MLINKS+= PKCS5_PBE_keyivgen.3 PKCS5_v2_scrypt_keyivgen.3 +MLINKS+= PKCS5_PBE_keyivgen.3 PKCS5_v2_scrypt_keyivgen_ex.3 +MLINKS+= X509_dup.3 PKCS7_DIGEST_free.3 +MLINKS+= X509_dup.3 PKCS7_DIGEST_new.3 +MLINKS+= X509_dup.3 PKCS7_ENCRYPT_free.3 +MLINKS+= X509_dup.3 PKCS7_ENCRYPT_new.3 +MLINKS+= X509_dup.3 PKCS7_ENC_CONTENT_free.3 +MLINKS+= X509_dup.3 PKCS7_ENC_CONTENT_new.3 +MLINKS+= X509_dup.3 PKCS7_ENVELOPE_free.3 +MLINKS+= X509_dup.3 PKCS7_ENVELOPE_new.3 +MLINKS+= X509_digest.3 PKCS7_ISSUER_AND_SERIAL_digest.3 +MLINKS+= X509_dup.3 PKCS7_ISSUER_AND_SERIAL_free.3 +MLINKS+= X509_dup.3 PKCS7_ISSUER_AND_SERIAL_new.3 +MLINKS+= X509_dup.3 PKCS7_RECIP_INFO_free.3 +MLINKS+= X509_dup.3 PKCS7_RECIP_INFO_new.3 +MLINKS+= X509_dup.3 PKCS7_SIGNED_free.3 +MLINKS+= X509_dup.3 PKCS7_SIGNED_new.3 +MLINKS+= X509_dup.3 PKCS7_SIGNER_INFO_free.3 +MLINKS+= X509_dup.3 PKCS7_SIGNER_INFO_new.3 +MLINKS+= X509_dup.3 PKCS7_SIGN_ENVELOPE_free.3 +MLINKS+= X509_dup.3 PKCS7_SIGN_ENVELOPE_new.3 +MLINKS+= PKCS7_sign_add_signer.3 PKCS7_add_certificate.3 +MLINKS+= PKCS7_sign_add_signer.3 PKCS7_add_crl.3 +MLINKS+= X509_dup.3 PKCS7_dup.3 +MLINKS+= PKCS7_encrypt.3 PKCS7_encrypt_ex.3 +MLINKS+= X509_dup.3 PKCS7_free.3 MLINKS+= PKCS7_verify.3 PKCS7_get0_signers.3 -MLINKS+= RAND_DRBG_generate.3 RAND_DRBG_bytes.3 -MLINKS+= RAND_DRBG_get0_master.3 RAND_DRBG_get0_private.3 -MLINKS+= RAND_DRBG_get0_master.3 RAND_DRBG_get0_public.3 -MLINKS+= RAND_DRBG_new.3 RAND_DRBG_free.3 -MLINKS+= RAND_DRBG_new.3 RAND_DRBG_instantiate.3 -MLINKS+= RAND_DRBG_new.3 RAND_DRBG_secure_new.3 -MLINKS+= RAND_DRBG_new.3 RAND_DRBG_set.3 -MLINKS+= RAND_DRBG_new.3 RAND_DRBG_set_defaults.3 -MLINKS+= RAND_DRBG_new.3 RAND_DRBG_uninstantiate.3 -MLINKS+= RAND_DRBG_reseed.3 RAND_DRBG_set_reseed_defaults.3 -MLINKS+= RAND_DRBG_reseed.3 RAND_DRBG_set_reseed_interval.3 -MLINKS+= RAND_DRBG_reseed.3 RAND_DRBG_set_reseed_time_interval.3 -MLINKS+= RAND_DRBG_set_callbacks.3 RAND_DRBG_cleanup_entropy_fn.3 -MLINKS+= RAND_DRBG_set_callbacks.3 RAND_DRBG_cleanup_nonce_fn.3 -MLINKS+= RAND_DRBG_set_callbacks.3 RAND_DRBG_get_entropy_fn.3 -MLINKS+= RAND_DRBG_set_callbacks.3 RAND_DRBG_get_nonce_fn.3 -MLINKS+= RAND_DRBG_set_ex_data.3 RAND_DRBG_get_ex_data.3 -MLINKS+= RAND_DRBG_set_ex_data.3 RAND_DRBG_get_ex_new_index.3 +MLINKS+= X509_dup.3 PKCS7_new.3 +MLINKS+= X509_dup.3 PKCS7_new_ex.3 +MLINKS+= X509_dup.3 PKCS7_print_ctx.3 +MLINKS+= PKCS7_sign.3 PKCS7_sign_ex.3 +MLINKS+= X509_dup.3 PKCS8_PRIV_KEY_INFO_free.3 +MLINKS+= X509_dup.3 PKCS8_PRIV_KEY_INFO_new.3 +MLINKS+= PKCS8_encrypt.3 PKCS8_decrypt.3 +MLINKS+= PKCS8_encrypt.3 PKCS8_decrypt_ex.3 +MLINKS+= PKCS8_encrypt.3 PKCS8_encrypt_ex.3 +MLINKS+= PKCS8_pkey_add1_attr.3 PKCS8_pkey_add1_attr_by_NID.3 +MLINKS+= PKCS8_pkey_add1_attr.3 PKCS8_pkey_add1_attr_by_OBJ.3 +MLINKS+= PKCS8_pkey_add1_attr.3 PKCS8_pkey_get0_attrs.3 +MLINKS+= PKCS8_encrypt.3 PKCS8_set0_pbe.3 +MLINKS+= PKCS8_encrypt.3 PKCS8_set0_pbe_ex.3 +MLINKS+= X509_dup.3 PKEY_USAGE_PERIOD_free.3 +MLINKS+= X509_dup.3 PKEY_USAGE_PERIOD_new.3 +MLINKS+= X509_dup.3 POLICYINFO_free.3 +MLINKS+= X509_dup.3 POLICYINFO_new.3 +MLINKS+= X509_dup.3 POLICYQUALINFO_free.3 +MLINKS+= X509_dup.3 POLICYQUALINFO_new.3 +MLINKS+= X509_dup.3 POLICY_CONSTRAINTS_free.3 +MLINKS+= X509_dup.3 POLICY_CONSTRAINTS_new.3 +MLINKS+= X509_dup.3 POLICY_MAPPING_free.3 +MLINKS+= X509_dup.3 POLICY_MAPPING_new.3 +MLINKS+= ADMISSIONS.3 PROFESSION_INFO.3 +MLINKS+= ADMISSIONS.3 PROFESSION_INFOS.3 +MLINKS+= X509_dup.3 PROFESSION_INFOS_free.3 +MLINKS+= X509_dup.3 PROFESSION_INFOS_new.3 +MLINKS+= X509_dup.3 PROFESSION_INFO_free.3 +MLINKS+= ADMISSIONS.3 PROFESSION_INFO_get0_addProfessionInfo.3 +MLINKS+= ADMISSIONS.3 PROFESSION_INFO_get0_namingAuthority.3 +MLINKS+= ADMISSIONS.3 PROFESSION_INFO_get0_professionItems.3 +MLINKS+= ADMISSIONS.3 PROFESSION_INFO_get0_professionOIDs.3 +MLINKS+= ADMISSIONS.3 PROFESSION_INFO_get0_registrationNumber.3 +MLINKS+= X509_dup.3 PROFESSION_INFO_new.3 +MLINKS+= ADMISSIONS.3 PROFESSION_INFO_set0_addProfessionInfo.3 +MLINKS+= ADMISSIONS.3 PROFESSION_INFO_set0_namingAuthority.3 +MLINKS+= ADMISSIONS.3 PROFESSION_INFO_set0_professionItems.3 +MLINKS+= ADMISSIONS.3 PROFESSION_INFO_set0_professionOIDs.3 +MLINKS+= ADMISSIONS.3 PROFESSION_INFO_set0_registrationNumber.3 +MLINKS+= X509_dup.3 PROXY_CERT_INFO_EXTENSION_free.3 +MLINKS+= X509_dup.3 PROXY_CERT_INFO_EXTENSION_new.3 +MLINKS+= X509_dup.3 PROXY_POLICY_free.3 +MLINKS+= X509_dup.3 PROXY_POLICY_new.3 +MLINKS+= RAND_set_rand_method.3 RAND_OpenSSL.3 +MLINKS+= RAND_bytes.3 RAND_bytes_ex.3 +MLINKS+= RAND_egd.3 RAND_egd_bytes.3 MLINKS+= RAND_add.3 RAND_event.3 +MLINKS+= RAND_load_file.3 RAND_file_name.3 +MLINKS+= RAND_get0_primary.3 RAND_get0_private.3 +MLINKS+= RAND_get0_primary.3 RAND_get0_public.3 +MLINKS+= RAND_set_rand_method.3 RAND_get_rand_method.3 MLINKS+= RAND_add.3 RAND_keep_random_devices_open.3 MLINKS+= RAND_add.3 RAND_poll.3 -MLINKS+= RAND_add.3 RAND_screen.3 -MLINKS+= RAND_add.3 RAND_seed.3 -MLINKS+= RAND_add.3 RAND_status.3 MLINKS+= RAND_bytes.3 RAND_priv_bytes.3 +MLINKS+= RAND_bytes.3 RAND_priv_bytes_ex.3 MLINKS+= RAND_bytes.3 RAND_pseudo_bytes.3 -MLINKS+= RAND_egd.3 RAND_egd_bytes.3 MLINKS+= RAND_egd.3 RAND_query_egd_bytes.3 -MLINKS+= RAND_load_file.3 RAND_file_name.3 +MLINKS+= RAND_add.3 RAND_screen.3 +MLINKS+= RAND_add.3 RAND_seed.3 +MLINKS+= RAND_set_DRBG_type.3 RAND_set_seed_source_type.3 +MLINKS+= RAND_add.3 RAND_status.3 MLINKS+= RAND_load_file.3 RAND_write_file.3 -MLINKS+= RAND_set_rand_method.3 RAND_OpenSSL.3 -MLINKS+= RAND_set_rand_method.3 RAND_get_rand_method.3 MLINKS+= RC4_set_key.3 RC4.3 MLINKS+= RIPEMD160_Init.3 RIPEMD160.3 MLINKS+= RIPEMD160_Init.3 RIPEMD160_Final.3 MLINKS+= RIPEMD160_Init.3 RIPEMD160_Update.3 +MLINKS+= X509_dup.3 RSAPrivateKey_dup.3 +MLINKS+= X509_dup.3 RSAPublicKey_dup.3 +MLINKS+= X509_dup.3 RSA_OAEP_PARAMS_free.3 +MLINKS+= X509_dup.3 RSA_OAEP_PARAMS_new.3 +MLINKS+= RSA_set_method.3 RSA_PKCS1_OpenSSL.3 +MLINKS+= X509_dup.3 RSA_PSS_PARAMS_dup.3 +MLINKS+= X509_dup.3 RSA_PSS_PARAMS_free.3 +MLINKS+= X509_dup.3 RSA_PSS_PARAMS_new.3 +MLINKS+= RSA_size.3 RSA_bits.3 MLINKS+= RSA_blinding_on.3 RSA_blinding_off.3 MLINKS+= RSA_check_key.3 RSA_check_key_ex.3 +MLINKS+= RSA_get0_key.3 RSA_clear_flags.3 +MLINKS+= RSA_set_method.3 RSA_flags.3 +MLINKS+= RSA_new.3 RSA_free.3 MLINKS+= RSA_generate_key.3 RSA_generate_key_ex.3 MLINKS+= RSA_generate_key.3 RSA_generate_multi_prime_key.3 -MLINKS+= RSA_get0_key.3 RSA_clear_flags.3 MLINKS+= RSA_get0_key.3 RSA_get0_crt_params.3 MLINKS+= RSA_get0_key.3 RSA_get0_d.3 MLINKS+= RSA_get0_key.3 RSA_get0_dmp1.3 @@ -2280,14 +3613,13 @@ MLINKS+= RSA_get0_key.3 RSA_get0_n.3 MLINKS+= RSA_get0_key.3 RSA_get0_p.3 MLINKS+= RSA_get0_key.3 RSA_get0_pss_params.3 MLINKS+= RSA_get0_key.3 RSA_get0_q.3 +MLINKS+= BIO_get_ex_new_index.3 RSA_get_app_data.3 +MLINKS+= RSA_set_method.3 RSA_get_default_method.3 +MLINKS+= BIO_get_ex_new_index.3 RSA_get_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 RSA_get_ex_new_index.3 +MLINKS+= RSA_set_method.3 RSA_get_method.3 MLINKS+= RSA_get0_key.3 RSA_get_multi_prime_extra_count.3 MLINKS+= RSA_get0_key.3 RSA_get_version.3 -MLINKS+= RSA_get0_key.3 RSA_set0_crt_params.3 -MLINKS+= RSA_get0_key.3 RSA_set0_factors.3 -MLINKS+= RSA_get0_key.3 RSA_set0_key.3 -MLINKS+= RSA_get0_key.3 RSA_set0_multi_prime_params.3 -MLINKS+= RSA_get0_key.3 RSA_set_flags.3 -MLINKS+= RSA_get0_key.3 RSA_test_flags.3 MLINKS+= RSA_meth_new.3 RSA_meth_dup.3 MLINKS+= RSA_meth_new.3 RSA_meth_free.3 MLINKS+= RSA_meth_new.3 RSA_meth_get0_app_data.3 @@ -2320,38 +3652,36 @@ MLINKS+= RSA_meth_new.3 RSA_meth_set_pub_dec.3 MLINKS+= RSA_meth_new.3 RSA_meth_set_pub_enc.3 MLINKS+= RSA_meth_new.3 RSA_meth_set_sign.3 MLINKS+= RSA_meth_new.3 RSA_meth_set_verify.3 -MLINKS+= RSA_new.3 RSA_free.3 +MLINKS+= RSA_set_method.3 RSA_new_method.3 MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_PKCS1_OAEP.3 MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_PKCS1_OAEP_mgf1.3 MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_PKCS1_type_2.3 -MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_SSLv23.3 MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_none.3 MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_PKCS1_OAEP.3 MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_PKCS1_OAEP_mgf1.3 MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_PKCS1_type_1.3 MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_PKCS1_type_2.3 -MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_SSLv23.3 MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_none.3 -MLINKS+= RSA_print.3 DHparams_print.3 -MLINKS+= RSA_print.3 DHparams_print_fp.3 -MLINKS+= RSA_print.3 DSA_print.3 -MLINKS+= RSA_print.3 DSA_print_fp.3 -MLINKS+= RSA_print.3 DSAparams_print.3 -MLINKS+= RSA_print.3 DSAparams_print_fp.3 MLINKS+= RSA_print.3 RSA_print_fp.3 -MLINKS+= RSA_private_encrypt.3 RSA_public_decrypt.3 MLINKS+= RSA_public_encrypt.3 RSA_private_decrypt.3 -MLINKS+= RSA_set_method.3 RSA_PKCS1_OpenSSL.3 -MLINKS+= RSA_set_method.3 RSA_flags.3 -MLINKS+= RSA_set_method.3 RSA_get_default_method.3 -MLINKS+= RSA_set_method.3 RSA_get_method.3 -MLINKS+= RSA_set_method.3 RSA_new_method.3 +MLINKS+= RSA_private_encrypt.3 RSA_public_decrypt.3 +MLINKS+= RSA_size.3 RSA_security_bits.3 +MLINKS+= RSA_get0_key.3 RSA_set0_crt_params.3 +MLINKS+= RSA_get0_key.3 RSA_set0_factors.3 +MLINKS+= RSA_get0_key.3 RSA_set0_key.3 +MLINKS+= RSA_get0_key.3 RSA_set0_multi_prime_params.3 +MLINKS+= BIO_get_ex_new_index.3 RSA_set_app_data.3 MLINKS+= RSA_set_method.3 RSA_set_default_method.3 +MLINKS+= BIO_get_ex_new_index.3 RSA_set_ex_data.3 +MLINKS+= RSA_get0_key.3 RSA_set_flags.3 +MLINKS+= RSA_get0_key.3 RSA_test_flags.3 MLINKS+= RSA_sign.3 RSA_verify.3 MLINKS+= RSA_sign_ASN1_OCTET_STRING.3 RSA_verify_ASN1_OCTET_STRING.3 -MLINKS+= RSA_size.3 RSA_bits.3 -MLINKS+= RSA_size.3 RSA_security_bits.3 +MLINKS+= X509_dup.3 SCRYPT_PARAMS_free.3 +MLINKS+= X509_dup.3 SCRYPT_PARAMS_new.3 MLINKS+= SCT_new.3 SCT_LIST_free.3 +MLINKS+= SCT_print.3 SCT_LIST_print.3 +MLINKS+= SCT_validate.3 SCT_LIST_validate.3 MLINKS+= SCT_new.3 SCT_free.3 MLINKS+= SCT_new.3 SCT_get0_extensions.3 MLINKS+= SCT_new.3 SCT_get0_log_id.3 @@ -2360,6 +3690,7 @@ MLINKS+= SCT_new.3 SCT_get_log_entry_type.3 MLINKS+= SCT_new.3 SCT_get_signature_nid.3 MLINKS+= SCT_new.3 SCT_get_source.3 MLINKS+= SCT_new.3 SCT_get_timestamp.3 +MLINKS+= SCT_validate.3 SCT_get_validation_status.3 MLINKS+= SCT_new.3 SCT_get_version.3 MLINKS+= SCT_new.3 SCT_new_from_base64.3 MLINKS+= SCT_new.3 SCT_set0_extensions.3 @@ -2373,10 +3704,7 @@ MLINKS+= SCT_new.3 SCT_set_signature_nid.3 MLINKS+= SCT_new.3 SCT_set_source.3 MLINKS+= SCT_new.3 SCT_set_timestamp.3 MLINKS+= SCT_new.3 SCT_set_version.3 -MLINKS+= SCT_print.3 SCT_LIST_print.3 MLINKS+= SCT_print.3 SCT_validation_status_string.3 -MLINKS+= SCT_validate.3 SCT_LIST_validate.3 -MLINKS+= SCT_validate.3 SCT_get_validation_status.3 MLINKS+= SHA256_Init.3 SHA1.3 MLINKS+= SHA256_Init.3 SHA1_Final.3 MLINKS+= SHA256_Init.3 SHA1_Init.3 @@ -2396,7 +3724,33 @@ MLINKS+= SHA256_Init.3 SHA512.3 MLINKS+= SHA256_Init.3 SHA512_Final.3 MLINKS+= SHA256_Init.3 SHA512_Init.3 MLINKS+= SHA256_Init.3 SHA512_Update.3 -MLINKS+= SSL_CIPHER_get_name.3 OPENSSL_cipher_name.3 +MLINKS+= SMIME_read_ASN1.3 SMIME_read_ASN1_ex.3 +MLINKS+= SMIME_read_CMS.3 SMIME_read_CMS_ex.3 +MLINKS+= SMIME_read_PKCS7.3 SMIME_read_PKCS7_ex.3 +MLINKS+= SMIME_write_ASN1.3 SMIME_write_ASN1_ex.3 +MLINKS+= SRP_Calc_B.3 SRP_Calc_A.3 +MLINKS+= SRP_Calc_B.3 SRP_Calc_B_ex.3 +MLINKS+= SRP_Calc_B.3 SRP_Calc_client_key.3 +MLINKS+= SRP_Calc_B.3 SRP_Calc_client_key_ex.3 +MLINKS+= SRP_Calc_B.3 SRP_Calc_server_key.3 +MLINKS+= SRP_Calc_B.3 SRP_Calc_u.3 +MLINKS+= SRP_Calc_B.3 SRP_Calc_u_ex.3 +MLINKS+= SRP_Calc_B.3 SRP_Calc_x.3 +MLINKS+= SRP_Calc_B.3 SRP_Calc_x_ex.3 +MLINKS+= SRP_VBASE_new.3 SRP_VBASE_add0_user.3 +MLINKS+= SRP_VBASE_new.3 SRP_VBASE_free.3 +MLINKS+= SRP_VBASE_new.3 SRP_VBASE_get1_by_user.3 +MLINKS+= SRP_VBASE_new.3 SRP_VBASE_get_by_user.3 +MLINKS+= SRP_VBASE_new.3 SRP_VBASE_init.3 +MLINKS+= SRP_create_verifier.3 SRP_check_known_gN_param.3 +MLINKS+= SRP_create_verifier.3 SRP_create_verifier_BN.3 +MLINKS+= SRP_create_verifier.3 SRP_create_verifier_BN_ex.3 +MLINKS+= SRP_create_verifier.3 SRP_create_verifier_ex.3 +MLINKS+= SRP_create_verifier.3 SRP_get_default_gN.3 +MLINKS+= SRP_user_pwd_new.3 SRP_user_pwd_free.3 +MLINKS+= SRP_user_pwd_new.3 SRP_user_pwd_set0_sv.3 +MLINKS+= SRP_user_pwd_new.3 SRP_user_pwd_set1_ids.3 +MLINKS+= SRP_user_pwd_new.3 SRP_user_pwd_set_gN.3 MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_description.3 MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_find.3 MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_get_auth_nid.3 @@ -2414,81 +3768,78 @@ MLINKS+= SSL_COMP_add_compression_method.3 SSL_COMP_free_compression_methods.3 MLINKS+= SSL_COMP_add_compression_method.3 SSL_COMP_get0_name.3 MLINKS+= SSL_COMP_add_compression_method.3 SSL_COMP_get_compression_methods.3 MLINKS+= SSL_COMP_add_compression_method.3 SSL_COMP_get_id.3 -MLINKS+= SSL_CONF_CTX_new.3 SSL_CONF_CTX_free.3 MLINKS+= SSL_CONF_CTX_set_flags.3 SSL_CONF_CTX_clear_flags.3 +MLINKS+= SSL_CONF_CTX_new.3 SSL_CONF_CTX_free.3 MLINKS+= SSL_CONF_CTX_set_ssl_ctx.3 SSL_CONF_CTX_set_ssl.3 MLINKS+= SSL_CONF_cmd.3 SSL_CONF_cmd_value_type.3 MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_add0_chain_cert.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_add1_to_CA_list.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_add_client_CA.3 +MLINKS+= SSL_extension_supported.3 SSL_CTX_add_client_custom_ext.3 +MLINKS+= SSL_extension_supported.3 SSL_CTX_add_custom_ext.3 +MLINKS+= SSL_extension_supported.3 SSL_CTX_add_server_custom_ext.3 MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_build_cert_chain.3 +MLINKS+= SSL_CTX_ctrl.3 SSL_CTX_callback_ctrl.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_check_private_key.3 MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_clear_chain_certs.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_get0_chain_certs.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_select_current_cert.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_set0_chain.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_set1_chain.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_set_current_cert.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_add0_chain_cert.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_add1_chain_cert.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_build_cert_chain.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_clear_chain_certs.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_get0_chain_certs.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_select_current_cert.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_set0_chain.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_set1_chain.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_set_current_cert.3 MLINKS+= SSL_CTX_add_extra_chain_cert.3 SSL_CTX_clear_extra_chain_certs.3 -MLINKS+= SSL_CTX_add_session.3 SSL_CTX_remove_session.3 -MLINKS+= SSL_CTX_config.3 SSL_config.3 -MLINKS+= SSL_CTX_ctrl.3 SSL_CTX_callback_ctrl.3 -MLINKS+= SSL_CTX_ctrl.3 SSL_callback_ctrl.3 -MLINKS+= SSL_CTX_ctrl.3 SSL_ctrl.3 +MLINKS+= SSL_CTX_set_mode.3 SSL_CTX_clear_mode.3 +MLINKS+= SSL_CTX_set_options.3 SSL_CTX_clear_options.3 +MLINKS+= SSL_CTX_set_ct_validation_callback.3 SSL_CTX_ct_is_enabled.3 MLINKS+= SSL_CTX_dane_enable.3 SSL_CTX_dane_clear_flags.3 MLINKS+= SSL_CTX_dane_enable.3 SSL_CTX_dane_mtype_set.3 MLINKS+= SSL_CTX_dane_enable.3 SSL_CTX_dane_set_flags.3 -MLINKS+= SSL_CTX_dane_enable.3 SSL_dane_clear_flags.3 -MLINKS+= SSL_CTX_dane_enable.3 SSL_dane_enable.3 -MLINKS+= SSL_CTX_dane_enable.3 SSL_dane_set_flags.3 -MLINKS+= SSL_CTX_dane_enable.3 SSL_dane_tlsa_add.3 -MLINKS+= SSL_CTX_dane_enable.3 SSL_get0_dane_authority.3 -MLINKS+= SSL_CTX_dane_enable.3 SSL_get0_dane_tlsa.3 -MLINKS+= SSL_CTX_get0_param.3 SSL_CTX_set1_param.3 -MLINKS+= SSL_CTX_get0_param.3 SSL_get0_param.3 -MLINKS+= SSL_CTX_get0_param.3 SSL_set1_param.3 +MLINKS+= SSL_CTX_set_session_ticket_cb.3 SSL_CTX_decrypt_session_ticket_fn.3 +MLINKS+= SSL_CTX_set_ct_validation_callback.3 SSL_CTX_disable_ct.3 +MLINKS+= SSL_CTX_set_ct_validation_callback.3 SSL_CTX_enable_ct.3 +MLINKS+= SSL_CTX_set_session_ticket_cb.3 SSL_CTX_generate_session_ticket_fn.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_get0_CA_list.3 +MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_CTX_get0_chain_cert_store.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_get0_chain_certs.3 +MLINKS+= SSL_CTX_set_security_level.3 SSL_CTX_get0_security_ex_data.3 +MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_CTX_get0_verify_cert_store.3 +MLINKS+= BIO_get_ex_new_index.3 SSL_CTX_get_app_data.3 +MLINKS+= SSL_CTX_set_cert_store.3 SSL_CTX_get_cert_store.3 +MLINKS+= SSL_get_ciphers.3 SSL_CTX_get_ciphers.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_get_client_CA_list.3 +MLINKS+= SSL_CTX_set_client_cert_cb.3 SSL_CTX_get_client_cert_cb.3 +MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_CTX_get_default_passwd_cb.3 +MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_CTX_get_default_passwd_cb_userdata.3 +MLINKS+= SSL_CTX_set_read_ahead.3 SSL_CTX_get_default_read_ahead.3 +MLINKS+= BIO_get_ex_new_index.3 SSL_CTX_get_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 SSL_CTX_get_ex_new_index.3 +MLINKS+= SSL_CTX_add_extra_chain_cert.3 SSL_CTX_get_extra_chain_certs.3 +MLINKS+= SSL_CTX_add_extra_chain_cert.3 SSL_CTX_get_extra_chain_certs_only.3 +MLINKS+= SSL_CTX_set_info_callback.3 SSL_CTX_get_info_callback.3 +MLINKS+= SSL_CTX_set_keylog_callback.3 SSL_CTX_get_keylog_callback.3 +MLINKS+= SSL_CTX_set_max_cert_list.3 SSL_CTX_get_max_cert_list.3 +MLINKS+= SSL_read_early_data.3 SSL_CTX_get_max_early_data.3 +MLINKS+= SSL_CTX_set_min_proto_version.3 SSL_CTX_get_max_proto_version.3 +MLINKS+= SSL_CTX_set_min_proto_version.3 SSL_CTX_get_min_proto_version.3 +MLINKS+= SSL_CTX_set_mode.3 SSL_CTX_get_mode.3 +MLINKS+= SSL_CTX_set_num_tickets.3 SSL_CTX_get_num_tickets.3 +MLINKS+= SSL_CTX_set_options.3 SSL_CTX_get_options.3 +MLINKS+= SSL_CTX_set_quiet_shutdown.3 SSL_CTX_get_quiet_shutdown.3 +MLINKS+= SSL_CTX_set_read_ahead.3 SSL_CTX_get_read_ahead.3 +MLINKS+= SSL_CTX_set_record_padding_callback.3 SSL_CTX_get_record_padding_callback_arg.3 +MLINKS+= SSL_read_early_data.3 SSL_CTX_get_recv_max_early_data.3 +MLINKS+= SSL_CTX_set_security_level.3 SSL_CTX_get_security_callback.3 +MLINKS+= SSL_CTX_set_security_level.3 SSL_CTX_get_security_level.3 +MLINKS+= SSL_CTX_set_session_cache_mode.3 SSL_CTX_get_session_cache_mode.3 +MLINKS+= SSL_CTX_set_ssl_version.3 SSL_CTX_get_ssl_method.3 +MLINKS+= SSL_CTX_set_timeout.3 SSL_CTX_get_timeout.3 +MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_CTX_get_tlsext_status_arg.3 +MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_CTX_get_tlsext_status_cb.3 +MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_CTX_get_tlsext_status_type.3 MLINKS+= SSL_CTX_get_verify_mode.3 SSL_CTX_get_verify_callback.3 MLINKS+= SSL_CTX_get_verify_mode.3 SSL_CTX_get_verify_depth.3 -MLINKS+= SSL_CTX_get_verify_mode.3 SSL_get_verify_callback.3 -MLINKS+= SSL_CTX_get_verify_mode.3 SSL_get_verify_depth.3 -MLINKS+= SSL_CTX_get_verify_mode.3 SSL_get_verify_mode.3 -MLINKS+= SSL_CTX_load_verify_locations.3 SSL_CTX_set_default_verify_dir.3 -MLINKS+= SSL_CTX_load_verify_locations.3 SSL_CTX_set_default_verify_file.3 -MLINKS+= SSL_CTX_load_verify_locations.3 SSL_CTX_set_default_verify_paths.3 -MLINKS+= SSL_CTX_new.3 DTLS_client_method.3 -MLINKS+= SSL_CTX_new.3 DTLS_method.3 -MLINKS+= SSL_CTX_new.3 DTLS_server_method.3 -MLINKS+= SSL_CTX_new.3 DTLSv1_2_client_method.3 -MLINKS+= SSL_CTX_new.3 DTLSv1_2_method.3 -MLINKS+= SSL_CTX_new.3 DTLSv1_2_server_method.3 -MLINKS+= SSL_CTX_new.3 DTLSv1_client_method.3 -MLINKS+= SSL_CTX_new.3 DTLSv1_method.3 -MLINKS+= SSL_CTX_new.3 DTLSv1_server_method.3 -MLINKS+= SSL_CTX_new.3 SSL_CTX_up_ref.3 -MLINKS+= SSL_CTX_new.3 SSLv23_client_method.3 -MLINKS+= SSL_CTX_new.3 SSLv23_method.3 -MLINKS+= SSL_CTX_new.3 SSLv23_server_method.3 -MLINKS+= SSL_CTX_new.3 SSLv3_client_method.3 -MLINKS+= SSL_CTX_new.3 SSLv3_method.3 -MLINKS+= SSL_CTX_new.3 SSLv3_server_method.3 -MLINKS+= SSL_CTX_new.3 TLS_client_method.3 -MLINKS+= SSL_CTX_new.3 TLS_method.3 -MLINKS+= SSL_CTX_new.3 TLS_server_method.3 -MLINKS+= SSL_CTX_new.3 TLSv1_1_client_method.3 -MLINKS+= SSL_CTX_new.3 TLSv1_1_method.3 -MLINKS+= SSL_CTX_new.3 TLSv1_1_server_method.3 -MLINKS+= SSL_CTX_new.3 TLSv1_2_client_method.3 -MLINKS+= SSL_CTX_new.3 TLSv1_2_method.3 -MLINKS+= SSL_CTX_new.3 TLSv1_2_server_method.3 -MLINKS+= SSL_CTX_new.3 TLSv1_client_method.3 -MLINKS+= SSL_CTX_new.3 TLSv1_method.3 -MLINKS+= SSL_CTX_new.3 TLSv1_server_method.3 +MLINKS+= SSL_CTX_set_keylog_callback.3 SSL_CTX_keylog_cb_func.3 +MLINKS+= SSL_CTX_load_verify_locations.3 SSL_CTX_load_verify_dir.3 +MLINKS+= SSL_CTX_load_verify_locations.3 SSL_CTX_load_verify_file.3 +MLINKS+= SSL_CTX_load_verify_locations.3 SSL_CTX_load_verify_store.3 +MLINKS+= SSL_CTX_new.3 SSL_CTX_new_ex.3 +MLINKS+= SSL_CTX_add_session.3 SSL_CTX_remove_session.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_select_current_cert.3 MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_accept.3 MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_accept_good.3 MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_accept_renegotiate.3 @@ -2497,213 +3848,82 @@ MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_cb_hits.3 MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_connect.3 MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_connect_good.3 MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_connect_renegotiate.3 -MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_hits.3 -MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_misses.3 -MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_timeouts.3 MLINKS+= SSL_CTX_sess_set_cache_size.3 SSL_CTX_sess_get_cache_size.3 MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_get_get_cb.3 MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_get_new_cb.3 MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_get_remove_cb.3 +MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_hits.3 +MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_misses.3 MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_set_new_cb.3 MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_set_remove_cb.3 -MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_add1_to_CA_list.3 -MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_add_client_CA.3 -MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_get0_CA_list.3 -MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_get_client_CA_list.3 -MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_set_client_CA_list.3 -MLINKS+= SSL_CTX_set0_CA_list.3 SSL_add1_to_CA_list.3 -MLINKS+= SSL_CTX_set0_CA_list.3 SSL_add_client_CA.3 -MLINKS+= SSL_CTX_set0_CA_list.3 SSL_get0_CA_list.3 -MLINKS+= SSL_CTX_set0_CA_list.3 SSL_get0_peer_CA_list.3 -MLINKS+= SSL_CTX_set0_CA_list.3 SSL_get_client_CA_list.3 -MLINKS+= SSL_CTX_set0_CA_list.3 SSL_set0_CA_list.3 -MLINKS+= SSL_CTX_set0_CA_list.3 SSL_set_client_CA_list.3 +MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_timeouts.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_set0_chain.3 +MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_CTX_set0_chain_cert_store.3 +MLINKS+= SSL_CTX_set_security_level.3 SSL_CTX_set0_security_ex_data.3 +MLINKS+= SSL_CTX_set_tmp_dh_callback.3 SSL_CTX_set0_tmp_dh_pkey.3 +MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_CTX_set0_verify_cert_store.3 +MLINKS+= SSL_CTX_set_cert_store.3 SSL_CTX_set1_cert_store.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_set1_chain.3 +MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_CTX_set1_chain_cert_store.3 +MLINKS+= SSL_CTX_set1_sigalgs.3 SSL_CTX_set1_client_sigalgs.3 +MLINKS+= SSL_CTX_set1_sigalgs.3 SSL_CTX_set1_client_sigalgs_list.3 MLINKS+= SSL_CTX_set1_curves.3 SSL_CTX_set1_curves_list.3 MLINKS+= SSL_CTX_set1_curves.3 SSL_CTX_set1_groups.3 MLINKS+= SSL_CTX_set1_curves.3 SSL_CTX_set1_groups_list.3 -MLINKS+= SSL_CTX_set1_curves.3 SSL_get1_curves.3 -MLINKS+= SSL_CTX_set1_curves.3 SSL_get1_groups.3 -MLINKS+= SSL_CTX_set1_curves.3 SSL_get_shared_curve.3 -MLINKS+= SSL_CTX_set1_curves.3 SSL_get_shared_group.3 -MLINKS+= SSL_CTX_set1_curves.3 SSL_set1_curves.3 -MLINKS+= SSL_CTX_set1_curves.3 SSL_set1_curves_list.3 -MLINKS+= SSL_CTX_set1_curves.3 SSL_set1_groups.3 -MLINKS+= SSL_CTX_set1_curves.3 SSL_set1_groups_list.3 -MLINKS+= SSL_CTX_set1_sigalgs.3 SSL_CTX_set1_client_sigalgs.3 -MLINKS+= SSL_CTX_set1_sigalgs.3 SSL_CTX_set1_client_sigalgs_list.3 +MLINKS+= SSL_CTX_get0_param.3 SSL_CTX_set1_param.3 MLINKS+= SSL_CTX_set1_sigalgs.3 SSL_CTX_set1_sigalgs_list.3 -MLINKS+= SSL_CTX_set1_sigalgs.3 SSL_set1_client_sigalgs.3 -MLINKS+= SSL_CTX_set1_sigalgs.3 SSL_set1_client_sigalgs_list.3 -MLINKS+= SSL_CTX_set1_sigalgs.3 SSL_set1_sigalgs.3 -MLINKS+= SSL_CTX_set1_sigalgs.3 SSL_set1_sigalgs_list.3 -MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_CTX_get0_chain_cert_store.3 -MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_CTX_get0_verify_cert_store.3 -MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_CTX_set0_chain_cert_store.3 -MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_CTX_set0_verify_cert_store.3 -MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_CTX_set1_chain_cert_store.3 -MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_get0_chain_cert_store.3 -MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_get0_verify_cert_store.3 -MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_set0_chain_cert_store.3 -MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_set0_verify_cert_store.3 -MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_set1_chain_cert_store.3 -MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_set1_verify_cert_store.3 +MLINKS+= SSL_read_early_data.3 SSL_CTX_set_allow_early_data_cb.3 MLINKS+= SSL_CTX_set_alpn_select_cb.3 SSL_CTX_set_alpn_protos.3 -MLINKS+= SSL_CTX_set_alpn_select_cb.3 SSL_CTX_set_next_proto_select_cb.3 -MLINKS+= SSL_CTX_set_alpn_select_cb.3 SSL_CTX_set_next_protos_advertised_cb.3 -MLINKS+= SSL_CTX_set_alpn_select_cb.3 SSL_get0_alpn_selected.3 -MLINKS+= SSL_CTX_set_alpn_select_cb.3 SSL_get0_next_proto_negotiated.3 -MLINKS+= SSL_CTX_set_alpn_select_cb.3 SSL_select_next_proto.3 -MLINKS+= SSL_CTX_set_alpn_select_cb.3 SSL_set_alpn_protos.3 -MLINKS+= SSL_CTX_set_cert_cb.3 SSL_set_cert_cb.3 -MLINKS+= SSL_CTX_set_cert_store.3 SSL_CTX_get_cert_store.3 -MLINKS+= SSL_CTX_set_cert_store.3 SSL_CTX_set1_cert_store.3 +MLINKS+= BIO_get_ex_new_index.3 SSL_CTX_set_app_data.3 +MLINKS+= SSL_set_async_callback.3 SSL_CTX_set_async_callback.3 +MLINKS+= SSL_set_async_callback.3 SSL_CTX_set_async_callback_arg.3 +MLINKS+= SSL_CTX_set_record_padding_callback.3 SSL_CTX_set_block_padding.3 MLINKS+= SSL_CTX_set_cipher_list.3 SSL_CTX_set_ciphersuites.3 -MLINKS+= SSL_CTX_set_cipher_list.3 SSL_set_cipher_list.3 -MLINKS+= SSL_CTX_set_cipher_list.3 SSL_set_ciphersuites.3 -MLINKS+= SSL_CTX_set_client_cert_cb.3 SSL_CTX_get_client_cert_cb.3 -MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_cb_fn.3 -MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get0_ciphers.3 -MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get0_compression_methods.3 -MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get0_ext.3 -MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get0_legacy_version.3 -MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get0_random.3 -MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get0_session_id.3 -MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get1_extensions_present.3 -MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_isv2.3 -MLINKS+= SSL_CTX_set_ct_validation_callback.3 SSL_CTX_ct_is_enabled.3 -MLINKS+= SSL_CTX_set_ct_validation_callback.3 SSL_CTX_disable_ct.3 -MLINKS+= SSL_CTX_set_ct_validation_callback.3 SSL_CTX_enable_ct.3 -MLINKS+= SSL_CTX_set_ct_validation_callback.3 SSL_ct_is_enabled.3 -MLINKS+= SSL_CTX_set_ct_validation_callback.3 SSL_disable_ct.3 -MLINKS+= SSL_CTX_set_ct_validation_callback.3 SSL_enable_ct.3 -MLINKS+= SSL_CTX_set_ct_validation_callback.3 SSL_set_ct_validation_callback.3 -MLINKS+= SSL_CTX_set_ct_validation_callback.3 ssl_ct_validation_cb.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_set_client_CA_list.3 +MLINKS+= SSL_CTX_set_stateless_cookie_generate_cb.3 SSL_CTX_set_cookie_generate_cb.3 +MLINKS+= SSL_CTX_set_stateless_cookie_generate_cb.3 SSL_CTX_set_cookie_verify_cb.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_set_current_cert.3 MLINKS+= SSL_CTX_set_ctlog_list_file.3 SSL_CTX_set_default_ctlog_list_file.3 -MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_CTX_get_default_passwd_cb.3 -MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_CTX_get_default_passwd_cb_userdata.3 MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_CTX_set_default_passwd_cb_userdata.3 -MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_get_default_passwd_cb.3 -MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_get_default_passwd_cb_userdata.3 -MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_set_default_passwd_cb.3 -MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_set_default_passwd_cb_userdata.3 -MLINKS+= SSL_CTX_set_ex_data.3 SSL_CTX_get_ex_data.3 -MLINKS+= SSL_CTX_set_ex_data.3 SSL_get_ex_data.3 -MLINKS+= SSL_CTX_set_ex_data.3 SSL_set_ex_data.3 -MLINKS+= SSL_CTX_set_generate_session_id.3 GEN_SESSION_CB.3 -MLINKS+= SSL_CTX_set_generate_session_id.3 SSL_has_matching_session_id.3 -MLINKS+= SSL_CTX_set_generate_session_id.3 SSL_set_generate_session_id.3 -MLINKS+= SSL_CTX_set_info_callback.3 SSL_CTX_get_info_callback.3 -MLINKS+= SSL_CTX_set_info_callback.3 SSL_get_info_callback.3 -MLINKS+= SSL_CTX_set_info_callback.3 SSL_set_info_callback.3 -MLINKS+= SSL_CTX_set_keylog_callback.3 SSL_CTX_get_keylog_callback.3 -MLINKS+= SSL_CTX_set_keylog_callback.3 SSL_CTX_keylog_cb_func.3 -MLINKS+= SSL_CTX_set_max_cert_list.3 SSL_CTX_get_max_cert_list.3 -MLINKS+= SSL_CTX_set_max_cert_list.3 SSL_get_max_cert_list.3 -MLINKS+= SSL_CTX_set_max_cert_list.3 SSL_set_max_cert_list.3 -MLINKS+= SSL_CTX_set_min_proto_version.3 SSL_CTX_get_max_proto_version.3 -MLINKS+= SSL_CTX_set_min_proto_version.3 SSL_CTX_get_min_proto_version.3 +MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_CTX_set_default_read_buffer_len.3 +MLINKS+= SSL_CTX_load_verify_locations.3 SSL_CTX_set_default_verify_dir.3 +MLINKS+= SSL_CTX_load_verify_locations.3 SSL_CTX_set_default_verify_file.3 +MLINKS+= SSL_CTX_load_verify_locations.3 SSL_CTX_set_default_verify_paths.3 +MLINKS+= SSL_CTX_load_verify_locations.3 SSL_CTX_set_default_verify_store.3 +MLINKS+= SSL_CTX_set_tmp_dh_callback.3 SSL_CTX_set_dh_auto.3 +MLINKS+= SSL_CTX_set_tmp_ecdh.3 SSL_CTX_set_ecdh_auto.3 +MLINKS+= BIO_get_ex_new_index.3 SSL_CTX_set_ex_data.3 +MLINKS+= SSL_read_early_data.3 SSL_CTX_set_max_early_data.3 +MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_CTX_set_max_pipelines.3 MLINKS+= SSL_CTX_set_min_proto_version.3 SSL_CTX_set_max_proto_version.3 -MLINKS+= SSL_CTX_set_min_proto_version.3 SSL_get_max_proto_version.3 -MLINKS+= SSL_CTX_set_min_proto_version.3 SSL_get_min_proto_version.3 -MLINKS+= SSL_CTX_set_min_proto_version.3 SSL_set_max_proto_version.3 -MLINKS+= SSL_CTX_set_min_proto_version.3 SSL_set_min_proto_version.3 -MLINKS+= SSL_CTX_set_mode.3 SSL_CTX_clear_mode.3 -MLINKS+= SSL_CTX_set_mode.3 SSL_CTX_get_mode.3 -MLINKS+= SSL_CTX_set_mode.3 SSL_clear_mode.3 -MLINKS+= SSL_CTX_set_mode.3 SSL_get_mode.3 -MLINKS+= SSL_CTX_set_mode.3 SSL_set_mode.3 +MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_CTX_set_max_send_fragment.3 MLINKS+= SSL_CTX_set_msg_callback.3 SSL_CTX_set_msg_callback_arg.3 -MLINKS+= SSL_CTX_set_msg_callback.3 SSL_set_msg_callback.3 -MLINKS+= SSL_CTX_set_msg_callback.3 SSL_set_msg_callback_arg.3 -MLINKS+= SSL_CTX_set_num_tickets.3 SSL_CTX_get_num_tickets.3 -MLINKS+= SSL_CTX_set_num_tickets.3 SSL_get_num_tickets.3 -MLINKS+= SSL_CTX_set_num_tickets.3 SSL_set_num_tickets.3 -MLINKS+= SSL_CTX_set_options.3 SSL_CTX_clear_options.3 -MLINKS+= SSL_CTX_set_options.3 SSL_CTX_get_options.3 -MLINKS+= SSL_CTX_set_options.3 SSL_clear_options.3 -MLINKS+= SSL_CTX_set_options.3 SSL_get_options.3 -MLINKS+= SSL_CTX_set_options.3 SSL_get_secure_renegotiation_support.3 -MLINKS+= SSL_CTX_set_options.3 SSL_set_options.3 +MLINKS+= SSL_CTX_set_alpn_select_cb.3 SSL_CTX_set_next_proto_select_cb.3 +MLINKS+= SSL_CTX_set_alpn_select_cb.3 SSL_CTX_set_next_protos_advertised_cb.3 +MLINKS+= SSL_CTX_set_verify.3 SSL_CTX_set_post_handshake_auth.3 +MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_CTX_set_psk_find_session_callback.3 +MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_CTX_set_psk_server_callback.3 MLINKS+= SSL_CTX_set_psk_client_callback.3 SSL_CTX_set_psk_use_session_callback.3 -MLINKS+= SSL_CTX_set_psk_client_callback.3 SSL_psk_client_cb_func.3 -MLINKS+= SSL_CTX_set_psk_client_callback.3 SSL_psk_use_session_cb_func.3 -MLINKS+= SSL_CTX_set_psk_client_callback.3 SSL_set_psk_client_callback.3 -MLINKS+= SSL_CTX_set_psk_client_callback.3 SSL_set_psk_use_session_callback.3 -MLINKS+= SSL_CTX_set_quiet_shutdown.3 SSL_CTX_get_quiet_shutdown.3 -MLINKS+= SSL_CTX_set_quiet_shutdown.3 SSL_get_quiet_shutdown.3 -MLINKS+= SSL_CTX_set_quiet_shutdown.3 SSL_set_quiet_shutdown.3 -MLINKS+= SSL_CTX_set_read_ahead.3 SSL_CTX_get_default_read_ahead.3 -MLINKS+= SSL_CTX_set_read_ahead.3 SSL_CTX_get_read_ahead.3 -MLINKS+= SSL_CTX_set_read_ahead.3 SSL_get_read_ahead.3 -MLINKS+= SSL_CTX_set_read_ahead.3 SSL_set_read_ahead.3 -MLINKS+= SSL_CTX_set_record_padding_callback.3 SSL_CTX_get_record_padding_callback_arg.3 -MLINKS+= SSL_CTX_set_record_padding_callback.3 SSL_CTX_set_block_padding.3 +MLINKS+= SSL_CTX_get0_param.3 SSL_CTX_set_purpose.3 MLINKS+= SSL_CTX_set_record_padding_callback.3 SSL_CTX_set_record_padding_callback_arg.3 -MLINKS+= SSL_CTX_set_record_padding_callback.3 SSL_get_record_padding_callback_arg.3 -MLINKS+= SSL_CTX_set_record_padding_callback.3 SSL_set_block_padding.3 -MLINKS+= SSL_CTX_set_record_padding_callback.3 SSL_set_record_padding_callback.3 -MLINKS+= SSL_CTX_set_record_padding_callback.3 SSL_set_record_padding_callback_arg.3 -MLINKS+= SSL_CTX_set_security_level.3 SSL_CTX_get0_security_ex_data.3 -MLINKS+= SSL_CTX_set_security_level.3 SSL_CTX_get_security_callback.3 -MLINKS+= SSL_CTX_set_security_level.3 SSL_CTX_get_security_level.3 -MLINKS+= SSL_CTX_set_security_level.3 SSL_CTX_set0_security_ex_data.3 +MLINKS+= SSL_read_early_data.3 SSL_CTX_set_recv_max_early_data.3 MLINKS+= SSL_CTX_set_security_level.3 SSL_CTX_set_security_callback.3 -MLINKS+= SSL_CTX_set_security_level.3 SSL_get0_security_ex_data.3 -MLINKS+= SSL_CTX_set_security_level.3 SSL_get_security_callback.3 -MLINKS+= SSL_CTX_set_security_level.3 SSL_get_security_level.3 -MLINKS+= SSL_CTX_set_security_level.3 SSL_set0_security_ex_data.3 -MLINKS+= SSL_CTX_set_security_level.3 SSL_set_security_callback.3 -MLINKS+= SSL_CTX_set_security_level.3 SSL_set_security_level.3 -MLINKS+= SSL_CTX_set_session_cache_mode.3 SSL_CTX_get_session_cache_mode.3 -MLINKS+= SSL_CTX_set_session_id_context.3 SSL_set_session_id_context.3 -MLINKS+= SSL_CTX_set_session_ticket_cb.3 SSL_CTX_decrypt_session_ticket_fn.3 -MLINKS+= SSL_CTX_set_session_ticket_cb.3 SSL_CTX_generate_session_ticket_fn.3 -MLINKS+= SSL_CTX_set_session_ticket_cb.3 SSL_SESSION_get0_ticket_appdata.3 -MLINKS+= SSL_CTX_set_session_ticket_cb.3 SSL_SESSION_set1_ticket_appdata.3 -MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_CTX_set_default_read_buffer_len.3 -MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_CTX_set_max_pipelines.3 -MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_CTX_set_max_send_fragment.3 -MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_CTX_set_tlsext_max_fragment_length.3 -MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_SESSION_get_max_fragment_length.3 -MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_set_default_read_buffer_len.3 -MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_set_max_pipelines.3 -MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_set_max_send_fragment.3 -MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_set_split_send_fragment.3 -MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_set_tlsext_max_fragment_length.3 -MLINKS+= SSL_CTX_set_ssl_version.3 SSL_get_ssl_method.3 -MLINKS+= SSL_CTX_set_ssl_version.3 SSL_set_ssl_method.3 -MLINKS+= SSL_CTX_set_stateless_cookie_generate_cb.3 SSL_CTX_set_cookie_generate_cb.3 -MLINKS+= SSL_CTX_set_stateless_cookie_generate_cb.3 SSL_CTX_set_cookie_verify_cb.3 +MLINKS+= SSL_CTX_set_srp_password.3 SSL_CTX_set_srp_cb_arg.3 +MLINKS+= SSL_CTX_set_srp_password.3 SSL_CTX_set_srp_client_pwd_callback.3 +MLINKS+= SSL_CTX_set_srp_password.3 SSL_CTX_set_srp_strength.3 +MLINKS+= SSL_CTX_set_srp_password.3 SSL_CTX_set_srp_username.3 +MLINKS+= SSL_CTX_set_srp_password.3 SSL_CTX_set_srp_username_callback.3 +MLINKS+= SSL_CTX_set_srp_password.3 SSL_CTX_set_srp_verify_param_callback.3 MLINKS+= SSL_CTX_set_stateless_cookie_generate_cb.3 SSL_CTX_set_stateless_cookie_verify_cb.3 -MLINKS+= SSL_CTX_set_timeout.3 SSL_CTX_get_timeout.3 +MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_CTX_set_tlsext_max_fragment_length.3 MLINKS+= SSL_CTX_set_tlsext_servername_callback.3 SSL_CTX_set_tlsext_servername_arg.3 -MLINKS+= SSL_CTX_set_tlsext_servername_callback.3 SSL_get_servername.3 -MLINKS+= SSL_CTX_set_tlsext_servername_callback.3 SSL_get_servername_type.3 -MLINKS+= SSL_CTX_set_tlsext_servername_callback.3 SSL_set_tlsext_host_name.3 -MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_CTX_get_tlsext_status_arg.3 -MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_CTX_get_tlsext_status_cb.3 -MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_CTX_get_tlsext_status_type.3 MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_CTX_set_tlsext_status_arg.3 MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_CTX_set_tlsext_status_type.3 -MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_get_tlsext_status_ocsp_resp.3 -MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_get_tlsext_status_type.3 -MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_set_tlsext_status_ocsp_resp.3 -MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_set_tlsext_status_type.3 -MLINKS+= SSL_CTX_set_tlsext_use_srtp.3 SSL_get_selected_srtp_profile.3 -MLINKS+= SSL_CTX_set_tlsext_use_srtp.3 SSL_get_srtp_profiles.3 -MLINKS+= SSL_CTX_set_tlsext_use_srtp.3 SSL_set_tlsext_use_srtp.3 +MLINKS+= SSL_CTX_set_tlsext_ticket_key_cb.3 SSL_CTX_set_tlsext_ticket_key_evp_cb.3 MLINKS+= SSL_CTX_set_tmp_dh_callback.3 SSL_CTX_set_tmp_dh.3 -MLINKS+= SSL_CTX_set_tmp_dh_callback.3 SSL_set_tmp_dh.3 -MLINKS+= SSL_CTX_set_tmp_dh_callback.3 SSL_set_tmp_dh_callback.3 -MLINKS+= SSL_CTX_set_verify.3 SSL_CTX_set_post_handshake_auth.3 +MLINKS+= SSL_CTX_get0_param.3 SSL_CTX_set_trust.3 MLINKS+= SSL_CTX_set_verify.3 SSL_CTX_set_verify_depth.3 -MLINKS+= SSL_CTX_set_verify.3 SSL_get_ex_data_X509_STORE_CTX_idx.3 -MLINKS+= SSL_CTX_set_verify.3 SSL_set_post_handshake_auth.3 -MLINKS+= SSL_CTX_set_verify.3 SSL_set_verify.3 -MLINKS+= SSL_CTX_set_verify.3 SSL_set_verify_depth.3 -MLINKS+= SSL_CTX_set_verify.3 SSL_verify_cb.3 -MLINKS+= SSL_CTX_set_verify.3 SSL_verify_client_post_handshake.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_check_private_key.3 +MLINKS+= SSL_CTX_new.3 SSL_CTX_up_ref.3 MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_PrivateKey.3 MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_PrivateKey_ASN1.3 MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_PrivateKey_file.3 @@ -2714,162 +3934,392 @@ MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_cert_and_key.3 MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_certificate_ASN1.3 MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_certificate_chain_file.3 MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_certificate_file.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_check_private_key.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_use_PrivateKey.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_use_PrivateKey_ASN1.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_use_PrivateKey_file.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_use_RSAPrivateKey.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_use_RSAPrivateKey_ASN1.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_use_RSAPrivateKey_file.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_use_cert_and_key.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_use_certificate.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_use_certificate_ASN1.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_use_certificate_chain_file.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_use_certificate_file.3 -MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_CTX_set_psk_find_session_callback.3 -MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_CTX_set_psk_server_callback.3 -MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_psk_find_session_cb_func.3 -MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_psk_server_cb_func.3 -MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_set_psk_find_session_callback.3 -MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_set_psk_server_callback.3 -MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_use_psk_identity_hint.3 MLINKS+= SSL_CTX_use_serverinfo.3 SSL_CTX_use_serverinfo_ex.3 MLINKS+= SSL_CTX_use_serverinfo.3 SSL_CTX_use_serverinfo_file.3 +MLINKS+= OSSL_CORE_MAKE_FUNC.3 SSL_OP_BIT.3 MLINKS+= SSL_SESSION_free.3 SSL_SESSION_dup.3 -MLINKS+= SSL_SESSION_free.3 SSL_SESSION_new.3 -MLINKS+= SSL_SESSION_free.3 SSL_SESSION_up_ref.3 -MLINKS+= SSL_SESSION_get0_cipher.3 SSL_SESSION_set_cipher.3 MLINKS+= SSL_SESSION_get0_hostname.3 SSL_SESSION_get0_alpn_selected.3 +MLINKS+= SSL_SESSION_has_ticket.3 SSL_SESSION_get0_ticket.3 +MLINKS+= SSL_CTX_set_session_ticket_cb.3 SSL_SESSION_get0_ticket_appdata.3 +MLINKS+= BIO_get_ex_new_index.3 SSL_SESSION_get_app_data.3 +MLINKS+= BIO_get_ex_new_index.3 SSL_SESSION_get_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 SSL_SESSION_get_ex_new_index.3 +MLINKS+= SSL_SESSION_set1_id.3 SSL_SESSION_get_id.3 +MLINKS+= SSL_get_client_random.3 SSL_SESSION_get_master_key.3 +MLINKS+= SSL_read_early_data.3 SSL_SESSION_get_max_early_data.3 +MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_SESSION_get_max_fragment_length.3 +MLINKS+= SSL_SESSION_has_ticket.3 SSL_SESSION_get_ticket_lifetime_hint.3 +MLINKS+= SSL_SESSION_get_time.3 SSL_SESSION_get_timeout.3 +MLINKS+= SSL_SESSION_free.3 SSL_SESSION_new.3 +MLINKS+= SSL_SESSION_print.3 SSL_SESSION_print_fp.3 +MLINKS+= SSL_SESSION_print.3 SSL_SESSION_print_keylog.3 MLINKS+= SSL_SESSION_get0_hostname.3 SSL_SESSION_set1_alpn_selected.3 MLINKS+= SSL_SESSION_get0_hostname.3 SSL_SESSION_set1_hostname.3 MLINKS+= SSL_SESSION_get0_id_context.3 SSL_SESSION_set1_id_context.3 -MLINKS+= SSL_SESSION_get_ex_data.3 SSL_SESSION_set_ex_data.3 +MLINKS+= SSL_get_client_random.3 SSL_SESSION_set1_master_key.3 +MLINKS+= SSL_CTX_set_session_ticket_cb.3 SSL_SESSION_set1_ticket_appdata.3 +MLINKS+= BIO_get_ex_new_index.3 SSL_SESSION_set_app_data.3 +MLINKS+= SSL_SESSION_get0_cipher.3 SSL_SESSION_set_cipher.3 +MLINKS+= BIO_get_ex_new_index.3 SSL_SESSION_set_ex_data.3 +MLINKS+= SSL_read_early_data.3 SSL_SESSION_set_max_early_data.3 MLINKS+= SSL_SESSION_get_protocol_version.3 SSL_SESSION_set_protocol_version.3 -MLINKS+= SSL_SESSION_get_time.3 SSL_SESSION_get_timeout.3 MLINKS+= SSL_SESSION_get_time.3 SSL_SESSION_set_time.3 MLINKS+= SSL_SESSION_get_time.3 SSL_SESSION_set_timeout.3 -MLINKS+= SSL_SESSION_get_time.3 SSL_get_time.3 -MLINKS+= SSL_SESSION_get_time.3 SSL_get_timeout.3 -MLINKS+= SSL_SESSION_get_time.3 SSL_set_time.3 -MLINKS+= SSL_SESSION_get_time.3 SSL_set_timeout.3 -MLINKS+= SSL_SESSION_has_ticket.3 SSL_SESSION_get0_ticket.3 -MLINKS+= SSL_SESSION_has_ticket.3 SSL_SESSION_get_ticket_lifetime_hint.3 -MLINKS+= SSL_SESSION_print.3 SSL_SESSION_print_fp.3 -MLINKS+= SSL_SESSION_print.3 SSL_SESSION_print_keylog.3 -MLINKS+= SSL_SESSION_set1_id.3 SSL_SESSION_get_id.3 +MLINKS+= SSL_SESSION_free.3 SSL_SESSION_up_ref.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_add0_chain_cert.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_add1_chain_cert.3 +MLINKS+= SSL_set1_host.3 SSL_add1_host.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_add1_to_CA_list.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_add_client_CA.3 +MLINKS+= SSL_load_client_CA_file.3 SSL_add_dir_cert_subjects_to_stack.3 +MLINKS+= SSL_load_client_CA_file.3 SSL_add_file_cert_subjects_to_stack.3 +MLINKS+= SSL_load_client_CA_file.3 SSL_add_store_cert_subjects_to_stack.3 MLINKS+= SSL_alert_type_string.3 SSL_alert_desc_string.3 MLINKS+= SSL_alert_type_string.3 SSL_alert_desc_string_long.3 MLINKS+= SSL_alert_type_string.3 SSL_alert_type_string_long.3 -MLINKS+= SSL_alloc_buffers.3 SSL_free_buffers.3 -MLINKS+= SSL_export_keying_material.3 SSL_export_keying_material_early.3 -MLINKS+= SSL_extension_supported.3 SSL_CTX_add_client_custom_ext.3 -MLINKS+= SSL_extension_supported.3 SSL_CTX_add_custom_ext.3 -MLINKS+= SSL_extension_supported.3 SSL_CTX_add_server_custom_ext.3 -MLINKS+= SSL_extension_supported.3 custom_ext_add_cb.3 -MLINKS+= SSL_extension_supported.3 custom_ext_free_cb.3 -MLINKS+= SSL_extension_supported.3 custom_ext_parse_cb.3 -MLINKS+= SSL_get_all_async_fds.3 SSL_get_changed_async_fds.3 -MLINKS+= SSL_get_all_async_fds.3 SSL_waiting_for_async.3 -MLINKS+= SSL_get_ciphers.3 SSL_CTX_get_ciphers.3 +MLINKS+= SSL_read_early_data.3 SSL_allow_early_data_cb_fn.3 +MLINKS+= SSL_set_async_callback.3 SSL_async_callback_fn.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_build_cert_chain.3 MLINKS+= SSL_get_ciphers.3 SSL_bytes_to_cipher_list.3 +MLINKS+= SSL_CTX_ctrl.3 SSL_callback_ctrl.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_check_private_key.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_clear_chain_certs.3 +MLINKS+= SSL_CTX_set_mode.3 SSL_clear_mode.3 +MLINKS+= SSL_CTX_set_options.3 SSL_clear_options.3 +MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_cb_fn.3 +MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get0_ciphers.3 +MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get0_compression_methods.3 +MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get0_ext.3 +MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get0_legacy_version.3 +MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get0_random.3 +MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get0_session_id.3 +MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get1_extensions_present.3 +MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_isv2.3 +MLINKS+= SSL_get_version.3 SSL_client_version.3 +MLINKS+= SSL_CTX_config.3 SSL_config.3 +MLINKS+= SSL_CTX_set_ct_validation_callback.3 SSL_ct_is_enabled.3 +MLINKS+= SSL_CTX_ctrl.3 SSL_ctrl.3 +MLINKS+= SSL_extension_supported.3 SSL_custom_ext_add_cb_ex.3 +MLINKS+= SSL_extension_supported.3 SSL_custom_ext_free_cb_ex.3 +MLINKS+= SSL_extension_supported.3 SSL_custom_ext_parse_cb_ex.3 +MLINKS+= SSL_CTX_dane_enable.3 SSL_dane_clear_flags.3 +MLINKS+= SSL_CTX_dane_enable.3 SSL_dane_enable.3 +MLINKS+= SSL_CTX_dane_enable.3 SSL_dane_set_flags.3 +MLINKS+= SSL_CTX_dane_enable.3 SSL_dane_tlsa_add.3 +MLINKS+= SSL_CTX_set_ct_validation_callback.3 SSL_disable_ct.3 +MLINKS+= SSL_new.3 SSL_dup.3 +MLINKS+= SSL_CTX_set_ct_validation_callback.3 SSL_enable_ct.3 +MLINKS+= SSL_export_keying_material.3 SSL_export_keying_material_early.3 +MLINKS+= SSL_alloc_buffers.3 SSL_free_buffers.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_get0_CA_list.3 +MLINKS+= SSL_CTX_set_alpn_select_cb.3 SSL_get0_alpn_selected.3 +MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_get0_chain_cert_store.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_get0_chain_certs.3 +MLINKS+= SSL_CTX_dane_enable.3 SSL_get0_dane_authority.3 +MLINKS+= SSL_CTX_dane_enable.3 SSL_get0_dane_tlsa.3 +MLINKS+= SSL_CTX_set_alpn_select_cb.3 SSL_get0_next_proto_negotiated.3 +MLINKS+= SSL_CTX_get0_param.3 SSL_get0_param.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_get0_peer_CA_list.3 +MLINKS+= SSL_get_peer_certificate.3 SSL_get0_peer_certificate.3 +MLINKS+= SSL_set1_host.3 SSL_get0_peername.3 +MLINKS+= SSL_CTX_set_security_level.3 SSL_get0_security_ex_data.3 +MLINKS+= SSL_get_session.3 SSL_get0_session.3 +MLINKS+= SSL_get_peer_cert_chain.3 SSL_get0_verified_chain.3 +MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_get0_verify_cert_store.3 +MLINKS+= SSL_CTX_set1_curves.3 SSL_get1_curves.3 +MLINKS+= SSL_CTX_set1_curves.3 SSL_get1_groups.3 +MLINKS+= SSL_get_peer_certificate.3 SSL_get1_peer_certificate.3 +MLINKS+= SSL_get_session.3 SSL_get1_session.3 MLINKS+= SSL_get_ciphers.3 SSL_get1_supported_ciphers.3 -MLINKS+= SSL_get_ciphers.3 SSL_get_cipher_list.3 -MLINKS+= SSL_get_ciphers.3 SSL_get_client_ciphers.3 -MLINKS+= SSL_get_ciphers.3 SSL_get_shared_ciphers.3 -MLINKS+= SSL_get_client_random.3 SSL_SESSION_get_master_key.3 -MLINKS+= SSL_get_client_random.3 SSL_SESSION_set1_master_key.3 -MLINKS+= SSL_get_client_random.3 SSL_get_server_random.3 +MLINKS+= BIO_get_ex_new_index.3 SSL_get_app_data.3 +MLINKS+= SSL_set_async_callback.3 SSL_get_async_status.3 +MLINKS+= SSL_get_all_async_fds.3 SSL_get_changed_async_fds.3 MLINKS+= SSL_get_current_cipher.3 SSL_get_cipher.3 MLINKS+= SSL_get_current_cipher.3 SSL_get_cipher_bits.3 +MLINKS+= SSL_get_ciphers.3 SSL_get_cipher_list.3 MLINKS+= SSL_get_current_cipher.3 SSL_get_cipher_name.3 MLINKS+= SSL_get_current_cipher.3 SSL_get_cipher_version.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_get_client_CA_list.3 +MLINKS+= SSL_get_ciphers.3 SSL_get_client_ciphers.3 +MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_get_default_passwd_cb.3 +MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_get_default_passwd_cb_userdata.3 +MLINKS+= SSL_read_early_data.3 SSL_get_early_data_status.3 +MLINKS+= BIO_get_ex_new_index.3 SSL_get_ex_data.3 +MLINKS+= SSL_CTX_set_verify.3 SSL_get_ex_data_X509_STORE_CTX_idx.3 +MLINKS+= BIO_get_ex_new_index.3 SSL_get_ex_new_index.3 +MLINKS+= SSL_CTX_set_info_callback.3 SSL_get_info_callback.3 +MLINKS+= SSL_key_update.3 SSL_get_key_update_type.3 +MLINKS+= SSL_CTX_set_max_cert_list.3 SSL_get_max_cert_list.3 +MLINKS+= SSL_read_early_data.3 SSL_get_max_early_data.3 +MLINKS+= SSL_CTX_set_min_proto_version.3 SSL_get_max_proto_version.3 +MLINKS+= SSL_CTX_set_min_proto_version.3 SSL_get_min_proto_version.3 +MLINKS+= SSL_CTX_set_mode.3 SSL_get_mode.3 +MLINKS+= SSL_CTX_set1_curves.3 SSL_get_negotiated_group.3 +MLINKS+= SSL_CTX_set_num_tickets.3 SSL_get_num_tickets.3 +MLINKS+= SSL_CTX_set_options.3 SSL_get_options.3 +MLINKS+= SSL_get_peer_signature_nid.3 SSL_get_peer_signature_type_nid.3 MLINKS+= SSL_get_current_cipher.3 SSL_get_pending_cipher.3 +MLINKS+= SSL_get_certificate.3 SSL_get_privatekey.3 +MLINKS+= SSL_get_psk_identity.3 SSL_get_psk_identity_hint.3 +MLINKS+= SSL_CTX_set_quiet_shutdown.3 SSL_get_quiet_shutdown.3 +MLINKS+= SSL_CTX_set_read_ahead.3 SSL_get_read_ahead.3 +MLINKS+= SSL_CTX_set_record_padding_callback.3 SSL_get_record_padding_callback_arg.3 +MLINKS+= SSL_read_early_data.3 SSL_get_recv_max_early_data.3 MLINKS+= SSL_get_fd.3 SSL_get_rfd.3 -MLINKS+= SSL_get_fd.3 SSL_get_wfd.3 -MLINKS+= SSL_get_peer_cert_chain.3 SSL_get0_verified_chain.3 -MLINKS+= SSL_get_peer_signature_nid.3 SSL_get_peer_signature_type_nid.3 +MLINKS+= SSL_CTX_set_options.3 SSL_get_secure_renegotiation_support.3 +MLINKS+= SSL_CTX_set_security_level.3 SSL_get_security_callback.3 +MLINKS+= SSL_CTX_set_security_level.3 SSL_get_security_level.3 +MLINKS+= SSL_CTX_set_tlsext_use_srtp.3 SSL_get_selected_srtp_profile.3 +MLINKS+= SSL_get_client_random.3 SSL_get_server_random.3 +MLINKS+= SSL_get_peer_tmp_key.3 SSL_get_server_tmp_key.3 +MLINKS+= SSL_CTX_set_tlsext_servername_callback.3 SSL_get_servername.3 +MLINKS+= SSL_CTX_set_tlsext_servername_callback.3 SSL_get_servername_type.3 +MLINKS+= SSL_get_ciphers.3 SSL_get_shared_ciphers.3 +MLINKS+= SSL_CTX_set1_curves.3 SSL_get_shared_curve.3 +MLINKS+= SSL_CTX_set1_curves.3 SSL_get_shared_group.3 +MLINKS+= SSL_set_shutdown.3 SSL_get_shutdown.3 +MLINKS+= SSL_get_shared_sigalgs.3 SSL_get_sigalgs.3 MLINKS+= SSL_get_peer_signature_nid.3 SSL_get_signature_nid.3 MLINKS+= SSL_get_peer_signature_nid.3 SSL_get_signature_type_nid.3 -MLINKS+= SSL_get_peer_tmp_key.3 SSL_get_server_tmp_key.3 +MLINKS+= SSL_CTX_set_srp_password.3 SSL_get_srp_N.3 +MLINKS+= SSL_CTX_set_srp_password.3 SSL_get_srp_g.3 +MLINKS+= SSL_CTX_set_srp_password.3 SSL_get_srp_userinfo.3 +MLINKS+= SSL_CTX_set_srp_password.3 SSL_get_srp_username.3 +MLINKS+= SSL_CTX_set_tlsext_use_srtp.3 SSL_get_srtp_profiles.3 +MLINKS+= SSL_CTX_set_ssl_version.3 SSL_get_ssl_method.3 +MLINKS+= SSL_in_init.3 SSL_get_state.3 +MLINKS+= SSL_SESSION_get_time.3 SSL_get_time.3 +MLINKS+= SSL_SESSION_get_time.3 SSL_get_timeout.3 +MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_get_tlsext_status_ocsp_resp.3 +MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_get_tlsext_status_type.3 MLINKS+= SSL_get_peer_tmp_key.3 SSL_get_tmp_key.3 -MLINKS+= SSL_get_psk_identity.3 SSL_get_psk_identity_hint.3 +MLINKS+= SSL_CTX_get_verify_mode.3 SSL_get_verify_callback.3 +MLINKS+= SSL_CTX_get_verify_mode.3 SSL_get_verify_depth.3 +MLINKS+= SSL_CTX_get_verify_mode.3 SSL_get_verify_mode.3 MLINKS+= SSL_get_rbio.3 SSL_get_wbio.3 -MLINKS+= SSL_get_session.3 SSL_get0_session.3 -MLINKS+= SSL_get_session.3 SSL_get1_session.3 -MLINKS+= SSL_get_shared_sigalgs.3 SSL_get_sigalgs.3 -MLINKS+= SSL_get_version.3 SSL_client_version.3 -MLINKS+= SSL_get_version.3 SSL_is_dtls.3 -MLINKS+= SSL_get_version.3 SSL_version.3 -MLINKS+= SSL_in_init.3 SSL_get_state.3 +MLINKS+= SSL_get_fd.3 SSL_get_wfd.3 +MLINKS+= SSL_CTX_set_generate_session_id.3 SSL_has_matching_session_id.3 +MLINKS+= SSL_pending.3 SSL_has_pending.3 MLINKS+= SSL_in_init.3 SSL_in_accept_init.3 MLINKS+= SSL_in_init.3 SSL_in_before.3 MLINKS+= SSL_in_init.3 SSL_in_connect_init.3 +MLINKS+= SSL_get_version.3 SSL_is_dtls.3 MLINKS+= SSL_in_init.3 SSL_is_init_finished.3 -MLINKS+= SSL_key_update.3 SSL_get_key_update_type.3 -MLINKS+= SSL_key_update.3 SSL_renegotiate.3 -MLINKS+= SSL_key_update.3 SSL_renegotiate_abbreviated.3 -MLINKS+= SSL_key_update.3 SSL_renegotiate_pending.3 -MLINKS+= SSL_library_init.3 OpenSSL_add_ssl_algorithms.3 -MLINKS+= SSL_load_client_CA_file.3 SSL_add_dir_cert_subjects_to_stack.3 -MLINKS+= SSL_load_client_CA_file.3 SSL_add_file_cert_subjects_to_stack.3 -MLINKS+= SSL_new.3 SSL_dup.3 -MLINKS+= SSL_new.3 SSL_up_ref.3 -MLINKS+= SSL_pending.3 SSL_has_pending.3 +MLINKS+= SSL_set_connect_state.3 SSL_is_server.3 +MLINKS+= SSL_load_client_CA_file.3 SSL_load_client_CA_file_ex.3 +MLINKS+= ERR_load_crypto_strings.3 SSL_load_error_strings.3 +MLINKS+= SSL_CTX_set_num_tickets.3 SSL_new_session_ticket.3 MLINKS+= SSL_read.3 SSL_peek.3 MLINKS+= SSL_read.3 SSL_peek_ex.3 +MLINKS+= SSL_CTX_set_psk_client_callback.3 SSL_psk_client_cb_func.3 +MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_psk_find_session_cb_func.3 +MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_psk_server_cb_func.3 +MLINKS+= SSL_CTX_set_psk_client_callback.3 SSL_psk_use_session_cb_func.3 MLINKS+= SSL_read.3 SSL_read_ex.3 -MLINKS+= SSL_read_early_data.3 SSL_CTX_get_max_early_data.3 -MLINKS+= SSL_read_early_data.3 SSL_CTX_get_recv_max_early_data.3 -MLINKS+= SSL_read_early_data.3 SSL_CTX_set_allow_early_data_cb.3 -MLINKS+= SSL_read_early_data.3 SSL_CTX_set_max_early_data.3 -MLINKS+= SSL_read_early_data.3 SSL_CTX_set_recv_max_early_data.3 -MLINKS+= SSL_read_early_data.3 SSL_SESSION_get_max_early_data.3 -MLINKS+= SSL_read_early_data.3 SSL_SESSION_set_max_early_data.3 -MLINKS+= SSL_read_early_data.3 SSL_allow_early_data_cb_fn.3 -MLINKS+= SSL_read_early_data.3 SSL_get_early_data_status.3 -MLINKS+= SSL_read_early_data.3 SSL_get_max_early_data.3 -MLINKS+= SSL_read_early_data.3 SSL_get_recv_max_early_data.3 -MLINKS+= SSL_read_early_data.3 SSL_set_allow_early_data_cb.3 -MLINKS+= SSL_read_early_data.3 SSL_set_max_early_data.3 -MLINKS+= SSL_read_early_data.3 SSL_set_recv_max_early_data.3 -MLINKS+= SSL_read_early_data.3 SSL_write_early_data.3 +MLINKS+= SSL_key_update.3 SSL_renegotiate.3 +MLINKS+= SSL_key_update.3 SSL_renegotiate_abbreviated.3 +MLINKS+= SSL_key_update.3 SSL_renegotiate_pending.3 MLINKS+= SSL_rstate_string.3 SSL_rstate_string_long.3 -MLINKS+= SSL_set1_host.3 SSL_add1_host.3 -MLINKS+= SSL_set1_host.3 SSL_get0_peername.3 -MLINKS+= SSL_set1_host.3 SSL_set_hostflags.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_select_current_cert.3 +MLINKS+= SSL_CTX_set_alpn_select_cb.3 SSL_select_next_proto.3 +MLINKS+= SSL_write.3 SSL_sendfile.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_set0_CA_list.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_set0_chain.3 +MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_set0_chain_cert_store.3 MLINKS+= SSL_set_bio.3 SSL_set0_rbio.3 +MLINKS+= SSL_CTX_set_security_level.3 SSL_set0_security_ex_data.3 +MLINKS+= SSL_CTX_set_tmp_dh_callback.3 SSL_set0_tmp_dh_pkey.3 +MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_set0_verify_cert_store.3 MLINKS+= SSL_set_bio.3 SSL_set0_wbio.3 -MLINKS+= SSL_set_connect_state.3 SSL_is_server.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_set1_chain.3 +MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_set1_chain_cert_store.3 +MLINKS+= SSL_CTX_set1_sigalgs.3 SSL_set1_client_sigalgs.3 +MLINKS+= SSL_CTX_set1_sigalgs.3 SSL_set1_client_sigalgs_list.3 +MLINKS+= SSL_CTX_set1_curves.3 SSL_set1_curves.3 +MLINKS+= SSL_CTX_set1_curves.3 SSL_set1_curves_list.3 +MLINKS+= SSL_CTX_set1_curves.3 SSL_set1_groups.3 +MLINKS+= SSL_CTX_set1_curves.3 SSL_set1_groups_list.3 +MLINKS+= SSL_CTX_get0_param.3 SSL_set1_param.3 +MLINKS+= SSL_CTX_set1_sigalgs.3 SSL_set1_sigalgs.3 +MLINKS+= SSL_CTX_set1_sigalgs.3 SSL_set1_sigalgs_list.3 +MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_set1_verify_cert_store.3 MLINKS+= SSL_set_connect_state.3 SSL_set_accept_state.3 +MLINKS+= SSL_read_early_data.3 SSL_set_allow_early_data_cb.3 +MLINKS+= SSL_CTX_set_alpn_select_cb.3 SSL_set_alpn_protos.3 +MLINKS+= BIO_get_ex_new_index.3 SSL_set_app_data.3 +MLINKS+= SSL_set_async_callback.3 SSL_set_async_callback_arg.3 +MLINKS+= SSL_CTX_set_record_padding_callback.3 SSL_set_block_padding.3 +MLINKS+= SSL_CTX_set_cert_cb.3 SSL_set_cert_cb.3 +MLINKS+= SSL_CTX_set_cipher_list.3 SSL_set_cipher_list.3 +MLINKS+= SSL_CTX_set_cipher_list.3 SSL_set_ciphersuites.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_set_client_CA_list.3 +MLINKS+= SSL_CTX_set_ct_validation_callback.3 SSL_set_ct_validation_callback.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_set_current_cert.3 +MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_set_default_passwd_cb.3 +MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_set_default_passwd_cb_userdata.3 +MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_set_default_read_buffer_len.3 +MLINKS+= SSL_CTX_set_tmp_dh_callback.3 SSL_set_dh_auto.3 +MLINKS+= SSL_CTX_set_tmp_ecdh.3 SSL_set_ecdh_auto.3 +MLINKS+= BIO_get_ex_new_index.3 SSL_set_ex_data.3 +MLINKS+= SSL_CTX_set_generate_session_id.3 SSL_set_generate_session_id.3 +MLINKS+= SSL_set1_host.3 SSL_set_hostflags.3 +MLINKS+= SSL_CTX_set_info_callback.3 SSL_set_info_callback.3 +MLINKS+= SSL_CTX_set_max_cert_list.3 SSL_set_max_cert_list.3 +MLINKS+= SSL_read_early_data.3 SSL_set_max_early_data.3 +MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_set_max_pipelines.3 +MLINKS+= SSL_CTX_set_min_proto_version.3 SSL_set_max_proto_version.3 +MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_set_max_send_fragment.3 +MLINKS+= SSL_CTX_set_min_proto_version.3 SSL_set_min_proto_version.3 +MLINKS+= SSL_CTX_set_mode.3 SSL_set_mode.3 +MLINKS+= SSL_CTX_set_msg_callback.3 SSL_set_msg_callback.3 +MLINKS+= SSL_CTX_set_msg_callback.3 SSL_set_msg_callback_arg.3 +MLINKS+= SSL_CTX_set_num_tickets.3 SSL_set_num_tickets.3 +MLINKS+= SSL_CTX_set_options.3 SSL_set_options.3 +MLINKS+= SSL_CTX_set_verify.3 SSL_set_post_handshake_auth.3 +MLINKS+= SSL_CTX_set_psk_client_callback.3 SSL_set_psk_client_callback.3 +MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_set_psk_find_session_callback.3 +MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_set_psk_server_callback.3 +MLINKS+= SSL_CTX_set_psk_client_callback.3 SSL_set_psk_use_session_callback.3 +MLINKS+= SSL_CTX_get0_param.3 SSL_set_purpose.3 +MLINKS+= SSL_CTX_set_quiet_shutdown.3 SSL_set_quiet_shutdown.3 +MLINKS+= SSL_CTX_set_read_ahead.3 SSL_set_read_ahead.3 +MLINKS+= SSL_CTX_set_record_padding_callback.3 SSL_set_record_padding_callback.3 +MLINKS+= SSL_CTX_set_record_padding_callback.3 SSL_set_record_padding_callback_arg.3 +MLINKS+= SSL_read_early_data.3 SSL_set_recv_max_early_data.3 MLINKS+= SSL_set_fd.3 SSL_set_rfd.3 +MLINKS+= SSL_CTX_set_security_level.3 SSL_set_security_callback.3 +MLINKS+= SSL_CTX_set_security_level.3 SSL_set_security_level.3 +MLINKS+= SSL_CTX_set_session_id_context.3 SSL_set_session_id_context.3 +MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_set_split_send_fragment.3 +MLINKS+= SSL_CTX_set_srp_password.3 SSL_set_srp_server_param.3 +MLINKS+= SSL_CTX_set_srp_password.3 SSL_set_srp_server_param_pw.3 +MLINKS+= SSL_CTX_set_ssl_version.3 SSL_set_ssl_method.3 +MLINKS+= SSL_SESSION_get_time.3 SSL_set_time.3 +MLINKS+= SSL_SESSION_get_time.3 SSL_set_timeout.3 +MLINKS+= SSL_CTX_set_tlsext_servername_callback.3 SSL_set_tlsext_host_name.3 +MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_set_tlsext_max_fragment_length.3 +MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_set_tlsext_status_ocsp_resp.3 +MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_set_tlsext_status_type.3 +MLINKS+= SSL_CTX_set_tlsext_use_srtp.3 SSL_set_tlsext_use_srtp.3 +MLINKS+= SSL_CTX_set_tmp_dh_callback.3 SSL_set_tmp_dh.3 +MLINKS+= SSL_CTX_set_tmp_dh_callback.3 SSL_set_tmp_dh_callback.3 +MLINKS+= SSL_CTX_set_tmp_ecdh.3 SSL_set_tmp_ecdh.3 +MLINKS+= SSL_CTX_get0_param.3 SSL_set_trust.3 +MLINKS+= SSL_CTX_set_verify.3 SSL_set_verify.3 +MLINKS+= SSL_CTX_set_verify.3 SSL_set_verify_depth.3 MLINKS+= SSL_set_fd.3 SSL_set_wfd.3 -MLINKS+= SSL_set_shutdown.3 SSL_get_shutdown.3 MLINKS+= SSL_state_string.3 SSL_state_string_long.3 +MLINKS+= DTLSv1_listen.3 SSL_stateless.3 +MLINKS+= SSL_new.3 SSL_up_ref.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_use_PrivateKey.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_use_PrivateKey_ASN1.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_use_PrivateKey_file.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_use_RSAPrivateKey.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_use_RSAPrivateKey_ASN1.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_use_RSAPrivateKey_file.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_use_cert_and_key.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_use_certificate.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_use_certificate_ASN1.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_use_certificate_chain_file.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_use_certificate_file.3 +MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_use_psk_identity_hint.3 +MLINKS+= SSL_CTX_set_verify.3 SSL_verify_cb.3 +MLINKS+= SSL_CTX_set_verify.3 SSL_verify_client_post_handshake.3 +MLINKS+= SSL_get_version.3 SSL_version.3 +MLINKS+= SSL_get_all_async_fds.3 SSL_waiting_for_async.3 MLINKS+= SSL_want.3 SSL_want_async.3 MLINKS+= SSL_want.3 SSL_want_async_job.3 MLINKS+= SSL_want.3 SSL_want_client_hello_cb.3 MLINKS+= SSL_want.3 SSL_want_nothing.3 MLINKS+= SSL_want.3 SSL_want_read.3 +MLINKS+= SSL_want.3 SSL_want_retry_verify.3 MLINKS+= SSL_want.3 SSL_want_write.3 MLINKS+= SSL_want.3 SSL_want_x509_lookup.3 -MLINKS+= SSL_write.3 SSL_sendfile.3 +MLINKS+= SSL_read_early_data.3 SSL_write_early_data.3 MLINKS+= SSL_write.3 SSL_write_ex.3 +MLINKS+= SSL_CTX_new.3 SSLv23_client_method.3 +MLINKS+= SSL_CTX_new.3 SSLv23_method.3 +MLINKS+= SSL_CTX_new.3 SSLv23_server_method.3 +MLINKS+= SSL_CTX_new.3 SSLv3_client_method.3 +MLINKS+= SSL_CTX_new.3 SSLv3_method.3 +MLINKS+= SSL_CTX_new.3 SSLv3_server_method.3 +MLINKS+= X509_dup.3 SXNETID_free.3 +MLINKS+= X509_dup.3 SXNETID_new.3 +MLINKS+= X509_dup.3 SXNET_free.3 +MLINKS+= X509_dup.3 SXNET_new.3 +MLINKS+= X509_dup.3 TLS_FEATURE_free.3 +MLINKS+= X509_dup.3 TLS_FEATURE_new.3 +MLINKS+= SSL_CTX_new.3 TLS_client_method.3 +MLINKS+= SSL_CTX_new.3 TLS_method.3 +MLINKS+= SSL_CTX_new.3 TLS_server_method.3 +MLINKS+= SSL_CTX_new.3 TLSv1_1_client_method.3 +MLINKS+= SSL_CTX_new.3 TLSv1_1_method.3 +MLINKS+= SSL_CTX_new.3 TLSv1_1_server_method.3 +MLINKS+= SSL_CTX_new.3 TLSv1_2_client_method.3 +MLINKS+= SSL_CTX_new.3 TLSv1_2_method.3 +MLINKS+= SSL_CTX_new.3 TLSv1_2_server_method.3 +MLINKS+= SSL_CTX_new.3 TLSv1_client_method.3 +MLINKS+= SSL_CTX_new.3 TLSv1_method.3 +MLINKS+= SSL_CTX_new.3 TLSv1_server_method.3 +MLINKS+= X509_dup.3 TS_ACCURACY_dup.3 +MLINKS+= X509_dup.3 TS_ACCURACY_free.3 +MLINKS+= X509_dup.3 TS_ACCURACY_new.3 +MLINKS+= X509_dup.3 TS_MSG_IMPRINT_dup.3 +MLINKS+= X509_dup.3 TS_MSG_IMPRINT_free.3 +MLINKS+= X509_dup.3 TS_MSG_IMPRINT_new.3 +MLINKS+= X509_dup.3 TS_REQ_dup.3 +MLINKS+= X509_dup.3 TS_REQ_free.3 +MLINKS+= X509_dup.3 TS_REQ_new.3 +MLINKS+= TS_RESP_CTX_new.3 TS_RESP_CTX_free.3 +MLINKS+= TS_RESP_CTX_new.3 TS_RESP_CTX_new_ex.3 +MLINKS+= X509_dup.3 TS_RESP_dup.3 +MLINKS+= X509_dup.3 TS_RESP_free.3 +MLINKS+= X509_dup.3 TS_RESP_new.3 +MLINKS+= X509_dup.3 TS_STATUS_INFO_dup.3 +MLINKS+= X509_dup.3 TS_STATUS_INFO_free.3 +MLINKS+= X509_dup.3 TS_STATUS_INFO_new.3 +MLINKS+= X509_dup.3 TS_TST_INFO_dup.3 +MLINKS+= X509_dup.3 TS_TST_INFO_free.3 +MLINKS+= X509_dup.3 TS_TST_INFO_new.3 +MLINKS+= TS_VERIFY_CTX_set_certs.3 TS_VERIFY_CTS_set_certs.3 +MLINKS+= UI_new.3 UI.3 +MLINKS+= UI_create_method.3 UI_METHOD.3 +MLINKS+= UI_new.3 UI_OpenSSL.3 +MLINKS+= UI_UTIL_read_pw.3 UI_UTIL_read_pw_string.3 +MLINKS+= UI_UTIL_read_pw.3 UI_UTIL_wrap_read_pem_callback.3 +MLINKS+= UI_new.3 UI_add_error_string.3 +MLINKS+= UI_new.3 UI_add_info_string.3 +MLINKS+= UI_new.3 UI_add_input_boolean.3 +MLINKS+= UI_new.3 UI_add_input_string.3 +MLINKS+= UI_new.3 UI_add_user_data.3 +MLINKS+= UI_new.3 UI_add_verify_string.3 +MLINKS+= UI_new.3 UI_construct_prompt.3 +MLINKS+= UI_new.3 UI_ctrl.3 +MLINKS+= UI_create_method.3 UI_destroy_method.3 +MLINKS+= UI_new.3 UI_dup_error_string.3 +MLINKS+= UI_new.3 UI_dup_info_string.3 +MLINKS+= UI_new.3 UI_dup_input_boolean.3 +MLINKS+= UI_new.3 UI_dup_input_string.3 +MLINKS+= UI_new.3 UI_dup_user_data.3 +MLINKS+= UI_new.3 UI_dup_verify_string.3 +MLINKS+= UI_new.3 UI_free.3 MLINKS+= UI_STRING.3 UI_get0_action_string.3 MLINKS+= UI_STRING.3 UI_get0_output_string.3 +MLINKS+= UI_new.3 UI_get0_result.3 MLINKS+= UI_STRING.3 UI_get0_result_string.3 MLINKS+= UI_STRING.3 UI_get0_test_string.3 +MLINKS+= UI_new.3 UI_get0_user_data.3 +MLINKS+= BIO_get_ex_new_index.3 UI_get_app_data.3 +MLINKS+= UI_new.3 UI_get_default_method.3 +MLINKS+= BIO_get_ex_new_index.3 UI_get_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 UI_get_ex_new_index.3 MLINKS+= UI_STRING.3 UI_get_input_flags.3 +MLINKS+= UI_new.3 UI_get_method.3 +MLINKS+= UI_new.3 UI_get_result_length.3 MLINKS+= UI_STRING.3 UI_get_result_maxsize.3 MLINKS+= UI_STRING.3 UI_get_result_minsize.3 MLINKS+= UI_STRING.3 UI_get_result_string_length.3 MLINKS+= UI_STRING.3 UI_get_string_type.3 -MLINKS+= UI_STRING.3 UI_set_result.3 -MLINKS+= UI_STRING.3 UI_set_result_ex.3 -MLINKS+= UI_STRING.3 UI_string_types.3 -MLINKS+= UI_UTIL_read_pw.3 UI_UTIL_read_pw_string.3 -MLINKS+= UI_UTIL_read_pw.3 UI_UTIL_wrap_read_pem_callback.3 -MLINKS+= UI_create_method.3 UI_METHOD.3 -MLINKS+= UI_create_method.3 UI_destroy_method.3 MLINKS+= UI_create_method.3 UI_method_get_closer.3 MLINKS+= UI_create_method.3 UI_method_get_data_destructor.3 MLINKS+= UI_create_method.3 UI_method_get_data_duplicator.3 @@ -2887,90 +4337,111 @@ MLINKS+= UI_create_method.3 UI_method_set_opener.3 MLINKS+= UI_create_method.3 UI_method_set_prompt_constructor.3 MLINKS+= UI_create_method.3 UI_method_set_reader.3 MLINKS+= UI_create_method.3 UI_method_set_writer.3 -MLINKS+= UI_new.3 UI.3 -MLINKS+= UI_new.3 UI_OpenSSL.3 -MLINKS+= UI_new.3 UI_add_error_string.3 -MLINKS+= UI_new.3 UI_add_info_string.3 -MLINKS+= UI_new.3 UI_add_input_boolean.3 -MLINKS+= UI_new.3 UI_add_input_string.3 -MLINKS+= UI_new.3 UI_add_user_data.3 -MLINKS+= UI_new.3 UI_add_verify_string.3 -MLINKS+= UI_new.3 UI_construct_prompt.3 -MLINKS+= UI_new.3 UI_ctrl.3 -MLINKS+= UI_new.3 UI_dup_error_string.3 -MLINKS+= UI_new.3 UI_dup_info_string.3 -MLINKS+= UI_new.3 UI_dup_input_boolean.3 -MLINKS+= UI_new.3 UI_dup_input_string.3 -MLINKS+= UI_new.3 UI_dup_user_data.3 -MLINKS+= UI_new.3 UI_dup_verify_string.3 -MLINKS+= UI_new.3 UI_free.3 -MLINKS+= UI_new.3 UI_get0_result.3 -MLINKS+= UI_new.3 UI_get0_user_data.3 -MLINKS+= UI_new.3 UI_get_default_method.3 -MLINKS+= UI_new.3 UI_get_method.3 -MLINKS+= UI_new.3 UI_get_result_length.3 MLINKS+= UI_new.3 UI_new_method.3 MLINKS+= UI_new.3 UI_null.3 MLINKS+= UI_new.3 UI_process.3 +MLINKS+= BIO_get_ex_new_index.3 UI_set_app_data.3 MLINKS+= UI_new.3 UI_set_default_method.3 +MLINKS+= BIO_get_ex_new_index.3 UI_set_ex_data.3 MLINKS+= UI_new.3 UI_set_method.3 +MLINKS+= UI_STRING.3 UI_set_result.3 +MLINKS+= UI_STRING.3 UI_set_result_ex.3 +MLINKS+= UI_STRING.3 UI_string_types.3 +MLINKS+= X509_dup.3 USERNOTICE_free.3 +MLINKS+= X509_dup.3 USERNOTICE_new.3 MLINKS+= X509V3_get_d2i.3 X509V3_EXT_d2i.3 MLINKS+= X509V3_get_d2i.3 X509V3_EXT_i2d.3 MLINKS+= X509V3_get_d2i.3 X509V3_add1_i2d.3 -MLINKS+= X509V3_get_d2i.3 X509_CRL_add1_ext_i2d.3 -MLINKS+= X509V3_get_d2i.3 X509_CRL_get0_extensions.3 -MLINKS+= X509V3_get_d2i.3 X509_CRL_get_ext_d2i.3 -MLINKS+= X509V3_get_d2i.3 X509_REVOKED_add1_ext_i2d.3 -MLINKS+= X509V3_get_d2i.3 X509_REVOKED_get0_extensions.3 -MLINKS+= X509V3_get_d2i.3 X509_REVOKED_get_ext_d2i.3 -MLINKS+= X509V3_get_d2i.3 X509_add1_ext_i2d.3 -MLINKS+= X509V3_get_d2i.3 X509_get0_extensions.3 -MLINKS+= X509V3_get_d2i.3 X509_get_ext_d2i.3 +MLINKS+= X509V3_set_ctx.3 X509V3_set_issuer_pkey.3 MLINKS+= X509_ALGOR_dup.3 X509_ALGOR_cmp.3 MLINKS+= X509_ALGOR_dup.3 X509_ALGOR_copy.3 +MLINKS+= X509_dup.3 X509_ALGOR_free.3 MLINKS+= X509_ALGOR_dup.3 X509_ALGOR_get0.3 +MLINKS+= X509_dup.3 X509_ALGOR_it.3 +MLINKS+= X509_dup.3 X509_ALGOR_new.3 MLINKS+= X509_ALGOR_dup.3 X509_ALGOR_set0.3 MLINKS+= X509_ALGOR_dup.3 X509_ALGOR_set_md.3 +MLINKS+= X509_dup.3 X509_ATTRIBUTE_dup.3 +MLINKS+= X509_dup.3 X509_ATTRIBUTE_free.3 +MLINKS+= X509_dup.3 X509_ATTRIBUTE_new.3 +MLINKS+= X509_dup.3 X509_CERT_AUX_free.3 +MLINKS+= X509_dup.3 X509_CERT_AUX_new.3 +MLINKS+= X509_dup.3 X509_CINF_free.3 +MLINKS+= X509_dup.3 X509_CINF_new.3 +MLINKS+= X509_dup.3 X509_CRL_INFO_free.3 +MLINKS+= X509_dup.3 X509_CRL_INFO_new.3 MLINKS+= X509_CRL_get0_by_serial.3 X509_CRL_add0_revoked.3 +MLINKS+= X509V3_get_d2i.3 X509_CRL_add1_ext_i2d.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_CRL_add_ext.3 +MLINKS+= X509_cmp.3 X509_CRL_cmp.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_CRL_delete_ext.3 +MLINKS+= X509_digest.3 X509_CRL_digest.3 +MLINKS+= X509_dup.3 X509_CRL_dup.3 +MLINKS+= X509_dup.3 X509_CRL_free.3 MLINKS+= X509_CRL_get0_by_serial.3 X509_CRL_get0_by_cert.3 +MLINKS+= X509V3_get_d2i.3 X509_CRL_get0_extensions.3 +MLINKS+= X509_get0_notBefore.3 X509_CRL_get0_lastUpdate.3 +MLINKS+= X509_get0_notBefore.3 X509_CRL_get0_nextUpdate.3 +MLINKS+= X509_get0_signature.3 X509_CRL_get0_signature.3 MLINKS+= X509_CRL_get0_by_serial.3 X509_CRL_get_REVOKED.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_CRL_get_ext.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_CRL_get_ext_by_NID.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_CRL_get_ext_by_OBJ.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_CRL_get_ext_by_critical.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_CRL_get_ext_count.3 +MLINKS+= X509V3_get_d2i.3 X509_CRL_get_ext_d2i.3 +MLINKS+= X509_get_subject_name.3 X509_CRL_get_issuer.3 +MLINKS+= X509_get0_signature.3 X509_CRL_get_signature_nid.3 +MLINKS+= X509_get_version.3 X509_CRL_get_version.3 +MLINKS+= X509_load_http.3 X509_CRL_http_nbio.3 +MLINKS+= X509_load_http.3 X509_CRL_load_http.3 +MLINKS+= X509_cmp.3 X509_CRL_match.3 +MLINKS+= X509_dup.3 X509_CRL_new.3 +MLINKS+= X509_dup.3 X509_CRL_new_ex.3 +MLINKS+= X509_get0_notBefore.3 X509_CRL_set1_lastUpdate.3 +MLINKS+= X509_get0_notBefore.3 X509_CRL_set1_nextUpdate.3 +MLINKS+= X509_get_subject_name.3 X509_CRL_set_issuer_name.3 +MLINKS+= X509_get_version.3 X509_CRL_set_version.3 +MLINKS+= X509_sign.3 X509_CRL_sign.3 +MLINKS+= X509_sign.3 X509_CRL_sign_ctx.3 MLINKS+= X509_CRL_get0_by_serial.3 X509_CRL_sort.3 -MLINKS+= X509_CRL_get0_by_serial.3 X509_REVOKED_get0_revocationDate.3 -MLINKS+= X509_CRL_get0_by_serial.3 X509_REVOKED_get0_serialNumber.3 -MLINKS+= X509_CRL_get0_by_serial.3 X509_REVOKED_set_revocationDate.3 -MLINKS+= X509_CRL_get0_by_serial.3 X509_REVOKED_set_serialNumber.3 +MLINKS+= X509_verify.3 X509_CRL_verify.3 MLINKS+= X509_EXTENSION_set_object.3 X509_EXTENSION_create_by_NID.3 MLINKS+= X509_EXTENSION_set_object.3 X509_EXTENSION_create_by_OBJ.3 +MLINKS+= X509_dup.3 X509_EXTENSION_dup.3 +MLINKS+= X509_dup.3 X509_EXTENSION_free.3 MLINKS+= X509_EXTENSION_set_object.3 X509_EXTENSION_get_critical.3 MLINKS+= X509_EXTENSION_set_object.3 X509_EXTENSION_get_data.3 MLINKS+= X509_EXTENSION_set_object.3 X509_EXTENSION_get_object.3 +MLINKS+= X509_dup.3 X509_EXTENSION_new.3 MLINKS+= X509_EXTENSION_set_object.3 X509_EXTENSION_set_critical.3 MLINKS+= X509_EXTENSION_set_object.3 X509_EXTENSION_set_data.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_METHOD.3 MLINKS+= X509_LOOKUP.3 X509_LOOKUP_TYPE.3 MLINKS+= X509_LOOKUP.3 X509_LOOKUP_add_dir.3 +MLINKS+= X509_LOOKUP.3 X509_LOOKUP_add_store.3 +MLINKS+= X509_LOOKUP.3 X509_LOOKUP_add_store_ex.3 MLINKS+= X509_LOOKUP.3 X509_LOOKUP_by_alias.3 MLINKS+= X509_LOOKUP.3 X509_LOOKUP_by_fingerprint.3 MLINKS+= X509_LOOKUP.3 X509_LOOKUP_by_issuer_serial.3 MLINKS+= X509_LOOKUP.3 X509_LOOKUP_by_subject.3 +MLINKS+= X509_LOOKUP.3 X509_LOOKUP_by_subject_ex.3 MLINKS+= X509_LOOKUP.3 X509_LOOKUP_ctrl.3 -MLINKS+= X509_LOOKUP.3 X509_LOOKUP_free.3 -MLINKS+= X509_LOOKUP.3 X509_LOOKUP_get_method_data.3 -MLINKS+= X509_LOOKUP.3 X509_LOOKUP_get_store.3 -MLINKS+= X509_LOOKUP.3 X509_LOOKUP_init.3 -MLINKS+= X509_LOOKUP.3 X509_LOOKUP_load_file.3 -MLINKS+= X509_LOOKUP.3 X509_LOOKUP_new.3 -MLINKS+= X509_LOOKUP.3 X509_LOOKUP_set_method_data.3 -MLINKS+= X509_LOOKUP.3 X509_LOOKUP_shutdown.3 -MLINKS+= X509_LOOKUP_hash_dir.3 X509_LOOKUP_file.3 -MLINKS+= X509_LOOKUP_hash_dir.3 X509_load_cert_crl_file.3 -MLINKS+= X509_LOOKUP_hash_dir.3 X509_load_cert_file.3 -MLINKS+= X509_LOOKUP_hash_dir.3 X509_load_crl_file.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_METHOD.3 +MLINKS+= X509_LOOKUP.3 X509_LOOKUP_ctrl_ex.3 MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_ctrl_fn.3 +MLINKS+= X509_LOOKUP_hash_dir.3 X509_LOOKUP_file.3 +MLINKS+= X509_LOOKUP.3 X509_LOOKUP_free.3 MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_get_by_alias_fn.3 MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_get_by_fingerprint_fn.3 MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_get_by_issuer_serial_fn.3 MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_get_by_subject_fn.3 +MLINKS+= X509_LOOKUP.3 X509_LOOKUP_get_method_data.3 +MLINKS+= X509_LOOKUP.3 X509_LOOKUP_get_store.3 +MLINKS+= X509_LOOKUP.3 X509_LOOKUP_init.3 +MLINKS+= X509_LOOKUP.3 X509_LOOKUP_load_file.3 +MLINKS+= X509_LOOKUP.3 X509_LOOKUP_load_file_ex.3 +MLINKS+= X509_LOOKUP.3 X509_LOOKUP_load_store.3 +MLINKS+= X509_LOOKUP.3 X509_LOOKUP_load_store_ex.3 MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_free.3 MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_get_ctrl.3 MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_get_free.3 @@ -2990,133 +4461,215 @@ MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_set_get_by_subject.3 MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_set_init.3 MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_set_new_item.3 MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_set_shutdown.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_OBJECT_set1_X509.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_OBJECT_set1_X509_CRL.3 +MLINKS+= X509_LOOKUP.3 X509_LOOKUP_new.3 +MLINKS+= X509_LOOKUP.3 X509_LOOKUP_set_method_data.3 +MLINKS+= X509_LOOKUP.3 X509_LOOKUP_shutdown.3 +MLINKS+= X509_LOOKUP_hash_dir.3 X509_LOOKUP_store.3 MLINKS+= X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_create_by_NID.3 MLINKS+= X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_create_by_OBJ.3 MLINKS+= X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_create_by_txt.3 +MLINKS+= X509_dup.3 X509_NAME_ENTRY_dup.3 +MLINKS+= X509_dup.3 X509_NAME_ENTRY_free.3 MLINKS+= X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_get_data.3 +MLINKS+= X509_dup.3 X509_NAME_ENTRY_new.3 MLINKS+= X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_set_data.3 MLINKS+= X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_set_object.3 MLINKS+= X509_NAME_add_entry_by_txt.3 X509_NAME_add_entry.3 MLINKS+= X509_NAME_add_entry_by_txt.3 X509_NAME_add_entry_by_NID.3 MLINKS+= X509_NAME_add_entry_by_txt.3 X509_NAME_add_entry_by_OBJ.3 +MLINKS+= X509_cmp.3 X509_NAME_cmp.3 MLINKS+= X509_NAME_add_entry_by_txt.3 X509_NAME_delete_entry.3 +MLINKS+= X509_digest.3 X509_NAME_digest.3 +MLINKS+= X509_dup.3 X509_NAME_dup.3 MLINKS+= X509_NAME_get_index_by_NID.3 X509_NAME_entry_count.3 +MLINKS+= X509_dup.3 X509_NAME_free.3 MLINKS+= X509_NAME_get_index_by_NID.3 X509_NAME_get_entry.3 MLINKS+= X509_NAME_get_index_by_NID.3 X509_NAME_get_index_by_OBJ.3 MLINKS+= X509_NAME_get_index_by_NID.3 X509_NAME_get_text_by_NID.3 MLINKS+= X509_NAME_get_index_by_NID.3 X509_NAME_get_text_by_OBJ.3 +MLINKS+= X509_get_subject_name.3 X509_NAME_hash.3 +MLINKS+= X509_get_subject_name.3 X509_NAME_hash_ex.3 +MLINKS+= X509_dup.3 X509_NAME_new.3 MLINKS+= X509_NAME_print_ex.3 X509_NAME_oneline.3 MLINKS+= X509_NAME_print_ex.3 X509_NAME_print.3 MLINKS+= X509_NAME_print_ex.3 X509_NAME_print_ex_fp.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_OBJECT_set1_X509.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_OBJECT_set1_X509_CRL.3 +MLINKS+= X509_PUBKEY_new.3 X509_PUBKEY_dup.3 +MLINKS+= X509_PUBKEY_new.3 X509_PUBKEY_eq.3 MLINKS+= X509_PUBKEY_new.3 X509_PUBKEY_free.3 MLINKS+= X509_PUBKEY_new.3 X509_PUBKEY_get.3 MLINKS+= X509_PUBKEY_new.3 X509_PUBKEY_get0.3 MLINKS+= X509_PUBKEY_new.3 X509_PUBKEY_get0_param.3 +MLINKS+= X509_PUBKEY_new.3 X509_PUBKEY_new_ex.3 MLINKS+= X509_PUBKEY_new.3 X509_PUBKEY_set.3 MLINKS+= X509_PUBKEY_new.3 X509_PUBKEY_set0_param.3 -MLINKS+= X509_PUBKEY_new.3 d2i_PUBKEY.3 -MLINKS+= X509_PUBKEY_new.3 d2i_PUBKEY_bio.3 -MLINKS+= X509_PUBKEY_new.3 d2i_PUBKEY_fp.3 -MLINKS+= X509_PUBKEY_new.3 i2d_PUBKEY.3 -MLINKS+= X509_PUBKEY_new.3 i2d_PUBKEY_bio.3 -MLINKS+= X509_PUBKEY_new.3 i2d_PUBKEY_fp.3 +MLINKS+= X509_dup.3 X509_REQ_INFO_free.3 +MLINKS+= X509_dup.3 X509_REQ_INFO_new.3 +MLINKS+= X509_check_private_key.3 X509_REQ_check_private_key.3 +MLINKS+= X509_digest.3 X509_REQ_digest.3 +MLINKS+= X509_dup.3 X509_REQ_dup.3 +MLINKS+= X509_dup.3 X509_REQ_free.3 +MLINKS+= X509_get0_distinguishing_id.3 X509_REQ_get0_distinguishing_id.3 +MLINKS+= X509_get_pubkey.3 X509_REQ_get0_pubkey.3 +MLINKS+= X509_get0_signature.3 X509_REQ_get0_signature.3 +MLINKS+= X509_get_pubkey.3 X509_REQ_get_X509_PUBKEY.3 +MLINKS+= X509_get_pubkey.3 X509_REQ_get_pubkey.3 +MLINKS+= X509_get0_signature.3 X509_REQ_get_signature_nid.3 +MLINKS+= X509_get_subject_name.3 X509_REQ_get_subject_name.3 +MLINKS+= X509_get_version.3 X509_REQ_get_version.3 +MLINKS+= X509_dup.3 X509_REQ_new.3 +MLINKS+= X509_dup.3 X509_REQ_new_ex.3 +MLINKS+= X509_get0_distinguishing_id.3 X509_REQ_set0_distinguishing_id.3 +MLINKS+= X509_get0_signature.3 X509_REQ_set0_signature.3 +MLINKS+= X509_get0_signature.3 X509_REQ_set1_signature_algo.3 +MLINKS+= X509_get_pubkey.3 X509_REQ_set_pubkey.3 +MLINKS+= X509_get_subject_name.3 X509_REQ_set_subject_name.3 +MLINKS+= X509_get_version.3 X509_REQ_set_version.3 +MLINKS+= X509_sign.3 X509_REQ_sign.3 +MLINKS+= X509_sign.3 X509_REQ_sign_ctx.3 +MLINKS+= X509_verify.3 X509_REQ_verify.3 +MLINKS+= X509_verify.3 X509_REQ_verify_ex.3 +MLINKS+= X509V3_get_d2i.3 X509_REVOKED_add1_ext_i2d.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_REVOKED_add_ext.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_REVOKED_delete_ext.3 +MLINKS+= X509_dup.3 X509_REVOKED_dup.3 +MLINKS+= X509_dup.3 X509_REVOKED_free.3 +MLINKS+= X509V3_get_d2i.3 X509_REVOKED_get0_extensions.3 +MLINKS+= X509_CRL_get0_by_serial.3 X509_REVOKED_get0_revocationDate.3 +MLINKS+= X509_CRL_get0_by_serial.3 X509_REVOKED_get0_serialNumber.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_REVOKED_get_ext.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_REVOKED_get_ext_by_NID.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_REVOKED_get_ext_by_OBJ.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_REVOKED_get_ext_by_critical.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_REVOKED_get_ext_count.3 +MLINKS+= X509V3_get_d2i.3 X509_REVOKED_get_ext_d2i.3 +MLINKS+= X509_dup.3 X509_REVOKED_new.3 +MLINKS+= X509_CRL_get0_by_serial.3 X509_REVOKED_set_revocationDate.3 +MLINKS+= X509_CRL_get0_by_serial.3 X509_REVOKED_set_serialNumber.3 +MLINKS+= X509_get0_signature.3 X509_SIG_INFO_get.3 +MLINKS+= X509_get0_signature.3 X509_SIG_INFO_set.3 +MLINKS+= X509_dup.3 X509_SIG_free.3 MLINKS+= X509_SIG_get0.3 X509_SIG_getm.3 -MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_get0_cert.3 -MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_get1_chain.3 -MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_get_current_cert.3 -MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_get_error_depth.3 -MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_set_current_cert.3 -MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_set_error.3 -MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_set_error_depth.3 -MLINKS+= X509_STORE_CTX_get_error.3 X509_verify_cert_error_string.3 +MLINKS+= X509_dup.3 X509_SIG_new.3 +MLINKS+= X509_STORE_add_cert.3 X509_STORE.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_cert_crl_fn.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_check_crl_fn.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_check_issued_fn.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_check_policy_fn.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_check_revocation_fn.3 MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_cleanup.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_cleanup_fn.3 MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_free.3 +MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_get0_cert.3 MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_get0_chain.3 MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_get0_param.3 MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_get0_untrusted.3 +MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_get1_chain.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_get1_issuer.3 +MLINKS+= BIO_get_ex_new_index.3 X509_STORE_CTX_get_app_data.3 +MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_cert_crl.3 +MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_check_crl.3 +MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_check_issued.3 +MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_check_policy.3 +MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_check_revocation.3 +MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_cleanup.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_get_crl_fn.3 +MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_get_current_cert.3 +MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_get_error_depth.3 +MLINKS+= BIO_get_ex_new_index.3 X509_STORE_CTX_get_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 X509_STORE_CTX_get_ex_new_index.3 +MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_get_crl.3 +MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_get_issuer.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_get_issuer_fn.3 +MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_lookup_certs.3 +MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_lookup_crls.3 MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_get_num_untrusted.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_get_verify.3 +MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_verify_cb.3 MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_init.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_lookup_certs_fn.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_lookup_crls_fn.3 +MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_new_ex.3 +MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_print_verify_cb.3 MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_purpose_inherit.3 MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set0_crls.3 MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set0_param.3 MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set0_trusted_stack.3 MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set0_untrusted.3 MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set0_verified_chain.3 +MLINKS+= BIO_get_ex_new_index.3 X509_STORE_CTX_set_app_data.3 MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set_cert.3 +MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_set_current_cert.3 MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set_default.3 +MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_set_error.3 +MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_set_error_depth.3 +MLINKS+= BIO_get_ex_new_index.3 X509_STORE_CTX_set_ex_data.3 MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set_purpose.3 MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set_trust.3 MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set_verify.3 -MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_verify_fn.3 -MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_cert_crl.3 -MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_check_crl.3 -MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_check_issued.3 -MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_check_policy.3 -MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_check_revocation.3 -MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_cleanup.3 -MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_get_crl.3 -MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_get_issuer.3 -MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_lookup_certs.3 -MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_lookup_crls.3 -MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_verify_cb.3 +MLINKS+= X509_verify_cert.3 X509_STORE_CTX_verify.3 MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_verify_cb.3 -MLINKS+= X509_STORE_add_cert.3 X509_STORE.3 +MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_verify_fn.3 MLINKS+= X509_STORE_add_cert.3 X509_STORE_add_crl.3 MLINKS+= X509_STORE_add_cert.3 X509_STORE_add_lookup.3 -MLINKS+= X509_STORE_add_cert.3 X509_STORE_load_locations.3 -MLINKS+= X509_STORE_add_cert.3 X509_STORE_set_default_paths.3 -MLINKS+= X509_STORE_add_cert.3 X509_STORE_set_depth.3 -MLINKS+= X509_STORE_add_cert.3 X509_STORE_set_flags.3 -MLINKS+= X509_STORE_add_cert.3 X509_STORE_set_purpose.3 -MLINKS+= X509_STORE_add_cert.3 X509_STORE_set_trust.3 -MLINKS+= X509_STORE_get0_param.3 X509_STORE_get0_objects.3 -MLINKS+= X509_STORE_get0_param.3 X509_STORE_set1_param.3 MLINKS+= X509_STORE_new.3 X509_STORE_free.3 -MLINKS+= X509_STORE_new.3 X509_STORE_lock.3 -MLINKS+= X509_STORE_new.3 X509_STORE_unlock.3 -MLINKS+= X509_STORE_new.3 X509_STORE_up_ref.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_cert_crl_fn.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_check_crl_fn.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_check_issued_fn.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_check_policy_fn.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_check_revocation_fn.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_cleanup_fn.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_get_crl_fn.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_get_issuer_fn.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_get_verify.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_lookup_certs_fn.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_lookup_crls_fn.3 +MLINKS+= X509_STORE_get0_param.3 X509_STORE_get0_objects.3 +MLINKS+= X509_STORE_get0_param.3 X509_STORE_get1_all_certs.3 MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_cert_crl.3 MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_check_crl.3 MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_check_issued.3 MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_check_policy.3 MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_check_revocation.3 MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_cleanup.3 +MLINKS+= BIO_get_ex_new_index.3 X509_STORE_get_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 X509_STORE_get_ex_new_index.3 MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_get_crl.3 MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_get_issuer.3 MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_lookup_certs.3 MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_lookup_crls.3 MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_verify_cb.3 +MLINKS+= X509_STORE_add_cert.3 X509_STORE_load_file.3 +MLINKS+= X509_STORE_add_cert.3 X509_STORE_load_file_ex.3 +MLINKS+= X509_STORE_add_cert.3 X509_STORE_load_locations.3 +MLINKS+= X509_STORE_add_cert.3 X509_STORE_load_locations_ex.3 +MLINKS+= X509_STORE_add_cert.3 X509_STORE_load_path.3 +MLINKS+= X509_STORE_add_cert.3 X509_STORE_load_store.3 +MLINKS+= X509_STORE_add_cert.3 X509_STORE_load_store_ex.3 +MLINKS+= X509_STORE_new.3 X509_STORE_lock.3 +MLINKS+= X509_STORE_get0_param.3 X509_STORE_set1_param.3 MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_cert_crl.3 MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_check_crl.3 MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_check_issued.3 MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_check_policy.3 MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_check_revocation.3 MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_cleanup.3 +MLINKS+= X509_STORE_add_cert.3 X509_STORE_set_default_paths.3 +MLINKS+= X509_STORE_add_cert.3 X509_STORE_set_default_paths_ex.3 +MLINKS+= X509_STORE_add_cert.3 X509_STORE_set_depth.3 +MLINKS+= BIO_get_ex_new_index.3 X509_STORE_set_ex_data.3 +MLINKS+= X509_STORE_add_cert.3 X509_STORE_set_flags.3 MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_get_crl.3 MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_get_issuer.3 MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_lookup_certs.3 MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_lookup_crls.3 MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_lookup_crls_cb.3 +MLINKS+= X509_STORE_add_cert.3 X509_STORE_set_purpose.3 +MLINKS+= X509_STORE_add_cert.3 X509_STORE_set_trust.3 MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_verify.3 MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_verify_cb.3 MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_verify_func.3 +MLINKS+= X509_STORE_new.3 X509_STORE_unlock.3 +MLINKS+= X509_STORE_new.3 X509_STORE_up_ref.3 +MLINKS+= X509_dup.3 X509_VAL_free.3 +MLINKS+= X509_dup.3 X509_VAL_new.3 MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_add0_policy.3 MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_add1_host.3 MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_clear_flags.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_get0_email.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_get0_host.3 MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_get0_peername.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_get1_ip_asc.3 MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_get_auth_level.3 MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_get_depth.3 MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_get_flags.3 @@ -3135,367 +4688,87 @@ MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set_inh_flags.3 MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set_purpose.3 MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set_time.3 MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set_trust.3 +MLINKS+= X509V3_get_d2i.3 X509_add1_ext_i2d.3 +MLINKS+= X509_add_cert.3 X509_add_certs.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_add_ext.3 +MLINKS+= X509_verify_cert.3 X509_build_chain.3 +MLINKS+= X509_new.3 X509_chain_up_ref.3 MLINKS+= X509_check_host.3 X509_check_email.3 MLINKS+= X509_check_host.3 X509_check_ip.3 MLINKS+= X509_check_host.3 X509_check_ip_asc.3 -MLINKS+= X509_check_private_key.3 X509_REQ_check_private_key.3 -MLINKS+= X509_cmp.3 X509_CRL_cmp.3 -MLINKS+= X509_cmp.3 X509_CRL_match.3 -MLINKS+= X509_cmp.3 X509_NAME_cmp.3 -MLINKS+= X509_cmp.3 X509_issuer_and_serial_cmp.3 -MLINKS+= X509_cmp.3 X509_issuer_name_cmp.3 -MLINKS+= X509_cmp.3 X509_subject_name_cmp.3 MLINKS+= X509_cmp_time.3 X509_cmp_current_time.3 -MLINKS+= X509_cmp_time.3 X509_time_adj.3 -MLINKS+= X509_cmp_time.3 X509_time_adj_ex.3 -MLINKS+= X509_digest.3 PKCS7_ISSUER_AND_SERIAL_digest.3 -MLINKS+= X509_digest.3 X509_CRL_digest.3 -MLINKS+= X509_digest.3 X509_NAME_digest.3 -MLINKS+= X509_digest.3 X509_REQ_digest.3 -MLINKS+= X509_digest.3 X509_pubkey_digest.3 -MLINKS+= X509_dup.3 ACCESS_DESCRIPTION_free.3 -MLINKS+= X509_dup.3 ACCESS_DESCRIPTION_new.3 -MLINKS+= X509_dup.3 ADMISSIONS_free.3 -MLINKS+= X509_dup.3 ADMISSIONS_new.3 -MLINKS+= X509_dup.3 ADMISSION_SYNTAX_free.3 -MLINKS+= X509_dup.3 ADMISSION_SYNTAX_new.3 -MLINKS+= X509_dup.3 ASIdOrRange_free.3 -MLINKS+= X509_dup.3 ASIdOrRange_new.3 -MLINKS+= X509_dup.3 ASIdentifierChoice_free.3 -MLINKS+= X509_dup.3 ASIdentifierChoice_new.3 -MLINKS+= X509_dup.3 ASIdentifiers_free.3 -MLINKS+= X509_dup.3 ASIdentifiers_new.3 -MLINKS+= X509_dup.3 ASN1_ITEM.3 -MLINKS+= X509_dup.3 ASRange_free.3 -MLINKS+= X509_dup.3 ASRange_new.3 -MLINKS+= X509_dup.3 AUTHORITY_INFO_ACCESS_free.3 -MLINKS+= X509_dup.3 AUTHORITY_INFO_ACCESS_new.3 -MLINKS+= X509_dup.3 AUTHORITY_KEYID_free.3 -MLINKS+= X509_dup.3 AUTHORITY_KEYID_new.3 -MLINKS+= X509_dup.3 BASIC_CONSTRAINTS_free.3 -MLINKS+= X509_dup.3 BASIC_CONSTRAINTS_new.3 -MLINKS+= X509_dup.3 CERTIFICATEPOLICIES_free.3 -MLINKS+= X509_dup.3 CERTIFICATEPOLICIES_new.3 -MLINKS+= X509_dup.3 CMS_ContentInfo_free.3 -MLINKS+= X509_dup.3 CMS_ContentInfo_new.3 -MLINKS+= X509_dup.3 CMS_ContentInfo_print_ctx.3 -MLINKS+= X509_dup.3 CMS_ReceiptRequest_free.3 -MLINKS+= X509_dup.3 CMS_ReceiptRequest_new.3 -MLINKS+= X509_dup.3 CRL_DIST_POINTS_free.3 -MLINKS+= X509_dup.3 CRL_DIST_POINTS_new.3 -MLINKS+= X509_dup.3 DECLARE_ASN1_FUNCTIONS.3 -MLINKS+= X509_dup.3 DIRECTORYSTRING_free.3 -MLINKS+= X509_dup.3 DIRECTORYSTRING_new.3 -MLINKS+= X509_dup.3 DISPLAYTEXT_free.3 -MLINKS+= X509_dup.3 DISPLAYTEXT_new.3 -MLINKS+= X509_dup.3 DIST_POINT_NAME_free.3 -MLINKS+= X509_dup.3 DIST_POINT_NAME_new.3 -MLINKS+= X509_dup.3 DIST_POINT_free.3 -MLINKS+= X509_dup.3 DIST_POINT_new.3 -MLINKS+= X509_dup.3 DSAparams_dup.3 -MLINKS+= X509_dup.3 ECPARAMETERS_free.3 -MLINKS+= X509_dup.3 ECPARAMETERS_new.3 -MLINKS+= X509_dup.3 ECPKPARAMETERS_free.3 -MLINKS+= X509_dup.3 ECPKPARAMETERS_new.3 -MLINKS+= X509_dup.3 EDIPARTYNAME_free.3 -MLINKS+= X509_dup.3 EDIPARTYNAME_new.3 -MLINKS+= X509_dup.3 ESS_CERT_ID_dup.3 -MLINKS+= X509_dup.3 ESS_CERT_ID_free.3 -MLINKS+= X509_dup.3 ESS_CERT_ID_new.3 -MLINKS+= X509_dup.3 ESS_ISSUER_SERIAL_dup.3 -MLINKS+= X509_dup.3 ESS_ISSUER_SERIAL_free.3 -MLINKS+= X509_dup.3 ESS_ISSUER_SERIAL_new.3 -MLINKS+= X509_dup.3 ESS_SIGNING_CERT_dup.3 -MLINKS+= X509_dup.3 ESS_SIGNING_CERT_free.3 -MLINKS+= X509_dup.3 ESS_SIGNING_CERT_new.3 -MLINKS+= X509_dup.3 EXTENDED_KEY_USAGE_free.3 -MLINKS+= X509_dup.3 EXTENDED_KEY_USAGE_new.3 -MLINKS+= X509_dup.3 GENERAL_NAMES_free.3 -MLINKS+= X509_dup.3 GENERAL_NAMES_new.3 -MLINKS+= X509_dup.3 GENERAL_NAME_dup.3 -MLINKS+= X509_dup.3 GENERAL_NAME_free.3 -MLINKS+= X509_dup.3 GENERAL_NAME_new.3 -MLINKS+= X509_dup.3 GENERAL_SUBTREE_free.3 -MLINKS+= X509_dup.3 GENERAL_SUBTREE_new.3 -MLINKS+= X509_dup.3 IMPLEMENT_ASN1_FUNCTIONS.3 -MLINKS+= X509_dup.3 IPAddressChoice_free.3 -MLINKS+= X509_dup.3 IPAddressChoice_new.3 -MLINKS+= X509_dup.3 IPAddressFamily_free.3 -MLINKS+= X509_dup.3 IPAddressFamily_new.3 -MLINKS+= X509_dup.3 IPAddressOrRange_free.3 -MLINKS+= X509_dup.3 IPAddressOrRange_new.3 -MLINKS+= X509_dup.3 IPAddressRange_free.3 -MLINKS+= X509_dup.3 IPAddressRange_new.3 -MLINKS+= X509_dup.3 ISSUING_DIST_POINT_free.3 -MLINKS+= X509_dup.3 ISSUING_DIST_POINT_new.3 -MLINKS+= X509_dup.3 NAME_CONSTRAINTS_free.3 -MLINKS+= X509_dup.3 NAME_CONSTRAINTS_new.3 -MLINKS+= X509_dup.3 NAMING_AUTHORITY_free.3 -MLINKS+= X509_dup.3 NAMING_AUTHORITY_new.3 -MLINKS+= X509_dup.3 NETSCAPE_CERT_SEQUENCE_free.3 -MLINKS+= X509_dup.3 NETSCAPE_CERT_SEQUENCE_new.3 -MLINKS+= X509_dup.3 NETSCAPE_SPKAC_free.3 -MLINKS+= X509_dup.3 NETSCAPE_SPKAC_new.3 -MLINKS+= X509_dup.3 NETSCAPE_SPKI_free.3 -MLINKS+= X509_dup.3 NETSCAPE_SPKI_new.3 -MLINKS+= X509_dup.3 NOTICEREF_free.3 -MLINKS+= X509_dup.3 NOTICEREF_new.3 -MLINKS+= X509_dup.3 OCSP_BASICRESP_free.3 -MLINKS+= X509_dup.3 OCSP_BASICRESP_new.3 -MLINKS+= X509_dup.3 OCSP_CERTID_dup.3 -MLINKS+= X509_dup.3 OCSP_CERTID_new.3 -MLINKS+= X509_dup.3 OCSP_CERTSTATUS_free.3 -MLINKS+= X509_dup.3 OCSP_CERTSTATUS_new.3 -MLINKS+= X509_dup.3 OCSP_CRLID_free.3 -MLINKS+= X509_dup.3 OCSP_CRLID_new.3 -MLINKS+= X509_dup.3 OCSP_ONEREQ_free.3 -MLINKS+= X509_dup.3 OCSP_ONEREQ_new.3 -MLINKS+= X509_dup.3 OCSP_REQINFO_free.3 -MLINKS+= X509_dup.3 OCSP_REQINFO_new.3 -MLINKS+= X509_dup.3 OCSP_RESPBYTES_free.3 -MLINKS+= X509_dup.3 OCSP_RESPBYTES_new.3 -MLINKS+= X509_dup.3 OCSP_RESPDATA_free.3 -MLINKS+= X509_dup.3 OCSP_RESPDATA_new.3 -MLINKS+= X509_dup.3 OCSP_RESPID_free.3 -MLINKS+= X509_dup.3 OCSP_RESPID_new.3 -MLINKS+= X509_dup.3 OCSP_RESPONSE_new.3 -MLINKS+= X509_dup.3 OCSP_REVOKEDINFO_free.3 -MLINKS+= X509_dup.3 OCSP_REVOKEDINFO_new.3 -MLINKS+= X509_dup.3 OCSP_SERVICELOC_free.3 -MLINKS+= X509_dup.3 OCSP_SERVICELOC_new.3 -MLINKS+= X509_dup.3 OCSP_SIGNATURE_free.3 -MLINKS+= X509_dup.3 OCSP_SIGNATURE_new.3 -MLINKS+= X509_dup.3 OCSP_SINGLERESP_free.3 -MLINKS+= X509_dup.3 OCSP_SINGLERESP_new.3 -MLINKS+= X509_dup.3 OTHERNAME_free.3 -MLINKS+= X509_dup.3 OTHERNAME_new.3 -MLINKS+= X509_dup.3 PBE2PARAM_free.3 -MLINKS+= X509_dup.3 PBE2PARAM_new.3 -MLINKS+= X509_dup.3 PBEPARAM_free.3 -MLINKS+= X509_dup.3 PBEPARAM_new.3 -MLINKS+= X509_dup.3 PBKDF2PARAM_free.3 -MLINKS+= X509_dup.3 PBKDF2PARAM_new.3 -MLINKS+= X509_dup.3 PKCS12_BAGS_free.3 -MLINKS+= X509_dup.3 PKCS12_BAGS_new.3 -MLINKS+= X509_dup.3 PKCS12_MAC_DATA_free.3 -MLINKS+= X509_dup.3 PKCS12_MAC_DATA_new.3 -MLINKS+= X509_dup.3 PKCS12_SAFEBAG_free.3 -MLINKS+= X509_dup.3 PKCS12_SAFEBAG_new.3 -MLINKS+= X509_dup.3 PKCS12_free.3 -MLINKS+= X509_dup.3 PKCS12_new.3 -MLINKS+= X509_dup.3 PKCS7_DIGEST_free.3 -MLINKS+= X509_dup.3 PKCS7_DIGEST_new.3 -MLINKS+= X509_dup.3 PKCS7_ENCRYPT_free.3 -MLINKS+= X509_dup.3 PKCS7_ENCRYPT_new.3 -MLINKS+= X509_dup.3 PKCS7_ENC_CONTENT_free.3 -MLINKS+= X509_dup.3 PKCS7_ENC_CONTENT_new.3 -MLINKS+= X509_dup.3 PKCS7_ENVELOPE_free.3 -MLINKS+= X509_dup.3 PKCS7_ENVELOPE_new.3 -MLINKS+= X509_dup.3 PKCS7_ISSUER_AND_SERIAL_free.3 -MLINKS+= X509_dup.3 PKCS7_ISSUER_AND_SERIAL_new.3 -MLINKS+= X509_dup.3 PKCS7_RECIP_INFO_free.3 -MLINKS+= X509_dup.3 PKCS7_RECIP_INFO_new.3 -MLINKS+= X509_dup.3 PKCS7_SIGNED_free.3 -MLINKS+= X509_dup.3 PKCS7_SIGNED_new.3 -MLINKS+= X509_dup.3 PKCS7_SIGNER_INFO_free.3 -MLINKS+= X509_dup.3 PKCS7_SIGNER_INFO_new.3 -MLINKS+= X509_dup.3 PKCS7_SIGN_ENVELOPE_free.3 -MLINKS+= X509_dup.3 PKCS7_SIGN_ENVELOPE_new.3 -MLINKS+= X509_dup.3 PKCS7_dup.3 -MLINKS+= X509_dup.3 PKCS7_free.3 -MLINKS+= X509_dup.3 PKCS7_new.3 -MLINKS+= X509_dup.3 PKCS7_print_ctx.3 -MLINKS+= X509_dup.3 PKCS8_PRIV_KEY_INFO_free.3 -MLINKS+= X509_dup.3 PKCS8_PRIV_KEY_INFO_new.3 -MLINKS+= X509_dup.3 PKEY_USAGE_PERIOD_free.3 -MLINKS+= X509_dup.3 PKEY_USAGE_PERIOD_new.3 -MLINKS+= X509_dup.3 POLICYINFO_free.3 -MLINKS+= X509_dup.3 POLICYINFO_new.3 -MLINKS+= X509_dup.3 POLICYQUALINFO_free.3 -MLINKS+= X509_dup.3 POLICYQUALINFO_new.3 -MLINKS+= X509_dup.3 POLICY_CONSTRAINTS_free.3 -MLINKS+= X509_dup.3 POLICY_CONSTRAINTS_new.3 -MLINKS+= X509_dup.3 POLICY_MAPPING_free.3 -MLINKS+= X509_dup.3 POLICY_MAPPING_new.3 -MLINKS+= X509_dup.3 PROFESSION_INFOS_free.3 -MLINKS+= X509_dup.3 PROFESSION_INFOS_new.3 -MLINKS+= X509_dup.3 PROFESSION_INFO_free.3 -MLINKS+= X509_dup.3 PROFESSION_INFO_new.3 -MLINKS+= X509_dup.3 PROXY_CERT_INFO_EXTENSION_free.3 -MLINKS+= X509_dup.3 PROXY_CERT_INFO_EXTENSION_new.3 -MLINKS+= X509_dup.3 PROXY_POLICY_free.3 -MLINKS+= X509_dup.3 PROXY_POLICY_new.3 -MLINKS+= X509_dup.3 RSAPrivateKey_dup.3 -MLINKS+= X509_dup.3 RSAPublicKey_dup.3 -MLINKS+= X509_dup.3 RSA_OAEP_PARAMS_free.3 -MLINKS+= X509_dup.3 RSA_OAEP_PARAMS_new.3 -MLINKS+= X509_dup.3 RSA_PSS_PARAMS_free.3 -MLINKS+= X509_dup.3 RSA_PSS_PARAMS_new.3 -MLINKS+= X509_dup.3 SCRYPT_PARAMS_free.3 -MLINKS+= X509_dup.3 SCRYPT_PARAMS_new.3 -MLINKS+= X509_dup.3 SXNETID_free.3 -MLINKS+= X509_dup.3 SXNETID_new.3 -MLINKS+= X509_dup.3 SXNET_free.3 -MLINKS+= X509_dup.3 SXNET_new.3 -MLINKS+= X509_dup.3 TLS_FEATURE_free.3 -MLINKS+= X509_dup.3 TLS_FEATURE_new.3 -MLINKS+= X509_dup.3 TS_ACCURACY_dup.3 -MLINKS+= X509_dup.3 TS_ACCURACY_free.3 -MLINKS+= X509_dup.3 TS_ACCURACY_new.3 -MLINKS+= X509_dup.3 TS_MSG_IMPRINT_dup.3 -MLINKS+= X509_dup.3 TS_MSG_IMPRINT_free.3 -MLINKS+= X509_dup.3 TS_MSG_IMPRINT_new.3 -MLINKS+= X509_dup.3 TS_REQ_dup.3 -MLINKS+= X509_dup.3 TS_REQ_free.3 -MLINKS+= X509_dup.3 TS_REQ_new.3 -MLINKS+= X509_dup.3 TS_RESP_dup.3 -MLINKS+= X509_dup.3 TS_RESP_free.3 -MLINKS+= X509_dup.3 TS_RESP_new.3 -MLINKS+= X509_dup.3 TS_STATUS_INFO_dup.3 -MLINKS+= X509_dup.3 TS_STATUS_INFO_free.3 -MLINKS+= X509_dup.3 TS_STATUS_INFO_new.3 -MLINKS+= X509_dup.3 TS_TST_INFO_dup.3 -MLINKS+= X509_dup.3 TS_TST_INFO_free.3 -MLINKS+= X509_dup.3 TS_TST_INFO_new.3 -MLINKS+= X509_dup.3 USERNOTICE_free.3 -MLINKS+= X509_dup.3 USERNOTICE_new.3 -MLINKS+= X509_dup.3 X509_ALGOR_free.3 -MLINKS+= X509_dup.3 X509_ALGOR_new.3 -MLINKS+= X509_dup.3 X509_ATTRIBUTE_dup.3 -MLINKS+= X509_dup.3 X509_ATTRIBUTE_free.3 -MLINKS+= X509_dup.3 X509_ATTRIBUTE_new.3 -MLINKS+= X509_dup.3 X509_CERT_AUX_free.3 -MLINKS+= X509_dup.3 X509_CERT_AUX_new.3 -MLINKS+= X509_dup.3 X509_CINF_free.3 -MLINKS+= X509_dup.3 X509_CINF_new.3 -MLINKS+= X509_dup.3 X509_CRL_INFO_free.3 -MLINKS+= X509_dup.3 X509_CRL_INFO_new.3 -MLINKS+= X509_dup.3 X509_CRL_dup.3 -MLINKS+= X509_dup.3 X509_CRL_free.3 -MLINKS+= X509_dup.3 X509_CRL_new.3 -MLINKS+= X509_dup.3 X509_EXTENSION_dup.3 -MLINKS+= X509_dup.3 X509_EXTENSION_free.3 -MLINKS+= X509_dup.3 X509_EXTENSION_new.3 -MLINKS+= X509_dup.3 X509_NAME_ENTRY_dup.3 -MLINKS+= X509_dup.3 X509_NAME_ENTRY_free.3 -MLINKS+= X509_dup.3 X509_NAME_ENTRY_new.3 -MLINKS+= X509_dup.3 X509_NAME_dup.3 -MLINKS+= X509_dup.3 X509_NAME_free.3 -MLINKS+= X509_dup.3 X509_NAME_new.3 -MLINKS+= X509_dup.3 X509_REQ_INFO_free.3 -MLINKS+= X509_dup.3 X509_REQ_INFO_new.3 -MLINKS+= X509_dup.3 X509_REQ_dup.3 -MLINKS+= X509_dup.3 X509_REQ_free.3 -MLINKS+= X509_dup.3 X509_REQ_new.3 -MLINKS+= X509_dup.3 X509_REVOKED_dup.3 -MLINKS+= X509_dup.3 X509_REVOKED_free.3 -MLINKS+= X509_dup.3 X509_REVOKED_new.3 -MLINKS+= X509_dup.3 X509_SIG_free.3 -MLINKS+= X509_dup.3 X509_SIG_new.3 -MLINKS+= X509_dup.3 X509_VAL_free.3 -MLINKS+= X509_dup.3 X509_VAL_new.3 -MLINKS+= X509_get0_notBefore.3 X509_CRL_get0_lastUpdate.3 -MLINKS+= X509_get0_notBefore.3 X509_CRL_get0_nextUpdate.3 -MLINKS+= X509_get0_notBefore.3 X509_CRL_set1_lastUpdate.3 -MLINKS+= X509_get0_notBefore.3 X509_CRL_set1_nextUpdate.3 -MLINKS+= X509_get0_notBefore.3 X509_get0_notAfter.3 -MLINKS+= X509_get0_notBefore.3 X509_getm_notAfter.3 -MLINKS+= X509_get0_notBefore.3 X509_getm_notBefore.3 -MLINKS+= X509_get0_notBefore.3 X509_set1_notAfter.3 -MLINKS+= X509_get0_notBefore.3 X509_set1_notBefore.3 -MLINKS+= X509_get0_signature.3 X509_CRL_get0_signature.3 -MLINKS+= X509_get0_signature.3 X509_CRL_get_signature_nid.3 -MLINKS+= X509_get0_signature.3 X509_REQ_get0_signature.3 -MLINKS+= X509_get0_signature.3 X509_REQ_get_signature_nid.3 -MLINKS+= X509_get0_signature.3 X509_REQ_set0_signature.3 -MLINKS+= X509_get0_signature.3 X509_REQ_set1_signature_algo.3 -MLINKS+= X509_get0_signature.3 X509_SIG_INFO_get.3 -MLINKS+= X509_get0_signature.3 X509_SIG_INFO_set.3 -MLINKS+= X509_get0_signature.3 X509_get0_tbs_sigalg.3 -MLINKS+= X509_get0_signature.3 X509_get_signature_info.3 -MLINKS+= X509_get0_signature.3 X509_get_signature_nid.3 +MLINKS+= X509_cmp_time.3 X509_cmp_timeframe.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_delete_ext.3 +MLINKS+= X509_digest.3 X509_digest_sig.3 +MLINKS+= X509_new.3 X509_free.3 MLINKS+= X509_get_extension_flags.3 X509_get0_authority_issuer.3 MLINKS+= X509_get_extension_flags.3 X509_get0_authority_key_id.3 MLINKS+= X509_get_extension_flags.3 X509_get0_authority_serial.3 +MLINKS+= X509V3_get_d2i.3 X509_get0_extensions.3 +MLINKS+= X509_get0_notBefore.3 X509_get0_notAfter.3 +MLINKS+= X509_get_pubkey.3 X509_get0_pubkey.3 +MLINKS+= X509_get_serialNumber.3 X509_get0_serialNumber.3 MLINKS+= X509_get_extension_flags.3 X509_get0_subject_key_id.3 +MLINKS+= X509_get0_signature.3 X509_get0_tbs_sigalg.3 +MLINKS+= X509_get_pubkey.3 X509_get_X509_PUBKEY.3 +MLINKS+= BIO_get_ex_new_index.3 X509_get_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 X509_get_ex_new_index.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_get_ext.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_get_ext_by_NID.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_get_ext_by_OBJ.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_get_ext_by_critical.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_get_ext_count.3 +MLINKS+= X509V3_get_d2i.3 X509_get_ext_d2i.3 MLINKS+= X509_get_extension_flags.3 X509_get_extended_key_usage.3 +MLINKS+= X509_get_subject_name.3 X509_get_issuer_name.3 MLINKS+= X509_get_extension_flags.3 X509_get_key_usage.3 MLINKS+= X509_get_extension_flags.3 X509_get_pathlen.3 MLINKS+= X509_get_extension_flags.3 X509_get_proxy_pathlen.3 +MLINKS+= X509_get0_signature.3 X509_get_signature_info.3 +MLINKS+= X509_get0_signature.3 X509_get_signature_nid.3 +MLINKS+= X509_get0_notBefore.3 X509_getm_notAfter.3 +MLINKS+= X509_get0_notBefore.3 X509_getm_notBefore.3 +MLINKS+= X509_cmp_time.3 X509_gmtime_adj.3 +MLINKS+= X509_load_http.3 X509_http_nbio.3 +MLINKS+= X509_cmp.3 X509_issuer_and_serial_cmp.3 +MLINKS+= X509_cmp.3 X509_issuer_name_cmp.3 +MLINKS+= X509_get_subject_name.3 X509_issuer_name_hash.3 +MLINKS+= X509_LOOKUP_hash_dir.3 X509_load_cert_crl_file.3 +MLINKS+= X509_LOOKUP_hash_dir.3 X509_load_cert_crl_file_ex.3 +MLINKS+= X509_LOOKUP_hash_dir.3 X509_load_cert_file.3 +MLINKS+= X509_LOOKUP_hash_dir.3 X509_load_cert_file_ex.3 +MLINKS+= X509_LOOKUP_hash_dir.3 X509_load_crl_file.3 +MLINKS+= X509_new.3 X509_new_ex.3 +MLINKS+= X509_digest.3 X509_pubkey_digest.3 +MLINKS+= X509_verify.3 X509_self_signed.3 +MLINKS+= X509_get0_distinguishing_id.3 X509_set0_distinguishing_id.3 +MLINKS+= X509_get0_notBefore.3 X509_set1_notAfter.3 +MLINKS+= X509_get0_notBefore.3 X509_set1_notBefore.3 +MLINKS+= BIO_get_ex_new_index.3 X509_set_ex_data.3 +MLINKS+= X509_get_subject_name.3 X509_set_issuer_name.3 MLINKS+= X509_get_extension_flags.3 X509_set_proxy_flag.3 MLINKS+= X509_get_extension_flags.3 X509_set_proxy_pathlen.3 -MLINKS+= X509_get_pubkey.3 X509_REQ_get0_pubkey.3 -MLINKS+= X509_get_pubkey.3 X509_REQ_get_X509_PUBKEY.3 -MLINKS+= X509_get_pubkey.3 X509_REQ_get_pubkey.3 -MLINKS+= X509_get_pubkey.3 X509_REQ_set_pubkey.3 -MLINKS+= X509_get_pubkey.3 X509_get0_pubkey.3 -MLINKS+= X509_get_pubkey.3 X509_get_X509_PUBKEY.3 MLINKS+= X509_get_pubkey.3 X509_set_pubkey.3 -MLINKS+= X509_get_serialNumber.3 X509_get0_serialNumber.3 MLINKS+= X509_get_serialNumber.3 X509_set_serialNumber.3 -MLINKS+= X509_get_subject_name.3 X509_CRL_get_issuer.3 -MLINKS+= X509_get_subject_name.3 X509_CRL_set_issuer_name.3 -MLINKS+= X509_get_subject_name.3 X509_REQ_get_subject_name.3 -MLINKS+= X509_get_subject_name.3 X509_REQ_set_subject_name.3 -MLINKS+= X509_get_subject_name.3 X509_get_issuer_name.3 -MLINKS+= X509_get_subject_name.3 X509_set_issuer_name.3 MLINKS+= X509_get_subject_name.3 X509_set_subject_name.3 -MLINKS+= X509_get_version.3 X509_CRL_get_version.3 -MLINKS+= X509_get_version.3 X509_CRL_set_version.3 -MLINKS+= X509_get_version.3 X509_REQ_get_version.3 -MLINKS+= X509_get_version.3 X509_REQ_set_version.3 MLINKS+= X509_get_version.3 X509_set_version.3 -MLINKS+= X509_new.3 X509_chain_up_ref.3 -MLINKS+= X509_new.3 X509_free.3 -MLINKS+= X509_new.3 X509_up_ref.3 -MLINKS+= X509_sign.3 X509_CRL_sign.3 -MLINKS+= X509_sign.3 X509_CRL_sign_ctx.3 -MLINKS+= X509_sign.3 X509_CRL_verify.3 -MLINKS+= X509_sign.3 X509_REQ_sign.3 -MLINKS+= X509_sign.3 X509_REQ_sign_ctx.3 -MLINKS+= X509_sign.3 X509_REQ_verify.3 MLINKS+= X509_sign.3 X509_sign_ctx.3 -MLINKS+= X509_sign.3 X509_verify.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_CRL_add_ext.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_CRL_delete_ext.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_CRL_get_ext.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_CRL_get_ext_by_NID.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_CRL_get_ext_by_OBJ.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_CRL_get_ext_by_critical.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_CRL_get_ext_count.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_REVOKED_add_ext.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_REVOKED_delete_ext.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_REVOKED_get_ext.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_REVOKED_get_ext_by_NID.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_REVOKED_get_ext_by_OBJ.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_REVOKED_get_ext_by_critical.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_REVOKED_get_ext_count.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_add_ext.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_delete_ext.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_get_ext.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_get_ext_by_NID.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_get_ext_by_OBJ.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_get_ext_by_critical.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_get_ext_count.3 +MLINKS+= X509_cmp.3 X509_subject_name_cmp.3 +MLINKS+= X509_get_subject_name.3 X509_subject_name_hash.3 +MLINKS+= X509_cmp_time.3 X509_time_adj.3 +MLINKS+= X509_cmp_time.3 X509_time_adj_ex.3 +MLINKS+= X509_new.3 X509_up_ref.3 +MLINKS+= X509_STORE_CTX_get_error.3 X509_verify_cert_error_string.3 MLINKS+= X509v3_get_ext_by_NID.3 X509v3_add_ext.3 MLINKS+= X509v3_get_ext_by_NID.3 X509v3_delete_ext.3 MLINKS+= X509v3_get_ext_by_NID.3 X509v3_get_ext.3 MLINKS+= X509v3_get_ext_by_NID.3 X509v3_get_ext_by_OBJ.3 MLINKS+= X509v3_get_ext_by_NID.3 X509v3_get_ext_by_critical.3 MLINKS+= X509v3_get_ext_by_NID.3 X509v3_get_ext_count.3 -MLINKS+= d2i_DHparams.3 i2d_DHparams.3 -MLINKS+= d2i_PKCS8PrivateKey_bio.3 d2i_PKCS8PrivateKey_fp.3 -MLINKS+= d2i_PKCS8PrivateKey_bio.3 i2d_PKCS8PrivateKey_bio.3 -MLINKS+= d2i_PKCS8PrivateKey_bio.3 i2d_PKCS8PrivateKey_fp.3 -MLINKS+= d2i_PKCS8PrivateKey_bio.3 i2d_PKCS8PrivateKey_nid_bio.3 -MLINKS+= d2i_PKCS8PrivateKey_bio.3 i2d_PKCS8PrivateKey_nid_fp.3 -MLINKS+= d2i_PrivateKey.3 d2i_AutoPrivateKey.3 -MLINKS+= d2i_PrivateKey.3 d2i_PrivateKey_bio.3 -MLINKS+= d2i_PrivateKey.3 d2i_PrivateKey_fp.3 -MLINKS+= d2i_PrivateKey.3 d2i_PublicKey.3 -MLINKS+= d2i_PrivateKey.3 i2d_PrivateKey.3 -MLINKS+= d2i_PrivateKey.3 i2d_PublicKey.3 -MLINKS+= d2i_SSL_SESSION.3 i2d_SSL_SESSION.3 +MLINKS+= b2i_PVK_bio_ex.3 b2i_PVK_bio.3 +MLINKS+= SSL_extension_supported.3 custom_ext_add_cb.3 +MLINKS+= SSL_extension_supported.3 custom_ext_free_cb.3 +MLINKS+= SSL_extension_supported.3 custom_ext_parse_cb.3 MLINKS+= d2i_X509.3 d2i_ACCESS_DESCRIPTION.3 MLINKS+= d2i_X509.3 d2i_ADMISSIONS.3 MLINKS+= d2i_X509.3 d2i_ADMISSION_SYNTAX.3 @@ -3527,39 +4800,46 @@ MLINKS+= d2i_X509.3 d2i_ASN1_VISIBLESTRING.3 MLINKS+= d2i_X509.3 d2i_ASRange.3 MLINKS+= d2i_X509.3 d2i_AUTHORITY_INFO_ACCESS.3 MLINKS+= d2i_X509.3 d2i_AUTHORITY_KEYID.3 +MLINKS+= d2i_PrivateKey.3 d2i_AutoPrivateKey.3 +MLINKS+= d2i_PrivateKey.3 d2i_AutoPrivateKey_ex.3 MLINKS+= d2i_X509.3 d2i_BASIC_CONSTRAINTS.3 MLINKS+= d2i_X509.3 d2i_CERTIFICATEPOLICIES.3 MLINKS+= d2i_X509.3 d2i_CMS_ContentInfo.3 MLINKS+= d2i_X509.3 d2i_CMS_ReceiptRequest.3 MLINKS+= d2i_X509.3 d2i_CMS_bio.3 MLINKS+= d2i_X509.3 d2i_CRL_DIST_POINTS.3 +MLINKS+= d2i_RSAPrivateKey.3 d2i_DHparams.3 +MLINKS+= d2i_RSAPrivateKey.3 d2i_DHparams_bio.3 +MLINKS+= d2i_RSAPrivateKey.3 d2i_DHparams_fp.3 MLINKS+= d2i_X509.3 d2i_DHxparams.3 MLINKS+= d2i_X509.3 d2i_DIRECTORYSTRING.3 MLINKS+= d2i_X509.3 d2i_DISPLAYTEXT.3 MLINKS+= d2i_X509.3 d2i_DIST_POINT.3 MLINKS+= d2i_X509.3 d2i_DIST_POINT_NAME.3 -MLINKS+= d2i_X509.3 d2i_DSAPrivateKey.3 -MLINKS+= d2i_X509.3 d2i_DSAPrivateKey_bio.3 -MLINKS+= d2i_X509.3 d2i_DSAPrivateKey_fp.3 -MLINKS+= d2i_X509.3 d2i_DSAPublicKey.3 -MLINKS+= d2i_X509.3 d2i_DSA_PUBKEY.3 -MLINKS+= d2i_X509.3 d2i_DSA_PUBKEY_bio.3 -MLINKS+= d2i_X509.3 d2i_DSA_PUBKEY_fp.3 +MLINKS+= d2i_RSAPrivateKey.3 d2i_DSAPrivateKey.3 +MLINKS+= d2i_RSAPrivateKey.3 d2i_DSAPrivateKey_bio.3 +MLINKS+= d2i_RSAPrivateKey.3 d2i_DSAPrivateKey_fp.3 +MLINKS+= d2i_RSAPrivateKey.3 d2i_DSAPublicKey.3 +MLINKS+= d2i_RSAPrivateKey.3 d2i_DSA_PUBKEY.3 +MLINKS+= d2i_RSAPrivateKey.3 d2i_DSA_PUBKEY_bio.3 +MLINKS+= d2i_RSAPrivateKey.3 d2i_DSA_PUBKEY_fp.3 MLINKS+= d2i_X509.3 d2i_DSA_SIG.3 -MLINKS+= d2i_X509.3 d2i_DSAparams.3 +MLINKS+= d2i_RSAPrivateKey.3 d2i_DSAparams.3 MLINKS+= d2i_X509.3 d2i_ECDSA_SIG.3 -MLINKS+= d2i_X509.3 d2i_ECPKParameters.3 -MLINKS+= d2i_X509.3 d2i_ECParameters.3 -MLINKS+= d2i_X509.3 d2i_ECPrivateKey.3 -MLINKS+= d2i_X509.3 d2i_ECPrivateKey_bio.3 -MLINKS+= d2i_X509.3 d2i_ECPrivateKey_fp.3 -MLINKS+= d2i_X509.3 d2i_EC_PUBKEY.3 -MLINKS+= d2i_X509.3 d2i_EC_PUBKEY_bio.3 -MLINKS+= d2i_X509.3 d2i_EC_PUBKEY_fp.3 +MLINKS+= d2i_RSAPrivateKey.3 d2i_ECPKParameters.3 +MLINKS+= d2i_RSAPrivateKey.3 d2i_ECParameters.3 +MLINKS+= d2i_RSAPrivateKey.3 d2i_ECPrivateKey.3 +MLINKS+= d2i_RSAPrivateKey.3 d2i_ECPrivateKey_bio.3 +MLINKS+= d2i_RSAPrivateKey.3 d2i_ECPrivateKey_fp.3 +MLINKS+= d2i_RSAPrivateKey.3 d2i_EC_PUBKEY.3 +MLINKS+= d2i_RSAPrivateKey.3 d2i_EC_PUBKEY_bio.3 +MLINKS+= d2i_RSAPrivateKey.3 d2i_EC_PUBKEY_fp.3 MLINKS+= d2i_X509.3 d2i_EDIPARTYNAME.3 MLINKS+= d2i_X509.3 d2i_ESS_CERT_ID.3 +MLINKS+= d2i_X509.3 d2i_ESS_CERT_ID_V2.3 MLINKS+= d2i_X509.3 d2i_ESS_ISSUER_SERIAL.3 MLINKS+= d2i_X509.3 d2i_ESS_SIGNING_CERT.3 +MLINKS+= d2i_X509.3 d2i_ESS_SIGNING_CERT_V2.3 MLINKS+= d2i_X509.3 d2i_EXTENDED_KEY_USAGE.3 MLINKS+= d2i_X509.3 d2i_GENERAL_NAME.3 MLINKS+= d2i_X509.3 d2i_GENERAL_NAMES.3 @@ -3567,7 +4847,10 @@ MLINKS+= d2i_X509.3 d2i_IPAddressChoice.3 MLINKS+= d2i_X509.3 d2i_IPAddressFamily.3 MLINKS+= d2i_X509.3 d2i_IPAddressOrRange.3 MLINKS+= d2i_X509.3 d2i_IPAddressRange.3 +MLINKS+= d2i_X509.3 d2i_ISSUER_SIGN_TOOL.3 MLINKS+= d2i_X509.3 d2i_ISSUING_DIST_POINT.3 +MLINKS+= d2i_PrivateKey.3 d2i_KeyParams.3 +MLINKS+= d2i_PrivateKey.3 d2i_KeyParams_bio.3 MLINKS+= d2i_X509.3 d2i_NAMING_AUTHORITY.3 MLINKS+= d2i_X509.3 d2i_NETSCAPE_CERT_SEQUENCE.3 MLINKS+= d2i_X509.3 d2i_NETSCAPE_SPKAC.3 @@ -3588,6 +4871,18 @@ MLINKS+= d2i_X509.3 d2i_OCSP_REVOKEDINFO.3 MLINKS+= d2i_X509.3 d2i_OCSP_SERVICELOC.3 MLINKS+= d2i_X509.3 d2i_OCSP_SIGNATURE.3 MLINKS+= d2i_X509.3 d2i_OCSP_SINGLERESP.3 +MLINKS+= d2i_X509.3 d2i_OSSL_CMP_MSG.3 +MLINKS+= OSSL_CMP_MSG_get0_header.3 d2i_OSSL_CMP_MSG_bio.3 +MLINKS+= d2i_X509.3 d2i_OSSL_CMP_PKIHEADER.3 +MLINKS+= d2i_X509.3 d2i_OSSL_CMP_PKISI.3 +MLINKS+= d2i_X509.3 d2i_OSSL_CRMF_CERTID.3 +MLINKS+= d2i_X509.3 d2i_OSSL_CRMF_CERTTEMPLATE.3 +MLINKS+= d2i_X509.3 d2i_OSSL_CRMF_ENCRYPTEDVALUE.3 +MLINKS+= d2i_X509.3 d2i_OSSL_CRMF_MSG.3 +MLINKS+= d2i_X509.3 d2i_OSSL_CRMF_MSGS.3 +MLINKS+= d2i_X509.3 d2i_OSSL_CRMF_PBMPARAMETER.3 +MLINKS+= d2i_X509.3 d2i_OSSL_CRMF_PKIPUBLICATIONINFO.3 +MLINKS+= d2i_X509.3 d2i_OSSL_CRMF_SINGLEPUBINFO.3 MLINKS+= d2i_X509.3 d2i_OTHERNAME.3 MLINKS+= d2i_X509.3 d2i_PBE2PARAM.3 MLINKS+= d2i_X509.3 d2i_PBEPARAM.3 @@ -3610,6 +4905,7 @@ MLINKS+= d2i_X509.3 d2i_PKCS7_SIGNER_INFO.3 MLINKS+= d2i_X509.3 d2i_PKCS7_SIGN_ENVELOPE.3 MLINKS+= d2i_X509.3 d2i_PKCS7_bio.3 MLINKS+= d2i_X509.3 d2i_PKCS7_fp.3 +MLINKS+= d2i_PKCS8PrivateKey_bio.3 d2i_PKCS8PrivateKey_fp.3 MLINKS+= d2i_X509.3 d2i_PKCS8_PRIV_KEY_INFO.3 MLINKS+= d2i_X509.3 d2i_PKCS8_PRIV_KEY_INFO_bio.3 MLINKS+= d2i_X509.3 d2i_PKCS8_PRIV_KEY_INFO_fp.3 @@ -3621,17 +4917,26 @@ MLINKS+= d2i_X509.3 d2i_POLICYQUALINFO.3 MLINKS+= d2i_X509.3 d2i_PROFESSION_INFO.3 MLINKS+= d2i_X509.3 d2i_PROXY_CERT_INFO_EXTENSION.3 MLINKS+= d2i_X509.3 d2i_PROXY_POLICY.3 -MLINKS+= d2i_X509.3 d2i_RSAPrivateKey.3 -MLINKS+= d2i_X509.3 d2i_RSAPrivateKey_bio.3 -MLINKS+= d2i_X509.3 d2i_RSAPrivateKey_fp.3 -MLINKS+= d2i_X509.3 d2i_RSAPublicKey.3 -MLINKS+= d2i_X509.3 d2i_RSAPublicKey_bio.3 -MLINKS+= d2i_X509.3 d2i_RSAPublicKey_fp.3 +MLINKS+= X509_PUBKEY_new.3 d2i_PUBKEY.3 +MLINKS+= X509_PUBKEY_new.3 d2i_PUBKEY_bio.3 +MLINKS+= X509_PUBKEY_new.3 d2i_PUBKEY_ex.3 +MLINKS+= X509_PUBKEY_new.3 d2i_PUBKEY_fp.3 +MLINKS+= d2i_PrivateKey.3 d2i_PrivateKey_bio.3 +MLINKS+= d2i_PrivateKey.3 d2i_PrivateKey_ex.3 +MLINKS+= d2i_PrivateKey.3 d2i_PrivateKey_ex_bio.3 +MLINKS+= d2i_PrivateKey.3 d2i_PrivateKey_ex_fp.3 +MLINKS+= d2i_PrivateKey.3 d2i_PrivateKey_fp.3 +MLINKS+= d2i_PrivateKey.3 d2i_PublicKey.3 +MLINKS+= d2i_RSAPrivateKey.3 d2i_RSAPrivateKey_bio.3 +MLINKS+= d2i_RSAPrivateKey.3 d2i_RSAPrivateKey_fp.3 +MLINKS+= d2i_RSAPrivateKey.3 d2i_RSAPublicKey.3 +MLINKS+= d2i_RSAPrivateKey.3 d2i_RSAPublicKey_bio.3 +MLINKS+= d2i_RSAPrivateKey.3 d2i_RSAPublicKey_fp.3 MLINKS+= d2i_X509.3 d2i_RSA_OAEP_PARAMS.3 MLINKS+= d2i_X509.3 d2i_RSA_PSS_PARAMS.3 -MLINKS+= d2i_X509.3 d2i_RSA_PUBKEY.3 -MLINKS+= d2i_X509.3 d2i_RSA_PUBKEY_bio.3 -MLINKS+= d2i_X509.3 d2i_RSA_PUBKEY_fp.3 +MLINKS+= d2i_RSAPrivateKey.3 d2i_RSA_PUBKEY.3 +MLINKS+= d2i_RSAPrivateKey.3 d2i_RSA_PUBKEY_bio.3 +MLINKS+= d2i_RSAPrivateKey.3 d2i_RSA_PUBKEY_fp.3 MLINKS+= d2i_X509.3 d2i_SCRYPT_PARAMS.3 MLINKS+= d2i_X509.3 d2i_SCT_LIST.3 MLINKS+= d2i_X509.3 d2i_SXNET.3 @@ -3654,6 +4959,7 @@ MLINKS+= d2i_X509.3 d2i_USERNOTICE.3 MLINKS+= d2i_X509.3 d2i_X509_ALGOR.3 MLINKS+= d2i_X509.3 d2i_X509_ALGORS.3 MLINKS+= d2i_X509.3 d2i_X509_ATTRIBUTE.3 +MLINKS+= i2d_re_X509_tbs.3 d2i_X509_AUX.3 MLINKS+= d2i_X509.3 d2i_X509_CERT_AUX.3 MLINKS+= d2i_X509.3 d2i_X509_CINF.3 MLINKS+= d2i_X509.3 d2i_X509_CRL.3 @@ -3665,6 +4971,8 @@ MLINKS+= d2i_X509.3 d2i_X509_EXTENSIONS.3 MLINKS+= d2i_X509.3 d2i_X509_NAME.3 MLINKS+= d2i_X509.3 d2i_X509_NAME_ENTRY.3 MLINKS+= d2i_X509.3 d2i_X509_PUBKEY.3 +MLINKS+= d2i_X509.3 d2i_X509_PUBKEY_bio.3 +MLINKS+= d2i_X509.3 d2i_X509_PUBKEY_fp.3 MLINKS+= d2i_X509.3 d2i_X509_REQ.3 MLINKS+= d2i_X509.3 d2i_X509_REQ_INFO.3 MLINKS+= d2i_X509.3 d2i_X509_REQ_bio.3 @@ -3674,6 +4982,8 @@ MLINKS+= d2i_X509.3 d2i_X509_SIG.3 MLINKS+= d2i_X509.3 d2i_X509_VAL.3 MLINKS+= d2i_X509.3 d2i_X509_bio.3 MLINKS+= d2i_X509.3 d2i_X509_fp.3 +MLINKS+= b2i_PVK_bio_ex.3 i2b_PVK_bio.3 +MLINKS+= b2i_PVK_bio_ex.3 i2b_PVK_bio_ex.3 MLINKS+= d2i_X509.3 i2d_ACCESS_DESCRIPTION.3 MLINKS+= d2i_X509.3 i2d_ADMISSIONS.3 MLINKS+= d2i_X509.3 i2d_ADMISSION_SYNTAX.3 @@ -3711,33 +5021,38 @@ MLINKS+= d2i_X509.3 i2d_CMS_ContentInfo.3 MLINKS+= d2i_X509.3 i2d_CMS_ReceiptRequest.3 MLINKS+= d2i_X509.3 i2d_CMS_bio.3 MLINKS+= d2i_X509.3 i2d_CRL_DIST_POINTS.3 +MLINKS+= d2i_RSAPrivateKey.3 i2d_DHparams.3 +MLINKS+= d2i_RSAPrivateKey.3 i2d_DHparams_bio.3 +MLINKS+= d2i_RSAPrivateKey.3 i2d_DHparams_fp.3 MLINKS+= d2i_X509.3 i2d_DHxparams.3 MLINKS+= d2i_X509.3 i2d_DIRECTORYSTRING.3 MLINKS+= d2i_X509.3 i2d_DISPLAYTEXT.3 MLINKS+= d2i_X509.3 i2d_DIST_POINT.3 MLINKS+= d2i_X509.3 i2d_DIST_POINT_NAME.3 -MLINKS+= d2i_X509.3 i2d_DSAPrivateKey.3 -MLINKS+= d2i_X509.3 i2d_DSAPrivateKey_bio.3 -MLINKS+= d2i_X509.3 i2d_DSAPrivateKey_fp.3 -MLINKS+= d2i_X509.3 i2d_DSAPublicKey.3 -MLINKS+= d2i_X509.3 i2d_DSA_PUBKEY.3 -MLINKS+= d2i_X509.3 i2d_DSA_PUBKEY_bio.3 -MLINKS+= d2i_X509.3 i2d_DSA_PUBKEY_fp.3 +MLINKS+= d2i_RSAPrivateKey.3 i2d_DSAPrivateKey.3 +MLINKS+= d2i_RSAPrivateKey.3 i2d_DSAPrivateKey_bio.3 +MLINKS+= d2i_RSAPrivateKey.3 i2d_DSAPrivateKey_fp.3 +MLINKS+= d2i_RSAPrivateKey.3 i2d_DSAPublicKey.3 +MLINKS+= d2i_RSAPrivateKey.3 i2d_DSA_PUBKEY.3 +MLINKS+= d2i_RSAPrivateKey.3 i2d_DSA_PUBKEY_bio.3 +MLINKS+= d2i_RSAPrivateKey.3 i2d_DSA_PUBKEY_fp.3 MLINKS+= d2i_X509.3 i2d_DSA_SIG.3 -MLINKS+= d2i_X509.3 i2d_DSAparams.3 +MLINKS+= d2i_RSAPrivateKey.3 i2d_DSAparams.3 MLINKS+= d2i_X509.3 i2d_ECDSA_SIG.3 -MLINKS+= d2i_X509.3 i2d_ECPKParameters.3 -MLINKS+= d2i_X509.3 i2d_ECParameters.3 -MLINKS+= d2i_X509.3 i2d_ECPrivateKey.3 -MLINKS+= d2i_X509.3 i2d_ECPrivateKey_bio.3 -MLINKS+= d2i_X509.3 i2d_ECPrivateKey_fp.3 -MLINKS+= d2i_X509.3 i2d_EC_PUBKEY.3 -MLINKS+= d2i_X509.3 i2d_EC_PUBKEY_bio.3 -MLINKS+= d2i_X509.3 i2d_EC_PUBKEY_fp.3 +MLINKS+= d2i_RSAPrivateKey.3 i2d_ECPKParameters.3 +MLINKS+= d2i_RSAPrivateKey.3 i2d_ECParameters.3 +MLINKS+= d2i_RSAPrivateKey.3 i2d_ECPrivateKey.3 +MLINKS+= d2i_RSAPrivateKey.3 i2d_ECPrivateKey_bio.3 +MLINKS+= d2i_RSAPrivateKey.3 i2d_ECPrivateKey_fp.3 +MLINKS+= d2i_RSAPrivateKey.3 i2d_EC_PUBKEY.3 +MLINKS+= d2i_RSAPrivateKey.3 i2d_EC_PUBKEY_bio.3 +MLINKS+= d2i_RSAPrivateKey.3 i2d_EC_PUBKEY_fp.3 MLINKS+= d2i_X509.3 i2d_EDIPARTYNAME.3 MLINKS+= d2i_X509.3 i2d_ESS_CERT_ID.3 +MLINKS+= d2i_X509.3 i2d_ESS_CERT_ID_V2.3 MLINKS+= d2i_X509.3 i2d_ESS_ISSUER_SERIAL.3 MLINKS+= d2i_X509.3 i2d_ESS_SIGNING_CERT.3 +MLINKS+= d2i_X509.3 i2d_ESS_SIGNING_CERT_V2.3 MLINKS+= d2i_X509.3 i2d_EXTENDED_KEY_USAGE.3 MLINKS+= d2i_X509.3 i2d_GENERAL_NAME.3 MLINKS+= d2i_X509.3 i2d_GENERAL_NAMES.3 @@ -3745,7 +5060,10 @@ MLINKS+= d2i_X509.3 i2d_IPAddressChoice.3 MLINKS+= d2i_X509.3 i2d_IPAddressFamily.3 MLINKS+= d2i_X509.3 i2d_IPAddressOrRange.3 MLINKS+= d2i_X509.3 i2d_IPAddressRange.3 +MLINKS+= d2i_X509.3 i2d_ISSUER_SIGN_TOOL.3 MLINKS+= d2i_X509.3 i2d_ISSUING_DIST_POINT.3 +MLINKS+= d2i_PrivateKey.3 i2d_KeyParams.3 +MLINKS+= d2i_PrivateKey.3 i2d_KeyParams_bio.3 MLINKS+= d2i_X509.3 i2d_NAMING_AUTHORITY.3 MLINKS+= d2i_X509.3 i2d_NETSCAPE_CERT_SEQUENCE.3 MLINKS+= d2i_X509.3 i2d_NETSCAPE_SPKAC.3 @@ -3766,6 +5084,18 @@ MLINKS+= d2i_X509.3 i2d_OCSP_REVOKEDINFO.3 MLINKS+= d2i_X509.3 i2d_OCSP_SERVICELOC.3 MLINKS+= d2i_X509.3 i2d_OCSP_SIGNATURE.3 MLINKS+= d2i_X509.3 i2d_OCSP_SINGLERESP.3 +MLINKS+= d2i_X509.3 i2d_OSSL_CMP_MSG.3 +MLINKS+= OSSL_CMP_MSG_get0_header.3 i2d_OSSL_CMP_MSG_bio.3 +MLINKS+= d2i_X509.3 i2d_OSSL_CMP_PKIHEADER.3 +MLINKS+= d2i_X509.3 i2d_OSSL_CMP_PKISI.3 +MLINKS+= d2i_X509.3 i2d_OSSL_CRMF_CERTID.3 +MLINKS+= d2i_X509.3 i2d_OSSL_CRMF_CERTTEMPLATE.3 +MLINKS+= d2i_X509.3 i2d_OSSL_CRMF_ENCRYPTEDVALUE.3 +MLINKS+= d2i_X509.3 i2d_OSSL_CRMF_MSG.3 +MLINKS+= d2i_X509.3 i2d_OSSL_CRMF_MSGS.3 +MLINKS+= d2i_X509.3 i2d_OSSL_CRMF_PBMPARAMETER.3 +MLINKS+= d2i_X509.3 i2d_OSSL_CRMF_PKIPUBLICATIONINFO.3 +MLINKS+= d2i_X509.3 i2d_OSSL_CRMF_SINGLEPUBINFO.3 MLINKS+= d2i_X509.3 i2d_OTHERNAME.3 MLINKS+= d2i_X509.3 i2d_PBE2PARAM.3 MLINKS+= d2i_X509.3 i2d_PBEPARAM.3 @@ -3791,6 +5121,10 @@ MLINKS+= d2i_X509.3 i2d_PKCS7_bio.3 MLINKS+= d2i_X509.3 i2d_PKCS7_fp.3 MLINKS+= d2i_X509.3 i2d_PKCS8PrivateKeyInfo_bio.3 MLINKS+= d2i_X509.3 i2d_PKCS8PrivateKeyInfo_fp.3 +MLINKS+= d2i_PKCS8PrivateKey_bio.3 i2d_PKCS8PrivateKey_bio.3 +MLINKS+= d2i_PKCS8PrivateKey_bio.3 i2d_PKCS8PrivateKey_fp.3 +MLINKS+= d2i_PKCS8PrivateKey_bio.3 i2d_PKCS8PrivateKey_nid_bio.3 +MLINKS+= d2i_PKCS8PrivateKey_bio.3 i2d_PKCS8PrivateKey_nid_fp.3 MLINKS+= d2i_X509.3 i2d_PKCS8_PRIV_KEY_INFO.3 MLINKS+= d2i_X509.3 i2d_PKCS8_PRIV_KEY_INFO_bio.3 MLINKS+= d2i_X509.3 i2d_PKCS8_PRIV_KEY_INFO_fp.3 @@ -3802,19 +5136,27 @@ MLINKS+= d2i_X509.3 i2d_POLICYQUALINFO.3 MLINKS+= d2i_X509.3 i2d_PROFESSION_INFO.3 MLINKS+= d2i_X509.3 i2d_PROXY_CERT_INFO_EXTENSION.3 MLINKS+= d2i_X509.3 i2d_PROXY_POLICY.3 -MLINKS+= d2i_X509.3 i2d_RSAPrivateKey.3 -MLINKS+= d2i_X509.3 i2d_RSAPrivateKey_bio.3 -MLINKS+= d2i_X509.3 i2d_RSAPrivateKey_fp.3 -MLINKS+= d2i_X509.3 i2d_RSAPublicKey.3 -MLINKS+= d2i_X509.3 i2d_RSAPublicKey_bio.3 -MLINKS+= d2i_X509.3 i2d_RSAPublicKey_fp.3 +MLINKS+= X509_PUBKEY_new.3 i2d_PUBKEY.3 +MLINKS+= X509_PUBKEY_new.3 i2d_PUBKEY_bio.3 +MLINKS+= X509_PUBKEY_new.3 i2d_PUBKEY_fp.3 +MLINKS+= d2i_PrivateKey.3 i2d_PrivateKey.3 +MLINKS+= d2i_PrivateKey.3 i2d_PrivateKey_bio.3 +MLINKS+= d2i_PrivateKey.3 i2d_PrivateKey_fp.3 +MLINKS+= d2i_PrivateKey.3 i2d_PublicKey.3 +MLINKS+= d2i_RSAPrivateKey.3 i2d_RSAPrivateKey.3 +MLINKS+= d2i_RSAPrivateKey.3 i2d_RSAPrivateKey_bio.3 +MLINKS+= d2i_RSAPrivateKey.3 i2d_RSAPrivateKey_fp.3 +MLINKS+= d2i_RSAPrivateKey.3 i2d_RSAPublicKey.3 +MLINKS+= d2i_RSAPrivateKey.3 i2d_RSAPublicKey_bio.3 +MLINKS+= d2i_RSAPrivateKey.3 i2d_RSAPublicKey_fp.3 MLINKS+= d2i_X509.3 i2d_RSA_OAEP_PARAMS.3 MLINKS+= d2i_X509.3 i2d_RSA_PSS_PARAMS.3 -MLINKS+= d2i_X509.3 i2d_RSA_PUBKEY.3 -MLINKS+= d2i_X509.3 i2d_RSA_PUBKEY_bio.3 -MLINKS+= d2i_X509.3 i2d_RSA_PUBKEY_fp.3 +MLINKS+= d2i_RSAPrivateKey.3 i2d_RSA_PUBKEY.3 +MLINKS+= d2i_RSAPrivateKey.3 i2d_RSA_PUBKEY_bio.3 +MLINKS+= d2i_RSAPrivateKey.3 i2d_RSA_PUBKEY_fp.3 MLINKS+= d2i_X509.3 i2d_SCRYPT_PARAMS.3 MLINKS+= d2i_X509.3 i2d_SCT_LIST.3 +MLINKS+= d2i_SSL_SESSION.3 i2d_SSL_SESSION.3 MLINKS+= d2i_X509.3 i2d_SXNET.3 MLINKS+= d2i_X509.3 i2d_SXNETID.3 MLINKS+= d2i_X509.3 i2d_TS_ACCURACY.3 @@ -3836,6 +5178,7 @@ MLINKS+= d2i_X509.3 i2d_X509.3 MLINKS+= d2i_X509.3 i2d_X509_ALGOR.3 MLINKS+= d2i_X509.3 i2d_X509_ALGORS.3 MLINKS+= d2i_X509.3 i2d_X509_ATTRIBUTE.3 +MLINKS+= i2d_re_X509_tbs.3 i2d_X509_AUX.3 MLINKS+= d2i_X509.3 i2d_X509_CERT_AUX.3 MLINKS+= d2i_X509.3 i2d_X509_CINF.3 MLINKS+= d2i_X509.3 i2d_X509_CRL.3 @@ -3847,6 +5190,8 @@ MLINKS+= d2i_X509.3 i2d_X509_EXTENSIONS.3 MLINKS+= d2i_X509.3 i2d_X509_NAME.3 MLINKS+= d2i_X509.3 i2d_X509_NAME_ENTRY.3 MLINKS+= d2i_X509.3 i2d_X509_PUBKEY.3 +MLINKS+= d2i_X509.3 i2d_X509_PUBKEY_bio.3 +MLINKS+= d2i_X509.3 i2d_X509_PUBKEY_fp.3 MLINKS+= d2i_X509.3 i2d_X509_REQ.3 MLINKS+= d2i_X509.3 i2d_X509_REQ_INFO.3 MLINKS+= d2i_X509.3 i2d_X509_REQ_bio.3 @@ -3856,10 +5201,54 @@ MLINKS+= d2i_X509.3 i2d_X509_SIG.3 MLINKS+= d2i_X509.3 i2d_X509_VAL.3 MLINKS+= d2i_X509.3 i2d_X509_bio.3 MLINKS+= d2i_X509.3 i2d_X509_fp.3 -MLINKS+= i2d_re_X509_tbs.3 d2i_X509_AUX.3 -MLINKS+= i2d_re_X509_tbs.3 i2d_X509_AUX.3 MLINKS+= i2d_re_X509_tbs.3 i2d_re_X509_CRL_tbs.3 MLINKS+= i2d_re_X509_tbs.3 i2d_re_X509_REQ_tbs.3 MLINKS+= o2i_SCT_LIST.3 i2o_SCT.3 MLINKS+= o2i_SCT_LIST.3 i2o_SCT_LIST.3 +MLINKS+= s2i_ASN1_IA5STRING.3 i2s_ASN1_ENUMERATED.3 +MLINKS+= s2i_ASN1_IA5STRING.3 i2s_ASN1_ENUMERATED_TABLE.3 +MLINKS+= s2i_ASN1_IA5STRING.3 i2s_ASN1_IA5STRING.3 +MLINKS+= s2i_ASN1_IA5STRING.3 i2s_ASN1_INTEGER.3 +MLINKS+= s2i_ASN1_IA5STRING.3 i2s_ASN1_OCTET_STRING.3 +MLINKS+= s2i_ASN1_IA5STRING.3 i2s_ASN1_UTF8STRING.3 +MLINKS+= OBJ_nid2obj.3 i2t_ASN1_OBJECT.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_delete.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_doall.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_doall_arg.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_error.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_flush.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_free.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_insert.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_new.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_retrieve.3 MLINKS+= o2i_SCT_LIST.3 o2i_SCT.3 +MLINKS+= PEM_read_bio_PrivateKey.3 pem_password_cb.3 +MLINKS+= s2i_ASN1_IA5STRING.3 s2i_ASN1_INTEGER.3 +MLINKS+= s2i_ASN1_IA5STRING.3 s2i_ASN1_OCTET_STRING.3 +MLINKS+= s2i_ASN1_IA5STRING.3 s2i_ASN1_UTF8STRING.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_deep_copy.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_delete.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_delete_ptr.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_dup.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_find.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_find_all.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_find_ex.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_free.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_insert.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_is_sorted.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_new.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_new_null.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_new_reserve.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_num.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_pop.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_pop_free.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_push.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_reserve.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_set.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_set_cmp_func.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_shift.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_sort.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_unshift.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_value.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_zero.3 +MLINKS+= SSL_CTX_set_ct_validation_callback.3 ssl_ct_validation_cb.3 diff --git a/secure/lib/libcrypto/man/man3/NCONF_new_ex.3 b/secure/lib/libcrypto/man/man3/NCONF_new_ex.3 new file mode 100644 index 000000000000..b822b992f520 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/NCONF_new_ex.3 @@ -0,0 +1,213 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "NCONF_NEW_EX 3ossl" +.TH NCONF_NEW_EX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +NCONF_new_ex, NCONF_new, NCONF_free, NCONF_default, NCONF_load, +NCONF_get0_libctx, NCONF_get_section, NCONF_get_section_names +\&\- functionality to Load and parse configuration files manually +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/conf.h> +\& +\& typedef struct { +\& char *section; +\& char *name; +\& char *value; +\& } CONF_VALUE; +\& +\& CONF *NCONF_new_ex(OSSL_LIB_CTX *libctx, CONF_METHOD *meth); +\& CONF *NCONF_new(CONF_METHOD *meth); +\& void NCONF_free(CONF *conf); +\& CONF_METHOD *NCONF_default(void); +\& int NCONF_load(CONF *conf, const char *file, long *eline); +\& OSSL_LIB_CTX *NCONF_get0_libctx(const CONF *conf); +\& +\& STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, const char *name); +\& STACK_OF(OPENSSL_CSTRING) *NCONF_get_section_names(const CONF *conf); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBNCONF_new_ex()\fR creates a new \s-1CONF\s0 object in heap memory and assigns to +it a context \fIlibctx\fR that can be used during loading. If the method table +\&\fImeth\fR is set to \s-1NULL\s0 then the default value of \fBNCONF_default()\fR is used. +.PP +\&\fBNCONF_new()\fR is similar to \fBNCONF_new_ex()\fR but sets the \fIlibctx\fR to \s-1NULL.\s0 +.PP +\&\fBNCONF_free()\fR frees the data associated with \fIconf\fR and then frees the \fIconf\fR +object. +.PP +\&\fBNCONF_load()\fR parses the file named \fIfilename\fR and adds the values found to +\&\fIconf\fR. If an error occurs \fIfile\fR and \fIeline\fR list the file and line that +the load failed on if they are not \s-1NULL.\s0 +.PP +\&\fBNCONF_default()\fR gets the default method table for processing a configuration file. +.PP +\&\fBNCONF_get0_libctx()\fR gets the library context associated with the \fIconf\fR +parameter. +.PP +\&\fBNCONF_get_section_names()\fR gets the names of the sections associated with +the \fIconf\fR as \fB\s-1STACK_OF\s0(\s-1OPENSSL_CSTRING\s0)\fR strings. The individual strings +are associated with the \fIconf\fR and will be invalid after \fIconf\fR is +freed. The returned stack must be freed with \fBsk_OPENSSL_CSTRING_free()\fR. +.PP +\&\fBNCONF_get_section()\fR gets the config values associated with the \fIconf\fR from +the config section \fIname\fR as \fB\s-1STACK_OF\s0(\s-1CONF_VALUE\s0)\fR structures. The returned +stack is associated with the \fIconf\fR and will be invalid after \fIconf\fR +is freed. It must not be freed by the caller. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBNCONF_load()\fR returns 1 on success or 0 on error. +.PP +\&\fBNCONF_new_ex()\fR and \fBNCONF_new()\fR return a newly created \fI\s-1CONF\s0\fR object +or \s-1NULL\s0 if an error occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBCONF_modules_load_file\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBNCONF_new_ex()\fR, \fBNCONF_get0_libctx()\fR, and \fBNCONF_get_section_names()\fR were added +in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OBJ_nid2obj.3 b/secure/lib/libcrypto/man/man3/OBJ_nid2obj.3 index 053b0008e6dd..10f728653301 100644 --- a/secure/lib/libcrypto/man/man3/OBJ_nid2obj.3 +++ b/secure/lib/libcrypto/man/man3/OBJ_nid2obj.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,18 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "OBJ_NID2OBJ 3" -.TH OBJ_NID2OBJ 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "OBJ_NID2OBJ 3ossl" +.TH OBJ_NID2OBJ 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -i2t_ASN1_OBJECT, OBJ_length, OBJ_get0_data, OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid, OBJ_cmp, OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup \&\- ASN1 object utility functions +i2t_ASN1_OBJECT, +OBJ_length, OBJ_get0_data, OBJ_nid2obj, OBJ_nid2ln, +OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid, OBJ_cmp, +OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup, OBJ_add_sigid +\&\- ASN1 object utility functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -167,21 +169,23 @@ i2t_ASN1_OBJECT, OBJ_length, OBJ_get0_data, OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, \& \& size_t OBJ_length(const ASN1_OBJECT *obj); \& const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj); +\& +\& int OBJ_add_sigid(int signid, int dig_id, int pkey_id); .Ve .PP -Deprecated: +The following function has been deprecated since OpenSSL 1.1.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): .PP -.Vb 3 -\& #if OPENSSL_API_COMPAT < 0x10100000L -\& void OBJ_cleanup(void) -\& #endif +.Vb 1 +\& void OBJ_cleanup(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1ASN1\s0 object utility functions process \s-1ASN1_OBJECT\s0 structures which are a representation of the \s-1ASN1 OBJECT IDENTIFIER\s0 (\s-1OID\s0) type. For convenience, OIDs are usually represented in source code as numeric -identifiers, or \fI\s-1NID\s0\fRs. OpenSSL has an internal table of OIDs that +identifiers, or \fB\s-1NID\s0\fRs. OpenSSL has an internal table of OIDs that are generated when the library is built, and their corresponding NIDs are available as defined constants. For the functions below, application code should treat all returned values \*(-- OIDs, NIDs, or names \*(-- as @@ -192,7 +196,7 @@ an \s-1ASN1_OBJECT\s0 structure, its long name and its short name respectively, or \fB\s-1NULL\s0\fR if an error occurred. .PP \&\fBOBJ_obj2nid()\fR, \fBOBJ_ln2nid()\fR, \fBOBJ_sn2nid()\fR return the corresponding \s-1NID\s0 -for the object \fIo\fR, the long name <ln> or the short name <sn> respectively +for the object \fIo\fR, the long name \fIln\fR or the short name \fIsn\fR respectively or NID_undef if an error occurred. .PP \&\fBOBJ_txt2nid()\fR returns \s-1NID\s0 corresponding to text string \fIs\fR. \fIs\fR can be @@ -229,6 +233,14 @@ success and NID_undef in case of failure. \&\fBOBJ_get0_data()\fR returns a pointer to the content octets of \fIobj\fR. The returned pointer is an internal pointer which \fBmust not\fR be freed. .PP +\&\fBOBJ_add_sigid()\fR creates a new composite \*(L"Signature Algorithm\*(R" that associates a +given \s-1NID\s0 with two other NIDs \- one representing the underlying signature +algorithm and the other representing a digest algorithm to be used in +conjunction with it. \fIsignid\fR represents the \s-1NID\s0 for the composite \*(L"Signature +Algorithm\*(R", \fIdig_id\fR is the \s-1NID\s0 for the digest algorithm and \fIpkey_id\fR is the +\&\s-1NID\s0 for the underlying signature algorithm. As there are signature algorithms +that do not require a digest, NID_undef is a valid \fIdig_id\fR. +.PP \&\fBOBJ_cleanup()\fR releases any resources allocated by creating new objects. .SH "NOTES" .IX Header "NOTES" @@ -311,6 +323,11 @@ Create a new object directly: .Vb 1 \& obj = OBJ_txt2obj("1.2.3.4", 1); .Ve +.SH "BUGS" +.IX Header "BUGS" +Neither \fBOBJ_create()\fR nor \fBOBJ_add_sigid()\fR do any locking and are thus not +thread safe. Moreover, none of the other functions should be called while +concurrent calls to these two functions are possible. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) @@ -320,9 +337,9 @@ Create a new object directly: and should not be used. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2002\-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OCSP_REQUEST_new.3 b/secure/lib/libcrypto/man/man3/OCSP_REQUEST_new.3 index 4b8a3d6aef2f..f92456647b91 100644 --- a/secure/lib/libcrypto/man/man3/OCSP_REQUEST_new.3 +++ b/secure/lib/libcrypto/man/man3/OCSP_REQUEST_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "OCSP_REQUEST_NEW 3" -.TH OCSP_REQUEST_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "OCSP_REQUEST_NEW 3ossl" +.TH OCSP_REQUEST_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -OCSP_REQUEST_new, OCSP_REQUEST_free, OCSP_request_add0_id, OCSP_request_sign, OCSP_request_add1_cert, OCSP_request_onereq_count, OCSP_request_onereq_get0 \- OCSP request functions +OCSP_REQUEST_new, OCSP_REQUEST_free, OCSP_request_add0_id, OCSP_request_sign, +OCSP_request_add1_cert, OCSP_request_onereq_count, +OCSP_request_onereq_get0 \- OCSP request functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -196,7 +196,7 @@ or \fB\s-1NULL\s0\fR if an error occurred. for failure. .PP \&\fBOCSP_request_onereq_count()\fR returns the total number of \fB\s-1OCSP_ONEREQ\s0\fR -structures in \fBreq\fR. +structures in \fBreq\fR and \-1 on error. .PP \&\fBOCSP_request_onereq_get0()\fR returns a pointer to an \fB\s-1OCSP_ONEREQ\s0\fR structure or \fB\s-1NULL\s0\fR if the index value is out or range. @@ -240,9 +240,9 @@ Create an \fB\s-1OCSP_REQUEST\s0\fR structure for certificate \fBcert\fR with is \&\fBOCSP_sendreq_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OCSP_cert_to_id.3 b/secure/lib/libcrypto/man/man3/OCSP_cert_to_id.3 index 79c003b28214..606c6b5e0fdf 100644 --- a/secure/lib/libcrypto/man/man3/OCSP_cert_to_id.3 +++ b/secure/lib/libcrypto/man/man3/OCSP_cert_to_id.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "OCSP_CERT_TO_ID 3" -.TH OCSP_CERT_TO_ID 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "OCSP_CERT_TO_ID 3ossl" +.TH OCSP_CERT_TO_ID 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -OCSP_cert_to_id, OCSP_cert_id_new, OCSP_CERTID_free, OCSP_id_issuer_cmp, OCSP_id_cmp, OCSP_id_get0_info \- OCSP certificate ID utility functions +OCSP_cert_to_id, OCSP_cert_id_new, OCSP_CERTID_free, OCSP_id_issuer_cmp, +OCSP_id_cmp, OCSP_id_get0_info \- OCSP certificate ID utility functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -210,9 +209,9 @@ NOT\s0\fR be freed up by an application: they will be freed when the correspondi \&\fBOCSP_sendreq_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OCSP_request_add1_nonce.3 b/secure/lib/libcrypto/man/man3/OCSP_request_add1_nonce.3 index 2985ad9a860b..2c77cdab64e3 100644 --- a/secure/lib/libcrypto/man/man3/OCSP_request_add1_nonce.3 +++ b/secure/lib/libcrypto/man/man3/OCSP_request_add1_nonce.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "OCSP_REQUEST_ADD1_NONCE 3" -.TH OCSP_REQUEST_ADD1_NONCE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "OCSP_REQUEST_ADD1_NONCE 3ossl" +.TH OCSP_REQUEST_ADD1_NONCE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -209,7 +207,7 @@ condition. .IX Header "COPYRIGHT" Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OCSP_resp_find_status.3 b/secure/lib/libcrypto/man/man3/OCSP_resp_find_status.3 index f46a10fb3964..bd41ecfe8fb0 100644 --- a/secure/lib/libcrypto/man/man3/OCSP_resp_find_status.3 +++ b/secure/lib/libcrypto/man/man3/OCSP_resp_find_status.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,21 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "OCSP_RESP_FIND_STATUS 3" -.TH OCSP_RESP_FIND_STATUS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "OCSP_RESP_FIND_STATUS 3ossl" +.TH OCSP_RESP_FIND_STATUS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -OCSP_resp_get0_certs, OCSP_resp_get0_signer, OCSP_resp_get0_id, OCSP_resp_get1_id, OCSP_resp_get0_produced_at, OCSP_resp_get0_signature, OCSP_resp_get0_tbs_sigalg, OCSP_resp_get0_respdata, OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, OCSP_check_validity, OCSP_basic_verify \&\- OCSP response utility functions +OCSP_resp_find_status, OCSP_resp_count, +OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, +OCSP_resp_get0_produced_at, OCSP_resp_get0_signature, +OCSP_resp_get0_tbs_sigalg, OCSP_resp_get0_respdata, +OCSP_resp_get0_certs, OCSP_resp_get0_signer, +OCSP_resp_get0_id, OCSP_resp_get1_id, +OCSP_check_validity, OCSP_basic_verify +\&\- OCSP response utility functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -186,12 +191,12 @@ OCSP_resp_get0_certs, OCSP_resp_get0_signer, OCSP_resp_get0_id, OCSP_resp_get1_i .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBOCSP_resp_find_status()\fR searches \fBbs\fR for an \s-1OCSP\s0 response for \fBid\fR. If it is -successful the fields of the response are returned in \fB*status\fR, \fB*reason\fR, -\&\fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR. The \fB*status\fR value will be one of +\&\fBOCSP_resp_find_status()\fR searches \fIbs\fR for an \s-1OCSP\s0 response for \fIid\fR. If it is +successful the fields of the response are returned in \fI*status\fR, \fI*reason\fR, +\&\fI*revtime\fR, \fI*thisupd\fR and \fI*nextupd\fR. The \fI*status\fR value will be one of \&\fBV_OCSP_CERTSTATUS_GOOD\fR, \fBV_OCSP_CERTSTATUS_REVOKED\fR or -\&\fBV_OCSP_CERTSTATUS_UNKNOWN\fR. The \fB*reason\fR and \fB*revtime\fR fields are only -set if the status is \fBV_OCSP_CERTSTATUS_REVOKED\fR. If set the \fB*reason\fR field +\&\fBV_OCSP_CERTSTATUS_UNKNOWN\fR. The \fI*reason\fR and \fI*revtime\fR fields are only +set if the status is \fBV_OCSP_CERTSTATUS_REVOKED\fR. If set the \fI*reason\fR field will be set to the revocation reason which will be one of \&\fB\s-1OCSP_REVOKED_STATUS_NOSTATUS\s0\fR, \fB\s-1OCSP_REVOKED_STATUS_UNSPECIFIED\s0\fR, \&\fB\s-1OCSP_REVOKED_STATUS_KEYCOMPROMISE\s0\fR, \fB\s-1OCSP_REVOKED_STATUS_CACOMPROMISE\s0\fR, @@ -199,90 +204,114 @@ will be set to the revocation reason which will be one of \&\fB\s-1OCSP_REVOKED_STATUS_CESSATIONOFOPERATION\s0\fR, \&\fB\s-1OCSP_REVOKED_STATUS_CERTIFICATEHOLD\s0\fR or \fB\s-1OCSP_REVOKED_STATUS_REMOVEFROMCRL\s0\fR. .PP -\&\fBOCSP_resp_count()\fR returns the number of \fB\s-1OCSP_SINGLERESP\s0\fR structures in \fBbs\fR. +\&\fBOCSP_resp_count()\fR returns the number of \fB\s-1OCSP_SINGLERESP\s0\fR structures in \fIbs\fR. .PP -\&\fBOCSP_resp_get0()\fR returns the \fB\s-1OCSP_SINGLERESP\s0\fR structure in \fBbs\fR -corresponding to index \fBidx\fR. Where \fBidx\fR runs from 0 to -OCSP_resp_count(bs) \- 1. +\&\fBOCSP_resp_get0()\fR returns the \fB\s-1OCSP_SINGLERESP\s0\fR structure in \fIbs\fR corresponding +to index \fIidx\fR, where \fIidx\fR runs from 0 to OCSP_resp_count(bs) \- 1. .PP -\&\fBOCSP_resp_find()\fR searches \fBbs\fR for \fBid\fR and returns the index of the first -matching entry after \fBlast\fR or starting from the beginning if \fBlast\fR is \-1. +\&\fBOCSP_resp_find()\fR searches \fIbs\fR for \fIid\fR and returns the index of the first +matching entry after \fIlast\fR or starting from the beginning if \fIlast\fR is \-1. .PP -\&\fBOCSP_single_get0_status()\fR extracts the fields of \fBsingle\fR in \fB*reason\fR, -\&\fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR. +\&\fBOCSP_single_get0_status()\fR extracts the fields of \fIsingle\fR in \fI*reason\fR, +\&\fI*revtime\fR, \fI*thisupd\fR and \fI*nextupd\fR. .PP \&\fBOCSP_resp_get0_produced_at()\fR extracts the \fBproducedAt\fR field from the -single response \fBbs\fR. +single response \fIbs\fR. .PP -\&\fBOCSP_resp_get0_signature()\fR returns the signature from \fBbs\fR. +\&\fBOCSP_resp_get0_signature()\fR returns the signature from \fIbs\fR. .PP -\&\fBOCSP_resp_get0_tbs_sigalg()\fR returns the \fBsignatureAlgorithm\fR from \fBbs\fR. +\&\fBOCSP_resp_get0_tbs_sigalg()\fR returns the \fBsignatureAlgorithm\fR from \fIbs\fR. .PP -\&\fBOCSP_resp_get0_respdata()\fR returns the \fBtbsResponseData\fR from \fBbs\fR. +\&\fBOCSP_resp_get0_respdata()\fR returns the \fBtbsResponseData\fR from \fIbs\fR. .PP -\&\fBOCSP_resp_get0_certs()\fR returns any certificates included in \fBbs\fR. +\&\fBOCSP_resp_get0_certs()\fR returns any certificates included in \fIbs\fR. .PP \&\fBOCSP_resp_get0_signer()\fR attempts to retrieve the certificate that directly -signed \fBbs\fR. The \s-1OCSP\s0 protocol does not require that this certificate +signed \fIbs\fR. The \s-1OCSP\s0 protocol does not require that this certificate is included in the \fBcerts\fR field of the response, so additional certificates -can be supplied in \fBextra_certs\fR if the certificates that may have +can be supplied via the \fIextra_certs\fR if the certificates that may have signed the response are known via some out-of-band mechanism. .PP -\&\fBOCSP_resp_get0_id()\fR gets the responder id of \fBbs\fR. If the responder \s-1ID\s0 is -a name then <*pname> is set to the name and \fB*pid\fR is set to \s-1NULL.\s0 If the -responder \s-1ID\s0 is by key \s-1ID\s0 then \fB*pid\fR is set to the key \s-1ID\s0 and \fB*pname\fR -is set to \s-1NULL.\s0 \fBOCSP_resp_get1_id()\fR leaves ownership of \fB*pid\fR and \fB*pname\fR -with the caller, who is responsible for freeing them. Both functions return 1 -in case of success and 0 in case of failure. If \fBOCSP_resp_get1_id()\fR returns 0, -no freeing of the results is necessary. +\&\fBOCSP_resp_get0_id()\fR gets the responder id of \fIbs\fR. If the responder \s-1ID\s0 is +a name then <*pname> is set to the name and \fI*pid\fR is set to \s-1NULL.\s0 If the +responder \s-1ID\s0 is by key \s-1ID\s0 then \fI*pid\fR is set to the key \s-1ID\s0 and \fI*pname\fR +is set to \s-1NULL.\s0 +.PP +\&\fBOCSP_resp_get1_id()\fR is the same as \fBOCSP_resp_get0_id()\fR +but leaves ownership of \fI*pid\fR and \fI*pname\fR with the caller, +who is responsible for freeing them unless the function returns 0. .PP -\&\fBOCSP_check_validity()\fR checks the validity of \fBthisupd\fR and \fBnextupd\fR values -which will be typically obtained from \fBOCSP_resp_find_status()\fR or -\&\fBOCSP_single_get0_status()\fR. If \fBsec\fR is nonzero it indicates how many seconds -leeway should be allowed in the check. If \fBmaxsec\fR is positive it indicates -the maximum age of \fBthisupd\fR in seconds. +\&\fBOCSP_check_validity()\fR checks the validity of its \fIthisupd\fR and \fInextupd\fR +arguments, which will be typically obtained from \fBOCSP_resp_find_status()\fR or +\&\fBOCSP_single_get0_status()\fR. If \fIsec\fR is nonzero it indicates how many seconds +leeway should be allowed in the check. If \fImaxsec\fR is positive it indicates +the maximum age of \fIthisupd\fR in seconds. .PP -\&\fBOCSP_basic_verify()\fR checks that the basic response message \fBbs\fR is correctly -signed and that the signer certificate can be validated. It takes \fBst\fR as -the trusted store and \fBcerts\fR as a set of untrusted intermediate certificates. +\&\fBOCSP_basic_verify()\fR checks that the basic response message \fIbs\fR is correctly +signed and that the signer certificate can be validated. It takes \fIst\fR as +the trusted store and \fIcerts\fR as a set of untrusted intermediate certificates. The function first tries to find the signer certificate of the response -in <certs>. It also searches the certificates the responder may have included -in \fBbs\fR unless the \fBflags\fR contain \fB\s-1OCSP_NOINTERN\s0\fR. +in \fIcerts\fR. It then searches the certificates the responder may have included +in \fIbs\fR unless \fIflags\fR contains \fB\s-1OCSP_NOINTERN\s0\fR. It fails if the signer certificate cannot be found. -Next, the function checks the signature of \fBbs\fR and fails on error -unless the \fBflags\fR contain \fB\s-1OCSP_NOSIGS\s0\fR. Then the function already returns -success if the \fBflags\fR contain \fB\s-1OCSP_NOVERIFY\s0\fR or if the signer certificate -was found in \fBcerts\fR and the \fBflags\fR contain \fB\s-1OCSP_TRUSTOTHER\s0\fR. +Next, unless \fIflags\fR contains \fB\s-1OCSP_NOSIGS\s0\fR, the function checks +the signature of \fIbs\fR and fails on error. Then the function already returns +success if \fIflags\fR contains \fB\s-1OCSP_NOVERIFY\s0\fR or if the signer certificate +was found in \fIcerts\fR and \fIflags\fR contains \fB\s-1OCSP_TRUSTOTHER\s0\fR. Otherwise the function continues by validating the signer certificate. -To this end, all certificates in \fBcert\fR and in \fBbs\fR are considered as -untrusted certificates for the construction of the validation path for the -signer certificate unless the \fB\s-1OCSP_NOCHAIN\s0\fR flag is set. After successful path +If \fIflags\fR contains \fB\s-1OCSP_PARTIAL_CHAIN\s0\fR it takes intermediate \s-1CA\s0 +certificates in \fIst\fR as trust anchors. +For more details, see the description of \fBX509_V_FLAG_PARTIAL_CHAIN\fR +in \*(L"\s-1VERIFICATION FLAGS\*(R"\s0 in \fBX509_VERIFY_PARAM_set_flags\fR\|(3). +If \fIflags\fR contains \fB\s-1OCSP_NOCHAIN\s0\fR it ignores all certificates in \fIcerts\fR +and in \fIbs\fR, else it takes them as untrusted intermediate \s-1CA\s0 certificates +and uses them for constructing the validation path for the signer certificate. +Certificate revocation status checks using CRLs is disabled during path validation +if the signer certificate contains the \fBid-pkix-ocsp-no-check\fR extension. +After successful path validation the function returns success if the \fB\s-1OCSP_NOCHECKS\s0\fR flag is set. Otherwise it verifies that the signer certificate meets the \s-1OCSP\s0 issuer criteria including potential delegation. If this does not succeed and the -\&\fBflags\fR do not contain \fB\s-1OCSP_NOEXPLICIT\s0\fR the function checks for explicit +\&\fB\s-1OCSP_NOEXPLICIT\s0\fR flag is not set the function checks for explicit trust for \s-1OCSP\s0 signing in the root \s-1CA\s0 certificate. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBOCSP_resp_find_status()\fR returns 1 if \fBid\fR is found in \fBbs\fR and 0 otherwise. +\&\fBOCSP_resp_find_status()\fR returns 1 if \fIid\fR is found in \fIbs\fR and 0 otherwise. .PP -\&\fBOCSP_resp_count()\fR returns the total number of \fB\s-1OCSP_SINGLERESP\s0\fR fields in -\&\fBbs\fR. +\&\fBOCSP_resp_count()\fR returns the total number of \fB\s-1OCSP_SINGLERESP\s0\fR fields in \fIbs\fR +or \-1 on error. .PP \&\fBOCSP_resp_get0()\fR returns a pointer to an \fB\s-1OCSP_SINGLERESP\s0\fR structure or -\&\fB\s-1NULL\s0\fR if \fBidx\fR is out of range. +\&\s-1NULL\s0 on error, such as \fIidx\fR being out of range. .PP -\&\fBOCSP_resp_find()\fR returns the index of \fBid\fR in \fBbs\fR (which may be 0) or \-1 if -\&\fBid\fR was not found. +\&\fBOCSP_resp_find()\fR returns the index of \fIid\fR in \fIbs\fR (which may be 0) +or \-1 on error, such as when \fIid\fR was not found. .PP -\&\fBOCSP_single_get0_status()\fR returns the status of \fBsingle\fR or \-1 if an error +\&\fBOCSP_single_get0_status()\fR returns the status of \fIsingle\fR or \-1 if an error occurred. .PP +\&\fBOCSP_resp_get0_produced_at()\fR returns the \fBproducedAt\fR field from \fIbs\fR. +.PP +\&\fBOCSP_resp_get0_signature()\fR returns the signature from \fIbs\fR. +.PP +\&\fBOCSP_resp_get0_tbs_sigalg()\fR returns the \fBsignatureAlgorithm\fR field from \fIbs\fR. +.PP +\&\fBOCSP_resp_get0_respdata()\fR returns the \fBtbsResponseData\fR field from \fIbs\fR. +.PP +\&\fBOCSP_resp_get0_certs()\fR returns any certificates included in \fIbs\fR. +.PP \&\fBOCSP_resp_get0_signer()\fR returns 1 if the signing certificate was located, -or 0 on error. +or 0 if not found or on error. +.PP +\&\fBOCSP_resp_get0_id()\fR and \fBOCSP_resp_get1_id()\fR return 1 on success, 0 on failure. +.PP +\&\fBOCSP_check_validity()\fR returns 1 if \fIthisupd\fR and \fInextupd\fR are valid time +values and the current time + \fIsec\fR is not before \fIthisupd\fR and, +if \fImaxsec\fR >= 0, the current time \- \fImaxsec\fR is not past \fInextupd\fR. +Otherwise it returns 0 to indicate an error. .PP -\&\fBOCSP_basic_verify()\fR returns 1 on success, 0 on error, or \-1 on fatal error such -as malloc failure. +\&\fBOCSP_basic_verify()\fR returns 1 on success, 0 on verification not successful, +or \-1 on a fatal error such as malloc failure. .SH "NOTES" .IX Header "NOTES" Applications will typically call \fBOCSP_resp_find_status()\fR using the certificate @@ -291,15 +320,15 @@ can then take appropriate action based on the status of the certificate. .PP An \s-1OCSP\s0 response for a certificate contains \fBthisUpdate\fR and \fBnextUpdate\fR fields. Normally the current time should be between these two values. To -account for clock skew the \fBmaxsec\fR field can be set to nonzero in +account for clock skew the \fImaxsec\fR field can be set to nonzero in \&\fBOCSP_check_validity()\fR. Some responders do not set the \fBnextUpdate\fR field, this would otherwise mean an ancient response would be considered valid: the -\&\fBmaxsec\fR parameter to \fBOCSP_check_validity()\fR can be used to limit the permitted +\&\fImaxsec\fR parameter to \fBOCSP_check_validity()\fR can be used to limit the permitted age of responses. .PP -The values written to \fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR by +The values written to \fI*revtime\fR, \fI*thisupd\fR and \fI*nextupd\fR by \&\fBOCSP_resp_find_status()\fR and \fBOCSP_single_get0_status()\fR are internal pointers -which \fB\s-1MUST NOT\s0\fR be freed up by the calling application. Any or all of these +which \s-1MUST NOT\s0 be freed up by the calling application. Any or all of these parameters can be set to \s-1NULL\s0 if their value is not required. .SH "SEE ALSO" .IX Header "SEE ALSO" @@ -308,12 +337,13 @@ parameters can be set to \s-1NULL\s0 if their value is not required. \&\fBOCSP_request_add1_nonce\fR\|(3), \&\fBOCSP_REQUEST_new\fR\|(3), \&\fBOCSP_response_status\fR\|(3), -\&\fBOCSP_sendreq_new\fR\|(3) +\&\fBOCSP_sendreq_new\fR\|(3), +\&\fBX509_VERIFY_PARAM_set_flags\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OCSP_response_status.3 b/secure/lib/libcrypto/man/man3/OCSP_response_status.3 index a0f5ae01d175..231c85ab8e37 100644 --- a/secure/lib/libcrypto/man/man3/OCSP_response_status.3 +++ b/secure/lib/libcrypto/man/man3/OCSP_response_status.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,18 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "OCSP_RESPONSE_STATUS 3" -.TH OCSP_RESPONSE_STATUS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "OCSP_RESPONSE_STATUS 3ossl" +.TH OCSP_RESPONSE_STATUS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create, OCSP_RESPONSE_free, OCSP_RESPID_set_by_name, OCSP_RESPID_set_by_key, OCSP_RESPID_match, OCSP_basic_sign, OCSP_basic_sign_ctx \- OCSP response functions +OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create, +OCSP_RESPONSE_free, OCSP_RESPID_set_by_name, +OCSP_RESPID_set_by_key_ex, OCSP_RESPID_set_by_key, OCSP_RESPID_match_ex, +OCSP_RESPID_match, OCSP_basic_sign, OCSP_basic_sign_ctx +\&\- OCSP response functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -151,7 +153,11 @@ OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create, OCSP_RESPO \& void OCSP_RESPONSE_free(OCSP_RESPONSE *resp); \& \& int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert); +\& int OCSP_RESPID_set_by_key_ex(OCSP_RESPID *respid, X509 *cert, +\& OSSL_LIB_CTX *libctx, const char *propq); \& int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert); +\& int OCSP_RESPID_match_ex(OCSP_RESPID *respid, X509 *cert, OSSL_LIB_CTX *libctx, +\& const char *propq); \& int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert); \& \& int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, @@ -162,48 +168,59 @@ OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create, OCSP_RESPO .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBOCSP_response_status()\fR returns the \s-1OCSP\s0 response status of \fBresp\fR. It returns -one of the values: \fB\s-1OCSP_RESPONSE_STATUS_SUCCESSFUL\s0\fR, -\&\fB\s-1OCSP_RESPONSE_STATUS_MALFORMEDREQUEST\s0\fR, -\&\fB\s-1OCSP_RESPONSE_STATUS_INTERNALERROR\s0\fR, \fB\s-1OCSP_RESPONSE_STATUS_TRYLATER\s0\fR -\&\fB\s-1OCSP_RESPONSE_STATUS_SIGREQUIRED\s0\fR, or \fB\s-1OCSP_RESPONSE_STATUS_UNAUTHORIZED\s0\fR. +\&\fBOCSP_response_status()\fR returns the \s-1OCSP\s0 response status of \fIresp\fR. It returns +one of the values: \fI\s-1OCSP_RESPONSE_STATUS_SUCCESSFUL\s0\fR, +\&\fI\s-1OCSP_RESPONSE_STATUS_MALFORMEDREQUEST\s0\fR, +\&\fI\s-1OCSP_RESPONSE_STATUS_INTERNALERROR\s0\fR, \fI\s-1OCSP_RESPONSE_STATUS_TRYLATER\s0\fR +\&\fI\s-1OCSP_RESPONSE_STATUS_SIGREQUIRED\s0\fR, or \fI\s-1OCSP_RESPONSE_STATUS_UNAUTHORIZED\s0\fR. .PP -\&\fBOCSP_response_get1_basic()\fR decodes and returns the \fB\s-1OCSP_BASICRESP\s0\fR structure -contained in \fBresp\fR. +\&\fBOCSP_response_get1_basic()\fR decodes and returns the \fI\s-1OCSP_BASICRESP\s0\fR structure +contained in \fIresp\fR. .PP -\&\fBOCSP_response_create()\fR creates and returns an \fB\s-1OCSP_RESPONSE\s0\fR structure for -\&\fBstatus\fR and optionally including basic response \fBbs\fR. +\&\fBOCSP_response_create()\fR creates and returns an \fI\s-1OCSP_RESPONSE\s0\fR structure for +\&\fIstatus\fR and optionally including basic response \fIbs\fR. .PP -\&\fBOCSP_RESPONSE_free()\fR frees up \s-1OCSP\s0 response \fBresp\fR. +\&\fBOCSP_RESPONSE_free()\fR frees up \s-1OCSP\s0 response \fIresp\fR. .PP \&\fBOCSP_RESPID_set_by_name()\fR sets the name of the \s-1OCSP_RESPID\s0 to be the same as the -subject name in the supplied X509 certificate \fBcert\fR for the \s-1OCSP\s0 responder. +subject name in the supplied X509 certificate \fIcert\fR for the \s-1OCSP\s0 responder. +.PP +\&\fBOCSP_RESPID_set_by_key_ex()\fR sets the key of the \s-1OCSP_RESPID\s0 to be the same as the +key in the supplied X509 certificate \fIcert\fR for the \s-1OCSP\s0 responder. The key is +stored as a \s-1SHA1\s0 hash. To calculate the hash the \s-1SHA1\s0 algorithm is fetched using +the library ctx \fIlibctx\fR and the property query string \fIpropq\fR (see +\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further information). .PP -\&\fBOCSP_RESPID_set_by_key()\fR sets the key of the \s-1OCSP_RESPID\s0 to be the same as the -key in the supplied X509 certificate \fBcert\fR for the \s-1OCSP\s0 responder. The key is -stored as a \s-1SHA1\s0 hash. +\&\fBOCSP_RESPID_set_by_key()\fR does the same as \fBOCSP_RESPID_set_by_key_ex()\fR except +that the default library context is used with an empty property query string. .PP Note that an \s-1OCSP_RESPID\s0 can only have one of the name, or the key set. Calling \&\fBOCSP_RESPID_set_by_name()\fR or \fBOCSP_RESPID_set_by_key()\fR will clear any existing setting. .PP -\&\fBOCSP_RESPID_match()\fR tests whether the \s-1OCSP_RESPID\s0 given in \fBrespid\fR matches -with the X509 certificate \fBcert\fR. +\&\fBOCSP_RESPID_match_ex()\fR tests whether the \s-1OCSP_RESPID\s0 given in \fIrespid\fR matches +with the X509 certificate \fIcert\fR based on the \s-1SHA1\s0 hash. To calculate the hash +the \s-1SHA1\s0 algorithm is fetched using the library ctx \fIlibctx\fR and the property +query string \fIpropq\fR (see \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further +information). +.PP +\&\fBOCSP_RESPID_match()\fR does the same as \fBOCSP_RESPID_match_ex()\fR except that the +default library context is used with an empty property query string. .PP -\&\fBOCSP_basic_sign()\fR signs \s-1OCSP\s0 response \fBbrsp\fR using certificate \fBsigner\fR, private key -\&\fBkey\fR, digest \fBdgst\fR and additional certificates \fBcerts\fR. If the \fBflags\fR option -\&\fB\s-1OCSP_NOCERTS\s0\fR is set then no certificates will be included in the response. If the -\&\fBflags\fR option \fB\s-1OCSP_RESPID_KEY\s0\fR is set then the responder is identified by key \s-1ID\s0 -rather than by name. \fBOCSP_basic_sign_ctx()\fR also signs \s-1OCSP\s0 response \fBbrsp\fR but -uses the parameters contained in digest context \fBctx\fR. +\&\fBOCSP_basic_sign()\fR signs \s-1OCSP\s0 response \fIbrsp\fR using certificate \fIsigner\fR, private key +\&\fIkey\fR, digest \fIdgst\fR and additional certificates \fIcerts\fR. If the \fIflags\fR option +\&\fI\s-1OCSP_NOCERTS\s0\fR is set then no certificates will be included in the response. If the +\&\fIflags\fR option \fI\s-1OCSP_RESPID_KEY\s0\fR is set then the responder is identified by key \s-1ID\s0 +rather than by name. \fBOCSP_basic_sign_ctx()\fR also signs \s-1OCSP\s0 response \fIbrsp\fR but +uses the parameters contained in digest context \fIctx\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBOCSP_RESPONSE_status()\fR returns a status value. .PP -\&\fBOCSP_response_get1_basic()\fR returns an \fB\s-1OCSP_BASICRESP\s0\fR structure pointer or -\&\fB\s-1NULL\s0\fR if an error occurred. +\&\fBOCSP_response_get1_basic()\fR returns an \fI\s-1OCSP_BASICRESP\s0\fR structure pointer or +\&\fI\s-1NULL\s0\fR if an error occurred. .PP -\&\fBOCSP_response_create()\fR returns an \fB\s-1OCSP_RESPONSE\s0\fR structure pointer or \fB\s-1NULL\s0\fR +\&\fBOCSP_response_create()\fR returns an \fI\s-1OCSP_RESPONSE\s0\fR structure pointer or \fI\s-1NULL\s0\fR if an error occurred. .PP \&\fBOCSP_RESPONSE_free()\fR does not return a value. @@ -217,7 +234,7 @@ or 0 otherwise. .SH "NOTES" .IX Header "NOTES" \&\fBOCSP_response_get1_basic()\fR is only called if the status of a response is -\&\fB\s-1OCSP_RESPONSE_STATUS_SUCCESSFUL\s0\fR. +\&\fI\s-1OCSP_RESPONSE_STATUS_SUCCESSFUL\s0\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7) @@ -236,9 +253,9 @@ functions were added in OpenSSL 1.1.0a. The \fBOCSP_basic_sign_ctx()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OCSP_sendreq_new.3 b/secure/lib/libcrypto/man/man3/OCSP_sendreq_new.3 index ab6b315b739b..8d8a42d3f8ce 100644 --- a/secure/lib/libcrypto/man/man3/OCSP_sendreq_new.3 +++ b/secure/lib/libcrypto/man/man3/OCSP_sendreq_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,135 +130,131 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "OCSP_SENDREQ_NEW 3" -.TH OCSP_SENDREQ_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "OCSP_SENDREQ_NEW 3ossl" +.TH OCSP_SENDREQ_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free, OCSP_set_max_response_length, OCSP_REQ_CTX_add1_header, OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio, OCSP_REQ_CTX_i2d \&\- OCSP responder query functions +OCSP_REQ_CTX, +OCSP_sendreq_new, +OCSP_sendreq_nbio, +OCSP_sendreq_bio, +OCSP_REQ_CTX_i2d, +OCSP_REQ_CTX_add1_header, +OCSP_REQ_CTX_free, +OCSP_set_max_response_length, +OCSP_REQ_CTX_set1_req +\&\- OCSP responder query functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ocsp.h> \& -\& OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, -\& int maxline); -\& -\& int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); -\& -\& void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); -\& -\& void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len); -\& -\& int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, -\& const char *name, const char *value); -\& -\& int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); -\& +\& OSSL_HTTP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, +\& const OCSP_REQUEST *req, int buf_size); \& OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req); -\& -\& int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const char *content_type, -\& const ASN1_ITEM *it, ASN1_VALUE *req); +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 8 +\& typedef OSSL_HTTP_REQ_CTX OCSP_REQ_CTX; +\& int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OSSL_HTTP_REQ_CTX *rctx); +\& int OCSP_REQ_CTX_i2d(OCSP_REQ_CT *rctx, const ASN1_ITEM *it, ASN1_VALUE *req); +\& int OCSP_REQ_CTX_add1_header(OCSP_REQ_CT *rctx, +\& const char *name, const char *value); +\& void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); +\& void OCSP_set_max_response_length(OCSP_REQ_CT *rctx, unsigned long len); +\& int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fBOCSP_sendreq_new()\fR returns an \fB\s-1OCSP_CTX\s0\fR structure using the -responder \fBio\fR, the \s-1URL\s0 path \fBpath\fR, the \s-1OCSP\s0 request \fBreq\fR and with a -response header maximum line length of \fBmaxline\fR. If \fBmaxline\fR is zero a -default value of 4k is used. The \s-1OCSP\s0 request \fBreq\fR may be set to \fB\s-1NULL\s0\fR -and provided later if required. +These functions perform an \s-1OCSP POST\s0 request / response transfer over \s-1HTTP,\s0 +using the \s-1HTTP\s0 request functions described in \s-1\fBOSSL_HTTP_REQ_CTX\s0\fR\|(3). .PP -\&\fBOCSP_sendreq_nbio()\fR performs nonblocking I/O on the \s-1OCSP\s0 request context -\&\fBrctx\fR. When the operation is complete it returns the response in \fB*presp\fR. +The function \fBOCSP_sendreq_new()\fR builds a complete \fB\s-1OSSL_HTTP_REQ_CTX\s0\fR structure +with the \fB\s-1BIO\s0\fR \fIio\fR to be used for requests and response, the \s-1URL\s0 path \fIpath\fR, +optionally the \s-1OCSP\s0 request \fIreq\fR, and a response header maximum line length +of \fIbuf_size\fR. If \fIbuf_size\fR is zero a default value of 4KiB is used. +The \fIreq\fR may be set to \s-1NULL\s0 and provided later using \fBOCSP_REQ_CTX_set1_req()\fR +or \fBOSSL_HTTP_REQ_CTX_set1_req\fR\|(3). +The \fIio\fR and \fIpath\fR arguments to \fBOCSP_sendreq_new()\fR correspond to the +components of the \s-1URL.\s0 +For example if the responder \s-1URL\s0 is \f(CW\*(C`http://example.com/ocspreq\*(C'\fR the \s-1BIO\s0 +\&\fIio\fR should haven been connected to host \f(CW\*(C`example.com\*(C'\fR on port 80 and \fIpath\fR +should be set to \f(CW\*(C`/ocspreq\*(C'\fR. .PP -\&\fBOCSP_REQ_CTX_free()\fR frees up the \s-1OCSP\s0 context \fBrctx\fR. +\&\fBOCSP_sendreq_nbio()\fR attempts to send the request prepared in \fIrctx\fR +and to gather the response via \s-1HTTP,\s0 using the \s-1BIO\s0 \fIio\fR and \fIpath\fR +that were given when calling \fBOCSP_sendreq_new()\fR. +If the operation gets completed it assigns the response, +a pointer to a \fB\s-1OCSP_RESPONSE\s0\fR structure, in \fI*presp\fR. +The function may need to be called again if its result is \-1, which indicates +\&\fBBIO_should_retry\fR\|(3). In such a case it is advisable to sleep a little in +between, using \fBBIO_wait\fR\|(3) on the read \s-1BIO\s0 to prevent a busy loop. .PP -\&\fBOCSP_set_max_response_length()\fR sets the maximum response length for \fBrctx\fR -to \fBlen\fR. If the response exceeds this length an error occurs. If not -set a default value of 100k is used. +\&\fBOCSP_sendreq_bio()\fR combines \fBOCSP_sendreq_new()\fR with as many calls of +\&\fBOCSP_sendreq_nbio()\fR as needed and then \fBOCSP_REQ_CTX_free()\fR, with a +response header maximum line length 4k. It waits indefinitely on a response. +It does not support setting a timeout or adding headers and is retained +for compatibility; use \fBOSSL_HTTP_transfer\fR\|(3) instead. .PP -\&\fBOCSP_REQ_CTX_add1_header()\fR adds header \fBname\fR with value \fBvalue\fR to the -context \fBrctx\fR. It can be called more than once to add multiple headers. -It \fB\s-1MUST\s0\fR be called before any calls to \fBOCSP_sendreq_nbio()\fR. The \fBreq\fR -parameter in the initial to \fBOCSP_sendreq_new()\fR call \s-1MUST\s0 be set to \fB\s-1NULL\s0\fR if -additional headers are set. +OCSP_REQ_CTX_i2d(rctx, it, req) is equivalent to the following: +.PP +.Vb 1 +\& OSSL_HTTP_REQ_CTX_set1_req(rctx, "application/ocsp\-request", it, req) +.Ve .PP -\&\fBOCSP_REQ_CTX_set1_req()\fR sets the \s-1OCSP\s0 request in \fBrctx\fR to \fBreq\fR. This -function should be called after any calls to \fBOCSP_REQ_CTX_add1_header()\fR. OCSP_REQ_CTX_set1_req(rctx, req) is equivalent to the following: .PP -.Vb 2 -\& OCSP_REQ_CTX_i2d(rctx, "application/ocsp\-request", -\& ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)req) +.Vb 3 +\& OSSL_HTTP_REQ_CTX_set1_req(rctx, "application/ocsp\-request", +\& ASN1_ITEM_rptr(OCSP_REQUEST), +\& (const ASN1_VALUE *)req) .Ve .PP -\&\fBOCSP_REQ_CTX_i2d()\fR sets the request context \fBrctx\fR to have the request -\&\fBreq\fR, which has the \s-1ASN.1\s0 type \fBit\fR. -The \fBcontent_type\fR, if not \s-1NULL,\s0 will be included in the \s-1HTTP\s0 request. -The function should be called after all other headers have already been added. -.PP -\&\fBOCSP_sendreq_bio()\fR performs an \s-1OCSP\s0 request using the responder \fBio\fR, the \s-1URL\s0 -path \fBpath\fR, and the \s-1OCSP\s0 request \fBreq\fR with a response header maximum line -length 4k. It waits indefinitely on a response. +The deprecated type and the remaining deprecated functions +have been superseded by the following equivalents: +\&\fB\s-1OCSP_REQ_CTX\s0\fR by \s-1\fBOSSL_HTTP_REQ_CTX\s0\fR\|(3), +\&\fBOCSP_REQ_CTX_add1_header()\fR by \fBOSSL_HTTP_REQ_CTX_add1_header\fR\|(3), +\&\fBOCSP_REQ_CTX_free()\fR by \fBOSSL_HTTP_REQ_CTX_free\fR\|(3), and +\&\fBOCSP_set_max_response_length()\fR by +\&\fBOSSL_HTTP_REQ_CTX_set_max_response_length\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBOCSP_sendreq_new()\fR returns a valid \fB\s-1OCSP_REQ_CTX\s0\fR structure or \fB\s-1NULL\s0\fR if -an error occurred. +\&\fBOCSP_sendreq_new()\fR returns a valid \fB\s-1OSSL_HTTP_REQ_CTX\s0\fR structure or \s-1NULL\s0 +if an error occurred. .PP -\&\fBOCSP_sendreq_nbio()\fR returns \fB1\fR if the operation was completed successfully, -\&\fB\-1\fR if the operation should be retried and \fB0\fR if an error occurred. -.PP -\&\fBOCSP_REQ_CTX_add1_header()\fR, \fBOCSP_REQ_CTX_set1_req()\fR, and \fBOCSP_REQ_CTX_i2d()\fR -return \fB1\fR for success and \fB0\fR for failure. +\&\fBOCSP_sendreq_nbio()\fR returns 1 for success, 0 on error, \-1 if retry is needed. .PP \&\fBOCSP_sendreq_bio()\fR returns the \fB\s-1OCSP_RESPONSE\s0\fR structure sent by the -responder or \fB\s-1NULL\s0\fR if an error occurred. -.PP -\&\fBOCSP_REQ_CTX_free()\fR and \fBOCSP_set_max_response_length()\fR do not return values. -.SH "NOTES" -.IX Header "NOTES" -These functions only perform a minimal \s-1HTTP\s0 query to a responder. If an -application wishes to support more advanced features it should use an -alternative more complete \s-1HTTP\s0 library. -.PP -Currently only \s-1HTTP POST\s0 queries to responders are supported. -.PP -The arguments to \fBOCSP_sendreq_new()\fR correspond to the components of the \s-1URL.\s0 -For example if the responder \s-1URL\s0 is \fBhttp://ocsp.com/ocspreq\fR the \s-1BIO\s0 -\&\fBio\fR should be connected to host \fBocsp.com\fR on port 80 and \fBpath\fR -should be set to \fB\*(L"/ocspreq\*(R"\fR -.PP -The headers added with \fBOCSP_REQ_CTX_add1_header()\fR are of the form -"\fBname\fR: \fBvalue\fR\*(L" or just \*(R"\fBname\fR" if \fBvalue\fR is \fB\s-1NULL\s0\fR. So to add -a Host header for \fBocsp.com\fR you would call: -.PP -.Vb 1 -\& OCSP_REQ_CTX_add1_header(ctx, "Host", "ocsp.com"); -.Ve -.PP -If \fBOCSP_sendreq_nbio()\fR indicates an operation should be retried the -corresponding \s-1BIO\s0 can be examined to determine which operation (read or -write) should be retried and appropriate action taken (for example a \fBselect()\fR -call on the underlying socket). -.PP -\&\fBOCSP_sendreq_bio()\fR does not support retries and so cannot handle nonblocking -I/O efficiently. It is retained for compatibility and its use in new -applications is not recommended. +responder or \s-1NULL\s0 if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBcrypto\fR\|(7), +\&\s-1\fBOSSL_HTTP_REQ_CTX\s0\fR\|(3), \fBOSSL_HTTP_transfer\fR\|(3), \&\fBOCSP_cert_to_id\fR\|(3), \&\fBOCSP_request_add1_nonce\fR\|(3), \&\fBOCSP_REQUEST_new\fR\|(3), \&\fBOCSP_resp_find_status\fR\|(3), \&\fBOCSP_response_status\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fB\s-1OCSP_REQ_CTX\s0\fR, +\&\fBOCSP_REQ_CTX_i2d()\fR, +\&\fBOCSP_REQ_CTX_add1_header()\fR, +\&\fBOCSP_REQ_CTX_free()\fR, +\&\fBOCSP_set_max_response_length()\fR, +and \fBOCSP_REQ_CTX_set1_req()\fR +were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_Applink.3 b/secure/lib/libcrypto/man/man3/OPENSSL_Applink.3 index 335b1047cb89..e35c12145522 100644 --- a/secure/lib/libcrypto/man/man3/OPENSSL_Applink.3 +++ b/secure/lib/libcrypto/man/man3/OPENSSL_Applink.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "OPENSSL_APPLINK 3" -.TH OPENSSL_APPLINK 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "OPENSSL_APPLINK 3ossl" +.TH OPENSSL_APPLINK 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -162,7 +160,7 @@ Not available. .IX Header "COPYRIGHT" Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_FILE.3 b/secure/lib/libcrypto/man/man3/OPENSSL_FILE.3 new file mode 100644 index 000000000000..c657b8fb23a8 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OPENSSL_FILE.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_FILE 3ossl" +.TH OPENSSL_FILE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC, +OPENSSL_MSTR, OPENSSL_MSTR_HELPER +\&\- generic C programming utility macros +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/macros.h> +\& +\& #define OPENSSL_FILE /* typically: _\|_FILE_\|_ */ +\& #define OPENSSL_LINE /* typically: _\|_LINE_\|_ */ +\& #define OPENSSL_FUNC /* typically: _\|_func_\|_ */ +\& +\& #define OPENSSL_MSTR_HELPER(x) #x +\& #define OPENSSL_MSTR(x) OPENSSL_MSTR_HELPER(x) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The macros \fB\s-1OPENSSL_FILE\s0\fR and \fB\s-1OPENSSL_LINE\s0\fR +typically yield the current filename and line number during C compilation. +When \fB\s-1OPENSSL_NO_FILENAMES\s0\fR is defined they yield \fB""\fR and \fB0\fR, respectively. +.PP +The macro \fB\s-1OPENSSL_FUNC\s0\fR attempts to yield the name of the C function +currently being compiled, as far as language and compiler versions allow. +Otherwise, it yields \*(L"(unknown function)\*(R". +.PP +The macro \fB\s-1OPENSSL_MSTR\s0\fR yields the expansion of the macro given as argument, +which is useful for concatenation with string constants. +The macro \fB\s-1OPENSSL_MSTR_HELPER\s0\fR is an auxiliary macro for this purpose. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +see above +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fB\s-1OPENSSL_FUNC\s0\fR, \fB\s-1OPENSSL_MSTR\s0\fR, and \fB\s-1OPENSSL_MSTR_HELPER\s0\fR +were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_LH_COMPFUNC.3 b/secure/lib/libcrypto/man/man3/OPENSSL_LH_COMPFUNC.3 index c18793b882a5..c0f84876956d 100644 --- a/secure/lib/libcrypto/man/man3/OPENSSL_LH_COMPFUNC.3 +++ b/secure/lib/libcrypto/man/man3/OPENSSL_LH_COMPFUNC.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,24 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "OPENSSL_LH_COMPFUNC 3" -.TH OPENSSL_LH_COMPFUNC 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "OPENSSL_LH_COMPFUNC 3ossl" +.TH OPENSSL_LH_COMPFUNC 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -LHASH, DECLARE_LHASH_OF, OPENSSL_LH_COMPFUNC, OPENSSL_LH_HASHFUNC, OPENSSL_LH_DOALL_FUNC, LHASH_DOALL_ARG_FN_TYPE, IMPLEMENT_LHASH_HASH_FN, IMPLEMENT_LHASH_COMP_FN, lh_TYPE_new, lh_TYPE_free, lh_TYPE_insert, lh_TYPE_delete, lh_TYPE_retrieve, lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_error \- dynamic hash table +LHASH, DECLARE_LHASH_OF, +OPENSSL_LH_COMPFUNC, OPENSSL_LH_HASHFUNC, OPENSSL_LH_DOALL_FUNC, +LHASH_DOALL_ARG_FN_TYPE, +IMPLEMENT_LHASH_HASH_FN, IMPLEMENT_LHASH_COMP_FN, +lh_TYPE_new, lh_TYPE_free, lh_TYPE_flush, +lh_TYPE_insert, lh_TYPE_delete, lh_TYPE_retrieve, +lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_error, +OPENSSL_LH_new, OPENSSL_LH_free, OPENSSL_LH_flush, +OPENSSL_LH_insert, OPENSSL_LH_delete, OPENSSL_LH_retrieve, +OPENSSL_LH_doall, OPENSSL_LH_doall_arg, OPENSSL_LH_error +\&\- dynamic hash table .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -147,12 +155,13 @@ LHASH, DECLARE_LHASH_OF, OPENSSL_LH_COMPFUNC, OPENSSL_LH_HASHFUNC, OPENSSL_LH_DO \& \& DECLARE_LHASH_OF(TYPE); \& -\& LHASH *lh_TYPE_new(OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC compare); +\& LHASH_OF(TYPE) *lh_TYPE_new(OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC compare); \& void lh_TYPE_free(LHASH_OF(TYPE) *table); +\& void lh_TYPE_flush(LHASH_OF(TYPE) *table); \& \& TYPE *lh_TYPE_insert(LHASH_OF(TYPE) *table, TYPE *data); \& TYPE *lh_TYPE_delete(LHASH_OF(TYPE) *table, TYPE *data); -\& TYPE *lh_retrieve(LHASH_OF(TYPE) *table, TYPE *data); +\& TYPE *lh_TYPE_retrieve(LHASH_OF(TYPE) *table, TYPE *data); \& \& void lh_TYPE_doall(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNC func); \& void lh_TYPE_doall_arg(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNCARG func, @@ -164,30 +173,43 @@ LHASH, DECLARE_LHASH_OF, OPENSSL_LH_COMPFUNC, OPENSSL_LH_HASHFUNC, OPENSSL_LH_DO \& typedef unsigned long (*OPENSSL_LH_HASHFUNC)(const void *); \& typedef void (*OPENSSL_LH_DOALL_FUNC)(const void *); \& typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, const void *); +\& +\& OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c); +\& void OPENSSL_LH_free(OPENSSL_LHASH *lh); +\& void OPENSSL_LH_flush(OPENSSL_LHASH *lh); +\& +\& void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data); +\& void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data); +\& void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data); +\& +\& void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func); +\& void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg); +\& +\& int OPENSSL_LH_error(OPENSSL_LHASH *lh); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" This library implements type-checked dynamic hash tables. The hash table entries can be arbitrary structures. Usually they consist of key -and value fields. In the description here, \fI\s-1TYPE\s0\fR is used a placeholder +and value fields. In the description here, \fB\f(BI\s-1TYPE\s0\fB\fR is used a placeholder for any of the OpenSSL datatypes, such as \fI\s-1SSL_SESSION\s0\fR. .PP -\&\fBlh_TYPE_new()\fR creates a new \fB\s-1LHASH_OF\s0(\s-1TYPE\s0)\fR structure to store +\&\fBlh_\f(BI\s-1TYPE\s0\fB_new\fR() creates a new \fB\s-1LHASH_OF\s0\fR(\fB\f(BI\s-1TYPE\s0\fB\fR) structure to store arbitrary data entries, and specifies the 'hash' and 'compare' -callbacks to be used in organising the table's entries. The \fBhash\fR +callbacks to be used in organising the table's entries. The \fIhash\fR callback takes a pointer to a table entry as its argument and returns an unsigned long hash value for its key field. The hash value is normally truncated to a power of 2, so make sure that your hash -function returns well mixed low order bits. The \fBcompare\fR callback +function returns well mixed low order bits. The \fIcompare\fR callback takes two arguments (pointers to two hash table entries), and returns 0 if their keys are equal, nonzero otherwise. .PP If your hash table -will contain items of some particular type and the \fBhash\fR and -\&\fBcompare\fR callbacks hash/compare these types, then the +will contain items of some particular type and the \fIhash\fR and +\&\fIcompare\fR callbacks hash/compare these types, then the \&\fB\s-1IMPLEMENT_LHASH_HASH_FN\s0\fR and \fB\s-1IMPLEMENT_LHASH_COMP_FN\s0\fR macros can be used to create callback wrappers of the prototypes required by -\&\fBlh_TYPE_new()\fR as shown in this example: +\&\fBlh_\f(BI\s-1TYPE\s0\fB_new\fR() as shown in this example: .PP .Vb 11 \& /* @@ -217,32 +239,37 @@ can be used in a common header file to declare the function wrappers: \& DECLARE_LHASH_COMP_FN(stuff, TYPE) .Ve .PP -Then a hash table of \s-1TYPE\s0 objects can be created using this: +Then a hash table of \fB\f(BI\s-1TYPE\s0\fB\fR objects can be created using this: .PP .Vb 1 \& LHASH_OF(TYPE) *htable; \& -\& htable = lh_TYPE_new(LHASH_HASH_FN(stuff), LHASH_COMP_FN(stuff)); +\& htable = B<lh_I<TYPE>_new>(LHASH_HASH_FN(stuff), LHASH_COMP_FN(stuff)); .Ve .PP -\&\fBlh_TYPE_free()\fR frees the \fB\s-1LHASH_OF\s0(\s-1TYPE\s0)\fR structure -\&\fBtable\fR. Allocated hash table entries will not be freed; consider -using \fBlh_TYPE_doall()\fR to deallocate any remaining entries in the +\&\fBlh_\f(BI\s-1TYPE\s0\fB_free\fR() frees the \fB\s-1LHASH_OF\s0\fR(\fB\f(BI\s-1TYPE\s0\fB\fR) structure +\&\fItable\fR. Allocated hash table entries will not be freed; consider +using \fBlh_\f(BI\s-1TYPE\s0\fB_doall\fR() to deallocate any remaining entries in the hash table (see below). .PP -\&\fBlh_TYPE_insert()\fR inserts the structure pointed to by \fBdata\fR into -\&\fBtable\fR. If there already is an entry with the same key, the old -value is replaced. Note that \fBlh_TYPE_insert()\fR stores pointers, the +\&\fBlh_\f(BI\s-1TYPE\s0\fB_flush\fR() empties the \fB\s-1LHASH_OF\s0\fR(\fB\f(BI\s-1TYPE\s0\fB\fR) structure \fItable\fR. New +entries can be added to the flushed table. Allocated hash table entries +will not be freed; consider using \fBlh_\f(BI\s-1TYPE\s0\fB_doall\fR() to deallocate any +remaining entries in the hash table (see below). +.PP +\&\fBlh_\f(BI\s-1TYPE\s0\fB_insert\fR() inserts the structure pointed to by \fIdata\fR into +\&\fItable\fR. If there already is an entry with the same key, the old +value is replaced. Note that \fBlh_\f(BI\s-1TYPE\s0\fB_insert\fR() stores pointers, the data are not copied. .PP -\&\fBlh_TYPE_delete()\fR deletes an entry from \fBtable\fR. +\&\fBlh_\f(BI\s-1TYPE\s0\fB_delete\fR() deletes an entry from \fItable\fR. .PP -\&\fBlh_TYPE_retrieve()\fR looks up an entry in \fBtable\fR. Normally, \fBdata\fR +\&\fBlh_\f(BI\s-1TYPE\s0\fB_retrieve\fR() looks up an entry in \fItable\fR. Normally, \fIdata\fR is a structure with the key field(s) set; the function will return a pointer to a fully populated structure. .PP -\&\fBlh_TYPE_doall()\fR will, for every entry in the hash table, call -\&\fBfunc\fR with the data item as its parameter. +\&\fBlh_\f(BI\s-1TYPE\s0\fB_doall\fR() will, for every entry in the hash table, call +\&\fIfunc\fR with the data item as its parameter. For example: .PP .Vb 2 @@ -268,9 +295,9 @@ you start (which will stop the hash table ever decreasing in size). The best solution is probably to avoid deleting items from the hash table inside a \*(L"doall\*(R" callback! .PP -\&\fBlh_TYPE_doall_arg()\fR is the same as \fBlh_TYPE_doall()\fR except that -\&\fBfunc\fR will be called with \fBarg\fR as the second argument and \fBfunc\fR -should be of type \fB\s-1LHASH_DOALL_ARG_FN_TYPE\s0\fR (a callback prototype +\&\fBlh_\f(BI\s-1TYPE\s0\fB_doall_arg\fR() is the same as \fBlh_\f(BI\s-1TYPE\s0\fB_doall\fR() except that +\&\fIfunc\fR will be called with \fIarg\fR as the second argument and \fIfunc\fR +should be of type \fB\s-1LHASH_DOALL_ARG_FN\s0\fR(\fB\f(BI\s-1TYPE\s0\fB\fR) (a callback prototype that is passed both the table entry and an extra argument). As with \&\fBlh_doall()\fR, you can instead choose to declare your callback with a prototype matching the types you are dealing with and use the @@ -291,34 +318,51 @@ that is provided by the caller): \& logging_bio); .Ve .PP -\&\fBlh_TYPE_error()\fR can be used to determine if an error occurred in the last +\&\fBlh_\f(BI\s-1TYPE\s0\fB_error\fR() can be used to determine if an error occurred in the last operation. +.PP +\&\fBOPENSSL_LH_new()\fR is the same as the \fBlh_\f(BI\s-1TYPE\s0\fB_new\fR() except that it is not +type specific. So instead of returning an \fB\s-1LHASH_OF\s0(\f(BI\s-1TYPE\s0\fB)\fR value it returns +a \fBvoid *\fR. In the same way the functions \fBOPENSSL_LH_free()\fR, +\&\fBOPENSSL_LH_flush()\fR, \fBOPENSSL_LH_insert()\fR, \fBOPENSSL_LH_delete()\fR, +\&\fBOPENSSL_LH_retrieve()\fR, \fBOPENSSL_LH_doall()\fR, \fBOPENSSL_LH_doall_arg()\fR, and +\&\fBOPENSSL_LH_error()\fR are equivalent to the similarly named \fBlh_\f(BI\s-1TYPE\s0\fB\fR functions +except that they return or use a \fBvoid *\fR where the equivalent \fBlh_\f(BI\s-1TYPE\s0\fB\fR +function returns or uses a \fB\f(BI\s-1TYPE\s0\fB *\fR or \fB\s-1LHASH_OF\s0(\f(BI\s-1TYPE\s0\fB) *\fR. \fBlh_\f(BI\s-1TYPE\s0\fB\fR +functions are implemented as type checked wrappers around the \fB\s-1OPENSSL_LH\s0\fR +functions. Most applications should not call the \fB\s-1OPENSSL_LH\s0\fR functions +directly. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBlh_TYPE_new()\fR returns \fB\s-1NULL\s0\fR on error, otherwise a pointer to the new -\&\fB\s-1LHASH\s0\fR structure. +\&\fBlh_\f(BI\s-1TYPE\s0\fB_new\fR() and \fBOPENSSL_LH_new()\fR return \s-1NULL\s0 on error, otherwise a +pointer to the new \fB\s-1LHASH\s0\fR structure. .PP -When a hash table entry is replaced, \fBlh_TYPE_insert()\fR returns the value -being replaced. \fB\s-1NULL\s0\fR is returned on normal operation and on error. +When a hash table entry is replaced, \fBlh_\f(BI\s-1TYPE\s0\fB_insert\fR() or +\&\fBOPENSSL_LH_insert()\fR return the value being replaced. \s-1NULL\s0 is returned on normal +operation and on error. .PP -\&\fBlh_TYPE_delete()\fR returns the entry being deleted. \fB\s-1NULL\s0\fR is returned if -there is no such value in the hash table. +\&\fBlh_\f(BI\s-1TYPE\s0\fB_delete\fR() and \fBOPENSSL_LH_delete()\fR return the entry being deleted. +\&\s-1NULL\s0 is returned if there is no such value in the hash table. .PP -\&\fBlh_TYPE_retrieve()\fR returns the hash table entry if it has been found, -\&\fB\s-1NULL\s0\fR otherwise. +\&\fBlh_\f(BI\s-1TYPE\s0\fB_retrieve\fR() and \fBOPENSSL_LH_retrieve()\fR return the hash table entry +if it has been found, \s-1NULL\s0 otherwise. .PP -\&\fBlh_TYPE_error()\fR returns 1 if an error occurred in the last operation, 0 -otherwise. It's meaningful only after non-retrieve operations. +\&\fBlh_\f(BI\s-1TYPE\s0\fB_error\fR() and \fBOPENSSL_LH_error()\fR return 1 if an error occurred in +the last operation, 0 otherwise. It's meaningful only after non-retrieve +operations. .PP -\&\fBlh_TYPE_free()\fR, \fBlh_TYPE_doall()\fR and \fBlh_TYPE_doall_arg()\fR return no values. +\&\fBlh_\f(BI\s-1TYPE\s0\fB_free\fR(), \fBOPENSSL_LH_free()\fR, \fBlh_\f(BI\s-1TYPE\s0\fB_flush\fR(), +\&\fBOPENSSL_LH_flush()\fR, \fBlh_\f(BI\s-1TYPE\s0\fB_doall\fR() \fBOPENSSL_LH_doall()\fR, +\&\fBlh_\f(BI\s-1TYPE\s0\fB_doall_arg\fR() and \fBOPENSSL_LH_doall_arg()\fR return no values. .SH "NOTE" .IX Header "NOTE" The \s-1LHASH\s0 code is not thread safe. All updating operations, as well as -lh_TYPE_error call must be performed under a write lock. All retrieve -operations should be performed under a read lock, \fIunless\fR accurate -usage statistics are desired. In which case, a write lock should be used -for retrieve operations as well. For output of the usage statistics, -using the functions from \fBOPENSSL_LH_stats\fR\|(3), a read lock suffices. +\&\fBlh_\f(BI\s-1TYPE\s0\fB_error\fR() or \fBOPENSSL_LH_error()\fR calls must be performed under +a write lock. All retrieve operations should be performed under a read lock, +\&\fIunless\fR accurate usage statistics are desired. In which case, a write lock +should be used for retrieve operations as well. For output of the usage +statistics, using the functions from \fBOPENSSL_LH_stats\fR\|(3), a read lock +suffices. .PP The \s-1LHASH\s0 code regards table entries as constant data. As such, it internally represents \fBlh_insert()\fR'd items with a \*(L"const void *\*(R" @@ -351,7 +395,8 @@ DECLARE/IMPLEMENT_LHASH_DOALL_[\s-1ARG_\s0]_FN macros that provide types without any \*(L"const\*(R" qualifiers. .SH "BUGS" .IX Header "BUGS" -\&\fBlh_TYPE_insert()\fR returns \fB\s-1NULL\s0\fR both for success and error. +\&\fBlh_\f(BI\s-1TYPE\s0\fB_insert\fR() and \fBOPENSSL_LH_insert()\fR return \s-1NULL\s0 both for success +and error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBOPENSSL_LH_stats\fR\|(3) @@ -361,9 +406,9 @@ In OpenSSL 1.0.0, the lhash interface was revamped for better type checking. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_LH_stats.3 b/secure/lib/libcrypto/man/man3/OPENSSL_LH_stats.3 index 87e3dddd4dfc..f723f2345e8e 100644 --- a/secure/lib/libcrypto/man/man3/OPENSSL_LH_stats.3 +++ b/secure/lib/libcrypto/man/man3/OPENSSL_LH_stats.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "OPENSSL_LH_STATS 3" -.TH OPENSSL_LH_STATS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "OPENSSL_LH_STATS 3ossl" +.TH OPENSSL_LH_STATS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -OPENSSL_LH_stats, OPENSSL_LH_node_stats, OPENSSL_LH_node_usage_stats, OPENSSL_LH_stats_bio, OPENSSL_LH_node_stats_bio, OPENSSL_LH_node_usage_stats_bio \- LHASH statistics +OPENSSL_LH_stats, OPENSSL_LH_node_stats, OPENSSL_LH_node_usage_stats, +OPENSSL_LH_stats_bio, +OPENSSL_LH_node_stats_bio, OPENSSL_LH_node_usage_stats_bio \- LHASH statistics .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -158,9 +158,10 @@ OPENSSL_LH_stats, OPENSSL_LH_node_stats, OPENSSL_LH_node_usage_stats, OPENSSL_LH The \fB\s-1LHASH\s0\fR structure records statistics about most aspects of accessing the hash table. .PP -\&\fBOPENSSL_LH_stats()\fR prints out statistics on the size of the hash table, how -many entries are in it, and the number and result of calls to the -routines in this library. +\&\fBOPENSSL_LH_stats()\fR prints out statistics on the size of the hash table and how +many entries are in it. For historical reasons, this function also outputs a +number of additional statistics, but the tracking of these statistics is no +longer supported and these statistics are always reported as zero. .PP \&\fBOPENSSL_LH_node_stats()\fR prints the number of entries for each 'bucket' in the hash table. @@ -189,9 +190,9 @@ when using the \s-1LHASH\s0 data structure. \&\fBbio\fR\|(7), \s-1\fBOPENSSL_LH_COMPFUNC\s0\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_config.3 b/secure/lib/libcrypto/man/man3/OPENSSL_config.3 index 8d21e7f4f042..ec2be154f702 100644 --- a/secure/lib/libcrypto/man/man3/OPENSSL_config.3 +++ b/secure/lib/libcrypto/man/man3/OPENSSL_config.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "OPENSSL_CONFIG 3" -.TH OPENSSL_CONFIG 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "OPENSSL_CONFIG 3ossl" +.TH OPENSSL_CONFIG 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,11 +142,15 @@ OPENSSL_config, OPENSSL_no_config \- simple OpenSSL configuration functions .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/conf.h> -\& -\& #if OPENSSL_API_COMPAT < 0x10100000L +.Ve +.PP +The following functions have been deprecated since OpenSSL 1.1.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 2 \& void OPENSSL_config(const char *appname); \& void OPENSSL_no_config(void); -\& #endif .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -202,9 +204,9 @@ The \fBOPENSSL_no_config()\fR and \fBOPENSSL_config()\fR functions were deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_crypto()\fR. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2004\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_fork_prepare.3 b/secure/lib/libcrypto/man/man3/OPENSSL_fork_prepare.3 index ea7f07831d80..18306b5f4938 100644 --- a/secure/lib/libcrypto/man/man3/OPENSSL_fork_prepare.3 +++ b/secure/lib/libcrypto/man/man3/OPENSSL_fork_prepare.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,25 +130,37 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "OPENSSL_FORK_PREPARE 3" -.TH OPENSSL_FORK_PREPARE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "OPENSSL_FORK_PREPARE 3ossl" +.TH OPENSSL_FORK_PREPARE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -OPENSSL_fork_prepare, OPENSSL_fork_parent, OPENSSL_fork_child \&\- OpenSSL fork handlers +OPENSSL_fork_prepare, +OPENSSL_fork_parent, +OPENSSL_fork_child +\&\- OpenSSL fork handlers .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/crypto.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 3 \& void OPENSSL_fork_prepare(void); \& void OPENSSL_fork_parent(void); \& void OPENSSL_fork_child(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +These methods are currently unused, and as such, no replacement methods are +required or planned. +.PP OpenSSL has state that should be reset when a process forks. For example, the entropy pool used to generate random numbers (and therefore encryption keys) should not be shared across multiple programs. @@ -183,9 +193,9 @@ return values. These functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_gmtime.3 b/secure/lib/libcrypto/man/man3/OPENSSL_gmtime.3 new file mode 100644 index 000000000000..769b5be13f71 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OPENSSL_gmtime.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_GMTIME 3ossl" +.TH OPENSSL_GMTIME 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_gmtime, +OPENSSL_gmtime_adj, +OPENSSL_gmtime_diff \- platform\-agnostic OpenSSL time routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/crypto.h> +\& +\& struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); +\& int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec); +\& int OPENSSL_gmtime_diff(int *pday, int *psec, +\& const struct tm *from, const struct tm *to); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOPENSSL_gmtime()\fR returns the \s-1UTC\s0 time specified by \fItimer\fR into the provided +\&\fIresult\fR argument. +.PP +\&\fBOPENSSL_gmtime_adj()\fR adds the offsets in \fIoffset_day\fR and \fIoffset_sec\fR to \fItm\fR. +.PP +\&\fBOPENSSL_gmtime_diff()\fR calculates the difference between \fIfrom\fR and \fIto\fR. +.SH "NOTES" +.IX Header "NOTES" +It is an error to call \fBOPENSSL_gmtime()\fR with \fIresult\fR equal to \s-1NULL.\s0 The +contents of the time_t given by \fItimer\fR are stored into the \fIresult\fR. Calling +with \fItimer\fR equal to \s-1NULL\s0 means use the current time. +.PP +\&\fBOPENSSL_gmtime_adj()\fR converts \fItm\fR into a days and seconds value, adds the +offsets, then converts back into a \fIstruct tm\fR specified by \fItm\fR. Leap seconds +are not considered. +.PP +\&\fBOPENSSL_gmtime_diff()\fR calculates the difference between the two \fIstruct tm\fR +structures \fIfrom\fR and \fIto\fR. The difference in days is placed into \fI*pday\fR, +the remaining seconds are placed to \fI*psec\fR. The value in \fI*psec\fR will be less +than the number of seconds per day (3600). Leap seconds are not considered. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOPENSSL_gmtime()\fR returns \s-1NULL\s0 on error, or \fIresult\fR on success. +.PP +\&\fBOPENSSL_gmtime_adj()\fR and \fBOPENSSL_gmtime_diff()\fR return 0 on error, and 1 on success. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBOPENSSL_gmtime()\fR, \fBOPENSSL_gmtime_adj()\fR and \fBOPENSSL_gmtime_diff()\fR have been +in OpenSSL since 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_hexchar2int.3 b/secure/lib/libcrypto/man/man3/OPENSSL_hexchar2int.3 new file mode 100644 index 000000000000..462ece74bb94 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OPENSSL_hexchar2int.3 @@ -0,0 +1,212 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_HEXCHAR2INT 3ossl" +.TH OPENSSL_HEXCHAR2INT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_hexchar2int, +OPENSSL_hexstr2buf_ex, OPENSSL_hexstr2buf, +OPENSSL_buf2hexstr_ex, OPENSSL_buf2hexstr +\&\- Hex encoding and decoding functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/crypto.h> +\& +\& int OPENSSL_hexchar2int(unsigned char c); +\& int OPENSSL_hexstr2buf_ex(unsigned char *buf, size_t buf_n, long *buflen, +\& const char *str, const char sep); +\& unsigned char *OPENSSL_hexstr2buf(const char *str, long *len); +\& int OPENSSL_buf2hexstr_ex(char *str, size_t str_n, size_t *strlength, +\& const unsigned char *buf, long buflen, +\& const char sep); +\& char *OPENSSL_buf2hexstr(const unsigned char *buf, long buflen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOPENSSL_hexchar2int()\fR converts a hexadecimal character to its numeric +equivalent. +.PP +\&\fBOPENSSL_hexstr2buf_ex()\fR decodes the hex string \fBstr\fR and places the +resulting string of bytes in the given \fIbuf\fR. +The character \fIsep\fR is the separator between the bytes, setting this to '\e0' +means that there is no separator. +\&\fIbuf_n\fR gives the size of the buffer. +If \fIbuflen\fR is not \s-1NULL,\s0 it is filled in with the result length. +To find out how large the result will be, call this function with \s-1NULL\s0 +for \fIbuf\fR. +Colons between two-character hex \*(L"bytes\*(R" are accepted and ignored. +An odd number of hex digits is an error. +.PP +\&\fBOPENSSL_hexstr2buf()\fR does the same thing as \fBOPENSSL_hexstr2buf_ex()\fR, +but allocates the space for the result, and returns the result. It uses a +default separator of ':'. +The memory is allocated by calling \fBOPENSSL_malloc()\fR and should be +released by calling \fBOPENSSL_free()\fR. +.PP +\&\fBOPENSSL_buf2hexstr_ex()\fR encodes the contents of the given \fIbuf\fR with +length \fIbuflen\fR and places the resulting hexadecimal character string +in the given \fIstr\fR. +The character \fIsep\fR is the separator between the bytes, setting this to '\e0' +means that there is no separator. +\&\fIstr_n\fR gives the size of the of the string buffer. +If \fIstrlength\fR is not \s-1NULL,\s0 it is filled in with the result length. +To find out how large the result will be, call this function with \s-1NULL\s0 +for \fIstr\fR. +.PP +\&\fBOPENSSL_buf2hexstr()\fR does the same thing as \fBOPENSSL_buf2hexstr_ex()\fR, +but allocates the space for the result, and returns the result. It uses a +default separator of ':'. +The memory is allocated by calling \fBOPENSSL_malloc()\fR and should be +released by calling \fBOPENSSL_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +OPENSSL_hexchar2int returns the value of a decoded hex character, +or \-1 on error. +.PP +\&\fBOPENSSL_buf2hexstr()\fR and \fBOPENSSL_hexstr2buf()\fR +return a pointer to allocated memory, or \s-1NULL\s0 on error. +.PP +\&\fBOPENSSL_buf2hexstr_ex()\fR and \fBOPENSSL_hexstr2buf_ex()\fR return 1 on +success, or 0 on error. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2022 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_ia32cap.3 b/secure/lib/libcrypto/man/man3/OPENSSL_ia32cap.3 index e4483dfcba04..3cc800c675a1 100644 --- a/secure/lib/libcrypto/man/man3/OPENSSL_ia32cap.3 +++ b/secure/lib/libcrypto/man/man3/OPENSSL_ia32cap.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "OPENSSL_IA32CAP 3" -.TH OPENSSL_IA32CAP 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "OPENSSL_IA32CAP 3ossl" +.TH OPENSSL_IA32CAP 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -202,10 +200,10 @@ executed on \s-1SSE2\s0 capable \s-1CPU,\s0 but under control of \s-1OS\s0 that enable \s-1XMM\s0 registers. Historically address of the capability vector copy was exposed to application through \fBOPENSSL_ia32cap_loc()\fR, but not anymore. Now the only way to affect the capability detection is to set -OPENSSL_ia32cap environment variable prior target application start. To -give a specific example, on Intel P4 processor 'env -OPENSSL_ia32cap=0x16980010 apps/openssl', or better yet 'env -OPENSSL_ia32cap=~0x1000000 apps/openssl' would achieve the desired +\&\fBOPENSSL_ia32cap\fR environment variable prior target application start. To +give a specific example, on Intel P4 processor +\&\f(CW\*(C`env OPENSSL_ia32cap=0x16980010 apps/openssl\*(C'\fR, or better yet +\&\f(CW\*(C`env OPENSSL_ia32cap=~0x1000000 apps/openssl\*(C'\fR would achieve the desired effect. Alternatively you can reconfigure the toolkit with no\-sse2 option and recompile. .PP @@ -227,6 +225,8 @@ The capability vector is further extended with \s-1EBX\s0 value returned by .IX Item "bit #64+8 denoting availability of BMI2 instructions, e.g. MULX and RORX;" .IP "bit #64+16 denoting availability of \s-1AVX512F\s0 extension;" 4 .IX Item "bit #64+16 denoting availability of AVX512F extension;" +.IP "bit #64+17 denoting availability of \s-1AVX512DQ\s0 extension;" 4 +.IX Item "bit #64+17 denoting availability of AVX512DQ extension;" .IP "bit #64+18 denoting availability of \s-1RDSEED\s0 instruction;" 4 .IX Item "bit #64+18 denoting availability of RDSEED instruction;" .IP "bit #64+19 denoting availability of \s-1ADCX\s0 and \s-1ADOX\s0 instructions;" 4 @@ -245,51 +245,18 @@ The capability vector is further extended with \s-1EBX\s0 value returned by .IX Item "bit #64+42 denoting availability of VPCLMULQDQ extension;" .PD .PP -To control this extended capability word use ':' as delimiter when -setting up OPENSSL_ia32cap environment variable. For example assigning -\&':~0x20' would disable \s-1AVX2\s0 code paths, and ':0' \- all post-AVX +To control this extended capability word use \f(CW\*(C`:\*(C'\fR as delimiter when +setting up \fBOPENSSL_ia32cap\fR environment variable. For example assigning +\&\f(CW\*(C`:~0x20\*(C'\fR would disable \s-1AVX2\s0 code paths, and \f(CW\*(C`:0\*(C'\fR \- all post-AVX extensions. -.PP -It should be noted that whether or not some of the most \*(L"fancy\*(R" -extension code paths are actually assembled depends on current assembler -version. Base minimum of \s-1AES\-NI/PCLMULQDQ, SSSE3\s0 and \s-1SHA\s0 extension code -paths are always assembled. Apart from that, minimum assembler version -requirements are summarized in below table: -.PP -.Vb 8 -\& Extension | GNU as | nasm | llvm -\& \-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\- -\& AVX | 2.19 | 2.09 | 3.0 -\& AVX2 | 2.22 | 2.10 | 3.1 -\& ADCX/ADOX | 2.23 | 2.10 | 3.3 -\& AVX512 | 2.25 | 2.11.8 | see NOTES -\& AVX512IFMA | 2.26 | 2.11.8 | see NOTES -\& VAES | 2.30 | 2.13.3 | -.Ve -.SH "NOTES" -.IX Header "NOTES" -Even though \s-1AVX512\s0 support was implemented in llvm 3.6, compilation of -assembly modules apparently requires explicit \-march flag. But then -compiler generates processor-specific code, which in turn contradicts -the mere idea of run-time switch execution facilitated by the variable -in question. Till the limitation is lifted, it's possible to work around -the problem by making build procedure use following script: -.PP -.Vb 2 -\& #!/bin/sh -\& exec clang \-no\-integrated\-as "$@" -.Ve -.PP -instead of real clang. In which case it doesn't matter which clang -version is used, as it is \s-1GNU\s0 assembler version that will be checked. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Not available. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2004\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_init_crypto.3 b/secure/lib/libcrypto/man/man3/OPENSSL_init_crypto.3 index 29c30eaf4392..d86064ae7585 100644 --- a/secure/lib/libcrypto/man/man3/OPENSSL_init_crypto.3 +++ b/secure/lib/libcrypto/man/man3/OPENSSL_init_crypto.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,18 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "OPENSSL_INIT_CRYPTO 3" -.TH OPENSSL_INIT_CRYPTO 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "OPENSSL_INIT_CRYPTO 3ossl" +.TH OPENSSL_INIT_CRYPTO 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags, OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit, OPENSSL_thread_stop \- OpenSSL initialisation and deinitialisation functions +OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename, +OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags, +OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit, +OPENSSL_thread_stop_ex, OPENSSL_thread_stop \- OpenSSL initialisation +and deinitialisation functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -148,6 +150,7 @@ OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename, OPENSSL_INIT_set_config_appn \& void OPENSSL_cleanup(void); \& int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); \& int OPENSSL_atexit(void (*handler)(void)); +\& void OPENSSL_thread_stop_ex(OSSL_LIB_CTX *ctx); \& void OPENSSL_thread_stop(void); \& \& OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); @@ -208,7 +211,7 @@ calls to \fBOPENSSL_init_crypto()\fR with the option With this option the library will automatically load and make available all libcrypto digests. This option is a default option. Once selected subsequent calls to \fBOPENSSL_init_crypto()\fR with the option -\&\fB\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0\fR will be ignored. +\&\fB\s-1OPENSSL_INIT_NO_ADD_ALL_DIGESTS\s0\fR will be ignored. .IP "\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0" 4 .IX Item "OPENSSL_INIT_NO_ADD_ALL_CIPHERS" With this option the library will suppress automatic loading of libcrypto @@ -224,10 +227,12 @@ calls to \fBOPENSSL_init_crypto()\fR with the option .IP "\s-1OPENSSL_INIT_LOAD_CONFIG\s0" 4 .IX Item "OPENSSL_INIT_LOAD_CONFIG" With this option an OpenSSL configuration file will be automatically loaded and -used by calling \fBOPENSSL_config()\fR. This is not a default option for libcrypto. -As of OpenSSL 1.1.1 this is a default option for libssl (see -\&\fBOPENSSL_init_ssl\fR\|(3) for further details about libssl initialisation). See the -description of \fBOPENSSL_INIT_new()\fR, below. +used by calling \fBOPENSSL_config()\fR. This is a default option. +Note that in OpenSSL 1.1.1 this was the default for libssl but not for +libcrypto (see \fBOPENSSL_init_ssl\fR\|(3) for further details about libssl +initialisation). +In OpenSSL 1.1.0 this was a nondefault option for both libssl and libcrypto. +See the description of \fBOPENSSL_INIT_new()\fR, below. .IP "\s-1OPENSSL_INIT_NO_LOAD_CONFIG\s0" 4 .IX Item "OPENSSL_INIT_NO_LOAD_CONFIG" With this option the loading of OpenSSL configuration files will be suppressed. @@ -240,36 +245,44 @@ sub-library (see \fBASYNC_start_job\fR\|(3)). This is a default option. .IP "\s-1OPENSSL_INIT_ENGINE_RDRAND\s0" 4 .IX Item "OPENSSL_INIT_ENGINE_RDRAND" With this option the library will automatically load and initialise the -\&\s-1RDRAND\s0 engine (if available). This not a default option. +\&\s-1RDRAND\s0 engine (if available). This not a default option and is deprecated +in OpenSSL 3.0. .IP "\s-1OPENSSL_INIT_ENGINE_DYNAMIC\s0" 4 .IX Item "OPENSSL_INIT_ENGINE_DYNAMIC" With this option the library will automatically load and initialise the -dynamic engine. This not a default option. +dynamic engine. This not a default option and is deprecated +in OpenSSL 3.0. .IP "\s-1OPENSSL_INIT_ENGINE_OPENSSL\s0" 4 .IX Item "OPENSSL_INIT_ENGINE_OPENSSL" With this option the library will automatically load and initialise the -openssl engine. This not a default option. +openssl engine. This not a default option and is deprecated +in OpenSSL 3.0. .IP "\s-1OPENSSL_INIT_ENGINE_CRYPTODEV\s0" 4 .IX Item "OPENSSL_INIT_ENGINE_CRYPTODEV" With this option the library will automatically load and initialise the -cryptodev engine (if available). This not a default option. +cryptodev engine (if available). This not a default option and is deprecated +in OpenSSL 3.0. .IP "\s-1OPENSSL_INIT_ENGINE_CAPI\s0" 4 .IX Item "OPENSSL_INIT_ENGINE_CAPI" With this option the library will automatically load and initialise the -\&\s-1CAPI\s0 engine (if available). This not a default option. +\&\s-1CAPI\s0 engine (if available). This not a default option and is deprecated +in OpenSSL 3.0. .IP "\s-1OPENSSL_INIT_ENGINE_PADLOCK\s0" 4 .IX Item "OPENSSL_INIT_ENGINE_PADLOCK" With this option the library will automatically load and initialise the -padlock engine (if available). This not a default option. +padlock engine (if available). This not a default option and is deprecated +in OpenSSL 3.0. .IP "\s-1OPENSSL_INIT_ENGINE_AFALG\s0" 4 .IX Item "OPENSSL_INIT_ENGINE_AFALG" With this option the library will automatically load and initialise the -\&\s-1AFALG\s0 engine. This not a default option. +\&\s-1AFALG\s0 engine. This not a default option and is deprecated +in OpenSSL 3.0. .IP "\s-1OPENSSL_INIT_ENGINE_ALL_BUILTIN\s0" 4 .IX Item "OPENSSL_INIT_ENGINE_ALL_BUILTIN" With this option the library will automatically load and initialise all the built in engines listed above with the exception of the openssl and afalg -engines. This not a default option. +engines. This not a default option and is deprecated +in OpenSSL 3.0. .IP "\s-1OPENSSL_INIT_ATFORK\s0" 4 .IX Item "OPENSSL_INIT_ATFORK" With this option the library will register its fork handlers. @@ -306,7 +319,7 @@ Attempts to call \fBOPENSSL_init_crypto()\fR will fail and an \s-1ERR_R_INIT_FAI will be added to the error stack. Note that because initialisation has failed OpenSSL error strings will not be available, only an error code. This code can be put through the openssl errstr command line application to produce a human -readable error (see \fBerrstr\fR\|(1)). +readable error (see \fBopenssl\-errstr\fR\|(1)). .PP The \fBOPENSSL_atexit()\fR function enables the registration of a function to be called during \fBOPENSSL_cleanup()\fR. Stop handlers are @@ -314,11 +327,25 @@ called after deinitialisation of resources local to a thread, but before other process wide resources are freed. In the event that multiple stop handlers are registered, no guarantees are made about the order of execution. .PP -The \fBOPENSSL_thread_stop()\fR function deallocates resources associated -with the current thread. Typically this function will be called automatically by -the library when the thread exits. This should only be called directly if -resources should be freed at an earlier time, or under the circumstances -described in the \s-1NOTES\s0 section below. +The \fBOPENSSL_thread_stop_ex()\fR function deallocates resources associated +with the current thread for the given \s-1OSSL_LIB_CTX\s0 \fBctx\fR. The \fBctx\fR parameter +can be \s-1NULL\s0 in which case the default \s-1OSSL_LIB_CTX\s0 is used. +.PP +Typically, this function will be called automatically by the library when +the thread exits as long as the \s-1OSSL_LIB_CTX\s0 has not been freed before the thread +exits. If \fBOSSL_LIB_CTX_free()\fR is called OPENSSL_thread_stop_ex will be called +automatically for the current thread (but not any other threads that may have +used this \s-1OSSL_LIB_CTX\s0). +.PP +OPENSSL_thread_stop_ex should be called on all threads that will exit after the +\&\s-1OSSL_LIB_CTX\s0 is freed. +Typically this is not necessary for the default \s-1OSSL_LIB_CTX\s0 (because all +resources are cleaned up on library exit) except if thread local resources +should be freed before library exit, or under the circumstances described in +the \s-1NOTES\s0 section below. +.PP +\&\fBOPENSSL_thread_stop()\fR is the same as \fBOPENSSL_thread_stop_ex()\fR except that the +default \s-1OSSL_LIB_CTX\s0 is always used. .PP The \fB\s-1OPENSSL_INIT_LOAD_CONFIG\s0\fR flag will load a configuration file, as with \&\fBCONF_modules_load_file\fR\|(3) with \s-1NULL\s0 filename and application name and the @@ -326,7 +353,7 @@ The \fB\s-1OPENSSL_INIT_LOAD_CONFIG\s0\fR flag will load a configuration file, a \&\fB\s-1CONF_MFLAGS_DEFAULT_SECTION\s0\fR flags. The filename, application name, and flags can be customized by providing a non-null \fB\s-1OPENSSL_INIT_SETTINGS\s0\fR object. -The object can be allocated via \fB\fBOPENSSL_init_new()\fB\fR. +The object can be allocated via \fB\fBOPENSSL_INIT_new()\fB\fR. The \fB\fBOPENSSL_INIT_set_config_filename()\fB\fR function can be used to specify a nondefault filename, which is copied and need not refer to persistent storage. Similarly, \fBOPENSSL_INIT_set_config_appname()\fR can be used to specify a @@ -371,9 +398,9 @@ The \fBOPENSSL_init_crypto()\fR, \fBOPENSSL_cleanup()\fR, \fBOPENSSL_atexit()\fR and \fBOPENSSL_INIT_free()\fR functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_init_ssl.3 b/secure/lib/libcrypto/man/man3/OPENSSL_init_ssl.3 index dbabd2e39d97..d6723a1dedc4 100644 --- a/secure/lib/libcrypto/man/man3/OPENSSL_init_ssl.3 +++ b/secure/lib/libcrypto/man/man3/OPENSSL_init_ssl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "OPENSSL_INIT_SSL 3" -.TH OPENSSL_INIT_SSL 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "OPENSSL_INIT_SSL 3ossl" +.TH OPENSSL_INIT_SSL 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -203,7 +201,7 @@ The \fBOPENSSL_init_ssl()\fR function was added in OpenSSL 1.1.0. .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_instrument_bus.3 b/secure/lib/libcrypto/man/man3/OPENSSL_instrument_bus.3 index cf5492efb78f..b791de884f4e 100644 --- a/secure/lib/libcrypto/man/man3/OPENSSL_instrument_bus.3 +++ b/secure/lib/libcrypto/man/man3/OPENSSL_instrument_bus.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "OPENSSL_INSTRUMENT_BUS 3" -.TH OPENSSL_INSTRUMENT_BUS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "OPENSSL_INSTRUMENT_BUS 3ossl" +.TH OPENSSL_INSTRUMENT_BUS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,8 +142,8 @@ OPENSSL_instrument_bus, OPENSSL_instrument_bus2 \- instrument references to memo .IX Header "SYNOPSIS" .Vb 4 \& #ifdef OPENSSL_CPUID_OBJ -\& size_t OPENSSL_instrument_bus(int *vector, size_t num); -\& size_t OPENSSL_instrument_bus2(int *vector, size_t num, size_t max); +\& size_t OPENSSL_instrument_bus(unsigned int *vector, size_t num); +\& size_t OPENSSL_instrument_bus2(unsigned int *vector, size_t num, size_t max); \& #endif .Ve .SH "DESCRIPTION" @@ -178,9 +176,9 @@ line' was introduced with the \s-1SSE2\s0 extensions. Otherwise number of recorded values is returned. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2011\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2011\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_load_builtin_modules.3 b/secure/lib/libcrypto/man/man3/OPENSSL_load_builtin_modules.3 index 6928cb635f41..4d381feeb4ff 100644 --- a/secure/lib/libcrypto/man/man3/OPENSSL_load_builtin_modules.3 +++ b/secure/lib/libcrypto/man/man3/OPENSSL_load_builtin_modules.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "OPENSSL_LOAD_BUILTIN_MODULES 3" -.TH OPENSSL_LOAD_BUILTIN_MODULES 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "OPENSSL_LOAD_BUILTIN_MODULES 3ossl" +.TH OPENSSL_LOAD_BUILTIN_MODULES 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -177,11 +175,14 @@ None of the functions return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBconfig\fR\|(5), \fBOPENSSL_config\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBENGINE_add_conf_module()\fR was deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_malloc.3 b/secure/lib/libcrypto/man/man3/OPENSSL_malloc.3 index 577c2ff794eb..ea5b325e5f4f 100644 --- a/secure/lib/libcrypto/man/man3/OPENSSL_malloc.3 +++ b/secure/lib/libcrypto/man/man3/OPENSSL_malloc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,76 +130,94 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "OPENSSL_MALLOC 3" -.TH OPENSSL_MALLOC 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "OPENSSL_MALLOC 3ossl" +.TH OPENSSL_MALLOC 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -OPENSSL_malloc_init, OPENSSL_malloc, OPENSSL_zalloc, OPENSSL_realloc, OPENSSL_free, OPENSSL_clear_realloc, OPENSSL_clear_free, OPENSSL_cleanse, CRYPTO_malloc, CRYPTO_zalloc, CRYPTO_realloc, CRYPTO_free, OPENSSL_strdup, OPENSSL_strndup, OPENSSL_memdup, OPENSSL_strlcpy, OPENSSL_strlcat, OPENSSL_hexstr2buf, OPENSSL_buf2hexstr, OPENSSL_hexchar2int, CRYPTO_strdup, CRYPTO_strndup, OPENSSL_mem_debug_push, OPENSSL_mem_debug_pop, CRYPTO_mem_debug_push, CRYPTO_mem_debug_pop, CRYPTO_clear_realloc, CRYPTO_clear_free, CRYPTO_get_mem_functions, CRYPTO_set_mem_functions, CRYPTO_get_alloc_counts, CRYPTO_set_mem_debug, CRYPTO_mem_ctrl, CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp, CRYPTO_mem_leaks_cb, OPENSSL_MALLOC_FAILURES, OPENSSL_MALLOC_FD \&\- Memory allocation functions +OPENSSL_malloc_init, +OPENSSL_malloc, OPENSSL_zalloc, OPENSSL_realloc, OPENSSL_free, +OPENSSL_clear_realloc, OPENSSL_clear_free, OPENSSL_cleanse, +CRYPTO_malloc, CRYPTO_zalloc, CRYPTO_realloc, CRYPTO_free, +OPENSSL_strdup, OPENSSL_strndup, +OPENSSL_memdup, OPENSSL_strlcpy, OPENSSL_strlcat, +CRYPTO_strdup, CRYPTO_strndup, +OPENSSL_mem_debug_push, OPENSSL_mem_debug_pop, +CRYPTO_mem_debug_push, CRYPTO_mem_debug_pop, +CRYPTO_clear_realloc, CRYPTO_clear_free, +CRYPTO_malloc_fn, CRYPTO_realloc_fn, CRYPTO_free_fn, +CRYPTO_get_mem_functions, CRYPTO_set_mem_functions, +CRYPTO_get_alloc_counts, +CRYPTO_set_mem_debug, CRYPTO_mem_ctrl, +CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp, CRYPTO_mem_leaks_cb, +OPENSSL_MALLOC_FAILURES, +OPENSSL_MALLOC_FD +\&\- Memory allocation functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/crypto.h> \& -\& int OPENSSL_malloc_init(void) +\& int OPENSSL_malloc_init(void); \& -\& void *OPENSSL_malloc(size_t num) -\& void *OPENSSL_zalloc(size_t num) -\& void *OPENSSL_realloc(void *addr, size_t num) -\& void OPENSSL_free(void *addr) -\& char *OPENSSL_strdup(const char *str) -\& char *OPENSSL_strndup(const char *str, size_t s) +\& void *OPENSSL_malloc(size_t num); +\& void *OPENSSL_zalloc(size_t num); +\& void *OPENSSL_realloc(void *addr, size_t num); +\& void OPENSSL_free(void *addr); +\& char *OPENSSL_strdup(const char *str); +\& char *OPENSSL_strndup(const char *str, size_t s); \& size_t OPENSSL_strlcat(char *dst, const char *src, size_t size); \& size_t OPENSSL_strlcpy(char *dst, const char *src, size_t size); -\& void *OPENSSL_memdup(void *data, size_t s) -\& void *OPENSSL_clear_realloc(void *p, size_t old_len, size_t num) -\& void OPENSSL_clear_free(void *str, size_t num) +\& void *OPENSSL_memdup(void *data, size_t s); +\& void *OPENSSL_clear_realloc(void *p, size_t old_len, size_t num); +\& void OPENSSL_clear_free(void *str, size_t num); \& void OPENSSL_cleanse(void *ptr, size_t len); \& -\& unsigned char *OPENSSL_hexstr2buf(const char *str, long *len); -\& char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len); -\& int OPENSSL_hexchar2int(unsigned char c); -\& -\& void *CRYPTO_malloc(size_t num, const char *file, int line) -\& void *CRYPTO_zalloc(size_t num, const char *file, int line) -\& void *CRYPTO_realloc(void *p, size_t num, const char *file, int line) -\& void CRYPTO_free(void *str, const char *, int) -\& char *CRYPTO_strdup(const char *p, const char *file, int line) -\& char *CRYPTO_strndup(const char *p, size_t num, const char *file, int line) +\& void *CRYPTO_malloc(size_t num, const char *file, int line); +\& void *CRYPTO_zalloc(size_t num, const char *file, int line); +\& void *CRYPTO_realloc(void *p, size_t num, const char *file, int line); +\& void CRYPTO_free(void *str, const char *, int); +\& char *CRYPTO_strdup(const char *p, const char *file, int line); +\& char *CRYPTO_strndup(const char *p, size_t num, const char *file, int line); \& void *CRYPTO_clear_realloc(void *p, size_t old_len, size_t num, -\& const char *file, int line) -\& void CRYPTO_clear_free(void *str, size_t num, const char *, int) +\& const char *file, int line); +\& void CRYPTO_clear_free(void *str, size_t num, const char *, int); \& -\& void CRYPTO_get_mem_functions( -\& void *(**m)(size_t, const char *, int), -\& void *(**r)(void *, size_t, const char *, int), -\& void (**f)(void *, const char *, int)) -\& int CRYPTO_set_mem_functions( -\& void *(*m)(size_t, const char *, int), -\& void *(*r)(void *, size_t, const char *, int), -\& void (*f)(void *, const char *, int)) +\& typedef void *(*CRYPTO_malloc_fn)(size_t num, const char *file, int line); +\& typedef void *(*CRYPTO_realloc_fn)(void *addr, size_t num, const char *file, +\& int line); +\& typedef void (*CRYPTO_free_fn)(void *addr, const char *file, int line); +\& void CRYPTO_get_mem_functions(CRYPTO_malloc_fn *malloc_fn, +\& CRYPTO_realloc_fn *realloc_fn, +\& CRYPTO_free_fn *free_fn); +\& int CRYPTO_set_mem_functions(CRYPTO_malloc_fn malloc_fn, +\& CRYPTO_realloc_fn realloc_fn, +\& CRYPTO_free_fn free_fn); \& -\& void CRYPTO_get_alloc_counts(int *m, int *r, int *f) -\& -\& int CRYPTO_set_mem_debug(int onoff) +\& void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount); \& \& env OPENSSL_MALLOC_FAILURES=... <application> \& env OPENSSL_MALLOC_FD=... <application> +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 4 +\& int CRYPTO_mem_leaks(BIO *b); +\& int CRYPTO_mem_leaks_fp(FILE *fp); +\& int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u), +\& void *u); \& +\& int CRYPTO_set_mem_debug(int onoff); \& int CRYPTO_mem_ctrl(int mode); -\& -\& int OPENSSL_mem_debug_push(const char *info) +\& int OPENSSL_mem_debug_push(const char *info); \& int OPENSSL_mem_debug_pop(void); -\& \& int CRYPTO_mem_debug_push(const char *info, const char *file, int line); \& int CRYPTO_mem_debug_pop(void); -\& -\& int CRYPTO_mem_leaks(BIO *b); -\& int CRYPTO_mem_leaks_fp(FILE *fp); -\& int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u), -\& void *u); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -238,61 +254,17 @@ equivalent C functions, except that memory is allocated by calling the \&\fBOPENSSL_strlcat()\fR and \fBOPENSSL_strnlen()\fR are equivalents of the common C library functions and are provided for portability. .PP -\&\fBOPENSSL_hexstr2buf()\fR parses \fBstr\fR as a hex string and returns a -pointer to the parsed value. The memory is allocated by calling -\&\fBOPENSSL_malloc()\fR and should be released by calling \fBOPENSSL_free()\fR. -If \fBlen\fR is not \s-1NULL,\s0 it is filled in with the output length. -Colons between two-character hex \*(L"bytes\*(R" are ignored. -An odd number of hex digits is an error. -.PP -\&\fBOPENSSL_buf2hexstr()\fR takes the specified buffer and length, and returns -a hex string for value, or \s-1NULL\s0 on error. -\&\fBBuffer\fR cannot be \s-1NULL\s0; if \fBlen\fR is 0 an empty string is returned. -.PP -\&\fBOPENSSL_hexchar2int()\fR converts a character to the hexadecimal equivalent, -or returns \-1 on error. -.PP If no allocations have been done, it is possible to \*(L"swap out\*(R" the default -implementations for \fBOPENSSL_malloc()\fR, OPENSSL_realloc and \fBOPENSSL_free()\fR -and replace them with alternate versions (hooks). +implementations for \fBOPENSSL_malloc()\fR, \fBOPENSSL_realloc()\fR and \fBOPENSSL_free()\fR +and replace them with alternate versions. \&\fBCRYPTO_get_mem_functions()\fR function fills in the given arguments with the function pointers for the current implementations. With \fBCRYPTO_set_mem_functions()\fR, you can specify a different set of functions. -If any of \fBm\fR, \fBr\fR, or \fBf\fR are \s-1NULL,\s0 then the function is not changed. -.PP -The default implementation can include some debugging capability (if enabled -at build-time). -This adds some overhead by keeping a list of all memory allocations, and -removes items from the list when they are free'd. -This is most useful for identifying memory leaks. -\&\fBCRYPTO_set_mem_debug()\fR turns this tracking on and off. In order to have -any effect, is must be called before any of the allocation functions -(e.g., \fBCRYPTO_malloc()\fR) are called, and is therefore normally one of the -first lines of \fBmain()\fR in an application. -\&\fBCRYPTO_mem_ctrl()\fR provides fine-grained control of memory leak tracking. -To enable tracking call \fBCRYPTO_mem_ctrl()\fR with a \fBmode\fR argument of -the \fB\s-1CRYPTO_MEM_CHECK_ON\s0\fR. -To disable tracking call \fBCRYPTO_mem_ctrl()\fR with a \fBmode\fR argument of -the \fB\s-1CRYPTO_MEM_CHECK_OFF\s0\fR. -.PP -While checking memory, it can be useful to store additional context -about what is being done. -For example, identifying the field names when parsing a complicated -data structure. -\&\fBOPENSSL_mem_debug_push()\fR (which calls \fBCRYPTO_mem_debug_push()\fR) -attaches an identifying string to the allocation stack. -This must be a global or other static string; it is not copied. -\&\fBOPENSSL_mem_debug_pop()\fR removes identifying state from the stack. -.PP -At the end of the program, calling \fBCRYPTO_mem_leaks()\fR or -\&\fBCRYPTO_mem_leaks_fp()\fR will report all \*(L"leaked\*(R" memory, writing it -to the specified \s-1BIO\s0 \fBb\fR or \s-1FILE\s0 \fBfp\fR. These functions return 1 if -there are no leaks, 0 if there are leaks and \-1 if an error occurred. -.PP -\&\fBCRYPTO_mem_leaks_cb()\fR does the same as \fBCRYPTO_mem_leaks()\fR, but instead -of writing to a given \s-1BIO,\s0 the callback function is called for each -output string with the string, length, and userdata \fBu\fR as the callback -parameters. +If any of \fBmalloc_fn\fR, \fBrealloc_fn\fR, or \fBfree_fn\fR are \s-1NULL,\s0 then +the function is not changed. +While it's permitted to swap out only a few and not all the functions +with \fBCRYPTO_set_mem_functions()\fR, it's recommended to swap them all out +at once. .PP If the library is built with the \f(CW\*(C`crypto\-mdebug\*(C'\fR option, then one function, \fBCRYPTO_get_alloc_counts()\fR, and two additional environment @@ -314,12 +286,12 @@ other allocations (until the program exits or crashes) have a 25% chance of failing. .PP If the variable \fB\s-1OPENSSL_MALLOC_FD\s0\fR is parsed as a positive integer, then -it is taken as an open file descriptor, and a record of all allocations is -written to that descriptor. If an allocation will fail, and the platform -supports it, then a backtrace will be written to the descriptor. This can -be useful because a malloc may fail but not be checked, and problems will -only occur later. The following example in classic shell syntax shows how -to use this (will not work on all platforms): +it is taken as an open file descriptor. This is used in conjunction with +\&\fB\s-1OPENSSL_MALLOC_FAILURES\s0\fR described above. For every allocation it will log +details about how many allocations there have been so far, what percentage +chance there is for this allocation failing, and whether it has actually failed. +The following example in classic shell syntax shows how to use this (will not +work on all platforms): .PP .Vb 5 \& OPENSSL_MALLOC_FAILURES=\*(Aq200;@10\*(Aq @@ -334,38 +306,36 @@ to use this (will not work on all platforms): \&\fBCRYPTO_free()\fR, \fBCRYPTO_clear_free()\fR and \fBCRYPTO_get_mem_functions()\fR return no value. .PP -\&\fBCRYPTO_mem_leaks()\fR, \fBCRYPTO_mem_leaks_fp()\fR and \fBCRYPTO_mem_leaks_cb()\fR return 1 if -there are no leaks, 0 if there are leaks and \-1 if an error occurred. -.PP \&\fBOPENSSL_malloc()\fR, \fBOPENSSL_zalloc()\fR, \fBOPENSSL_realloc()\fR, \&\fBOPENSSL_clear_realloc()\fR, \&\fBCRYPTO_malloc()\fR, \fBCRYPTO_zalloc()\fR, \fBCRYPTO_realloc()\fR, \&\fBCRYPTO_clear_realloc()\fR, -\&\fBOPENSSL_buf2hexstr()\fR, \fBOPENSSL_hexstr2buf()\fR, \&\fBOPENSSL_strdup()\fR, and \fBOPENSSL_strndup()\fR return a pointer to allocated memory or \s-1NULL\s0 on error. .PP -\&\fBCRYPTO_set_mem_functions()\fR and \fBCRYPTO_set_mem_debug()\fR -return 1 on success or 0 on failure (almost +\&\fBCRYPTO_set_mem_functions()\fR returns 1 on success or 0 on failure (almost always because allocations have already happened). .PP -\&\fBCRYPTO_mem_ctrl()\fR returns \-1 if an error occurred, otherwise the -previous value of the mode. -.PP -\&\fBOPENSSL_mem_debug_push()\fR and \fBOPENSSL_mem_debug_pop()\fR -return 1 on success or 0 on failure. -.SH "NOTES" -.IX Header "NOTES" -While it's permitted to swap out only a few and not all the functions -with \fBCRYPTO_set_mem_functions()\fR, it's recommended to swap them all out -at once. \fIThis applies specially if OpenSSL was built with the -configuration option\fR \f(CW\*(C`crypto\-mdebug\*(C'\fR \fIenabled. In case, swapping out -only, say, the \f(BImalloc()\fI implementation is outright dangerous.\fR +\&\fBCRYPTO_mem_leaks()\fR, \fBCRYPTO_mem_leaks_fp()\fR, \fBCRYPTO_mem_leaks_cb()\fR, +\&\fBCRYPTO_set_mem_debug()\fR, and \fBCRYPTO_mem_ctrl()\fR are deprecated and are no-ops that +always return \-1. +\&\fBOPENSSL_mem_debug_push()\fR, \fBOPENSSL_mem_debug_pop()\fR, +\&\fBCRYPTO_mem_debug_push()\fR, and \fBCRYPTO_mem_debug_pop()\fR +are deprecated and are no-ops that always return 0. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBOPENSSL_mem_debug_push()\fR, \fBOPENSSL_mem_debug_pop()\fR, +\&\fBCRYPTO_mem_debug_push()\fR, \fBCRYPTO_mem_debug_pop()\fR, +\&\fBCRYPTO_mem_leaks()\fR, \fBCRYPTO_mem_leaks_fp()\fR, +\&\fBCRYPTO_mem_leaks_cb()\fR, \fBCRYPTO_set_mem_debug()\fR, \fBCRYPTO_mem_ctrl()\fR +were deprecated in OpenSSL 3.0. +The memory-leak checking has been deprecated in OpenSSL 3.0 in favor of +clang's memory and leak sanitizer. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_s390xcap.3 b/secure/lib/libcrypto/man/man3/OPENSSL_s390xcap.3 new file mode 100644 index 000000000000..41bb687f21e6 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OPENSSL_s390xcap.3 @@ -0,0 +1,331 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_S390XCAP 3ossl" +.TH OPENSSL_S390XCAP 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_s390xcap \- the IBM z processor capabilities vector +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& env OPENSSL_s390xcap=... <application> +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +libcrypto supports z/Architecture instruction set extensions. These +extensions are denoted by individual bits in the capabilities vector. +When libcrypto is initialized, the bits returned by the \s-1STFLE\s0 instruction +and by the \s-1QUERY\s0 functions are stored in the vector. +.PP +To change the set of instructions available to an application, you can +set the \fBOPENSSL_s390xcap\fR environment variable before you start the +application. After initialization, the capability vector is ANDed bitwise +with a mask which is derived from the environment variable. +.PP +The environment variable is a semicolon-separated list of tokens which is +processed from left to right (whitespace is ignored): +.PP +.Vb 1 +\& OPENSSL_s390xcap="<tok1>;<tok2>;..." +.Ve +.PP +There are three types of tokens: +.IP "<string>" 4 +.IX Item "<string>" +The name of a processor generation. A bit in the environment variable's +mask is set to one if and only if the specified processor generation +implements the corresponding instruction set extension. Possible values +are \fBz900\fR, \fBz990\fR, \fBz9\fR, \fBz10\fR, \fBz196\fR, \fBzEC12\fR, \fBz13\fR, \fBz14\fR +and \fBz15\fR. +.IP "<string>:<mask>:<mask>" 4 +.IX Item "<string>:<mask>:<mask>" +The name of an instruction followed by two 64\-bit masks. The part of the +environment variable's mask corresponding to the specified instruction is +set to the specified 128\-bit mask. Possible values are \fBkimd\fR, \fBklmd\fR, +\&\fBkm\fR, \fBkmc\fR, \fBkmac\fR, \fBkmctr\fR, \fBkmo\fR, \fBkmf\fR, \fBprno\fR, \fBkma\fR, \fBpcc\fR +and \fBkdsa\fR. +.IP "stfle:<mask>:<mask>:<mask>" 4 +.IX Item "stfle:<mask>:<mask>:<mask>" +Store-facility-list-extended (stfle) followed by three 64\-bit masks. The +part of the environment variable's mask corresponding to the stfle +instruction is set to the specified 192\-bit mask. +.PP +The 64\-bit masks are specified in hexadecimal notation. The 0x prefix is +optional. Prefix a mask with a tilde, \f(CW\*(C`~\*(C'\fR, to denote a bitwise \s-1NOT\s0 operation. +.PP +The following is a list of significant bits for each instruction. Colon +rows separate the individual 64\-bit masks. The bit numbers in the first +column are consistent with [1], that is, 0 denotes the leftmost bit and +the numbering is continuous across 64\-bit mask boundaries. +.PP +.Vb 1 +\& Bit Mask Facility/Function +\& +\& stfle: +\& # 17 1<<46 message\-security assist +\& # 25 1<<38 store\-clock\-fast facility +\& : +\& # 76 1<<51 message\-security assist extension 3 +\& # 77 1<<50 message\-security assist extension 4 +\& : +\& #129 1<<62 vector facility +\& #134 1<<57 vector packed decimal facility +\& #135 1<<56 vector enhancements facility 1 +\& #146 1<<45 message\-security assist extension 8 +\& #155 1<<36 message\-security assist extension 9 +\& +\& kimd : +\& # 1 1<<62 KIMD\-SHA\-1 +\& # 2 1<<61 KIMD\-SHA\-256 +\& # 3 1<<60 KIMD\-SHA\-512 +\& # 32 1<<31 KIMD\-SHA3\-224 +\& # 33 1<<30 KIMD\-SHA3\-256 +\& # 34 1<<29 KIMD\-SHA3\-384 +\& # 35 1<<28 KIMD\-SHA3\-512 +\& # 36 1<<27 KIMD\-SHAKE\-128 +\& # 37 1<<26 KIMD\-SHAKE\-256 +\& : +\& # 65 1<<62 KIMD\-GHASH +\& +\& klmd : +\& # 32 1<<31 KLMD\-SHA3\-224 +\& # 33 1<<30 KLMD\-SHA3\-256 +\& # 34 1<<29 KLMD\-SHA3\-384 +\& # 35 1<<28 KLMD\-SHA3\-512 +\& # 36 1<<27 KLMD\-SHAKE\-128 +\& # 37 1<<26 KLMD\-SHAKE\-256 +\& : +\& +\& km : +\& # 18 1<<45 KM\-AES\-128 +\& # 19 1<<44 KM\-AES\-192 +\& # 20 1<<43 KM\-AES\-256 +\& # 50 1<<13 KM\-XTS\-AES\-128 +\& # 52 1<<11 KM\-XTS\-AES\-256 +\& : +\& +\& kmc : +\& # 18 1<<45 KMC\-AES\-128 +\& # 19 1<<44 KMC\-AES\-192 +\& # 20 1<<43 KMC\-AES\-256 +\& : +\& +\& kmac : +\& # 18 1<<45 KMAC\-AES\-128 +\& # 19 1<<44 KMAC\-AES\-192 +\& # 20 1<<43 KMAC\-AES\-256 +\& : +\& +\& kmctr: +\& : +\& +\& kmo : +\& # 18 1<<45 KMO\-AES\-128 +\& # 19 1<<44 KMO\-AES\-192 +\& # 20 1<<43 KMO\-AES\-256 +\& : +\& +\& kmf : +\& # 18 1<<45 KMF\-AES\-128 +\& # 19 1<<44 KMF\-AES\-192 +\& # 20 1<<43 KMF\-AES\-256 +\& : +\& +\& prno : +\& : +\& +\& kma : +\& # 18 1<<45 KMA\-GCM\-AES\-128 +\& # 19 1<<44 KMA\-GCM\-AES\-192 +\& # 20 1<<43 KMA\-GCM\-AES\-256 +\& : +\& +\& pcc : +\& : +\& # 64 1<<63 PCC\-Scalar\-Multiply\-P256 +\& # 65 1<<62 PCC\-Scalar\-Multiply\-P384 +\& # 66 1<<61 PCC\-Scalar\-Multiply\-P521 +\& # 72 1<<55 PCC\-Scalar\-Multiply\-Ed25519 +\& # 73 1<<54 PCC\-Scalar\-Multiply\-Ed448 +\& # 80 1<<47 PCC\-Scalar\-Multiply\-X25519 +\& # 81 1<<46 PCC\-Scalar\-Multiply\-X448 +\& +\& kdsa : +\& # 1 1<<62 KDSA\-ECDSA\-Verify\-P256 +\& # 2 1<<61 KDSA\-ECDSA\-Verify\-P384 +\& # 3 1<<60 KDSA\-ECDSA\-Verify\-P521 +\& # 9 1<<54 KDSA\-ECDSA\-Sign\-P256 +\& # 10 1<<53 KDSA\-ECDSA\-Sign\-P384 +\& # 11 1<<52 KDSA\-ECDSA\-Sign\-P521 +\& # 32 1<<31 KDSA\-EdDSA\-Verify\-Ed25519 +\& # 36 1<<27 KDSA\-EdDSA\-Verify\-Ed448 +\& # 40 1<<23 KDSA\-EdDSA\-Sign\-Ed25519 +\& # 44 1<<19 KDSA\-EdDSA\-Sign\-Ed448 +\& : +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Not available. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Disables all instruction set extensions which the z196 processor does not implement: +.PP +.Vb 1 +\& OPENSSL_s390xcap="z196" +.Ve +.PP +Disables the vector facility: +.PP +.Vb 1 +\& OPENSSL_s390xcap="stfle:~0:~0:~0x4000000000000000" +.Ve +.PP +Disables the KM-XTS-AES and the KIMD-SHAKE function codes: +.PP +.Vb 1 +\& OPENSSL_s390xcap="km:~0x2800:~0;kimd:~0xc000000:~0" +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +[1] z/Architecture Principles of Operation, \s-1SA22\-7832\-12\s0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_secure_malloc.3 b/secure/lib/libcrypto/man/man3/OPENSSL_secure_malloc.3 index f5e668b50a22..f2d734a8dcbc 100644 --- a/secure/lib/libcrypto/man/man3/OPENSSL_secure_malloc.3 +++ b/secure/lib/libcrypto/man/man3/OPENSSL_secure_malloc.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,20 +130,26 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "OPENSSL_SECURE_MALLOC 3" -.TH OPENSSL_SECURE_MALLOC 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "OPENSSL_SECURE_MALLOC 3ossl" +.TH OPENSSL_SECURE_MALLOC 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -CRYPTO_secure_malloc_init, CRYPTO_secure_malloc_initialized, CRYPTO_secure_malloc_done, OPENSSL_secure_malloc, CRYPTO_secure_malloc, OPENSSL_secure_zalloc, CRYPTO_secure_zalloc, OPENSSL_secure_free, CRYPTO_secure_free, OPENSSL_secure_clear_free, CRYPTO_secure_clear_free, OPENSSL_secure_actual_size, CRYPTO_secure_allocated, CRYPTO_secure_used \- secure heap storage +CRYPTO_secure_malloc_init, CRYPTO_secure_malloc_initialized, +CRYPTO_secure_malloc_done, OPENSSL_secure_malloc, CRYPTO_secure_malloc, +OPENSSL_secure_zalloc, CRYPTO_secure_zalloc, OPENSSL_secure_free, +CRYPTO_secure_free, OPENSSL_secure_clear_free, +CRYPTO_secure_clear_free, OPENSSL_secure_actual_size, +CRYPTO_secure_allocated, +CRYPTO_secure_used \- secure heap storage .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/crypto.h> \& -\& int CRYPTO_secure_malloc_init(size_t size, int minsize); +\& int CRYPTO_secure_malloc_init(size_t size, size_t minsize); \& \& int CRYPTO_secure_malloc_initialized(); \& @@ -184,8 +188,10 @@ put all intermediate values and computations there. .PP \&\fBCRYPTO_secure_malloc_init()\fR creates the secure heap, with the specified \&\f(CW\*(C`size\*(C'\fR in bytes. The \f(CW\*(C`minsize\*(C'\fR parameter is the minimum size to -allocate from the heap. Both \f(CW\*(C`size\*(C'\fR and \f(CW\*(C`minsize\*(C'\fR must be a power -of two. +allocate from the heap or zero to use a reasonable default value. +Both \f(CW\*(C`size\*(C'\fR and, if specified, \f(CW\*(C`minsize\*(C'\fR must be a power of two and +\&\f(CW\*(C`minsize\*(C'\fR should generally be small, for example 16 or 32. +\&\f(CW\*(C`minsize\*(C'\fR must be less than a quarter of \f(CW\*(C`size\*(C'\fR in any case. .PP \&\fBCRYPTO_secure_malloc_initialized()\fR indicates whether or not the secure heap as been initialized and is available. @@ -253,11 +259,14 @@ allocated. .SH "HISTORY" .IX Header "HISTORY" The \fBOPENSSL_secure_clear_free()\fR function was added in OpenSSL 1.1.0g. +.PP +The second argument to \fBCRYPTO_secure_malloc_init()\fR was changed from an \fBint\fR to +a \fBsize_t\fR in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_strcasecmp.3 b/secure/lib/libcrypto/man/man3/OPENSSL_strcasecmp.3 new file mode 100644 index 000000000000..7f626482ed5f --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OPENSSL_strcasecmp.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_STRCASECMP 3ossl" +.TH OPENSSL_STRCASECMP 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_strcasecmp, OPENSSL_strncasecmp \- compare two strings ignoring case +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/crypto.h> +\& +\& int OPENSSL_strcasecmp(const char *s1, const char *s2); +\& int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The OPENSSL_strcasecmp function performs a byte-by-byte comparison of the strings +\&\fBs1\fR and \fBs2\fR, ignoring the case of the characters. +.PP +The OPENSSL_strncasecmp function is similar, except that it compares no more than +\&\fBn\fR bytes of \fBs1\fR and \fBs2\fR. +.PP +In POSIX-compatible system and on Windows these functions use \*(L"C\*(R" locale for +case insensitive. Otherwise the comparison is done in current locale. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Both functions return an integer less than, equal to, or greater than zero if +s1 is found, respectively, to be less than, to match, or be greater than s2. +.SH "NOTES" +.IX Header "NOTES" +OpenSSL extensively uses case insensitive comparison of \s-1ASCII\s0 strings. Though +OpenSSL itself is locale-agnostic, the applications using OpenSSL libraries may +unpredictably suffer when they use localization (e.g. Turkish locale is +well-known with a specific I/i cases). These functions use C locale for string +comparison. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_ALGORITHM.3 b/secure/lib/libcrypto/man/man3/OSSL_ALGORITHM.3 new file mode 100644 index 000000000000..587bd0510f67 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_ALGORITHM.3 @@ -0,0 +1,258 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_ALGORITHM 3ossl" +.TH OSSL_ALGORITHM 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_ALGORITHM \- OpenSSL Core type to define a fetchable algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/core.h> +\& +\& typedef struct ossl_algorithm_st OSSL_ALGORITHM; +\& struct ossl_algorithm_st { +\& const char *algorithm_names; /* key */ +\& const char *property_definition; /* key */ +\& const OSSL_DISPATCH *implementation; +\& const char *algorithm_description; +\& }; +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1OSSL_ALGORITHM\s0\fR type is a \fIpublic structure\fR that describes an +algorithm that a \fBprovider\fR\|(7) provides. Arrays of this type are returned +by providers on demand from the OpenSSL libraries to describe what +algorithms the providers provide implementations of, and with what +properties. +.PP +Arrays of this type must be terminated with a tuple where \fIalgorithm_names\fR +is \s-1NULL.\s0 +.PP +This type of array is typically returned by the provider's operation querying +function, further described in \*(L"Provider Functions\*(R" in \fBprovider\-base\fR\|(7). +.SS "\fB\s-1OSSL_ALGORITHM\s0\fP fields" +.IX Subsection "OSSL_ALGORITHM fields" +.IP "\fIalgorithm_names\fR" 4 +.IX Item "algorithm_names" +This string is a colon separated set of names / identities, and is used by +the appropriate fetching functionality (such as \fBEVP_CIPHER_fetch\fR\|(3), +\&\fBEVP_MD_fetch\fR\|(3), etc) to find the desired algorithm. +.Sp +Multiple names / identities allow a specific algorithm implementation to be +fetched multiple ways. For example, the \s-1RSA\s0 algorithm has the following +known identities: +.RS 4 +.IP "\(bu" 4 +\&\f(CW\*(C`RSA\*(C'\fR +.IP "\(bu" 4 +\&\f(CW\*(C`rsaEncryption\*(C'\fR +.Sp +This is the name of the algorithm's \s-1OBJECT IDENTIFIER\s0 (\s-1OID\s0), as given by the +PKCS#1 \s-1RFC\s0's \s-1ASN.1\s0 module <https://www.rfc-editor.org/rfc/rfc8017#appendix-C> +.IP "\(bu" 4 +\&\f(CW1.2.840.113549.1.1.1\fR +.Sp +This is the \s-1OID\s0 itself for \f(CW\*(C`rsaEncryption\*(C'\fR, in canonical decimal text form. +.RE +.RS 4 +.Sp +The resulting \fIalgorithm_names\fR string would look like this: +.Sp +.Vb 1 +\& "RSA:rsaEncryption:1.2.840.113549.1.1.1" +.Ve +.Sp +The OpenSSL libraries use the first of the algorithm names as the main +or canonical name, on a per algorithm implementation basis. +.Sp +See the notes \*(L"On the subject of algorithm names\*(R" below for a more in +depth discussion on \fIalgorithm_names\fR and how that may interact with +applications and libraries, including OpenSSL's. +.RE +.IP "\fIproperty_definition\fR" 4 +.IX Item "property_definition" +This string defines a set of properties associated with a particular +algorithm implementation, and is used by the appropriate fetching +functionality (such as \fBEVP_CIPHER_fetch\fR\|(3), \fBEVP_MD_fetch\fR\|(3), etc) for +a finer grained lookup of an algorithm implementation, which is useful in +case multiple implementations of the same algorithm are available. +.Sp +See \fBproperty\fR\|(7) for a further description of the contents of this +string. +.IP "\fIimplementation\fR" 4 +.IX Item "implementation" +Pointer to an \s-1\fBOSSL_DISPATCH\s0\fR\|(3) array, containing pointers to the +functions of a particular algorithm implementation. +.IP "\fIalgorithm_description\fR" 4 +.IX Item "algorithm_description" +A string with a short human-readable description of the algorithm. +.SH "NOTES" +.IX Header "NOTES" +.SS "On the subject of algorithm names" +.IX Subsection "On the subject of algorithm names" +Providers may find the need to register \s-1ASN.1\s0 OIDs for algorithms using +\&\fBOBJ_create\fR\|(3) (via the \fBcore_obj_create\fR upcall described in +\&\fBprovider\-base\fR\|(7), because some application or library \*(-- possibly still +the OpenSSL libraries, even \*(-- use NIDs to look up algorithms. +.PP +In that scenario, you must make sure that the corresponding \fB\s-1OSSL_ALGORITHM\s0\fR's +\&\fIalgorithm_names\fR includes both the short and the long name. +.PP +Most of the time, registering \s-1ASN.1\s0 OIDs like this shouldn't be necessary, +and applications and libraries are encouraged to use \fBOBJ_obj2txt\fR\|(3) to +get a text representation of the \s-1OID,\s0 which may be a long or short name for +OIDs that are registered, or the \s-1OID\s0 itself in canonical decimal text form +if not (or if \fBOBJ_obj2txt\fR\|(3) is called with \fIno_name\fR = 1). +.PP +It's recommended to make sure that the corresponding \fB\s-1OSSL_ALGORITHM\s0\fR's +\&\fIalgorithm_names\fR include known names as well as the \s-1OID\s0 itself in +canonical decimal text form. That should cover all scenarios. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBprovider\-base\fR\|(7), \fBopenssl\-core.h\fR\|(7), +\&\fBopenssl\-core_dispatch.h\fR\|(7), \s-1\fBOSSL_DISPATCH\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fB\s-1OSSL_ALGORITHM\s0\fR was added in OpenSSL 3.0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_CALLBACK.3 b/secure/lib/libcrypto/man/man3/OSSL_CALLBACK.3 new file mode 100644 index 000000000000..6b78f3f18fe9 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_CALLBACK.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CALLBACK 3ossl" +.TH OSSL_CALLBACK 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CALLBACK, OSSL_PASSPHRASE_CALLBACK \- OpenSSL Core type to define callbacks +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 6 +\& #include <openssl/core.h> +\& typedef int (OSSL_CALLBACK)(const OSSL_PARAM params[], void *arg); +\& typedef int (OSSL_PASSPHRASE_CALLBACK)(char *pass, size_t pass_size, +\& size_t *pass_len, +\& const OSSL_PARAM params[], +\& void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +For certain events or activities, provider functionality may need help from +the application or the calling OpenSSL libraries themselves. For example, +user input or direct (possibly optional) user output could be implemented +this way. +.PP +Callback functions themselves are always provided by or through the calling +OpenSSL libraries, along with a generic pointer to data \fIarg\fR. As far as +the function receiving the pointer to the function pointer and \fIarg\fR is +concerned, the data that \fIarg\fR points at is opaque, and the pointer should +simply be passed back to the callback function when it's called. +.IP "\fB\s-1OSSL_CALLBACK\s0\fR" 4 +.IX Item "OSSL_CALLBACK" +This is a generic callback function. When calling this callback function, +the caller is expected to build an \s-1\fBOSSL_PARAM\s0\fR\|(3) array of data it wants or +is expected to pass back, and pass that as \fIparams\fR, as well as the opaque +data pointer it received, as \fIarg\fR. +.IP "\fB\s-1OSSL_PASSPHRASE_CALLBACK\s0\fR" 4 +.IX Item "OSSL_PASSPHRASE_CALLBACK" +This is a specialised callback function, used specifically to prompt the +user for a passphrase. When calling this callback function, a buffer to +store the pass phrase needs to be given with \fIpass\fR, and its size with +\&\fIpass_size\fR. The length of the prompted pass phrase will be given back in +\&\fI*pass_len\fR. +.Sp +Additional parameters can be passed with the \s-1\fBOSSL_PARAM\s0\fR\|(3) array \fIparams\fR, +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBopenssl\-core.h\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The types described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_CMP_CTX_new.3 b/secure/lib/libcrypto/man/man3/OSSL_CMP_CTX_new.3 new file mode 100644 index 000000000000..afe7ab22742d --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_CMP_CTX_new.3 @@ -0,0 +1,957 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CMP_CTX_NEW 3ossl" +.TH OSSL_CMP_CTX_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CMP_CTX_new, +OSSL_CMP_CTX_free, +OSSL_CMP_CTX_reinit, +OSSL_CMP_CTX_set_option, +OSSL_CMP_CTX_get_option, +OSSL_CMP_CTX_set_log_cb, +OSSL_CMP_CTX_set_log_verbosity, +OSSL_CMP_CTX_print_errors, +OSSL_CMP_CTX_set1_serverPath, +OSSL_CMP_CTX_set1_server, +OSSL_CMP_CTX_set_serverPort, +OSSL_CMP_CTX_set1_proxy, +OSSL_CMP_CTX_set1_no_proxy, +OSSL_CMP_CTX_set_http_cb, +OSSL_CMP_CTX_set_http_cb_arg, +OSSL_CMP_CTX_get_http_cb_arg, +OSSL_CMP_transfer_cb_t, +OSSL_CMP_CTX_set_transfer_cb, +OSSL_CMP_CTX_set_transfer_cb_arg, +OSSL_CMP_CTX_get_transfer_cb_arg, +OSSL_CMP_CTX_set1_srvCert, +OSSL_CMP_CTX_set1_expected_sender, +OSSL_CMP_CTX_set0_trustedStore, +OSSL_CMP_CTX_get0_trustedStore, +OSSL_CMP_CTX_set1_untrusted, +OSSL_CMP_CTX_get0_untrusted, +OSSL_CMP_CTX_set1_cert, +OSSL_CMP_CTX_build_cert_chain, +OSSL_CMP_CTX_set1_pkey, +OSSL_CMP_CTX_set1_referenceValue, +OSSL_CMP_CTX_set1_secretValue, +OSSL_CMP_CTX_set1_recipient, +OSSL_CMP_CTX_push0_geninfo_ITAV, +OSSL_CMP_CTX_reset_geninfo_ITAVs, +OSSL_CMP_CTX_set1_extraCertsOut, +OSSL_CMP_CTX_set0_newPkey, +OSSL_CMP_CTX_get0_newPkey, +OSSL_CMP_CTX_set1_issuer, +OSSL_CMP_CTX_set1_subjectName, +OSSL_CMP_CTX_push1_subjectAltName, +OSSL_CMP_CTX_set0_reqExtensions, +OSSL_CMP_CTX_reqExtensions_have_SAN, +OSSL_CMP_CTX_push0_policy, +OSSL_CMP_CTX_set1_oldCert, +OSSL_CMP_CTX_set1_p10CSR, +OSSL_CMP_CTX_push0_genm_ITAV, +OSSL_CMP_certConf_cb_t, +OSSL_CMP_certConf_cb, +OSSL_CMP_CTX_set_certConf_cb, +OSSL_CMP_CTX_set_certConf_cb_arg, +OSSL_CMP_CTX_get_certConf_cb_arg, +OSSL_CMP_CTX_get_status, +OSSL_CMP_CTX_get0_statusString, +OSSL_CMP_CTX_get_failInfoCode, +OSSL_CMP_CTX_get0_newCert, +OSSL_CMP_CTX_get1_newChain, +OSSL_CMP_CTX_get1_caPubs, +OSSL_CMP_CTX_get1_extraCertsIn, +OSSL_CMP_CTX_set1_transactionID, +OSSL_CMP_CTX_set1_senderNonce +\&\- functions for managing the CMP client context data structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/cmp.h> +\& +\& OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq); +\& void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx); +\& int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx); +\& int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val); +\& int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt); +\& +\& /* logging and error reporting: */ +\& int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_log_cb_t cb); +\& #define OSSL_CMP_CTX_set_log_verbosity(ctx, level) +\& void OSSL_CMP_CTX_print_errors(const OSSL_CMP_CTX *ctx); +\& +\& /* message transfer: */ +\& int OSSL_CMP_CTX_set1_serverPath(OSSL_CMP_CTX *ctx, const char *path); +\& int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address); +\& int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port); +\& int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name); +\& int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names); +\& int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, HTTP_bio_cb_t cb); +\& int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg); +\& void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx); +\& typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t)(OSSL_CMP_CTX *ctx, +\& const OSSL_CMP_MSG *req); +\& int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, +\& OSSL_CMP_transfer_cb_t cb); +\& int OSSL_CMP_CTX_set_transfer_cb_arg(OSSL_CMP_CTX *ctx, void *arg); +\& void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx); +\& +\& /* server authentication: */ +\& int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert); +\& int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, +\& const X509_NAME *name); +\& int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store); +\& X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx); +\& int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs); +\& STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx); +\& +\& /* client authentication: */ +\& int OSSL_CMP_CTX_set1_cert(OSSL_CMP_CTX *ctx, X509 *cert); +\& int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted, +\& STACK_OF(X509) *candidates); +\& int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey); +\& int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx, +\& const unsigned char *ref, int len); +\& int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, +\& const unsigned char *sec, int len); +\& +\& /* CMP message header and extra certificates: */ +\& int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name); +\& int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); +\& int OSSL_CMP_CTX_reset_geninfo_ITAVs(OSSL_CMP_CTX *ctx); +\& int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx, +\& STACK_OF(X509) *extraCertsOut); +\& +\& /* certificate template: */ +\& int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey); +\& EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv); +\& int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name); +\& int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name); +\& int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx, +\& const GENERAL_NAME *name); +\& int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts); +\& int OSSL_CMP_CTX_reqExtensions_have_SAN(OSSL_CMP_CTX *ctx); +\& int OSSL_CMP_CTX_push0_policy(OSSL_CMP_CTX *ctx, POLICYINFO *pinfo); +\& int OSSL_CMP_CTX_set1_oldCert(OSSL_CMP_CTX *ctx, X509 *cert); +\& int OSSL_CMP_CTX_set1_p10CSR(OSSL_CMP_CTX *ctx, const X509_REQ *csr); +\& +\& /* misc body contents: */ +\& int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); +\& +\& /* certificate confirmation: */ +\& typedef int (*OSSL_CMP_certConf_cb_t)(OSSL_CMP_CTX *ctx, X509 *cert, +\& int fail_info, const char **txt); +\& int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, +\& const char **text); +\& int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_certConf_cb_t cb); +\& int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg); +\& void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx); +\& +\& /* result fetching: */ +\& int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx); +\& OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx); +\& int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx); +\& +\& X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx); +\& STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx); +\& STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx); +\& STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx); +\& +\& /* for testing and debugging purposes: */ +\& int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx, +\& const ASN1_OCTET_STRING *id); +\& int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX *ctx, +\& const ASN1_OCTET_STRING *nonce); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This is the context \s-1API\s0 for using \s-1CMP\s0 (Certificate Management Protocol) with +OpenSSL. +.PP +\&\fBOSSL_CMP_CTX_new()\fR allocates an \fB\s-1OSSL_CMP_CTX\s0\fR structure associated with +the library context \fIlibctx\fR and property query string \fIpropq\fR, +both of which may be \s-1NULL\s0 to select the defaults. +It initializes the remaining fields to their default values \- for instance, +the logging verbosity is set to \s-1OSSL_CMP_LOG_INFO,\s0 +the message timeout is set to 120 seconds, +and the proof-of-possession method is set to \s-1OSSL_CRMF_POPO_SIGNATURE.\s0 +.PP +\&\fBOSSL_CMP_CTX_free()\fR deallocates an \s-1OSSL_CMP_CTX\s0 structure. +.PP +\&\fBOSSL_CMP_CTX_reinit()\fR prepares the given \fIctx\fR for a further transaction by +clearing the internal \s-1CMP\s0 transaction (aka session) status, PKIStatusInfo, +and any previous results (newCert, newChain, caPubs, and extraCertsIn) +from the last executed transaction. +It also clears any ITAVs that were added by \fBOSSL_CMP_CTX_push0_genm_ITAV()\fR. +All other field values (i.e., \s-1CMP\s0 options) are retained for potential reuse. +.PP +\&\fBOSSL_CMP_CTX_set_option()\fR sets the given value for the given option +(e.g., \s-1OSSL_CMP_OPT_IMPLICIT_CONFIRM\s0) in the given \s-1OSSL_CMP_CTX\s0 structure. +.PP +The following options can be set: +.IP "\fB\s-1OSSL_CMP_OPT_LOG_VERBOSITY\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_LOG_VERBOSITY" +.Vb 3 +\& The level of severity needed for actually outputting log messages +\& due to errors, warnings, general info, debugging, etc. +\& Default is OSSL_CMP_LOG_INFO. See also L<OSSL_CMP_log_open(3)>. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_KEEP_ALIVE\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_KEEP_ALIVE" +.Vb 6 +\& If the given value is 0 then HTTP connections are not kept open +\& after receiving a response, which is the default behavior for HTTP 1.0. +\& If the value is 1 or 2 then persistent connections are requested. +\& If the value is 2 then persistent connections are required, +\& i.e., in case the server does not grant them an error occurs. +\& The default value is 1: prefer to keep the connection open. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_MSG_TIMEOUT\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_MSG_TIMEOUT" +.Vb 4 +\& Number of seconds a CMP request\-response message round trip +\& is allowed to take before a timeout error is returned. +\& A value <= 0 means no limitation (waiting indefinitely). +\& Default is to use the B<OSSL_CMP_OPT_TOTAL_TIMEOUT> setting. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_TOTAL_TIMEOUT\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_TOTAL_TIMEOUT" +.Vb 4 +\& Maximum total number of seconds a transaction may take, +\& including polling etc. +\& A value <= 0 means no limitation (waiting indefinitely). +\& Default is 0. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_VALIDITY_DAYS\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_VALIDITY_DAYS" +.Vb 1 +\& Number of days new certificates are asked to be valid for. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT" +.Vb 2 +\& Do not take default Subject Alternative Names +\& from the reference certificate. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL" +.Vb 1 +\& Demand that the given Subject Alternative Names are flagged as critical. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_POLICIES_CRITICAL\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_POLICIES_CRITICAL" +.Vb 1 +\& Demand that the given policies are flagged as critical. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_POPO_METHOD\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_POPO_METHOD" +.Vb 1 +\& Select the proof of possession method to use. Possible values are: +\& +\& OSSL_CRMF_POPO_NONE \- ProofOfPossession field omitted +\& OSSL_CRMF_POPO_RAVERIFIED \- assert that the RA has already +\& verified the PoPo +\& OSSL_CRMF_POPO_SIGNATURE \- sign a value with private key, +\& which is the default. +\& OSSL_CRMF_POPO_KEYENC \- decrypt the encrypted certificate +\& ("indirect method") +\& +\& Note that a signature\-based POPO can only be produced if a private key +\& is provided as the newPkey or client\*(Aqs pkey component of the CMP context. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_DIGEST_ALGNID\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_DIGEST_ALGNID" +.Vb 3 +\& The NID of the digest algorithm to be used in RFC 4210\*(Aqs MSG_SIG_ALG +\& for signature\-based message protection and Proof\-of\-Possession (POPO). +\& Default is SHA256. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_OWF_ALGNID\s0\fR The \s-1NID\s0 of the digest algorithm to be used as one-way function (\s-1OWF\s0) for MAC-based message protection with password-based \s-1MAC\s0 (\s-1PBM\s0). See \s-1RFC 4210\s0 section 5.1.3.1 for details. Default is \s-1SHA256.\s0" 4 +.IX Item "OSSL_CMP_OPT_OWF_ALGNID The NID of the digest algorithm to be used as one-way function (OWF) for MAC-based message protection with password-based MAC (PBM). See RFC 4210 section 5.1.3.1 for details. Default is SHA256." +.PD 0 +.IP "\fB\s-1OSSL_CMP_OPT_MAC_ALGNID\s0\fR The \s-1NID\s0 of the \s-1MAC\s0 algorithm to be used for message protection with \s-1PBM.\s0 Default is \s-1HMAC\-SHA1\s0 as per \s-1RFC 4210.\s0" 4 +.IX Item "OSSL_CMP_OPT_MAC_ALGNID The NID of the MAC algorithm to be used for message protection with PBM. Default is HMAC-SHA1 as per RFC 4210." +.IP "\fB\s-1OSSL_CMP_OPT_REVOCATION_REASON\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_REVOCATION_REASON" +.PD +.Vb 2 +\& The reason code to be included in a Revocation Request (RR); +\& values: 0..10 (RFC 5210, 5.3.1) or \-1 for none, which is the default. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_IMPLICIT_CONFIRM\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_IMPLICIT_CONFIRM" +.Vb 4 +\& Request server to enable implicit confirm mode, where the client +\& does not need to send confirmation upon receiving the +\& certificate. If the server does not enable implicit confirmation +\& in the return message, then confirmation is sent anyway. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_DISABLE_CONFIRM\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_DISABLE_CONFIRM" +.Vb 5 +\& Do not confirm enrolled certificates, to cope with broken servers +\& not supporting implicit confirmation correctly. +\&B<WARNING:> This setting leads to unspecified behavior and it is meant +\&exclusively to allow interoperability with server implementations violating +\&RFC 4210. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_UNPROTECTED_SEND\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_UNPROTECTED_SEND" +.Vb 1 +\& Send request or response messages without CMP\-level protection. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_UNPROTECTED_ERRORS\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_UNPROTECTED_ERRORS" +.Vb 7 +\& Accept unprotected error responses which are either explicitly +\& unprotected or where protection verification failed. Applies to regular +\& error messages as well as certificate responses (IP/CP/KUP) and +\& revocation responses (RP) with rejection. +\&B<WARNING:> This setting leads to unspecified behavior and it is meant +\&exclusively to allow interoperability with server implementations violating +\&RFC 4210. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_IGNORE_KEYUSAGE\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_IGNORE_KEYUSAGE" +.Vb 3 +\& Ignore key usage restrictions in the signer\*(Aqs certificate when +\& validating signature\-based protection in received CMP messages. +\& Else, \*(AqdigitalSignature\*(Aq must be allowed by CMP signer certificates. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR" +.Vb 2 +\& Allow retrieving a trust anchor from extraCerts and using that +\& to validate the certificate chain of an IP message. +.Ve +.PP +\&\fBOSSL_CMP_CTX_get_option()\fR reads the current value of the given option +(e.g., \s-1OSSL_CMP_OPT_IMPLICIT_CONFIRM\s0) from the given \s-1OSSL_CMP_CTX\s0 structure. +.PP +\&\fBOSSL_CMP_CTX_set_log_cb()\fR sets in \fIctx\fR the callback function \fIcb\fR +for handling error queue entries and logging messages. +When \fIcb\fR is \s-1NULL\s0 errors are printed to \s-1STDERR\s0 (if available, else ignored) +any log messages are ignored. +Alternatively, \fBOSSL_CMP_log_open\fR\|(3) may be used to direct logging to \s-1STDOUT.\s0 +.PP +\&\fBOSSL_CMP_CTX_set_log_verbosity()\fR is a macro setting the +\&\s-1OSSL_CMP_OPT_LOG_VERBOSITY\s0 context option to the given level. +.PP +\&\fBOSSL_CMP_CTX_print_errors()\fR outputs any entries in the OpenSSL error queue. It +is similar to \fBERR_print_errors_cb\fR\|(3) but uses the \s-1CMP\s0 log callback function +if set in the \fIctx\fR for uniformity with \s-1CMP\s0 logging if given. Otherwise it uses +\&\fBERR_print_errors\fR\|(3) to print to \s-1STDERR\s0 (unless \s-1OPENSSL_NO_STDIO\s0 is defined). +.PP +\&\fBOSSL_CMP_CTX_set1_serverPath()\fR sets the \s-1HTTP\s0 path of the \s-1CMP\s0 server on the host, +also known as \*(L"\s-1CMP\s0 alias\*(R". +The default is \f(CW\*(C`/\*(C'\fR. +.PP +\&\fBOSSL_CMP_CTX_set1_server()\fR sets the given server \fIaddress\fR +(which may be a hostname or \s-1IP\s0 address or \s-1NULL\s0) in the given \fIctx\fR. +.PP +\&\fBOSSL_CMP_CTX_set_serverPort()\fR sets the port of the \s-1CMP\s0 server to connect to. +If not used or the \fIport\fR argument is 0 +the default port applies, which is 80 for \s-1HTTP\s0 and 443 for \s-1HTTPS.\s0 +.PP +\&\fBOSSL_CMP_CTX_set1_proxy()\fR sets the \s-1HTTP\s0 proxy to be used for connecting to +the given \s-1CMP\s0 server unless overruled by any \*(L"no_proxy\*(R" settings (see below). +If \s-1TLS\s0 is not used this defaults to the value of +the environment variable \f(CW\*(C`http_proxy\*(C'\fR if set, else \f(CW\*(C`HTTP_PROXY\*(C'\fR. +Otherwise defaults to the value of \f(CW\*(C`https_proxy\*(C'\fR if set, else \f(CW\*(C`HTTPS_PROXY\*(C'\fR. +An empty proxy string specifies not to use a proxy. +Else the format is \f(CW\*(C`[http[s]://]address[:port][/path]\*(C'\fR, +where any path given is ignored. +The default port number is 80, or 443 in case \f(CW\*(C`https:\*(C'\fR is given. +.PP +\&\fBOSSL_CMP_CTX_set1_no_proxy()\fR sets the list of server hostnames not to use +an \s-1HTTP\s0 proxy for. The names may be separated by commas and/or whitespace. +Defaults to the environment variable \f(CW\*(C`no_proxy\*(C'\fR if set, else \f(CW\*(C`NO_PROXY\*(C'\fR. +.PP +\&\fBOSSL_CMP_CTX_set_http_cb()\fR sets the optional \s-1BIO\s0 connect/disconnect callback +function, which has the prototype +.PP +.Vb 1 +\& typedef BIO *(*HTTP_bio_cb_t) (BIO *bio, void *ctx, int connect, int detail); +.Ve +.PP +The callback may modify the \fIbio\fR provided by \fBOSSL_CMP_MSG_http_perform\fR\|(3), +whereby it may make use of a custom defined argument \fIctx\fR +stored in the \s-1OSSL_CMP_CTX\s0 by means of \fBOSSL_CMP_CTX_set_http_cb_arg()\fR. +During connection establishment, just after calling \fBBIO_do_connect_retry()\fR, +the function is invoked with the \fIconnect\fR argument being 1 and the \fIdetail\fR +argument being 1 if \s-1HTTPS\s0 is requested, i.e., \s-1SSL/TLS\s0 should be enabled. On +disconnect \fIconnect\fR is 0 and \fIdetail\fR is 1 in case no error occurred, else 0. +For instance, on connect the function may prepend a \s-1TLS BIO\s0 to implement \s-1HTTPS\s0; +after disconnect it may do some diagnostic output and/or specific cleanup. +The function should return \s-1NULL\s0 to indicate failure. +After disconnect the modified \s-1BIO\s0 will be deallocated using \fBBIO_free_all()\fR. +.PP +\&\fBOSSL_CMP_CTX_set_http_cb_arg()\fR sets an argument, respectively a pointer to +a structure containing arguments, +optionally to be used by the http connect/disconnect callback function. +\&\fIarg\fR is not consumed, and it must therefore explicitly be freed when not +needed any more. \fIarg\fR may be \s-1NULL\s0 to clear the entry. +.PP +\&\fBOSSL_CMP_CTX_get_http_cb_arg()\fR gets the argument, respectively the pointer to a +structure containing arguments, previously set by +\&\fBOSSL_CMP_CTX_set_http_cb_arg()\fR or \s-1NULL\s0 if unset. +.PP +\&\fBOSSL_CMP_CTX_set_transfer_cb()\fR sets the message transfer callback function, +which has the type +.PP +.Vb 2 +\& typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx, +\& const OSSL_CMP_MSG *req); +.Ve +.PP +Returns 1 on success, 0 on error. +.PP +Default is \s-1NULL,\s0 which implies the use of \fBOSSL_CMP_MSG_http_perform\fR\|(3). +The callback should send the \s-1CMP\s0 request message it obtains via the \fIreq\fR +parameter and on success return the response, else it must return \s-1NULL.\s0 +The transfer callback may make use of a custom defined argument stored in +the ctx by means of \fBOSSL_CMP_CTX_set_transfer_cb_arg()\fR, which may be retrieved +again through \fBOSSL_CMP_CTX_get_transfer_cb_arg()\fR. +.PP +\&\fBOSSL_CMP_CTX_set_transfer_cb_arg()\fR sets an argument, respectively a pointer to a +structure containing arguments, optionally to be used by the transfer callback. +\&\fIarg\fR is not consumed, and it must therefore explicitly be freed when not +needed any more. \fIarg\fR may be \s-1NULL\s0 to clear the entry. +.PP +\&\fBOSSL_CMP_CTX_get_transfer_cb_arg()\fR gets the argument, respectively the pointer +to a structure containing arguments, previously set by +\&\fBOSSL_CMP_CTX_set_transfer_cb_arg()\fR or \s-1NULL\s0 if unset. +.PP +\&\fBOSSL_CMP_CTX_set1_srvCert()\fR sets the expected server cert in \fIctx\fR and trusts +it directly (even if it is expired) when verifying signed response messages. +This pins the accepted \s-1CMP\s0 server and +results in ignoring whatever may be set using \fBOSSL_CMP_CTX_set0_trustedStore()\fR. +Any previously set value is freed. +The \fIcert\fR argument may be \s-1NULL\s0 to clear the entry. +If set, the subject of the certificate is also used +as default value for the recipient of \s-1CMP\s0 requests +and as default value for the expected sender of \s-1CMP\s0 responses. +.PP +\&\fBOSSL_CMP_CTX_set1_expected_sender()\fR sets the Distinguished Name (\s-1DN\s0) +expected in the sender field of incoming \s-1CMP\s0 messages. +Defaults to the subject of the pinned server certificate, if any. +This can be used to make sure that only a particular entity is accepted as +\&\s-1CMP\s0 message signer, and attackers are not able to use arbitrary certificates +of a trusted \s-1PKI\s0 hierarchy to fraudulently pose as \s-1CMP\s0 server. +Note that this gives slightly more freedom than \fBOSSL_CMP_CTX_set1_srvCert()\fR, +which pins the server to the holder of a particular certificate, while the +expected sender name will continue to match after updates of the server cert. +.PP +\&\fBOSSL_CMP_CTX_set0_trustedStore()\fR +sets in the \s-1CMP\s0 context \fIctx\fR the certificate store of type X509_STORE +containing trusted certificates, typically of root CAs. +This is ignored when a certificate is pinned using \fBOSSL_CMP_CTX_set1_srvCert()\fR. +The store may also hold CRLs and a certificate verification callback function +used for signature-based peer authentication. +Any store entry already set before is freed. +When given a \s-1NULL\s0 parameter the entry is cleared. +.PP +\&\fBOSSL_CMP_CTX_get0_trustedStore()\fR +extracts from the \s-1CMP\s0 context \fIctx\fR the pointer to the currently set +certificate store containing trust anchors etc., or an empty store if unset. +.PP +\&\fBOSSL_CMP_CTX_set1_untrusted()\fR sets up a list of non-trusted certificates +of intermediate CAs that may be useful for path construction for the own \s-1CMP\s0 +signer certificate, for the own \s-1TLS\s0 certificate (if any), when verifying peer +\&\s-1CMP\s0 protection certificates, and when verifying newly enrolled certificates. +The reference counts of those certificates handled successfully are increased. +.PP +OSSL_CMP_CTX_get0_untrusted(\s-1OSSL_CMP_CTX\s0 *ctx) returns a pointer to the +list of untrusted certs, which may be empty if unset. +.PP +\&\fBOSSL_CMP_CTX_set1_cert()\fR sets the \s-1CMP\s0 signer certificate, also called protection +certificate, related to the private key for signature-based message protection. +Therefore the public key of this \fIcert\fR must correspond to +the private key set before or thereafter via \fBOSSL_CMP_CTX_set1_pkey()\fR. +When using signature-based protection of \s-1CMP\s0 request messages +this \s-1CMP\s0 signer certificate will be included first in the extraCerts field. +It serves as fallback reference certificate, see \fBOSSL_CMP_CTX_set1_oldCert()\fR. +The subject of this \fIcert\fR will be used as the sender field of outgoing +messages, while the subject of any cert set via \fBOSSL_CMP_CTX_set1_oldCert()\fR +and any value set via \fBOSSL_CMP_CTX_set1_subjectName()\fR are used as fallback. +.PP +The \fIcert\fR argument may be \s-1NULL\s0 to clear the entry. +.PP +\&\fBOSSL_CMP_CTX_build_cert_chain()\fR builds a certificate chain for the \s-1CMP\s0 signer +certificate previously set in the \fIctx\fR. It adds the optional \fIcandidates\fR, +a list of intermediate \s-1CA\s0 certs that may already constitute the targeted chain, +to the untrusted certs that may already exist in the \fIctx\fR. +Then the function uses this augmented set of certs for chain construction. +If \fIown_trusted\fR is \s-1NULL\s0 it builds the chain as far down as possible and +ignores any verification errors. Else the \s-1CMP\s0 signer certificate must be +verifiable where the chain reaches a trust anchor contained in \fIown_trusted\fR. +On success the function stores the resulting chain in \fIctx\fR +for inclusion in the extraCerts field of signature-protected messages. +Calling this function is optional; by default a chain construction +is performed on demand that is equivalent to calling this function +with the \fIcandidates\fR and \fIown_trusted\fR arguments being \s-1NULL.\s0 +.PP +\&\fBOSSL_CMP_CTX_set1_pkey()\fR sets the client's private key corresponding to the +\&\s-1CMP\s0 signer certificate set via \fBOSSL_CMP_CTX_set1_cert()\fR. +This key is used create signature-based protection (protectionAlg = \s-1MSG_SIG_ALG\s0) +of outgoing messages +unless a symmetric secret has been set via \fBOSSL_CMP_CTX_set1_secretValue()\fR. +The \fIpkey\fR argument may be \s-1NULL\s0 to clear the entry. +.PP +\&\fBOSSL_CMP_CTX_set1_secretValue()\fR sets in \fIctx\fR the byte string \fIsec\fR of length +\&\fIlen\fR to use as pre-shared secret, or clears it if the \fIsec\fR argument is \s-1NULL.\s0 +If present, this secret is used to create MAC-based authentication and integrity +protection (rather than applying signature-based protection) +of outgoing messages and to verify authenticity and integrity of incoming +messages that have MAC-based protection (protectionAlg = \f(CW\*(C`MSG_MAC_ALG\*(C'\fR). +.PP +\&\fBOSSL_CMP_CTX_set1_referenceValue()\fR sets the given referenceValue \fIref\fR with +length \fIlen\fR in the given \fIctx\fR or clears it if the \fIref\fR argument is \s-1NULL.\s0 +According to \s-1RFC 4210\s0 section 5.1.1, if no value for the sender field in +\&\s-1CMP\s0 message headers can be determined (i.e., no \s-1CMP\s0 signer certificate +and no subject \s-1DN\s0 is set via \fBOSSL_CMP_CTX_set1_subjectName()\fR +then the sender field will contain the NULL-DN +and the senderKID field of the \s-1CMP\s0 message header must be set. +When signature-based protection is used the senderKID will be set to +the subjectKeyIdentifier of the \s-1CMP\s0 signer certificate as far as present. +If not present or when MAC-based protection is used +the \fIref\fR value is taken as the fallback value for the senderKID. +.PP +\&\fBOSSL_CMP_CTX_set1_recipient()\fR sets the recipient name that will be used in the +PKIHeader of \s-1CMP\s0 request messages, i.e. the X509 name of the (\s-1CA\s0) server. +.PP +The recipient field in the header of a \s-1CMP\s0 message is mandatory. +If not given explicitly the recipient is determined in the following order: +the subject of the \s-1CMP\s0 server certificate set using \fBOSSL_CMP_CTX_set1_srvCert()\fR, +the value set using \fBOSSL_CMP_CTX_set1_issuer()\fR, +the issuer of the certificate set using \fBOSSL_CMP_CTX_set1_oldCert()\fR, +the issuer of the \s-1CMP\s0 signer certificate, +as far as any of those is present, else the NULL-DN as last resort. +.PP +\&\fBOSSL_CMP_CTX_push0_geninfo_ITAV()\fR adds \fIitav\fR to the stack in the \fIctx\fR to be +added to the GeneralInfo field of the \s-1CMP\s0 PKIMessage header of a request +message sent with this context. +.PP +\&\fBOSSL_CMP_CTX_reset_geninfo_ITAVs()\fR +clears any ITAVs that were added by \fBOSSL_CMP_CTX_push0_geninfo_ITAV()\fR. +.PP +\&\fBOSSL_CMP_CTX_set1_extraCertsOut()\fR sets the stack of extraCerts that will be +sent to remote. +.PP +\&\fBOSSL_CMP_CTX_set0_newPkey()\fR can be used to explicitly set the given \s-1EVP_PKEY\s0 +structure as the private or public key to be certified in the \s-1CMP\s0 context. +The \fIpriv\fR parameter must be 0 if and only if the given key is a public key. +.PP +\&\fBOSSL_CMP_CTX_get0_newPkey()\fR gives the key to use for certificate enrollment +dependent on fields of the \s-1CMP\s0 context structure: +the newPkey (which may be a private or public key) if present, +else the public key in the p10CSR if present, else the client's private key. +If the \fIpriv\fR parameter is not 0 and the selected key does not have a +private component then \s-1NULL\s0 is returned. +.PP +\&\fBOSSL_CMP_CTX_set1_issuer()\fR sets the name of the intended issuer that +will be set in the CertTemplate, i.e., the X509 name of the \s-1CA\s0 server. +.PP +\&\fBOSSL_CMP_CTX_set1_subjectName()\fR sets the subject \s-1DN\s0 that will be used in +the CertTemplate structure when requesting a new cert. For Key Update Requests +(\s-1KUR\s0), it defaults to the subject \s-1DN\s0 of the reference certificate, +see \fBOSSL_CMP_CTX_set1_oldCert()\fR. This default is used for Initialization +Requests (\s-1IR\s0) and Certification Requests (\s-1CR\s0) only if no SANs are set. +The \fIsubjectName\fR is also used as fallback for the sender field +of outgoing \s-1CMP\s0 messages if no reference certificate is available. +.PP +\&\fBOSSL_CMP_CTX_push1_subjectAltName()\fR adds the given X509 name to the list of +alternate names on the certificate template request. This cannot be used if +any Subject Alternative Name extension is set via +\&\fBOSSL_CMP_CTX_set0_reqExtensions()\fR. +By default, unless \fB\s-1OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT\s0\fR has been set, +the Subject Alternative Names are copied from the reference certificate, +see \fBOSSL_CMP_CTX_set1_oldCert()\fR. +If set and the subject \s-1DN\s0 is not set with \fBOSSL_CMP_CTX_set1_subjectName()\fR then +the certificate template of an \s-1IR\s0 and \s-1CR\s0 will not be filled with the default +subject \s-1DN\s0 from the reference certificate. +If a subject \s-1DN\s0 is desired it needs to be set explicitly with +\&\fBOSSL_CMP_CTX_set1_subjectName()\fR. +.PP +\&\fBOSSL_CMP_CTX_set0_reqExtensions()\fR sets the X.509v3 extensions to be used in +\&\s-1IR/CR/KUR.\s0 +.PP +\&\fBOSSL_CMP_CTX_reqExtensions_have_SAN()\fR returns 1 if the context contains +a Subject Alternative Name extension, else 0 or \-1 on error. +.PP +\&\fBOSSL_CMP_CTX_push0_policy()\fR adds the certificate policy info object +to the X509_EXTENSIONS of the requested certificate template. +.PP +\&\fBOSSL_CMP_CTX_set1_oldCert()\fR sets the old certificate to be updated in +Key Update Requests (\s-1KUR\s0) or to be revoked in Revocation Requests (\s-1RR\s0). +It must be given for \s-1RR,\s0 else it defaults to the \s-1CMP\s0 signer certificate. +The \fIreference certificate\fR determined in this way, if any, is also used for +deriving default subject \s-1DN,\s0 public key, Subject Alternative Names, and the +default issuer entry in the requested certificate template of \s-1IR/CR/KUR.\s0 +The subject of the reference certificate is used as the sender field value +in \s-1CMP\s0 message headers. +Its issuer is used as default recipient in \s-1CMP\s0 message headers. +.PP +\&\fBOSSL_CMP_CTX_set1_p10CSR()\fR sets the PKCS#10 \s-1CSR\s0 to use in P10CR messages. +If such a \s-1CSR\s0 is provided, its subject, public key, and extension fields are +also used as fallback values for the certificate template of \s-1IR/CR/KUR\s0 messages. +.PP +\&\fBOSSL_CMP_CTX_push0_genm_ITAV()\fR adds \fIitav\fR to the stack in the \fIctx\fR which +will be the body of a General Message sent with this context. +.PP +\&\fBOSSL_CMP_certConf_cb()\fR is the default certificate confirmation callback function. +If the callback argument is not \s-1NULL\s0 it must point to a trust store. +In this case the function checks that the newly enrolled certificate can be +verified using this trust store and untrusted certificates from the \fIctx\fR, +which have been augmented by the list of extraCerts received. +During this verification, any certificate status checking is disabled. +If the callback argument is \s-1NULL\s0 the function tries building an approximate +chain as far as possible using the same untrusted certificates from the \fIctx\fR, +and if this fails it takes the received extraCerts as fallback. +The resulting cert chain can be retrieved using \fBOSSL_CMP_CTX_get1_newChain()\fR. +.PP +\&\fBOSSL_CMP_CTX_set_certConf_cb()\fR sets the callback used for evaluating the newly +enrolled certificate before the library sends, depending on its result, +a positive or negative certConf message to the server. The callback has type +.PP +.Vb 2 +\& typedef int (*OSSL_CMP_certConf_cb_t) (OSSL_CMP_CTX *ctx, X509 *cert, +\& int fail_info, const char **txt); +.Ve +.PP +and should inspect the certificate it obtains via the \fIcert\fR parameter and may +overrule the pre-decision given in the \fIfail_info\fR and \fI*txt\fR parameters. +If it accepts the certificate it must return 0, indicating success. Else it must +return a bit field reflecting PKIFailureInfo with at least one failure bit and +may set the \fI*txt\fR output parameter to point to a string constant with more +detail. The transfer callback may make use of a custom defined argument stored +in the \fIctx\fR by means of \fBOSSL_CMP_CTX_set_certConf_cb_arg()\fR, which may be +retrieved again through \fBOSSL_CMP_CTX_get_certConf_cb_arg()\fR. +Typically, the callback will check at least that the certificate can be verified +using a set of trusted certificates. +It also could compare the subject \s-1DN\s0 and other fields of the newly +enrolled certificate with the certificate template of the request. +.PP +\&\fBOSSL_CMP_CTX_set_certConf_cb_arg()\fR sets an argument, respectively a pointer to a +structure containing arguments, optionally to be used by the certConf callback. +\&\fIarg\fR is not consumed, and it must therefore explicitly be freed when not +needed any more. \fIarg\fR may be \s-1NULL\s0 to clear the entry. +.PP +\&\fBOSSL_CMP_CTX_get_certConf_cb_arg()\fR gets the argument, respectively the pointer +to a structure containing arguments, previously set by +\&\fBOSSL_CMP_CTX_set_certConf_cb_arg()\fR, or \s-1NULL\s0 if unset. +.PP +\&\fBOSSL_CMP_CTX_get_status()\fR returns for client contexts the PKIstatus from +the last received CertRepMessage or Revocation Response or error message: +=item \fBOSSL_CMP_PKISTATUS_accepted\fR on successful receipt of a \s-1GENP\s0 message: +.IP "\fBOSSL_CMP_PKISTATUS_request\fR" 4 +.IX Item "OSSL_CMP_PKISTATUS_request" +if an \s-1IR/CR/KUR/RR/GENM\s0 request message could not be produced, +.IP "\fBOSSL_CMP_PKISTATUS_trans\fR" 4 +.IX Item "OSSL_CMP_PKISTATUS_trans" +on a transmission error or transaction error for this type of request, and +.IP "\fBOSSL_CMP_PKISTATUS_unspecified\fR" 4 +.IX Item "OSSL_CMP_PKISTATUS_unspecified" +if no such request was attempted or \fBOSSL_CMP_CTX_reinit()\fR has been called. +.PP +For server contexts it returns +\&\fBOSSL_CMP_PKISTATUS_trans\fR if a transaction is open, +otherwise \fBOSSL_CMP_PKISTATUS_unspecified\fR. +.PP +\&\fBOSSL_CMP_CTX_get0_statusString()\fR returns the statusString from the last received +CertRepMessage or Revocation Response or error message, or \s-1NULL\s0 if unset. +.PP +\&\fBOSSL_CMP_CTX_get_failInfoCode()\fR returns the error code from the failInfo field +of the last received CertRepMessage or Revocation Response or error message, +or \-1 if no such response was received or \fBOSSL_CMP_CTX_reinit()\fR has been called. +This is a bit field and the flags for it are specified in the header file +\&\fI<openssl/cmp.h>\fR. +The flags start with \s-1OSSL_CMP_CTX_FAILINFO,\s0 for example: +OSSL_CMP_CTX_FAILINFO_badAlg. Returns \-1 if the failInfoCode field is unset. +.PP +\&\fBOSSL_CMP_CTX_get0_newCert()\fR returns the pointer to the newly obtained +certificate in case it is available, else \s-1NULL.\s0 +.PP +\&\fBOSSL_CMP_CTX_get1_newChain()\fR returns a pointer to a duplicate of the stack of +X.509 certificates computed by \fBOSSL_CMP_certConf_cb()\fR (if this function has +been called) on the last received certificate response message \s-1IP/CP/KUP.\s0 +.PP +\&\fBOSSL_CMP_CTX_get1_caPubs()\fR returns a pointer to a duplicate of the list of +X.509 certificates in the caPubs field of the last received certificate +response message (of type \s-1IP, CP,\s0 or \s-1KUP\s0), +or an empty stack if no caPubs have been received in the current transaction. +.PP +\&\fBOSSL_CMP_CTX_get1_extraCertsIn()\fR returns a pointer to a duplicate of the list +of X.509 certificates contained in the extraCerts field of the last received +response message (except for pollRep and PKIConf), or +an empty stack if no extraCerts have been received in the current transaction. +.PP +\&\fBOSSL_CMP_CTX_set1_transactionID()\fR sets the given transaction \s-1ID\s0 in the given +\&\s-1OSSL_CMP_CTX\s0 structure. +.PP +\&\fBOSSL_CMP_CTX_set1_senderNonce()\fR stores the last sent sender \fInonce\fR in +the \fIctx\fR. This will be used to validate the recipNonce in incoming messages. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1CMP\s0 is defined in \s-1RFC 4210\s0 (and \s-1CRMF\s0 in \s-1RFC 4211\s0). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_CMP_CTX_free()\fR and \fBOSSL_CMP_CTX_print_errors()\fR do not return anything. +.PP +\&\fBOSSL_CMP_CTX_new()\fR, +\&\fBOSSL_CMP_CTX_get_http_cb_arg()\fR, +\&\fBOSSL_CMP_CTX_get_transfer_cb_arg()\fR, +\&\fBOSSL_CMP_CTX_get0_trustedStore()\fR, +\&\fBOSSL_CMP_CTX_get0_untrusted()\fR, +\&\fBOSSL_CMP_CTX_get0_newPkey()\fR, +\&\fBOSSL_CMP_CTX_get_certConf_cb_arg()\fR, +\&\fBOSSL_CMP_CTX_get0_statusString()\fR, +\&\fBOSSL_CMP_CTX_get0_newCert()\fR, +\&\fBOSSL_CMP_CTX_get0_newChain()\fR, +\&\fBOSSL_CMP_CTX_get1_caPubs()\fR, and +\&\fBOSSL_CMP_CTX_get1_extraCertsIn()\fR +return the intended pointer value as described above or \s-1NULL\s0 on error. +.PP +\&\fBOSSL_CMP_CTX_get_option()\fR, +\&\fBOSSL_CMP_CTX_reqExtensions_have_SAN()\fR, +\&\fBOSSL_CMP_CTX_get_status()\fR, and +\&\fBOSSL_CMP_CTX_get_failInfoCode()\fR +return the intended value as described above or \-1 on error. +.PP +\&\fBOSSL_CMP_certConf_cb()\fR returns \fIfail_info\fR if it is not equal to 0, +else 0 on successful validation, +or else a bit field with the \fBOSSL_CMP_PKIFAILUREINFO_incorrectData\fR bit set. +.PP +All other functions, including \fBOSSL_CMP_CTX_reinit()\fR +and \fBOSSL_CMP_CTX_reset_geninfo_ITAVs()\fR, +return 1 on success, 0 on error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following code omits error handling. +.PP +Set up a \s-1CMP\s0 client context for sending requests and verifying responses: +.PP +.Vb 5 +\& cmp_ctx = OSSL_CMP_CTX_new(); +\& OSSL_CMP_CTX_set1_server(cmp_ctx, name_or_address); +\& OSSL_CMP_CTX_set1_serverPort(cmp_ctx, port_string); +\& OSSL_CMP_CTX_set1_serverPath(cmp_ctx, path_or_alias); +\& OSSL_CMP_CTX_set0_trustedStore(cmp_ctx, ts); +.Ve +.PP +Set up symmetric credentials for MAC-based message protection such as \s-1PBM:\s0 +.PP +.Vb 2 +\& OSSL_CMP_CTX_set1_referenceValue(cmp_ctx, ref, ref_len); +\& OSSL_CMP_CTX_set1_secretValue(cmp_ctx, sec, sec_len); +.Ve +.PP +Set up the details for certificate requests: +.PP +.Vb 2 +\& OSSL_CMP_CTX_set1_subjectName(cmp_ctx, name); +\& OSSL_CMP_CTX_set0_newPkey(cmp_ctx, 1, initialKey); +.Ve +.PP +Perform an Initialization Request transaction: +.PP +.Vb 1 +\& initialCert = OSSL_CMP_exec_IR_ses(cmp_ctx); +.Ve +.PP +Reset the transaction state of the \s-1CMP\s0 context and the credentials: +.PP +.Vb 3 +\& OSSL_CMP_CTX_reinit(cmp_ctx); +\& OSSL_CMP_CTX_set1_referenceValue(cmp_ctx, NULL, 0); +\& OSSL_CMP_CTX_set1_secretValue(cmp_ctx, NULL, 0); +.Ve +.PP +Perform a Certification Request transaction, making use of the new credentials: +.PP +.Vb 4 +\& OSSL_CMP_CTX_set1_cert(cmp_ctx, initialCert); +\& OSSL_CMP_CTX_set1_pkey(cmp_ctx, initialKey); +\& OSSL_CMP_CTX_set0_newPkey(cmp_ctx, 1, curentKey); +\& currentCert = OSSL_CMP_exec_CR_ses(cmp_ctx); +.Ve +.PP +Perform a Key Update Request, signed using the cert (and key) to be updated: +.PP +.Vb 6 +\& OSSL_CMP_CTX_reinit(cmp_ctx); +\& OSSL_CMP_CTX_set1_cert(cmp_ctx, currentCert); +\& OSSL_CMP_CTX_set1_pkey(cmp_ctx, currentKey); +\& OSSL_CMP_CTX_set0_newPkey(cmp_ctx, 1, updatedKey); +\& currentCert = OSSL_CMP_exec_KUR_ses(cmp_ctx); +\& currentKey = updatedKey; +.Ve +.PP +Perform a General Message transaction including, as an example, +the id-it-signKeyPairTypes \s-1OID\s0 and prints info on the General Response contents: +.PP +.Vb 1 +\& OSSL_CMP_CTX_reinit(cmp_ctx); +\& +\& ASN1_OBJECT *type = OBJ_txt2obj("1.3.6.1.5.5.7.4.2", 1); +\& OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_create(type, NULL); +\& OSSL_CMP_CTX_push0_genm_ITAV(cmp_ctx, itav); +\& +\& STACK_OF(OSSL_CMP_ITAV) *itavs; +\& itavs = OSSL_CMP_exec_GENM_ses(cmp_ctx); +\& print_itavs(itavs); +\& sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOSSL_CMP_exec_IR_ses\fR\|(3), \fBOSSL_CMP_exec_CR_ses\fR\|(3), +\&\fBOSSL_CMP_exec_KUR_ses\fR\|(3), \fBOSSL_CMP_exec_GENM_ses\fR\|(3), +\&\fBOSSL_CMP_exec_certreq\fR\|(3), \fBOSSL_CMP_MSG_http_perform\fR\|(3), +\&\fBERR_print_errors_cb\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. +.PP +\&\fBOSSL_CMP_CTX_reset_geninfo_ITAVs()\fR was added in OpenSSL 3.0.8. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_CMP_HDR_get0_transactionID.3 b/secure/lib/libcrypto/man/man3/OSSL_CMP_HDR_get0_transactionID.3 new file mode 100644 index 000000000000..bc1585dfb70b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_CMP_HDR_get0_transactionID.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CMP_HDR_GET0_TRANSACTIONID 3ossl" +.TH OSSL_CMP_HDR_GET0_TRANSACTIONID 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CMP_HDR_get0_transactionID, +OSSL_CMP_HDR_get0_recipNonce +\&\- functions manipulating CMP message headers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/cmp.h> +\& +\& ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const +\& OSSL_CMP_PKIHEADER *hdr); +\& ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const +\& OSSL_CMP_PKIHEADER *hdr); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OSSL_CMP_HDR_get0_transactionID returns the transaction \s-1ID\s0 of the given +PKIHeader. +.PP +OSSL_CMP_HDR_get0_recipNonce returns the recipient nonce of the given PKIHeader. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1CMP\s0 is defined in \s-1RFC 4210.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions return the intended pointer value as described above +or \s-1NULL\s0 if the respective entry does not exist and on error. +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_CMP_ITAV_set0.3 b/secure/lib/libcrypto/man/man3/OSSL_CMP_ITAV_set0.3 new file mode 100644 index 000000000000..411763ba0c4b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_CMP_ITAV_set0.3 @@ -0,0 +1,240 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CMP_ITAV_SET0 3ossl" +.TH OSSL_CMP_ITAV_SET0 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CMP_ITAV_create, +OSSL_CMP_ITAV_set0, +OSSL_CMP_ITAV_get0_type, +OSSL_CMP_ITAV_get0_value, +OSSL_CMP_ITAV_push0_stack_item +\&\- OSSL_CMP_ITAV utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 6 +\& #include <openssl/cmp.h> +\& OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value); +\& void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type, +\& ASN1_TYPE *value); +\& ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav); +\& ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav); +\& +\& int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, +\& OSSL_CMP_ITAV *itav); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Certificate Management Protocol (\s-1CMP, RFC 4210\s0) extension to OpenSSL +.PP +\&\s-1ITAV\s0 is short for InfoTypeAndValue. This type is defined in \s-1RFC 4210\s0 +section 5.3.19 and Appendix F. It is used at various places in \s-1CMP\s0 messages, +e.g., in the generalInfo PKIHeader field, to hold a key-value pair. +.PP +\&\fBOSSL_CMP_ITAV_create()\fR creates a new \fB\s-1OSSL_CMP_ITAV\s0\fR structure and fills it in. +It combines \fBOSSL_CMP_ITAV_new()\fR and \fBOSSL_CMP_ITAV_set0()\fR. +.PP +\&\fBOSSL_CMP_ITAV_set0()\fR sets the \fIitav\fR with an infoType of \fItype\fR and an +infoValue of \fIvalue\fR. This function uses the pointers \fItype\fR and \fIvalue\fR +internally, so they must \fBnot\fR be freed up after the call. +.PP +\&\fBOSSL_CMP_ITAV_get0_type()\fR returns a direct pointer to the infoType in the +\&\fIitav\fR. +.PP +\&\fBOSSL_CMP_ITAV_get0_value()\fR returns a direct pointer to the infoValue in +the \fIitav\fR as generic \fB\s-1ASN1_TYPE\s0\fR pointer. +.PP +\&\fBOSSL_CMP_ITAV_push0_stack_item()\fR pushes \fIitav\fR to the stack pointed to +by \fI*itav_sk_p\fR. It creates a new stack if \fI*itav_sk_p\fR points to \s-1NULL.\s0 +.SH "NOTES" +.IX Header "NOTES" +\&\s-1CMP\s0 is defined in \s-1RFC 4210\s0 (and \s-1CRMF\s0 in \s-1RFC 4211\s0). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_CMP_ITAV_create()\fR returns a pointer to the \s-1ITAV\s0 structure on success, +or \s-1NULL\s0 on error. +.PP +\&\fBOSSL_CMP_ITAV_set0()\fR does not return a value. +.PP +\&\fBOSSL_CMP_ITAV_get0_type()\fR and \fBOSSL_CMP_ITAV_get0_value()\fR +return the respective pointer or \s-1NULL\s0 if their input is \s-1NULL.\s0 +.PP +\&\fBOSSL_CMP_ITAV_push0_stack_item()\fR returns 1 on success, 0 on error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following code creates and sets a structure representing a generic +InfoTypeAndValue sequence, using an \s-1OID\s0 created from text as type, and an +integer as value. Afterwards, it is pushed to the \fB\s-1OSSL_CMP_CTX\s0\fR to be later +included in the requests' PKIHeader's genInfo field. +.PP +.Vb 2 +\& ASN1_OBJECT *type = OBJ_txt2obj("1.2.3.4.5", 1); +\& if (type == NULL) ... +\& +\& ASN1_INTEGER *asn1int = ASN1_INTEGER_new(); +\& if (asn1int == NULL || !ASN1_INTEGER_set(asn1int, 12345)) ... +\& +\& ASN1_TYPE *val = ASN1_TYPE_new(); +\& if (val == NULL) ... +\& ASN1_TYPE_set(val, V_ASN1_INTEGER, asn1int); +\& +\& OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_create(type, val); +\& if (itav == NULL) ... +\& +\& OSSL_CMP_CTX *ctx = OSSL_CMP_CTX_new(); +\& if (ctx == NULL || !OSSL_CMP_CTX_geninfo_push0_ITAV(ctx, itav)) { +\& OSSL_CMP_ITAV_free(itav); /* also frees type and val */ +\& goto err; +\& } +\& +\& ... +\& +\& OSSL_CMP_CTX_free(ctx); /* also frees itav */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOSSL_CMP_CTX_new\fR\|(3), \fBOSSL_CMP_CTX_free\fR\|(3), \fBASN1_TYPE_set\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_CMP_MSG_get0_header.3 b/secure/lib/libcrypto/man/man3/OSSL_CMP_MSG_get0_header.3 new file mode 100644 index 000000000000..325c659e76b5 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_CMP_MSG_get0_header.3 @@ -0,0 +1,276 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CMP_MSG_GET0_HEADER 3ossl" +.TH OSSL_CMP_MSG_GET0_HEADER 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CMP_MSG_get0_header, +OSSL_CMP_MSG_get_bodytype, +OSSL_CMP_MSG_update_transactionID, +OSSL_CMP_MSG_update_recipNonce, +OSSL_CMP_CTX_setup_CRM, +OSSL_CMP_MSG_read, +OSSL_CMP_MSG_write, +d2i_OSSL_CMP_MSG_bio, +i2d_OSSL_CMP_MSG_bio +\&\- function(s) manipulating CMP messages +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/cmp.h> +\& +\& OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); +\& int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg); +\& int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); +\& int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); +\& OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid); +\& OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx, const char *propq); +\& int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg); +\& OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg); +\& int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOSSL_CMP_MSG_get0_header()\fR returns the header of the given \s-1CMP\s0 message. +.PP +\&\fBOSSL_CMP_MSG_get_bodytype()\fR returns the body type of the given \s-1CMP\s0 message. +.PP +\&\fBOSSL_CMP_MSG_update_transactionID()\fR updates the transactionID field +in the header of the given message according to the \s-1CMP_CTX.\s0 +If \fIctx\fR does not contain a transaction \s-1ID,\s0 a fresh one is created before. +The message gets re-protected (if protecting requests is required). +.PP +\&\fBOSSL_CMP_MSG_update_recipNonce()\fR updates the recipNonce field +in the header of the given message according to the \s-1CMP_CTX.\s0 +The message gets re-protected (if protecting requests is required). +.PP +\&\fBOSSL_CMP_CTX_setup_CRM()\fR creates a \s-1CRMF\s0 certificate request message +from various information provided in the \s-1CMP\s0 context argument \fIctx\fR +for inclusion in a \s-1CMP\s0 request message based on details contained in \fIctx\fR. +The \fIrid\fR argument defines the request identifier to use, which typically is 0. +.PP +The subject \s-1DN\s0 included in the certificate template is +the first available value of these: +.IP "any subject name in \fIctx\fR set via \fBOSSL_CMP_CTX_set1_subjectName\fR\|(3) \- if it is the NULL-DN (i.e., any empty sequence of RDNs), no subject is included," 4 +.IX Item "any subject name in ctx set via OSSL_CMP_CTX_set1_subjectName - if it is the NULL-DN (i.e., any empty sequence of RDNs), no subject is included," +.PD 0 +.IP "the subject field of any PKCS#10 \s-1CSR\s0 set in \fIctx\fR via \fBOSSL_CMP_CTX_set1_p10CSR\fR\|(3)," 4 +.IX Item "the subject field of any PKCS#10 CSR set in ctx via OSSL_CMP_CTX_set1_p10CSR," +.IP "the subject field of any reference certificate given in \fIctx\fR (see \fBOSSL_CMP_CTX_set1_oldCert\fR\|(3)), but only if \fIfor_KUR\fR is nonzero or the \fIctx\fR does not include a Subject Alternative Name." 4 +.IX Item "the subject field of any reference certificate given in ctx (see OSSL_CMP_CTX_set1_oldCert), but only if for_KUR is nonzero or the ctx does not include a Subject Alternative Name." +.PD +.PP +The public key included is the first available value of these: +.IP "the public key derived from any key set via \fBOSSL_CMP_CTX_set0_newPkey\fR\|(3)," 4 +.IX Item "the public key derived from any key set via OSSL_CMP_CTX_set0_newPkey," +.PD 0 +.IP "the public key of any PKCS#10 \s-1CSR\s0 given in \fIctx\fR," 4 +.IX Item "the public key of any PKCS#10 CSR given in ctx," +.IP "the public key of any reference certificate given in \fIctx\fR (see \fBOSSL_CMP_CTX_set1_oldCert\fR\|(3))," 4 +.IX Item "the public key of any reference certificate given in ctx (see OSSL_CMP_CTX_set1_oldCert)," +.IP "the public key derived from any client's private key set via \fBOSSL_CMP_CTX_set1_pkey\fR\|(3)." 4 +.IX Item "the public key derived from any client's private key set via OSSL_CMP_CTX_set1_pkey." +.PD +.PP +The set of X.509 extensions to include is computed as follows. +If a PKCS#10 \s-1CSR\s0 is present in \fIctx\fR, default extensions are taken from there, +otherwise the empty set is taken as the initial value. +If there is a reference certificate in \fIctx\fR and contains Subject Alternative +Names (SANs) and \fB\s-1OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT\s0\fR is not set, +these override any SANs from the PKCS#10 \s-1CSR.\s0 +The extensions are further augmented or overridden by any extensions with the +same OIDs included in the \fIctx\fR via \fBOSSL_CMP_CTX_set0_reqExtensions\fR\|(3). +The SANs are further overridden by any SANs included in \fIctx\fR via +\&\fBOSSL_CMP_CTX_push1_subjectAltName\fR\|(3). +Finally, policies are overridden by any policies included in \fIctx\fR via +\&\fBOSSL_CMP_CTX_push0_policy\fR\|(3). +.PP +\&\fBOSSL_CMP_CTX_setup_CRM()\fR also sets the sets the regToken control \fBoldCertID\fR +for \s-1KUR\s0 messages using the issuer name and serial number of the reference +certificate, if present. +.PP +\&\fBOSSL_CMP_MSG_read()\fR loads a DER-encoded \s-1OSSL_CMP_MSG\s0 from \fIfile\fR. +.PP +\&\fBOSSL_CMP_MSG_write()\fR stores the given \s-1OSSL_CMP_MSG\s0 to \fIfile\fR in \s-1DER\s0 encoding. +.PP +\&\fBd2i_OSSL_CMP_MSG_bio()\fR parses an \s-1ASN\s0.1\-encoded \s-1OSSL_CMP_MSG\s0 from the \s-1BIO\s0 \fIbio\fR. +It assigns a pointer to the new structure to \fI*msg\fR if \fImsg\fR is not \s-1NULL.\s0 +.PP +\&\fBi2d_OSSL_CMP_MSG_bio()\fR writes the \s-1OSSL_CMP_MSG\s0 \fImsg\fR in \s-1ASN.1\s0 encoding +to \s-1BIO\s0 \fIbio\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1CMP\s0 is defined in \s-1RFC 4210.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_CMP_MSG_get0_header()\fR returns the intended pointer value as described above +or \s-1NULL\s0 if the respective entry does not exist and on error. +.PP +\&\fBOSSL_CMP_MSG_get_bodytype()\fR returns the body type or \-1 on error. +.PP +\&\fBOSSL_CMP_CTX_setup_CRM()\fR returns a pointer to a \fB\s-1OSSL_CRMF_MSG\s0\fR on success, +\&\s-1NULL\s0 on error. +.PP +\&\fBd2i_OSSL_CMP_MSG_bio()\fR returns the parsed message or \s-1NULL\s0 on error. +.PP +\&\fBOSSL_CMP_MSG_read()\fR and \fBd2i_OSSL_CMP_MSG_bio()\fR +return the parsed \s-1CMP\s0 message or \s-1NULL\s0 on error. +.PP +\&\fBOSSL_CMP_MSG_write()\fR returns the number of bytes successfully encoded or a +negative value if an error occurs. +.PP +\&\fBi2d_OSSL_CMP_MSG_bio()\fR, \fBOSSL_CMP_MSG_update_transactionID()\fR, +and \fBOSSL_CMP_MSG_update_recipNonce()\fR +return 1 on success, 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOSSL_CMP_CTX_set1_subjectName\fR\|(3), \fBOSSL_CMP_CTX_set1_p10CSR\fR\|(3), +\&\fBOSSL_CMP_CTX_set1_oldCert\fR\|(3), \fBOSSL_CMP_CTX_set0_newPkey\fR\|(3), +\&\fBOSSL_CMP_CTX_set1_pkey\fR\|(3), \fBOSSL_CMP_CTX_set0_reqExtensions\fR\|(3), +\&\fBOSSL_CMP_CTX_push1_subjectAltName\fR\|(3), \fBOSSL_CMP_CTX_push0_policy\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. +.PP +\&\fBOSSL_CMP_MSG_update_recipNonce()\fR was added in OpenSSL 3.0.9. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_CMP_MSG_http_perform.3 b/secure/lib/libcrypto/man/man3/OSSL_CMP_MSG_http_perform.3 new file mode 100644 index 000000000000..060abdf0b707 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_CMP_MSG_http_perform.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CMP_MSG_HTTP_PERFORM 3ossl" +.TH OSSL_CMP_MSG_HTTP_PERFORM 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CMP_MSG_http_perform +\&\- client\-side HTTP(S) transfer of a CMP request\-response pair +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/cmp.h> +\& +\& OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx, +\& const OSSL_CMP_MSG *req); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOSSL_CMP_MSG_http_perform()\fR sends the given PKIMessage \fIreq\fR +to the \s-1CMP\s0 server specified in \fIctx\fR via \fBOSSL_CMP_CTX_set1_server\fR\|(3) +and optionally \fBOSSL_CMP_CTX_set_serverPort\fR\|(3), using +any \*(L"\s-1CMP\s0 alias\*(R" optionally specified via \fBOSSL_CMP_CTX_set1_serverPath\fR\|(3). +The default port is 80 for \s-1HTTP\s0 and 443 for \s-1HTTPS\s0; the default path is \*(L"/\*(R". +On success the function returns the server's response PKIMessage. +.PP +The function makes use of any \s-1HTTP\s0 callback function +set via \fBOSSL_CMP_CTX_set_http_cb\fR\|(3). +It respects any timeout value set via \fBOSSL_CMP_CTX_set_option\fR\|(3) +with an \fB\s-1OSSL_CMP_OPT_MSG_TIMEOUT\s0\fR argument. +It also respects any \s-1HTTP\s0(S) proxy options set via \fBOSSL_CMP_CTX_set1_proxy\fR\|(3) +and \fBOSSL_CMP_CTX_set1_no_proxy\fR\|(3) and the respective environment variables. +Proxying plain \s-1HTTP\s0 is supported directly, +while using a proxy for \s-1HTTPS\s0 connections requires a suitable callback function +such as \fBOSSL_HTTP_proxy_connect\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +\&\s-1CMP\s0 is defined in \s-1RFC 4210. +HTTP\s0 transfer for \s-1CMP\s0 is defined in \s-1RFC 6712.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_CMP_MSG_http_perform()\fR returns a \s-1CMP\s0 message on success, else \s-1NULL.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOSSL_CMP_CTX_new\fR\|(3), \fBOSSL_HTTP_proxy_connect\fR\|(3). +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_CMP_SRV_CTX_new.3 b/secure/lib/libcrypto/man/man3/OSSL_CMP_SRV_CTX_new.3 new file mode 100644 index 000000000000..213fddb6e74d --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_CMP_SRV_CTX_new.3 @@ -0,0 +1,297 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CMP_SRV_CTX_NEW 3ossl" +.TH OSSL_CMP_SRV_CTX_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CMP_SRV_process_request, +OSSL_CMP_CTX_server_perform, +OSSL_CMP_SRV_CTX_new, +OSSL_CMP_SRV_CTX_free, +OSSL_CMP_SRV_cert_request_cb_t, +OSSL_CMP_SRV_rr_cb_t, +OSSL_CMP_SRV_certConf_cb_t, +OSSL_CMP_SRV_genm_cb_t, +OSSL_CMP_SRV_error_cb_t, +OSSL_CMP_SRV_pollReq_cb_t, +OSSL_CMP_SRV_CTX_init, +OSSL_CMP_SRV_CTX_get0_cmp_ctx, +OSSL_CMP_SRV_CTX_get0_custom_ctx, +OSSL_CMP_SRV_CTX_set_send_unprotected_errors, +OSSL_CMP_SRV_CTX_set_accept_unprotected, +OSSL_CMP_SRV_CTX_set_accept_raverified, +OSSL_CMP_SRV_CTX_set_grant_implicit_confirm +\&\- generic functions to set up and control a CMP server +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/cmp.h> +\& +\& OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, +\& const OSSL_CMP_MSG *req); +\& OSSL_CMP_MSG *OSSL_CMP_CTX_server_perform(OSSL_CMP_CTX *client_ctx, +\& const OSSL_CMP_MSG *req); +\& OSSL_CMP_SRV_CTX *OSSL_CMP_SRV_CTX_new(OSSL_LIB_CTX *libctx, const char *propq); +\& void OSSL_CMP_SRV_CTX_free(OSSL_CMP_SRV_CTX *srv_ctx); +\& +\& typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_cert_request_cb_t)( +\& OSSL_CMP_SRV_CTX *srv_ctx, +\& const OSSL_CMP_MSG *req, +\& int certReqId, +\& const OSSL_CRMF_MSG *crm, +\& const X509_REQ *p10cr, +\& X509 **certOut, +\& STACK_OF(X509) **chainOut, +\& STACK_OF(X509) **caPubs); +\& typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_rr_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, +\& const OSSL_CMP_MSG *req, +\& const X509_NAME *issuer, +\& const ASN1_INTEGER *serial); +\& typedef int (*OSSL_CMP_SRV_genm_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, +\& const OSSL_CMP_MSG *req, +\& STACK_OF(OSSL_CMP_ITAV) *in, +\& STACK_OF(OSSL_CMP_ITAV) **out); +\& typedef void (*OSSL_CMP_SRV_error_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, +\& const OSSL_CMP_MSG *req, +\& const OSSL_CMP_PKISI *statusInfo, +\& const ASN1_INTEGER *errorCode, +\& const OSSL_CMP_PKIFREETEXT *errorDetails); +\& typedef int (*OSSL_CMP_SRV_certConf_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, +\& const OSSL_CMP_MSG *req, +\& int certReqId, +\& const ASN1_OCTET_STRING *certHash, +\& const OSSL_CMP_PKISI *si); +\& typedef int (*OSSL_CMP_SRV_pollReq_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, +\& const OSSL_CMP_MSG *req, +\& int certReqId, +\& OSSL_CMP_MSG **certReq, +\& int64_t *check_after); +\& int OSSL_CMP_SRV_CTX_init(OSSL_CMP_SRV_CTX *srv_ctx, void *custom_ctx, +\& OSSL_CMP_SRV_cert_request_cb_t process_cert_request, +\& OSSL_CMP_SRV_rr_cb_t process_rr, +\& OSSL_CMP_SRV_genm_cb_t process_genm, +\& OSSL_CMP_SRV_error_cb_t process_error, +\& OSSL_CMP_SRV_certConf_cb_t process_certConf, +\& OSSL_CMP_SRV_pollReq_cb_t process_pollReq); +\& +\& OSSL_CMP_CTX *OSSL_CMP_SRV_CTX_get0_cmp_ctx(const OSSL_CMP_SRV_CTX *srv_ctx); +\& void *OSSL_CMP_SRV_CTX_get0_custom_ctx(const OSSL_CMP_SRV_CTX *srv_ctx); +\& +\& int OSSL_CMP_SRV_CTX_set_send_unprotected_errors(OSSL_CMP_SRV_CTX *srv_ctx, +\& int val); +\& int OSSL_CMP_SRV_CTX_set_accept_unprotected(OSSL_CMP_SRV_CTX *srv_ctx, int val); +\& int OSSL_CMP_SRV_CTX_set_accept_raverified(OSSL_CMP_SRV_CTX *srv_ctx, int val); +\& int OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(OSSL_CMP_SRV_CTX *srv_ctx, +\& int val); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOSSL_CMP_SRV_process_request()\fR implements the generic aspects of a \s-1CMP\s0 server. +Its arguments are the \fB\s-1OSSL_CMP_SRV_CTX\s0\fR \fIsrv_ctx\fR and the \s-1CMP\s0 request message +\&\fIreq\fR. It does the typical generic checks on \fIreq\fR, calls +the respective callback function (if present) for more specific processing, +and then assembles a result message, which may be a \s-1CMP\s0 error message. +If after return of the function the expression +\&\fIOSSL_CMP_CTX_get_status(OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx))\fR yields \-1 +then the function has closed the current transaction, +which may be due to normal successful end of the transaction or due to an error. +.PP +\&\fBOSSL_CMP_CTX_server_perform()\fR is an interface to +\&\fBOSSL_CMP_SRV_process_request()\fR that can be used by a \s-1CMP\s0 client +in the same way as \fBOSSL_CMP_MSG_http_perform\fR\|(3). +The \fB\s-1OSSL_CMP_SRV_CTX\s0\fR must be set as \fItransfer_cb_arg\fR of \fIclient_ctx\fR. +.PP +\&\fBOSSL_CMP_SRV_CTX_new()\fR creates and initializes an \fB\s-1OSSL_CMP_SRV_CTX\s0\fR structure +associated with the library context \fIlibctx\fR and property query string +\&\fIpropq\fR, both of which may be \s-1NULL\s0 to select the defaults. +.PP +\&\fBOSSL_CMP_SRV_CTX_free()\fR deletes the given \fIsrv_ctx\fR. +.PP +\&\fBOSSL_CMP_SRV_CTX_init()\fR sets in the given \fIsrv_ctx\fR a custom server context +pointer as well as callback functions performing the specific processing of \s-1CMP\s0 +certificate requests, revocation requests, certificate confirmation requests, +general messages, error messages, and poll requests. +All arguments except \fIsrv_ctx\fR may be \s-1NULL.\s0 +If a callback for some message type is not given this means that the respective +type of \s-1CMP\s0 message is not supported by the server. +.PP +\&\fBOSSL_CMP_SRV_CTX_get0_cmp_ctx()\fR returns the \fB\s-1OSSL_CMP_CTX\s0\fR from the \fIsrv_ctx\fR. +.PP +\&\fBOSSL_CMP_SRV_CTX_get0_custom_ctx()\fR returns the custom server context from +\&\fIsrv_ctx\fR that has been set using \fBOSSL_CMP_SRV_CTX_init()\fR. +.PP +\&\fBOSSL_CMP_SRV_CTX_set_send_unprotected_errors()\fR enables sending error messages +and other forms of negative responses unprotected. +.PP +\&\fBOSSL_CMP_SRV_CTX_set_accept_unprotected()\fR enables acceptance of requests +without protection of with invalid protection. +.PP +\&\fBOSSL_CMP_SRV_CTX_set_accept_raverified()\fR enables acceptance of ir/cr/kur +messages with \s-1POPO\s0 'RAVerified'. +.PP +\&\fBOSSL_CMP_SRV_CTX_set_grant_implicit_confirm()\fR enables granting implicit +confirmation of newly enrolled certificates if requested. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1CMP\s0 is defined in \s-1RFC 4210\s0 (and \s-1CRMF\s0 in \s-1RFC 4211\s0). +.PP +So far the \s-1CMP\s0 server implementation is limited to one request per \s-1CMP\s0 message +(and consequently to at most one response component per \s-1CMP\s0 message). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_CMP_SRV_CTX_new()\fR returns a \fB\s-1OSSL_CMP_SRV_CTX\s0\fR structure on success, +\&\s-1NULL\s0 on error. +.PP +\&\fBOSSL_CMP_SRV_CTX_free()\fR does not return a value. +.PP +\&\fBOSSL_CMP_SRV_CTX_get0_cmp_ctx()\fR returns a \fB\s-1OSSL_CMP_CTX\s0\fR structure on success, +\&\s-1NULL\s0 on error. +.PP +\&\fBOSSL_CMP_SRV_CTX_get0_custom_ctx()\fR returns the custom server context +that has been set using \fBOSSL_CMP_SRV_CTX_init()\fR. +.PP +All other functions return 1 on success, 0 on error. +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_CMP_STATUSINFO_new.3 b/secure/lib/libcrypto/man/man3/OSSL_CMP_STATUSINFO_new.3 new file mode 100644 index 000000000000..bc90dd503384 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_CMP_STATUSINFO_new.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CMP_STATUSINFO_NEW 3ossl" +.TH OSSL_CMP_STATUSINFO_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CMP_STATUSINFO_new, +OSSL_CMP_snprint_PKIStatusInfo, +OSSL_CMP_CTX_snprint_PKIStatus +\&\- function(s) for managing the CMP PKIStatus +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/cmp.h> +\& +\& OSSL_CMP_PKISI *OSSL_CMP_STATUSINFO_new(int status, int fail_info, +\& const char *text); +\& char *OSSL_CMP_snprint_PKIStatusInfo(const OSSL_CMP_PKISI *statusInfo, +\& char *buf, size_t bufsize); +\& char *OSSL_CMP_CTX_snprint_PKIStatus(const OSSL_CMP_CTX *ctx, char *buf, +\& size_t bufsize); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This is the PKIStatus \s-1API\s0 for using \s-1CMP\s0 (Certificate Management Protocol) with +OpenSSL. +.PP +\&\fBOSSL_CMP_STATUSINFO_new()\fR creates a new PKIStatusInfo structure +and fills in the given values. +It sets the status field to \fIstatus\fR, +copies \fItext\fR (unless it is \s-1NULL\s0) to statusString, +and interprets \fIfail_info\fR as bit pattern for the failInfo field. +.PP +\&\fBOSSL_CMP_snprint_PKIStatusInfo()\fR places a human-readable string +representing the given statusInfo +in the given buffer, with the given maximal length. +.PP +\&\fBOSSL_CMP_CTX_snprint_PKIStatus()\fR places a human-readable string +representing the PKIStatusInfo components of the \s-1CMP\s0 context \fIctx\fR +in the given buffer, with the given maximal length. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1CMP\s0 is defined in \s-1RFC 4210\s0 (and \s-1CRMF\s0 in \s-1RFC 4211\s0). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_CMP_STATUSINFO_new()\fR +returns a pointer to the structure on success, or \s-1NULL\s0 on error. +.PP +\&\fBOSSL_CMP_snprint_PKIStatusInfo()\fR and +\&\fBOSSL_CMP_CTX_snprint_PKIStatus()\fR +return a copy of the buffer pointer containing the string or \s-1NULL\s0 on error. +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_CMP_exec_certreq.3 b/secure/lib/libcrypto/man/man3/OSSL_CMP_exec_certreq.3 new file mode 100644 index 000000000000..12390c84f1cf --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_CMP_exec_certreq.3 @@ -0,0 +1,308 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CMP_EXEC_CERTREQ 3ossl" +.TH OSSL_CMP_EXEC_CERTREQ 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CMP_exec_certreq, +OSSL_CMP_exec_IR_ses, +OSSL_CMP_exec_CR_ses, +OSSL_CMP_exec_P10CR_ses, +OSSL_CMP_exec_KUR_ses, +OSSL_CMP_IR, +OSSL_CMP_CR, +OSSL_CMP_P10CR, +OSSL_CMP_KUR, +OSSL_CMP_try_certreq, +OSSL_CMP_exec_RR_ses, +OSSL_CMP_exec_GENM_ses +\&\- functions implementing CMP client transactions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/cmp.h> +\& +\& X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type, +\& const OSSL_CRMF_MSG *crm); +\& X509 *OSSL_CMP_exec_IR_ses(OSSL_CMP_CTX *ctx); +\& X509 *OSSL_CMP_exec_CR_ses(OSSL_CMP_CTX *ctx); +\& X509 *OSSL_CMP_exec_P10CR_ses(OSSL_CMP_CTX *ctx); +\& X509 *OSSL_CMP_exec_KUR_ses(OSSL_CMP_CTX *ctx); +\& #define OSSL_CMP_IR +\& #define OSSL_CMP_CR +\& #define OSSL_CMP_P10CR +\& #define OSSL_CMP_KUR +\& int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, +\& const OSSL_CRMF_MSG *crm, int *checkAfter); +\& int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx); +\& STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This is the OpenSSL \s-1API\s0 for doing \s-1CMP\s0 (Certificate Management Protocol) +client-server transactions, i.e., sequences of \s-1CMP\s0 requests and responses. +.PP +All functions take a populated \s-1OSSL_CMP_CTX\s0 structure as their first argument. +Usually the server name, port, and path (\*(L"\s-1CMP\s0 alias\*(R") need to be set, as well as +credentials the client can use for authenticating itself to the server. +In order to authenticate the server the client typically needs a trust store. +The functions return their respective main results directly, while there are +also accessor functions for retrieving various results and status information +from the \fIctx\fR. See \fBOSSL_CMP_CTX_new\fR\|(3) etc. for details. +.PP +The default conveying protocol is \s-1HTTP.\s0 +Timeout values may be given per request-response pair and per transaction. +See \fBOSSL_CMP_MSG_http_perform\fR\|(3) for details. +.PP +\&\fBOSSL_CMP_exec_IR_ses()\fR requests an initial certificate from the given \s-1PKI.\s0 +.PP +\&\fBOSSL_CMP_exec_CR_ses()\fR requests an additional certificate. +.PP +\&\fBOSSL_CMP_exec_P10CR_ses()\fR conveys a legacy PKCS#10 \s-1CSR\s0 requesting a certificate. +.PP +\&\fBOSSL_CMP_exec_KUR_ses()\fR obtains an updated certificate. +.PP +These four types of certificate enrollment are implemented as macros +calling \fBOSSL_CMP_exec_certreq()\fR. +.PP +\&\fBOSSL_CMP_exec_certreq()\fR performs a certificate request of the type specified +by the \fIreq_type\fR parameter, which may be \s-1IR, CR, P10CR,\s0 or \s-1KUR.\s0 +For \s-1IR, CR,\s0 and \s-1KUR,\s0 the certificate template to be used in the request +may be supplied via the \fIcrm\fR parameter pointing to a \s-1CRMF\s0 structure. +Typically \fIcrm\fR is \s-1NULL,\s0 then the template ingredients are taken from \fIctx\fR +and need to be filled in using \fBOSSL_CMP_CTX_set1_subjectName\fR\|(3), +\&\fBOSSL_CMP_CTX_set0_newPkey\fR\|(3), \fBOSSL_CMP_CTX_set1_oldCert\fR\|(3), etc. +For P10CR, \fBOSSL_CMP_CTX_set1_p10CSR\fR\|(3) needs to be used instead. +The enrollment session may be blocked by sleeping until the addressed +\&\s-1CA\s0 (or an intermediate \s-1PKI\s0 component) can fully process and answer the request. +.PP +\&\fBOSSL_CMP_try_certreq()\fR is an alternative to the above functions that is +more flexible regarding what to do after receiving a checkAfter value. +When called for the first time (with no certificate request in progress for +the given \fIctx\fR) it starts a new transaction by sending a certificate request +constructed as stated above using the \fIreq_type\fR and optional \fIcrm\fR parameter. +Otherwise (when according to \fIctx\fR a 'waiting' status has been received before) +it continues polling for the pending request +unless the \fIreq_type\fR argument is < 0, which aborts the request. +If the requested certificate is available the function returns 1 and the +caller can use \fBOSSL_CMP_CTX_get0_newCert\fR\|(3) to retrieve the new certificate. +If no error occurred but no certificate is available yet then +\&\fBOSSL_CMP_try_certreq()\fR remembers in the \s-1CMP\s0 context that it should be retried +and returns \-1 after assigning the received checkAfter value +via the output pointer argument (unless it is \s-1NULL\s0). +The checkAfter value indicates the number of seconds the caller should let pass +before trying again. The caller is free to sleep for the given number of seconds +or for some other time and/or to do anything else before retrying by calling +\&\fBOSSL_CMP_try_certreq()\fR again with the same parameter values as before. +\&\fBOSSL_CMP_try_certreq()\fR then polls +to see whether meanwhile the requested certificate is available. +If the caller decides to abort the pending certificate request and provides +a negative value as the \fIreq_type\fR argument then \fBOSSL_CMP_try_certreq()\fR +aborts the \s-1CMP\s0 transaction by sending an error message to the server. +.PP +\&\fBOSSL_CMP_exec_RR_ses()\fR requests the revocation of the certificate +specified in the \fIctx\fR using \fBOSSL_CMP_CTX_set1_oldCert\fR\|(3). +\&\s-1RFC 4210\s0 is vague in which PKIStatus should be returned by the server. +We take \*(L"accepted\*(R" and \*(L"grantedWithMods\*(R" as clear success and handle +\&\*(L"revocationWarning\*(R" and \*(L"revocationNotification\*(R" just as warnings because CAs +typically return them as an indication that the certificate was already revoked. +\&\*(L"rejection\*(R" is a clear error. The values \*(L"waiting\*(R" and \*(L"keyUpdateWarning\*(R" +make no sense for revocation and thus are treated as an error as well. +.PP +\&\fBOSSL_CMP_exec_GENM_ses()\fR sends a general message containing the sequence of +infoType and infoValue pairs (InfoTypeAndValue; short: \fB\s-1ITAV\s0\fR) +optionally provided in the \fIctx\fR using \fBOSSL_CMP_CTX_push0_genm_ITAV\fR\|(3). +On success it records in \fIctx\fR the status \fBOSSL_CMP_PKISTATUS_accepted\fR +and returns the list of \fB\s-1ITAV\s0\fRs received in the \s-1GENP\s0 message. +This can be used, for instance, to poll for CRLs or \s-1CA\s0 Key Updates. +See \s-1RFC 4210\s0 section 5.3.19 and appendix E.5 for details. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1CMP\s0 is defined in \s-1RFC 4210\s0 (and \s-1CRMF\s0 in \s-1RFC 4211\s0). +.PP +The \s-1CMP\s0 client implementation is limited to one request per \s-1CMP\s0 message +(and consequently to at most one response component per \s-1CMP\s0 message). +.PP +When a client obtains from a \s-1CMP\s0 server \s-1CA\s0 certificates that it is going to +trust, for instance via the caPubs field of a certificate response, +authentication of the \s-1CMP\s0 server is particularly critical. +So special care must be taken setting up server authentication in \fIctx\fR +using functions such as +\&\fBOSSL_CMP_CTX_set0_trustedStore\fR\|(3) (for certificate-based authentication) or +\&\fBOSSL_CMP_CTX_set1_secretValue\fR\|(3) (for MAC-based protection). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_CMP_exec_certreq()\fR, \fBOSSL_CMP_exec_IR_ses()\fR, \fBOSSL_CMP_exec_CR_ses()\fR, +\&\fBOSSL_CMP_exec_P10CR_ses()\fR, and \fBOSSL_CMP_exec_KUR_ses()\fR return a +pointer to the newly obtained X509 certificate on success, \s-1NULL\s0 on error. +This pointer will be freed implicitly by \fBOSSL_CMP_CTX_free()\fR or +\&\fBCSSL_CMP_CTX_reinit()\fR. +.PP +\&\fBOSSL_CMP_try_certreq()\fR returns 1 if the requested certificate is available +via \fBOSSL_CMP_CTX_get0_newCert\fR\|(3) +or on successfully aborting a pending certificate request, 0 on error, and \-1 +in case a 'waiting' status has been received and checkAfter value is available. +In the latter case \fBOSSL_CMP_CTX_get0_newCert\fR\|(3) yields \s-1NULL\s0 +and the output parameter \fIcheckAfter\fR has been used to +assign the received value unless \fIcheckAfter\fR is \s-1NULL.\s0 +.PP +\&\fBOSSL_CMP_exec_RR_ses()\fR returns 1 on success, 0 on error. +.PP +\&\fBOSSL_CMP_exec_GENM_ses()\fR returns \s-1NULL\s0 on error, +otherwise a pointer to the sequence of \fB\s-1ITAV\s0\fR received, which may be empty. +This pointer must be freed by the caller. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +See \s-1OSSL_CMP_CTX\s0 for examples on how to prepare the context for these +functions. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOSSL_CMP_CTX_new\fR\|(3), \fBOSSL_CMP_CTX_free\fR\|(3), +\&\fBOSSL_CMP_CTX_set1_subjectName\fR\|(3), \fBOSSL_CMP_CTX_set0_newPkey\fR\|(3), +\&\fBOSSL_CMP_CTX_set1_p10CSR\fR\|(3), \fBOSSL_CMP_CTX_set1_oldCert\fR\|(3), +\&\fBOSSL_CMP_CTX_get0_newCert\fR\|(3), \fBOSSL_CMP_CTX_push0_genm_ITAV\fR\|(3), +\&\fBOSSL_CMP_MSG_http_perform\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_CMP_log_open.3 b/secure/lib/libcrypto/man/man3/OSSL_CMP_log_open.3 new file mode 100644 index 000000000000..a98cd4860761 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_CMP_log_open.3 @@ -0,0 +1,256 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CMP_LOG_OPEN 3ossl" +.TH OSSL_CMP_LOG_OPEN 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CMP_log_open, +OSSL_CMP_log_close, +OSSL_CMP_severity, +OSSL_CMP_LOG_EMERG, +OSSL_CMP_LOG_ALERT, +OSSL_CMP_LOG_CRIT, +OSSL_CMP_LOG_ERR, +OSSL_CMP_LOG_WARNING, +OSSL_CMP_LOG_NOTICE, +OSSL_CMP_LOG_INFO, +OSSL_CMP_LOG_DEBUG, +OSSL_CMP_LOG_TRACE, +.PP +OSSL_CMP_log_cb_t, +OSSL_CMP_print_to_bio, +OSSL_CMP_print_errors_cb +\&\- functions for logging and error reporting +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/cmp_util.h> +\& +\& int OSSL_CMP_log_open(void); +\& void OSSL_CMP_log_close(void); +\& +\& /* severity level declarations resemble those from syslog.h */ +\& typedef int OSSL_CMP_severity; +\& #define OSSL_CMP_LOG_EMERG 0 +\& #define OSSL_CMP_LOG_ALERT 1 +\& #define OSSL_CMP_LOG_CRIT 2 +\& #define OSSL_CMP_LOG_ERR 3 +\& #define OSSL_CMP_LOG_WARNING 4 +\& #define OSSL_CMP_LOG_NOTICE 5 +\& #define OSSL_CMP_LOG_INFO 6 +\& #define OSSL_CMP_LOG_DEBUG 7 +\& #define OSSL_CMP_LOG_TRACE 8 +\& +\& typedef int (*OSSL_CMP_log_cb_t)(const char *component, +\& const char *file, int line, +\& OSSL_CMP_severity level, const char *msg); +\& int OSSL_CMP_print_to_bio(BIO *bio, const char *component, const char *file, +\& int line, OSSL_CMP_severity level, const char *msg); +\& void OSSL_CMP_print_errors_cb(OSSL_CMP_log_cb_t log_fn); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The logging and error reporting facility described here contains +convenience functions for CMP-specific logging, +including a string prefix mirroring the severity levels of syslog.h, +and enhancements of the error queue mechanism needed for large diagnostic +messages produced by the \s-1CMP\s0 library in case of certificate validation failures. +.PP +When an interesting activity is performed or an error occurs, some detail +should be provided for user information, debugging, and auditing purposes. +A \s-1CMP\s0 application can obtain this information by providing a callback function +with the following type: +.PP +.Vb 3 +\& typedef int (*OSSL_CMP_log_cb_t)(const char *component, +\& const char *file, int line, +\& OSSL_CMP_severity level, const char *msg); +.Ve +.PP +The parameters may provide +some component info (which may be a module name and/or function name) or \s-1NULL,\s0 +a file pathname or \s-1NULL,\s0 +a line number or 0 indicating the source code location, +a severity level, and +a message string describing the nature of the event, terminated by '\en'. +.PP +Even when an activity is successful some warnings may be useful and some degree +of auditing may be required. Therefore, the logging facility supports a severity +level and the callback function has a \fIlevel\fR parameter indicating such a +level, such that error, warning, info, debug, etc. can be treated differently. +The callback is activated only when the severity level is sufficient according +to the current level of verbosity, which by default is \fB\s-1OSSL_CMP_LOG_INFO\s0\fR. +.PP +The callback function may itself do non-trivial tasks like writing to +a log file or remote stream, which in turn may fail. +Therefore, the function should return 1 on success and 0 on failure. +.PP +\&\fBOSSL_CMP_log_open()\fR initializes the CMP-specific logging facility to output +everything to \s-1STDOUT.\s0 It fails if the integrated tracing is disabled or \s-1STDIO\s0 +is not available. It may be called during application startup. +Alternatively, \fBOSSL_CMP_CTX_set_log_cb\fR\|(3) can be used for more flexibility. +As long as neither if the two is used any logging output is ignored. +.PP +\&\fBOSSL_CMP_log_close()\fR may be called when all activities are finished to flush +any pending CMP-specific log output and deallocate related resources. +It may be called multiple times. It does get called at OpenSSL shutdown. +.PP +\&\fBOSSL_CMP_print_to_bio()\fR prints the given component info, filename, line number, +severity level, and log message or error queue message to the given \fIbio\fR. +\&\fIcomponent\fR usually is a function or module name. +If it is \s-1NULL,\s0 empty, or \*(L"(unknown function)\*(R" then \*(L"\s-1CMP\*(R"\s0 is used as fallback. +.PP +\&\fBOSSL_CMP_print_errors_cb()\fR outputs any entries in the OpenSSL error queue. +It is similar to \fBERR_print_errors_cb\fR\|(3) but uses the \s-1CMP\s0 log callback +function \fIlog_fn\fR for uniformity with \s-1CMP\s0 logging if not \s-1NULL.\s0 Otherwise it +prints to \s-1STDERR\s0 using \fBOSSL_CMP_print_to_bio\fR\|(3) (unless \fB\s-1OPENSSL_NO_STDIO\s0\fR +is defined). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_CMP_log_close()\fR and \fBOSSL_CMP_print_errors_cb()\fR do not return anything. +.PP +All other functions return 1 on success, 0 on error. +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_CMP_validate_msg.3 b/secure/lib/libcrypto/man/man3/OSSL_CMP_validate_msg.3 new file mode 100644 index 000000000000..8baced1731e6 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_CMP_validate_msg.3 @@ -0,0 +1,212 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CMP_VALIDATE_MSG 3ossl" +.TH OSSL_CMP_VALIDATE_MSG 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CMP_validate_msg, +OSSL_CMP_validate_cert_path +\&\- functions for verifying CMP message protection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 4 +\& #include <openssl/cmp.h> +\& int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); +\& int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx, +\& X509_STORE *trusted_store, X509 *cert); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This is the \s-1API\s0 for validating the protection of \s-1CMP\s0 messages, +which includes validating \s-1CMP\s0 message sender certificates and their paths +while optionally checking the revocation status of the certificates(s). +.PP +\&\fBOSSL_CMP_validate_msg()\fR validates the protection of the given \fImsg\fR, +which must be signature-based or using password-based \s-1MAC\s0 (\s-1PBM\s0). +In the former case a suitable trust anchor must be given in the \s-1CMP\s0 context +\&\fIctx\fR, and in the latter case the matching secret must have been set there +using \fBOSSL_CMP_CTX_set1_secretValue\fR\|(3). +.PP +In case of signature algorithm, the certificate to use for the signature check +is preferably the one provided by a call to \fBOSSL_CMP_CTX_set1_srvCert\fR\|(3). +If no such sender cert has been pinned then candidate sender certificates are +taken from the list of certificates received in the \fImsg\fR extraCerts, then any +certificates provided before via \fBOSSL_CMP_CTX_set1_untrusted\fR\|(3), and +then all trusted certificates provided via \fBOSSL_CMP_CTX_set0_trustedStore\fR\|(3), +where a candidate is acceptable only if has not expired, its subject \s-1DN\s0 matches +the \fImsg\fR sender \s-1DN\s0 (as far as present), and its subject key identifier +is present and matches the senderKID (as far as the latter present). +Each acceptable cert is tried in the given order to see if the message +signature check succeeds and the cert and its path can be verified +using any trust store set via \fBOSSL_CMP_CTX_set0_trustedStore\fR\|(3). +.PP +If the option \s-1OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR\s0 was set by calling +\&\fBOSSL_CMP_CTX_set_option\fR\|(3), for an Initialization Response (\s-1IP\s0) message +any self-issued certificate from the \fImsg\fR extraCerts field may also be used +as trust anchor for the path verification of an acceptable cert if it can be +used also to validate the issued certificate returned in the \s-1IP\s0 message. This is +according to \s-1TS 33.310\s0 [Network Domain Security (\s-1NDS\s0); Authentication Framework +(\s-1AF\s0)] document specified by the The 3rd Generation Partnership Project (3GPP). +.PP +Any cert that has been found as described above is cached and tried first when +validating the signatures of subsequent messages in the same transaction. +.PP +\&\fBOSSL_CMP_validate_cert_path()\fR attempts to validate the given certificate and its +path using the given store of trusted certs (possibly including CRLs and a cert +verification callback) and non-trusted intermediate certs from the \fIctx\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1CMP\s0 is defined in \s-1RFC 4210\s0 (and \s-1CRMF\s0 in \s-1RFC 4211\s0). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_CMP_validate_msg()\fR and \fBOSSL_CMP_validate_cert_path()\fR +return 1 on success, 0 on error or validation failed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOSSL_CMP_CTX_new\fR\|(3), \fBOSSL_CMP_exec_certreq\fR\|(3), +\&\fBOSSL_CMP_CTX_set1_secretValue\fR\|(3), \fBOSSL_CMP_CTX_set1_srvCert\fR\|(3), +\&\fBOSSL_CMP_CTX_set1_untrusted\fR\|(3), \fBOSSL_CMP_CTX_set0_trustedStore\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_CORE_MAKE_FUNC.3 b/secure/lib/libcrypto/man/man3/OSSL_CORE_MAKE_FUNC.3 new file mode 100644 index 000000000000..6078f93f89dd --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_CORE_MAKE_FUNC.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CORE_MAKE_FUNC 3ossl" +.TH OSSL_CORE_MAKE_FUNC 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CORE_MAKE_FUNC, +SSL_OP_BIT, +EXT_UTF8STRING +\&\- OpenSSL reserved symbols +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/core_dispatch.h> +\& +\& #define OSSL_CORE_MAKE_FUNC(type,name,args) +\& #define SSL_OP_BIT(n) +\& #define EXT_UTF8STRING(nid) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +There are certain macros that may appear in OpenSSL header files that are +reserved for internal use. They should not be used by applications or assumed +to exist. +.PP +All the macros listed in the synopsis above are reserved. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Not applicable. +.SH "HISTORY" +.IX Header "HISTORY" +The macros described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_VERSION_NUMBER.3 b/secure/lib/libcrypto/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 index 6754ed303ec8..3bb5ee3a0389 100644 --- a/secure/lib/libcrypto/man/man3/OPENSSL_VERSION_NUMBER.3 +++ b/secure/lib/libcrypto/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,111 +130,96 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "OPENSSL_VERSION_NUMBER 3" -.TH OPENSSL_VERSION_NUMBER 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "OSSL_CRMF_MSG_GET0_TMPL 3ossl" +.TH OSSL_CRMF_MSG_GET0_TMPL 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT, OpenSSL_version, OpenSSL_version_num \- get OpenSSL version number +OSSL_CRMF_MSG_get0_tmpl, +OSSL_CRMF_CERTTEMPLATE_get0_serialNumber, +OSSL_CRMF_CERTTEMPLATE_get0_subject, +OSSL_CRMF_CERTTEMPLATE_get0_issuer, +OSSL_CRMF_CERTTEMPLATE_get0_extensions, +OSSL_CRMF_CERTID_get0_serialNumber, +OSSL_CRMF_CERTID_get0_issuer, +OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert, +OSSL_CRMF_MSG_get_certReqId +\&\- functions reading from CRMF CertReqMsg structures .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 3 -\& #include <openssl/opensslv.h> -\& #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL -\& #define OPENSSL_VERSION_TEXT "OpenSSL x.y.z xx XXX xxxx" +.Vb 1 +\& #include <openssl/crmf.h> +\& +\& OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm); +\& const ASN1_INTEGER +\& *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl); +\& const X509_NAME +\& *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl); +\& const X509_NAME +\& *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl); +\& X509_EXTENSIONS +\& *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl); +\& +\& const ASN1_INTEGER +\& *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid); +\& const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid); \& -\& #include <openssl/crypto.h> +\& X509 +\& *OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE *ecert, +\& OSSL_LIB_CTX *libctx, const char *propq, +\& EVP_PKEY *pkey); \& -\& unsigned long OpenSSL_version_num(); -\& const char *OpenSSL_version(int t); +\& int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG *crm); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\s-1OPENSSL_VERSION_NUMBER\s0 is a numeric release version identifier: +\&\fBOSSL_CRMF_MSG_get0_tmpl()\fR retrieves the certificate template of \fIcrm\fR. .PP -.Vb 1 -\& MNNFFPPS: major minor fix patch status -.Ve +\&\fBOSSL_CRMF_CERTTEMPLATE_get0_serialNumber()\fR retrieves the serialNumber of the +given certificate template \fItmpl\fR. .PP -The status nibble has one of the values 0 for development, 1 to e for betas -1 to 14, and f for release. +\&\fBOSSL_CRMF_CERTTEMPLATE_get0_subject()\fR retrieves the subject name of the +given certificate template \fItmpl\fR. .PP -for example -.PP -.Vb 3 -\& 0x000906000 == 0.9.6 dev -\& 0x000906023 == 0.9.6b beta 3 -\& 0x00090605f == 0.9.6e release -.Ve -.PP -Versions prior to 0.9.3 have identifiers < 0x0930. -Versions between 0.9.3 and 0.9.5 had a version identifier with this -interpretation: -.PP -.Vb 1 -\& MMNNFFRBB major minor fix final beta/patch -.Ve -.PP -for example -.PP -.Vb 2 -\& 0x000904100 == 0.9.4 release -\& 0x000905000 == 0.9.5 dev -.Ve +\&\fBOSSL_CRMF_CERTTEMPLATE_get0_issuer()\fR retrieves the issuer name of the +given certificate template \fItmpl\fR. .PP -Version 0.9.5a had an interim interpretation that is like the current one, -except the patch level got the highest bit set, to keep continuity. The -number was therefore 0x0090581f. +\&\fBOSSL_CRMF_CERTTEMPLATE_get0_extensions()\fR retrieves the X.509 extensions +of the given certificate template \fItmpl\fR, or \s-1NULL\s0 if not present. .PP -\&\s-1OPENSSL_VERSION_TEXT\s0 is the text variant of the version number and the -release date. For example, -\&\*(L"OpenSSL 1.0.1a 15 Oct 2015\*(R". +OSSL_CRMF_CERTID_get0_serialNumber retrieves the serialNumber +of the given CertId \fIcid\fR. .PP -\&\fBOpenSSL_version_num()\fR returns the version number. +OSSL_CRMF_CERTID_get0_issuer retrieves the issuer name +of the given CertId \fIcid\fR, which must be of \s-1ASN.1\s0 type \s-1GEN_DIRNAME.\s0 .PP -\&\fBOpenSSL_version()\fR returns different strings depending on \fBt\fR: -.IP "\s-1OPENSSL_VERSION\s0" 4 -.IX Item "OPENSSL_VERSION" -The text variant of the version number and the release date. For example, -\&\*(L"OpenSSL 1.0.1a 15 Oct 2015\*(R". -.IP "\s-1OPENSSL_CFLAGS\s0" 4 -.IX Item "OPENSSL_CFLAGS" -The compiler flags set for the compilation process in the form -\&\*(L"compiler: ...\*(R" if available or \*(L"compiler: information not available\*(R" -otherwise. -.IP "\s-1OPENSSL_BUILT_ON\s0" 4 -.IX Item "OPENSSL_BUILT_ON" -The date of the build process in the form \*(L"built on: ...\*(R" if available -or \*(L"built on: date not available\*(R" otherwise. -.IP "\s-1OPENSSL_PLATFORM\s0" 4 -.IX Item "OPENSSL_PLATFORM" -The \*(L"Configure\*(R" target of the library build in the form \*(L"platform: ...\*(R" -if available or \*(L"platform: information not available\*(R" otherwise. -.IP "\s-1OPENSSL_DIR\s0" 4 -.IX Item "OPENSSL_DIR" -The \*(L"\s-1OPENSSLDIR\*(R"\s0 setting of the library build in the form \*(L"\s-1OPENSSLDIR: \*(R"..."\*(L"\s0 -if available or \*(R"\s-1OPENSSLDIR: N/A"\s0 otherwise. -.IP "\s-1OPENSSL_ENGINES_DIR\s0" 4 -.IX Item "OPENSSL_ENGINES_DIR" -The \*(L"\s-1ENGINESDIR\*(R"\s0 setting of the library build in the form \*(L"\s-1ENGINESDIR: \*(R"..."\*(L"\s0 -if available or \*(R"\s-1ENGINESDIR: N/A"\s0 otherwise. +\&\fBOSSL_CRMF_ENCRYPTEDVALUE_get1_encCert()\fR decrypts the certificate in the given +encryptedValue \fIecert\fR, using the private key \fIpkey\fR, library context +\&\fIlibctx\fR and property query string \fIpropq\fR (see \s-1\fBOSSL_LIB_CTX\s0\fR\|(3)). +This is needed for the indirect \s-1POPO\s0 method as in \s-1RFC 4210\s0 section 5.2.8.2. +The function returns the decrypted certificate as a copy, leaving its ownership +with the caller, who is responsible for freeing it. .PP -For an unknown \fBt\fR, the text \*(L"not available\*(R" is returned. +\&\fBOSSL_CRMF_MSG_get_certReqId()\fR retrieves the certReqId of \fIcrm\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBOpenSSL_version_num()\fR returns the version number. +\&\fBOSSL_CRMF_MSG_get_certReqId()\fR returns the certificate request \s-1ID\s0 as a +nonnegative integer or \-1 on error. .PP -\&\fBOpenSSL_version()\fR returns requested version strings. +All other functions return a pointer with the intended result or \s-1NULL\s0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBcrypto\fR\|(7) +\&\s-1RFC 4211\s0 +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CRMF\s0 support was added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_CRMF_MSG_set0_validity.3 b/secure/lib/libcrypto/man/man3/OSSL_CRMF_MSG_set0_validity.3 new file mode 100644 index 000000000000..4a7daa1a7684 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_CRMF_MSG_set0_validity.3 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CRMF_MSG_SET0_VALIDITY 3ossl" +.TH OSSL_CRMF_MSG_SET0_VALIDITY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CRMF_MSG_set0_validity, +OSSL_CRMF_MSG_set_certReqId, +OSSL_CRMF_CERTTEMPLATE_fill, +OSSL_CRMF_MSG_set0_extensions, +OSSL_CRMF_MSG_push0_extension, +OSSL_CRMF_MSG_create_popo, +OSSL_CRMF_MSGS_verify_popo +\&\- functions populating and verifying CRMF CertReqMsg structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/crmf.h> +\& +\& int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm, +\& ASN1_TIME *notBefore, ASN1_TIME *notAfter); +\& +\& int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid); +\& +\& int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl, +\& EVP_PKEY *pubkey, +\& const X509_NAME *subject, +\& const X509_NAME *issuer, +\& const ASN1_INTEGER *serial); +\& +\& int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm, X509_EXTENSIONS *exts); +\& +\& int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm, X509_EXTENSION *ext); +\& +\& int OSSL_CRMF_MSG_create_popo(int meth, OSSL_CRMF_MSG *crm, +\& EVP_PKEY *pkey, const EVP_MD *digest, +\& OSSL_LIB_CTX *libctx, const char *propq); +\& +\& int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, +\& int rid, int acceptRAVerified, +\& OSSL_LIB_CTX *libctx, const char *propq); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOSSL_CRMF_MSG_set0_validity()\fR sets the \fInotBefore\fR and \fInotAfter\fR fields +as validity constraints in the certTemplate of \fIcrm\fR. +Any of the \fInotBefore\fR and \fInotAfter\fR parameters may be \s-1NULL,\s0 +which means no constraint for the respective field. +On success ownership of \fInotBefore\fR and \fInotAfter\fR is transferred to \fIcrm\fR. +.PP +\&\fBOSSL_CRMF_MSG_set_certReqId()\fR sets \fIrid\fR as the certReqId of \fIcrm\fR. +.PP +\&\fBOSSL_CRMF_CERTTEMPLATE_fill()\fR sets those fields of the certTemplate \fItmpl\fR +for which non-NULL values are provided: \fIpubkey\fR, \fIsubject\fR, \fIissuer\fR, +and/or \fIserial\fR. +X.509 extensions may be set using \fBOSSL_CRMF_MSG_set0_extensions()\fR. +On success the reference counter of the \fIpubkey\fR (if given) is incremented, +while the \fIsubject\fR, \fIissuer\fR, and \fIserial\fR structures (if given) are copied. +.PP +\&\fBOSSL_CRMF_MSG_set0_extensions()\fR sets \fIexts\fR as the extensions in the +certTemplate of \fIcrm\fR. Frees any pre-existing ones and consumes \fIexts\fR. +.PP +\&\fBOSSL_CRMF_MSG_push0_extension()\fR pushes the X509 extension \fIext\fR to the +extensions in the certTemplate of \fIcrm\fR. Consumes \fIext\fR. +.PP +\&\fBOSSL_CRMF_MSG_create_popo()\fR creates and sets the Proof-of-Possession (\s-1POPO\s0) +according to the method \fImeth\fR in \fIcrm\fR. +The library context \fIlibctx\fR and property query string \fIpropq\fR, +may be \s-1NULL\s0 to select the defaults. +In case the method is \s-1OSSL_CRMF_POPO_SIGNATURE\s0 the \s-1POPO\s0 is calculated +using the private key \fIpkey\fR and the digest method \fIdigest\fR, +where the \fIdigest\fR argument is ignored if \fIpkey\fR is of a type (such as +Ed25519 and Ed448) that is implicitly associated with a digest algorithm. +.PP +\&\fImeth\fR can be one of the following: +.IP "\(bu" 8 +\&\s-1OSSL_CRMF_POPO_NONE\s0 \- \s-1RFC 4211,\s0 section 4, \s-1POP\s0 field omitted. +\&\s-1CA/RA\s0 uses out-of-band method to verify \s-1POP.\s0 Note that servers may fail in this +case, resulting for instance in \s-1HTTP\s0 error code 500 (Internal error). +.IP "\(bu" 8 +\&\s-1OSSL_CRMF_POPO_RAVERIFIED\s0 \- \s-1RFC 4211,\s0 section 4, explicit indication +that the \s-1RA\s0 has already verified the \s-1POP.\s0 +.IP "\(bu" 8 +\&\s-1OSSL_CRMF_POPO_SIGNATURE\s0 \- \s-1RFC 4211,\s0 section 4.1, only case 3 supported +so far. +.IP "\(bu" 8 +\&\s-1OSSL_CRMF_POPO_KEYENC\s0 \- \s-1RFC 4211,\s0 section 4.2, only indirect method +(subsequentMessage/enccert) supported, +challenge-response exchange (challengeResp) not yet supported. +.IP "\(bu" 8 +\&\s-1OSSL_CRMF_POPO_KEYAGREE\s0 \- \s-1RFC 4211,\s0 section 4.3, not yet supported. +.PP +OSSL_CRMF_MSGS_verify_popo verifies the Proof-of-Possession of the request with +the given \fIrid\fR in the list of \fIreqs\fR. Optionally accepts RAVerified. It can +make use of the library context \fIlibctx\fR and property query string \fIpropq\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All functions return 1 on success, 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1RFC 4211\s0 +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CRMF\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 b/secure/lib/libcrypto/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 new file mode 100644 index 000000000000..d97de742711a --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 @@ -0,0 +1,259 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CRMF_MSG_SET1_REGCTRL_REGTOKEN 3ossl" +.TH OSSL_CRMF_MSG_SET1_REGCTRL_REGTOKEN 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CRMF_MSG_get0_regCtrl_regToken, +OSSL_CRMF_MSG_set1_regCtrl_regToken, +OSSL_CRMF_MSG_get0_regCtrl_authenticator, +OSSL_CRMF_MSG_set1_regCtrl_authenticator, +OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo, +OSSL_CRMF_MSG_set0_SinglePubInfo, +OSSL_CRMF_MSG_set_PKIPublicationInfo_action, +OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo, +OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo, +OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey, +OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey, +OSSL_CRMF_MSG_get0_regCtrl_oldCertID, +OSSL_CRMF_MSG_set1_regCtrl_oldCertID, +OSSL_CRMF_CERTID_gen +\&\- functions getting or setting CRMF Registration Controls +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/crmf.h> +\& +\& ASN1_UTF8STRING +\& *OSSL_CRMF_MSG_get0_regCtrl_regToken(const OSSL_CRMF_MSG *msg); +\& int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg, +\& const ASN1_UTF8STRING *tok); +\& ASN1_UTF8STRING +\& *OSSL_CRMF_MSG_get0_regCtrl_authenticator(const OSSL_CRMF_MSG *msg); +\& int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg, +\& const ASN1_UTF8STRING *auth); +\& int OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo( +\& OSSL_CRMF_PKIPUBLICATIONINFO *pi, +\& OSSL_CRMF_SINGLEPUBINFO *spi); +\& int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi, +\& int method, GENERAL_NAME *nm); +\& int OSSL_CRMF_MSG_set_PKIPublicationInfo_action( +\& OSSL_CRMF_PKIPUBLICATIONINFO *pi, int action); +\& OSSL_CRMF_PKIPUBLICATIONINFO +\& *OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo(const OSSL_CRMF_MSG *msg); +\& int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg, +\& const OSSL_CRMF_PKIPUBLICATIONINFO *pi); +\& X509_PUBKEY +\& *OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey(const OSSL_CRMF_MSG *msg); +\& int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg, +\& const X509_PUBKEY *pubkey); +\& OSSL_CRMF_CERTID +\& *OSSL_CRMF_MSG_get0_regCtrl_oldCertID(const OSSL_CRMF_MSG *msg); +\& int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg, +\& const OSSL_CRMF_CERTID *cid); +\& OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer, +\& const ASN1_INTEGER *serial); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Each of the \fBOSSL_CRMF_MSG_get0_regCtrl_X()\fR functions +returns the respective control X in the given \fImsg\fR, if present. +.PP +\&\fBOSSL_CRMF_MSG_set1_regCtrl_regToken()\fR sets the regToken control in the given +\&\fImsg\fR copying the given \fItok\fR as value. See \s-1RFC 4211,\s0 section 6.1. +.PP +\&\fBOSSL_CRMF_MSG_set1_regCtrl_authenticator()\fR sets the authenticator control in +the given \fImsg\fR copying the given \fIauth\fR as value. See \s-1RFC 4211,\s0 section 6.2. +.PP +\&\fBOSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo()\fR pushes the given \fIspi\fR +to \fIsi\fR. Consumes the \fIspi\fR pointer. +.PP +\&\fBOSSL_CRMF_MSG_set0_SinglePubInfo()\fR sets in the given SinglePubInfo \fIspi\fR +the \fImethod\fR and publication location, in the form of a GeneralName, \fInm\fR. +The publication location is optional, and therefore \fInm\fR may be \s-1NULL.\s0 +The function consumes the \fInm\fR pointer if present. +Available methods are: + # define \s-1OSSL_CRMF_PUB_METHOD_DONTCARE 0\s0 + # define \s-1OSSL_CRMF_PUB_METHOD_X500\s0 1 + # define \s-1OSSL_CRMF_PUB_METHOD_WEB\s0 2 + # define \s-1OSSL_CRMF_PUB_METHOD_LDAP\s0 3 +.PP +\&\fBOSSL_CRMF_MSG_set_PKIPublicationInfo_action()\fR sets the action in the given \fIpi\fR +using the given \fIaction\fR as value. See \s-1RFC 4211,\s0 section 6.3. +Available actions are: + # define \s-1OSSL_CRMF_PUB_ACTION_DONTPUBLISH\s0 0 + # define \s-1OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH 1\s0 +.PP +\&\fBOSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo()\fR sets the pkiPublicationInfo +control in the given \fImsg\fR copying the given \fItok\fR as value. See \s-1RFC 4211,\s0 +section 6.3. +.PP +\&\fBOSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey()\fR sets the protocolEncrKey control in +the given \fImsg\fR copying the given \fIpubkey\fR as value. See \s-1RFC 4211\s0 section 6.6. +.PP +\&\fBOSSL_CRMF_MSG_set1_regCtrl_oldCertID()\fR sets the \fBoldCertID\fR regToken control in +the given \fImsg\fR copying the given \fIcid\fR as value. See \s-1RFC 4211,\s0 section 6.5. +.PP +OSSL_CRMF_CERTID_gen produces an OSSL_CRMF_CERTID_gen structure copying the +given \fIissuer\fR name and \fIserial\fR number. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All OSSL_CRMF_MSG_get0_*() functions +return the respective pointer value or \s-1NULL\s0 if not present and on error. +.PP +All OSSL_CRMF_MSG_set1_*() functions return 1 on success, 0 on error. +.PP +\&\fBOSSL_CRMF_CERTID_gen()\fR returns a pointer to the resulting structure +or \s-1NULL\s0 on error. +.SH "NOTES" +.IX Header "NOTES" +A function \fBOSSL_CRMF_MSG_set1_regCtrl_pkiArchiveOptions()\fR for setting an +Archive Options Control is not yet implemented due to missing features to +create the needed \s-1OSSL_CRMF_PKIARCHIVEOPTINS\s0 content. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1RFC 4211\s0 +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CRMF\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2022 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 b/secure/lib/libcrypto/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 new file mode 100644 index 000000000000..43b3a291ab39 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CRMF_MSG_SET1_REGINFO_CERTREQ 3ossl" +.TH OSSL_CRMF_MSG_SET1_REGINFO_CERTREQ 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CRMF_MSG_get0_regInfo_utf8Pairs, +OSSL_CRMF_MSG_set1_regInfo_utf8Pairs, +OSSL_CRMF_MSG_get0_regInfo_certReq, +OSSL_CRMF_MSG_set1_regInfo_certReq +\&\- functions getting or setting CRMF Registration Info +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/crmf.h> +\& +\& ASN1_UTF8STRING +\& *OSSL_CRMF_MSG_get0_regInfo_utf8Pairs(const OSSL_CRMF_MSG *msg); +\& int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG *msg, +\& const ASN1_UTF8STRING *utf8pairs); +\& OSSL_CRMF_CERTREQUEST +\& *OSSL_CRMF_MSG_get0_regInfo_certReq(const OSSL_CRMF_MSG *msg); +\& int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg, +\& const OSSL_CRMF_CERTREQUEST *cr); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOSSL_CRMF_MSG_get0_regInfo_utf8Pairs()\fR returns the first utf8Pairs regInfo +in the given \fImsg\fR, if present. +.PP +\&\fBOSSL_CRMF_MSG_set1_regInfo_utf8Pairs()\fR adds a copy of the given \fIutf8pairs\fR +value as utf8Pairs regInfo to the given \fImsg\fR. See \s-1RFC 4211\s0 section 7.1. +.PP +\&\fBOSSL_CRMF_MSG_get0_regInfo_certReq()\fR returns the first certReq regInfo +in the given \fImsg\fR, if present. +.PP +\&\fBOSSL_CRMF_MSG_set1_regInfo_certReq()\fR adds a copy of the given \fIcr\fR value +as certReq regInfo to the given \fImsg\fR. See \s-1RFC 4211\s0 section 7.2. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All get0_*() functions return the respective pointer value, \s-1NULL\s0 if not present. +.PP +All set1_*() functions return 1 on success, 0 on error. +.SH "NOTES" +.IX Header "NOTES" +Calling the set1_*() functions multiple times +adds multiple instances of the respective +control to the regInfo structure of the given \fImsg\fR. While \s-1RFC 4211\s0 expects +multiple utf8Pairs in one regInfo structure, it does not allow multiple certReq. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1RFC 4211\s0 +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CRMF\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_CRMF_pbmp_new.3 b/secure/lib/libcrypto/man/man3/OSSL_CRMF_pbmp_new.3 new file mode 100644 index 000000000000..276385bef644 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_CRMF_pbmp_new.3 @@ -0,0 +1,221 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CRMF_PBMP_NEW 3ossl" +.TH OSSL_CRMF_PBMP_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CRMF_pbm_new, +OSSL_CRMF_pbmp_new +\&\- functions for producing Password\-Based MAC (PBM) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/crmf.h> +\& +\& int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq, +\& const OSSL_CRMF_PBMPARAMETER *pbmp, +\& const unsigned char *msg, size_t msglen, +\& const unsigned char *sec, size_t seclen, +\& unsigned char **mac, size_t *maclen); +\& +\& OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(OSSL_LIB_CTX *libctx, size_t saltlen, +\& int owfnid, size_t itercnt, +\& int macnid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOSSL_CRMF_pbm_new()\fR generates a \s-1PBM\s0 (Password-Based \s-1MAC\s0) based on given \s-1PBM\s0 +parameters \fIpbmp\fR, message \fImsg\fR, and secret \fIsec\fR, along with the respective +lengths \fImsglen\fR and \fIseclen\fR. +The optional library context \fIlibctx\fR and \fIpropq\fR parameters may be used +to influence the selection of the \s-1MAC\s0 algorithm referenced in the \fIpbmp\fR; +see \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further information. +On success writes the address of the newly +allocated \s-1MAC\s0 via the \fImac\fR reference parameter and writes the length via the +\&\fImaclen\fR reference parameter unless it its \s-1NULL.\s0 +.PP +\&\fBOSSL_CRMF_pbmp_new()\fR initializes and returns a new \fBPBMParameter\fR structure +with a new random salt of given length \fIsaltlen\fR, +\&\s-1OWF\s0 (one-way function) \s-1NID\s0 \fIowfnid\fR, \s-1OWF\s0 iteration count \fIitercnt\fR, +and \s-1MAC NID\s0 \fImacnid\fR. +The library context \fIlibctx\fR parameter may be used to select the provider +for the random number generation (\s-1DRBG\s0) and may be \s-1NULL\s0 for the default. +.SH "NOTES" +.IX Header "NOTES" +The algorithms for the \s-1OWF\s0 (one-way function) and for the \s-1MAC\s0 (message +authentication code) may be any with a \s-1NID\s0 defined in \fI<openssl/objects.h>\fR. +As specified by \s-1RFC 4210,\s0 these should include NID_hmac_sha1. +.PP +\&\s-1RFC 4210\s0 recommends that the salt \s-1SHOULD\s0 be at least 8 bytes (64 bits) long, +where 16 bytes is common. +.PP +The iteration count must be at least 100, as stipulated by \s-1RFC 4211,\s0 and is +limited to at most 100000 to avoid DoS through manipulated or otherwise +malformed input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_CRMF_pbm_new()\fR returns 1 on success, 0 on error. +.PP +\&\fBOSSL_CRMF_pbmp_new()\fR returns a new and initialized \s-1OSSL_CRMF_PBMPARAMETER\s0 +structure, or \s-1NULL\s0 on error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +.Vb 5 +\& OSSL_CRMF_PBMPARAMETER *pbm = NULL; +\& unsigned char *msg = "Hello"; +\& unsigned char *sec = "SeCrEt"; +\& unsigned char *mac = NULL; +\& size_t maclen; +\& +\& if ((pbm = OSSL_CRMF_pbmp_new(16, NID_sha256, 500, NID_hmac_sha1) == NULL)) +\& goto err; +\& if (!OSSL_CRMF_pbm_new(pbm, msg, 5, sec, 6, &mac, &maclen)) +\& goto err; +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1RFC 4211\s0 section 4.4 +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CRMF\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_DECODER.3 b/secure/lib/libcrypto/man/man3/OSSL_DECODER.3 new file mode 100644 index 000000000000..74d55ab4b3e0 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_DECODER.3 @@ -0,0 +1,319 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_DECODER 3ossl" +.TH OSSL_DECODER 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_DECODER, +OSSL_DECODER_fetch, +OSSL_DECODER_up_ref, +OSSL_DECODER_free, +OSSL_DECODER_get0_provider, +OSSL_DECODER_get0_properties, +OSSL_DECODER_is_a, +OSSL_DECODER_get0_name, +OSSL_DECODER_get0_description, +OSSL_DECODER_do_all_provided, +OSSL_DECODER_names_do_all, +OSSL_DECODER_gettable_params, +OSSL_DECODER_get_params +\&\- Decoder method routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/decoder.h> +\& +\& typedef struct ossl_decoder_st OSSL_DECODER; +\& +\& OSSL_DECODER *OSSL_DECODER_fetch(OSSL_LIB_CTX *ctx, const char *name, +\& const char *properties); +\& int OSSL_DECODER_up_ref(OSSL_DECODER *decoder); +\& void OSSL_DECODER_free(OSSL_DECODER *decoder); +\& const OSSL_PROVIDER *OSSL_DECODER_get0_provider(const OSSL_DECODER *decoder); +\& const char *OSSL_DECODER_get0_properties(const OSSL_DECODER *decoder); +\& int OSSL_DECODER_is_a(const OSSL_DECODER *decoder, const char *name); +\& const char *OSSL_DECODER_get0_name(const OSSL_DECODER *decoder); +\& const char *OSSL_DECODER_get0_description(const OSSL_DECODER *decoder); +\& void OSSL_DECODER_do_all_provided(OSSL_LIB_CTX *libctx, +\& void (*fn)(OSSL_DECODER *decoder, void *arg), +\& void *arg); +\& int OSSL_DECODER_names_do_all(const OSSL_DECODER *decoder, +\& void (*fn)(const char *name, void *data), +\& void *data); +\& const OSSL_PARAM *OSSL_DECODER_gettable_params(OSSL_DECODER *decoder); +\& int OSSL_DECODER_get_params(OSSL_DECODER_CTX *ctx, const OSSL_PARAM params[]); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1OSSL_DECODER\s0\fR is a method for decoders, which know how to +decode encoded data into an object of some type that the rest +of OpenSSL knows how to handle. +.PP +\&\fBOSSL_DECODER_fetch()\fR looks for an algorithm within the provider that +has been loaded into the \fB\s-1OSSL_LIB_CTX\s0\fR given by \fIctx\fR, having the +name given by \fIname\fR and the properties given by \fIproperties\fR. +The \fIname\fR determines what type of object the fetched decoder +method is expected to be able to decode, and the properties are +used to determine the expected output type. +For known properties and the values they may have, please have a look +in \*(L"Names and properties\*(R" in \fBprovider\-encoder\fR\|(7). +.PP +\&\fBOSSL_DECODER_up_ref()\fR increments the reference count for the given +\&\fIdecoder\fR. +.PP +\&\fBOSSL_DECODER_free()\fR decrements the reference count for the given +\&\fIdecoder\fR, and when the count reaches zero, frees it. +.PP +\&\fBOSSL_DECODER_get0_provider()\fR returns the provider of the given +\&\fIdecoder\fR. +.PP +\&\fBOSSL_DECODER_get0_properties()\fR returns the property definition associated +with the given \fIdecoder\fR. +.PP +\&\fBOSSL_DECODER_is_a()\fR checks if \fIdecoder\fR is an implementation +of an algorithm that's identifiable with \fIname\fR. +.PP +\&\fBOSSL_DECODER_get0_name()\fR returns the name used to fetch the given \fIdecoder\fR. +.PP +\&\fBOSSL_DECODER_get0_description()\fR returns a description of the \fIdecoder\fR, meant +for display and human consumption. The description is at the discretion +of the \fIdecoder\fR implementation. +.PP +\&\fBOSSL_DECODER_names_do_all()\fR traverses all names for the given +\&\fIdecoder\fR, and calls \fIfn\fR with each name and \fIdata\fR as arguments. +.PP +\&\fBOSSL_DECODER_do_all_provided()\fR traverses all decoder +implementations by all activated providers in the library context +\&\fIlibctx\fR, and for each of the implementations, calls \fIfn\fR with the +implementation method and \fIarg\fR as arguments. +.PP +\&\fBOSSL_DECODER_gettable_params()\fR returns an \s-1\fBOSSL_PARAM\s0\fR\|(3) +array of parameter descriptors. +.PP +\&\fBOSSL_DECODER_get_params()\fR attempts to get parameters specified +with an \s-1\fBOSSL_PARAM\s0\fR\|(3) array \fIparams\fR. Parameters that the +implementation doesn't recognise should be ignored. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_DECODER_fetch()\fR returns a pointer to an \s-1OSSL_DECODER\s0 object, +or \s-1NULL\s0 on error. +.PP +\&\fBOSSL_DECODER_up_ref()\fR returns 1 on success, or 0 on error. +.PP +\&\fBOSSL_DECODER_free()\fR doesn't return any value. +.PP +\&\fBOSSL_DECODER_get0_provider()\fR returns a pointer to a provider object, or +\&\s-1NULL\s0 on error. +.PP +\&\fBOSSL_DECODER_get0_properties()\fR returns a pointer to a property +definition string, or \s-1NULL\s0 on error. +.PP +\&\fBOSSL_DECODER_is_a()\fR returns 1 if \fIdecoder\fR was identifiable, +otherwise 0. +.PP +\&\fBOSSL_DECODER_get0_name()\fR returns the algorithm name from the provided +implementation for the given \fIdecoder\fR. Note that the \fIdecoder\fR may have +multiple synonyms associated with it. In this case the first name from the +algorithm definition is returned. Ownership of the returned string is retained +by the \fIdecoder\fR object and should not be freed by the caller. +.PP +\&\fBOSSL_DECODER_get0_description()\fR returns a pointer to a description, or \s-1NULL\s0 if +there isn't one. +.PP +\&\fBOSSL_DECODER_names_do_all()\fR returns 1 if the callback was called for all +names. A return value of 0 means that the callback was not called for any names. +.SH "NOTES" +.IX Header "NOTES" +\&\fBOSSL_DECODER_fetch()\fR may be called implicitly by other fetching +functions, using the same library context and properties. +Any other \s-1API\s0 that uses keys will typically do this. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To list all decoders in a provider to a bio_out: +.PP +.Vb 3 +\& static void collect_decoders(OSSL_DECODER *decoder, void *stack) +\& { +\& STACK_OF(OSSL_DECODER) *decoder_stack = stack; +\& +\& sk_OSSL_DECODER_push(decoder_stack, decoder); +\& OSSL_DECODER_up_ref(decoder); +\& } +\& +\& void print_name(const char *name, void *vdata) +\& { +\& BIO *bio = vdata; +\& +\& BIO_printf(bio, "%s ", name); +\& } +\& +\& +\& STACK_OF(OSSL_DECODER) *decoders; +\& int i; +\& +\& decoders = sk_OSSL_DECODER_new_null(); +\& +\& BIO_printf(bio_out, "DECODERs provided by %s:\en", provider); +\& OSSL_DECODER_do_all_provided(NULL, collect_decoders, +\& decoders); +\& +\& for (i = 0; i < sk_OSSL_DECODER_num(decoders); i++) { +\& OSSL_DECODER *decoder = sk_OSSL_DECODER_value(decoders, i); +\& +\& if (strcmp(OSSL_PROVIDER_get0_name(OSSL_DECODER_get0_provider(decoder)), +\& provider) != 0) +\& continue; +\& +\& if (OSSL_DECODER_names_do_all(decoder, print_name, bio_out)) +\& BIO_printf(bio_out, "\en"); +\& } +\& sk_OSSL_DECODER_pop_free(decoders, OSSL_DECODER_free); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBprovider\fR\|(7), \s-1\fBOSSL_DECODER_CTX\s0\fR\|(3), \fBOSSL_DECODER_from_bio\fR\|(3), +\&\fBOSSL_DECODER_CTX_new_for_pkey\fR\|(3), \s-1\fBOSSL_LIB_CTX\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_DECODER_CTX.3 b/secure/lib/libcrypto/man/man3/OSSL_DECODER_CTX.3 new file mode 100644 index 000000000000..ba3a05e6902c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_DECODER_CTX.3 @@ -0,0 +1,379 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_DECODER_CTX 3ossl" +.TH OSSL_DECODER_CTX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_DECODER_CTX, +OSSL_DECODER_CTX_new, +OSSL_DECODER_settable_ctx_params, +OSSL_DECODER_CTX_set_params, +OSSL_DECODER_CTX_free, +OSSL_DECODER_CTX_set_selection, +OSSL_DECODER_CTX_set_input_type, +OSSL_DECODER_CTX_set_input_structure, +OSSL_DECODER_CTX_add_decoder, +OSSL_DECODER_CTX_add_extra, +OSSL_DECODER_CTX_get_num_decoders, +OSSL_DECODER_INSTANCE, +OSSL_DECODER_CONSTRUCT, +OSSL_DECODER_CLEANUP, +OSSL_DECODER_CTX_set_construct, +OSSL_DECODER_CTX_set_construct_data, +OSSL_DECODER_CTX_set_cleanup, +OSSL_DECODER_CTX_get_construct, +OSSL_DECODER_CTX_get_construct_data, +OSSL_DECODER_CTX_get_cleanup, +OSSL_DECODER_export, +OSSL_DECODER_INSTANCE_get_decoder, +OSSL_DECODER_INSTANCE_get_decoder_ctx, +OSSL_DECODER_INSTANCE_get_input_type, +OSSL_DECODER_INSTANCE_get_input_structure +\&\- Decoder context routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/decoder.h> +\& +\& typedef struct ossl_decoder_ctx_st OSSL_DECODER_CTX; +\& +\& OSSL_DECODER_CTX *OSSL_DECODER_CTX_new(void); +\& const OSSL_PARAM *OSSL_DECODER_settable_ctx_params(OSSL_DECODER *decoder); +\& int OSSL_DECODER_CTX_set_params(OSSL_DECODER_CTX *ctx, +\& const OSSL_PARAM params[]); +\& void OSSL_DECODER_CTX_free(OSSL_DECODER_CTX *ctx); +\& +\& int OSSL_DECODER_CTX_set_selection(OSSL_DECODER_CTX *ctx, int selection); +\& int OSSL_DECODER_CTX_set_input_type(OSSL_DECODER_CTX *ctx, +\& const char *input_type); +\& int OSSL_DECODER_CTX_set_input_structure(OSSL_DECODER_CTX *ctx, +\& const char *input_structure); +\& int OSSL_DECODER_CTX_add_decoder(OSSL_DECODER_CTX *ctx, OSSL_DECODER *decoder); +\& int OSSL_DECODER_CTX_add_extra(OSSL_DECODER_CTX *ctx, +\& OSSL_LIB_CTX *libctx, +\& const char *propq); +\& int OSSL_DECODER_CTX_get_num_decoders(OSSL_DECODER_CTX *ctx); +\& +\& typedef struct ossl_decoder_instance_st OSSL_DECODER_INSTANCE; +\& OSSL_DECODER * +\& OSSL_DECODER_INSTANCE_get_decoder(OSSL_DECODER_INSTANCE *decoder_inst); +\& void * +\& OSSL_DECODER_INSTANCE_get_decoder_ctx(OSSL_DECODER_INSTANCE *decoder_inst); +\& const char * +\& OSSL_DECODER_INSTANCE_get_input_type(OSSL_DECODER_INSTANCE *decoder_inst); +\& OSSL_DECODER_INSTANCE_get_input_structure(OSSL_DECODER_INSTANCE *decoder_inst, +\& int *was_set); +\& +\& typedef int OSSL_DECODER_CONSTRUCT(OSSL_DECODER_INSTANCE *decoder_inst, +\& const OSSL_PARAM *object, +\& void *construct_data); +\& typedef void OSSL_DECODER_CLEANUP(void *construct_data); +\& +\& int OSSL_DECODER_CTX_set_construct(OSSL_DECODER_CTX *ctx, +\& OSSL_DECODER_CONSTRUCT *construct); +\& int OSSL_DECODER_CTX_set_construct_data(OSSL_DECODER_CTX *ctx, +\& void *construct_data); +\& int OSSL_DECODER_CTX_set_cleanup(OSSL_DECODER_CTX *ctx, +\& OSSL_DECODER_CLEANUP *cleanup); +\& OSSL_DECODER_CONSTRUCT *OSSL_DECODER_CTX_get_construct(OSSL_DECODER_CTX *ctx); +\& void *OSSL_DECODER_CTX_get_construct_data(OSSL_DECODER_CTX *ctx); +\& OSSL_DECODER_CLEANUP *OSSL_DECODER_CTX_get_cleanup(OSSL_DECODER_CTX *ctx); +\& +\& int OSSL_DECODER_export(OSSL_DECODER_INSTANCE *decoder_inst, +\& void *reference, size_t reference_sz, +\& OSSL_CALLBACK *export_cb, void *export_cbarg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1OSSL_DECODER_CTX\s0\fR holds data about multiple decoders, as needed to +figure out what the input data is and to attempt to unpack it into one of +several possible related results. This also includes chaining decoders, so +the output from one can become the input for another. This allows having +generic format decoders such as \s-1PEM\s0 to \s-1DER,\s0 as well as more specialized +decoders like \s-1DER\s0 to \s-1RSA.\s0 +.PP +The chains may be limited by specifying an input type, which is considered a +starting point. This is both considered by \fBOSSL_DECODER_CTX_add_extra()\fR, +which will stop adding one more decoder implementations when it has already +added those that take the specified input type, and functions like +\&\fBOSSL_DECODER_from_bio\fR\|(3), which will only start the decoding process with +the decoder implementations that take that input type. For example, if the +input type is set to \f(CW\*(C`DER\*(C'\fR, a \s-1PEM\s0 to \s-1DER\s0 decoder will be ignored. +.PP +The input type can also be \s-1NULL,\s0 which means that the caller doesn't know +what type of input they have. In this case, \fBOSSL_DECODER_from_bio()\fR will +simply try with one decoder implementation after the other, and thereby +discover what kind of input the caller gave it. +.PP +For every decoding done, even an intermediary one, a constructor provided by +the caller is called to attempt to construct an appropriate type / structure +that the caller knows how to handle from the current decoding result. +The constructor is set with \fBOSSL_DECODER_CTX_set_construct()\fR. +.PP +\&\fB\s-1OSSL_DECODER_INSTANCE\s0\fR is an opaque structure that contains data about the +decoder that was just used, and that may be useful for the constructor. +There are some functions to extract data from this type, described further +down. +.SS "Functions" +.IX Subsection "Functions" +\&\fBOSSL_DECODER_CTX_new()\fR creates a new empty \fB\s-1OSSL_DECODER_CTX\s0\fR. +.PP +\&\fBOSSL_DECODER_settable_ctx_params()\fR returns an \s-1\fBOSSL_PARAM\s0\fR\|(3) array of +parameter descriptors. +.PP +\&\fBOSSL_DECODER_CTX_set_params()\fR attempts to set parameters specified with an +\&\s-1\fBOSSL_PARAM\s0\fR\|(3) array \fIparams\fR. These parameters are passed to all +decoders that have been added to the \fIctx\fR so far. Parameters that an +implementation doesn't recognise should be ignored by it. +.PP +\&\fBOSSL_DECODER_CTX_free()\fR frees the given context \fIctx\fR. +.PP +\&\fBOSSL_DECODER_CTX_add_decoder()\fR populates the \fB\s-1OSSL_DECODER_CTX\s0\fR \fIctx\fR with +a decoder, to be used to attempt to decode some encoded input. +.PP +\&\fBOSSL_DECODER_CTX_add_extra()\fR finds decoders that generate input for already +added decoders, and adds them as well. This is used to build decoder +chains. +.PP +\&\fBOSSL_DECODER_CTX_set_input_type()\fR sets the starting input type. This limits +the decoder chains to be considered, as explained in the general description +above. +.PP +\&\fBOSSL_DECODER_CTX_set_input_structure()\fR sets the name of the structure that +the input is expected to have. This may be used to determines what decoder +implementations may be used. \s-1NULL\s0 is a valid input structure, when it's not +relevant, or when the decoder implementations are expected to figure it out. +.PP +\&\fBOSSL_DECODER_CTX_get_num_decoders()\fR gets the number of decoders currently +added to the context \fIctx\fR. +.PP +\&\fBOSSL_DECODER_CTX_set_construct()\fR sets the constructor \fIconstruct\fR. +.PP +\&\fBOSSL_DECODER_CTX_set_construct_data()\fR sets the constructor data that is +passed to the constructor every time it's called. +.PP +\&\fBOSSL_DECODER_CTX_set_cleanup()\fR sets the constructor data \fIcleanup\fR +function. This is called by \fBOSSL_DECODER_CTX_free\fR\|(3). +.PP +\&\fBOSSL_DECODER_CTX_get_construct()\fR, \fBOSSL_DECODER_CTX_get_construct_data()\fR and +\&\fBOSSL_DECODER_CTX_get_cleanup()\fR return the values that have been set by +\&\fBOSSL_DECODER_CTX_set_construct()\fR, \fBOSSL_DECODER_CTX_set_construct_data()\fR and +\&\fBOSSL_DECODER_CTX_set_cleanup()\fR respectively. +.PP +\&\fBOSSL_DECODER_export()\fR is a fallback function for constructors that cannot +use the data they get directly for diverse reasons. It takes the same +decode instance \fIdecoder_inst\fR that the constructor got and an object +\&\fIreference\fR, unpacks the object which it refers to, and exports it by +creating an \s-1\fBOSSL_PARAM\s0\fR\|(3) array that it then passes to \fIexport_cb\fR, +along with \fIexport_arg\fR. +.SS "Constructor" +.IX Subsection "Constructor" +A \fB\s-1OSSL_DECODER_CONSTRUCT\s0\fR gets the following arguments: +.IP "\fIdecoder_inst\fR" 4 +.IX Item "decoder_inst" +The \fB\s-1OSSL_DECODER_INSTANCE\s0\fR for the decoder from which the constructor gets +its data. +.IP "\fIobject\fR" 4 +.IX Item "object" +A provider-native object abstraction produced by the decoder. Further +information on the provider-native object abstraction can be found in +\&\fBprovider\-object\fR\|(7). +.IP "\fIconstruct_data\fR" 4 +.IX Item "construct_data" +The pointer that was set with \fBOSSL_DECODE_CTX_set_construct_data()\fR. +.PP +The constructor is expected to return 1 when the data it receives can be +constructed, otherwise 0. +.PP +These utility functions may be used by a constructor: +.PP +\&\fBOSSL_DECODER_INSTANCE_get_decoder()\fR can be used to get the decoder +implementation from a decoder instance \fIdecoder_inst\fR. +.PP +\&\fBOSSL_DECODER_INSTANCE_get_decoder_ctx()\fR can be used to get the decoder +implementation's provider context from a decoder instance \fIdecoder_inst\fR. +.PP +\&\fBOSSL_DECODER_INSTANCE_get_input_type()\fR can be used to get the decoder +implementation's input type from a decoder instance \fIdecoder_inst\fR. +.PP +\&\fBOSSL_DECODER_INSTANCE_get_input_structure()\fR can be used to get the input +structure for the decoder implementation from a decoder instance +\&\fIdecoder_inst\fR. +This may be \s-1NULL.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_DECODER_CTX_new()\fR returns a pointer to a \fB\s-1OSSL_DECODER_CTX\s0\fR, or \s-1NULL\s0 +if the context structure couldn't be allocated. +.PP +\&\fBOSSL_DECODER_settable_ctx_params()\fR returns an \s-1\fBOSSL_PARAM\s0\fR\|(3) array, or +\&\s-1NULL\s0 if none is available. +.PP +\&\fBOSSL_DECODER_CTX_set_params()\fR returns 1 if all recognised parameters were +valid, or 0 if one of them was invalid or caused some other failure in the +implementation. +.PP +\&\fBOSSL_DECODER_CTX_add_decoder()\fR, \fBOSSL_DECODER_CTX_add_extra()\fR, +\&\fBOSSL_DECODER_CTX_set_construct()\fR, \fBOSSL_DECODER_CTX_set_construct_data()\fR and +\&\fBOSSL_DECODER_CTX_set_cleanup()\fR return 1 on success, or 0 on failure. +.PP +\&\fBOSSL_DECODER_CTX_get_construct()\fR, \fBOSSL_DECODER_CTX_get_construct_data()\fR and +\&\fBOSSL_DECODER_CTX_get_cleanup()\fR return the current pointers to the +constructor, the constructor data and the cleanup functions, respectively. +.PP +\&\fBOSSL_DECODER_CTX_num_decoders()\fR returns the current number of decoders. It +returns 0 if \fIctx\fR is \s-1NULL.\s0 +.PP +\&\fBOSSL_DECODER_export()\fR returns 1 on success, or 0 on failure. +.PP +\&\fBOSSL_DECODER_INSTANCE_decoder()\fR returns an \fB\s-1OSSL_DECODER\s0\fR pointer on +success, or \s-1NULL\s0 on failure. +.PP +\&\fBOSSL_DECODER_INSTANCE_decoder_ctx()\fR returns a provider context pointer on +success, or \s-1NULL\s0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBprovider\fR\|(7), \s-1\fBOSSL_DECODER\s0\fR\|(3), \fBOSSL_DECODER_from_bio\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_DECODER_CTX_new_for_pkey.3 b/secure/lib/libcrypto/man/man3/OSSL_DECODER_CTX_new_for_pkey.3 new file mode 100644 index 000000000000..666cded58c60 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_DECODER_CTX_new_for_pkey.3 @@ -0,0 +1,271 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_DECODER_CTX_NEW_FOR_PKEY 3ossl" +.TH OSSL_DECODER_CTX_NEW_FOR_PKEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_DECODER_CTX_new_for_pkey, +OSSL_DECODER_CTX_set_passphrase, +OSSL_DECODER_CTX_set_pem_password_cb, +OSSL_DECODER_CTX_set_passphrase_ui, +OSSL_DECODER_CTX_set_passphrase_cb +\&\- Decoder routines to decode EVP_PKEYs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/decoder.h> +\& +\& OSSL_DECODER_CTX * +\& OSSL_DECODER_CTX_new_for_pkey(EVP_PKEY **pkey, +\& const char *input_type, +\& const char *input_struct, +\& const char *keytype, int selection, +\& OSSL_LIB_CTX *libctx, const char *propquery); +\& +\& int OSSL_DECODER_CTX_set_passphrase(OSSL_DECODER_CTX *ctx, +\& const unsigned char *kstr, +\& size_t klen); +\& int OSSL_DECODER_CTX_set_pem_password_cb(OSSL_DECODER_CTX *ctx, +\& pem_password_cb *cb, +\& void *cbarg); +\& int OSSL_DECODER_CTX_set_passphrase_ui(OSSL_DECODER_CTX *ctx, +\& const UI_METHOD *ui_method, +\& void *ui_data); +\& int OSSL_DECODER_CTX_set_passphrase_cb(OSSL_DECODER_CTX *ctx, +\& OSSL_PASSPHRASE_CALLBACK *cb, +\& void *cbarg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOSSL_DECODER_CTX_new_for_pkey()\fR is a utility function that creates a +\&\fB\s-1OSSL_DECODER_CTX\s0\fR, finds all applicable decoder implementations and sets +them up, so all the caller has to do next is call functions like +\&\fBOSSL_DECODER_from_bio\fR\|(3). The caller may use the optional \fIinput_type\fR, +\&\fIinput_struct\fR, \fIkeytype\fR and \fIselection\fR to specify what the input is +expected to contain. The \fIpkey\fR must reference an \fB\s-1EVP_PKEY\s0 *\fR variable +that will be set to the newly created \fB\s-1EVP_PKEY\s0\fR on successful decoding. +The referenced variable must be initialized to \s-1NULL\s0 before calling the +function. +.PP +Internally \fBOSSL_DECODER_CTX_new_for_pkey()\fR searches for all available +\&\s-1\fBEVP_KEYMGMT\s0\fR\|(3) implementations, and then builds a list of all potential +decoder implementations that may be able to process the encoded input into +data suitable for \fB\s-1EVP_PKEY\s0\fRs. All these implementations are implicitly +fetched using \fIlibctx\fR and \fIpropquery\fR. +.PP +The search of decoder implementations can be limited with \fIinput_type\fR and +\&\fIinput_struct\fR which specifies a starting input type and input structure. +\&\s-1NULL\s0 is valid for both of them and signifies that the decoder implementations +will find out the input type on their own. +They are set with \fBOSSL_DECODER_CTX_set_input_type\fR\|(3) and +\&\fBOSSL_DECODER_CTX_set_input_structure\fR\|(3). +See \*(L"Input Types\*(R" and \*(L"Input Structures\*(R" below for further information. +.PP +The search of decoder implementations can also be limited with \fIkeytype\fR +and \fIselection\fR, which specifies the expected resulting keytype and contents. +\&\s-1NULL\s0 and zero are valid and signify that the decoder implementations will +find out the keytype and key contents on their own from the input they get. +.PP +If no suitable decoder implementation is found, +\&\fBOSSL_DECODER_CTX_new_for_pkey()\fR still creates a \fB\s-1OSSL_DECODER_CTX\s0\fR, but +with no associated decoder (\fBOSSL_DECODER_CTX_get_num_decoders\fR\|(3) returns +zero). This helps the caller to distinguish between an error when creating +the \fB\s-1OSSL_ENCODER_CTX\s0\fR and missing encoder implementation, and allows it to +act accordingly. +.PP +\&\fBOSSL_DECODER_CTX_set_passphrase()\fR gives the implementation a pass phrase to +use when decrypting the encoded private key. Alternatively, a pass phrase +callback may be specified with the following functions. +.PP +\&\fBOSSL_DECODER_CTX_set_pem_password_cb()\fR, \fBOSSL_DECODER_CTX_set_passphrase_ui()\fR +and \fBOSSL_DECODER_CTX_set_passphrase_cb()\fR set up a callback method that the +implementation can use to prompt for a pass phrase, giving the caller the +choice of preferred pass phrase callback form. These are called indirectly, +through an internal \s-1\fBOSSL_PASSPHRASE_CALLBACK\s0\fR\|(3) function. +.PP +The internal \s-1\fBOSSL_PASSPHRASE_CALLBACK\s0\fR\|(3) function caches the pass phrase, to +be re-used in all decodings that are performed in the same decoding run (for +example, within one \fBOSSL_DECODER_from_bio\fR\|(3) call). +.SS "Input Types" +.IX Subsection "Input Types" +Available input types depend on the implementations that available providers +offer, and provider documentation should have the details. +.PP +Among the known input types that OpenSSL decoder implementations offer +for \fB\s-1EVP_PKEY\s0\fRs are \f(CW\*(C`DER\*(C'\fR, \f(CW\*(C`PEM\*(C'\fR, \f(CW\*(C`MSBLOB\*(C'\fR and \f(CW\*(C`PVK\*(C'\fR. +See \fBopenssl\-glossary\fR\|(7) for further information on what these input +types mean. +.SS "Input Structures" +.IX Subsection "Input Structures" +Available input structures depend on the implementations that available +providers offer, and provider documentation should have the details. +.PP +Among the known input structures that OpenSSL decoder implementations +offer for \fB\s-1EVP_PKEY\s0\fRs are \f(CW\*(C`pkcs8\*(C'\fR and \f(CW\*(C`SubjectPublicKeyInfo\*(C'\fR. +.PP +OpenSSL decoder implementations also support the input structure +\&\f(CW\*(C`type\-specific\*(C'\fR. This is the structure used for keys encoded +according to key type specific specifications. For example, \s-1RSA\s0 keys +encoded according to PKCS#1. +.SS "Selections" +.IX Subsection "Selections" +\&\fIselection\fR can be any one of the values described in +\&\*(L"Selections\*(R" in \fBEVP_PKEY_fromdata\fR\|(3). +Additionally \fIselection\fR can also be set to \fB0\fR to indicate that the code will +auto detect the selection. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_DECODER_CTX_new_for_pkey()\fR returns a pointer to a +\&\fB\s-1OSSL_DECODER_CTX\s0\fR, or \s-1NULL\s0 if it couldn't be created. +.PP +\&\fBOSSL_DECODER_CTX_set_passphrase()\fR, \fBOSSL_DECODER_CTX_set_pem_password_cb()\fR, +\&\fBOSSL_DECODER_CTX_set_passphrase_ui()\fR and +\&\fBOSSL_DECODER_CTX_set_passphrase_cb()\fR all return 1 on success, or 0 on +failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBprovider\fR\|(7), \s-1\fBOSSL_DECODER\s0\fR\|(3), \s-1\fBOSSL_DECODER_CTX\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_DECODER_from_bio.3 b/secure/lib/libcrypto/man/man3/OSSL_DECODER_from_bio.3 new file mode 100644 index 000000000000..1010225aa681 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_DECODER_from_bio.3 @@ -0,0 +1,247 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_DECODER_FROM_BIO 3ossl" +.TH OSSL_DECODER_FROM_BIO 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_DECODER_from_data, +OSSL_DECODER_from_bio, +OSSL_DECODER_from_fp +\&\- Routines to perform a decoding +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/decoder.h> +\& +\& int OSSL_DECODER_from_bio(OSSL_DECODER_CTX *ctx, BIO *in); +\& int OSSL_DECODER_from_fp(OSSL_DECODER_CTX *ctx, FILE *fp); +\& int OSSL_DECODER_from_data(OSSL_DECODER_CTX *ctx, const unsigned char **pdata, +\& size_t *pdata_len); +.Ve +.PP +Feature availability macros: +.IP "\fBOSSL_DECODER_from_fp()\fR is only available when \fB\s-1OPENSSL_NO_STDIO\s0\fR is undefined." 4 +.IX Item "OSSL_DECODER_from_fp() is only available when OPENSSL_NO_STDIO is undefined." +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOSSL_DECODER_from_data()\fR runs the decoding process for the context \fIctx\fR, +with input coming from \fI*pdata\fR, \fI*pdata_len\fR bytes long. Both \fI*pdata\fR +and \fI*pdata_len\fR must be non-NULL. When \fBOSSL_DECODER_from_data()\fR returns, +\&\fI*pdata\fR is updated to point at the location after what has been decoded, +and \fI*pdata_len\fR to have the number of remaining bytes. +.PP +\&\fBOSSL_DECODER_from_bio()\fR runs the decoding process for the context \fIctx\fR, +with the input coming from the \fB\s-1BIO\s0\fR \fIin\fR. Should it make a difference, +it's recommended to have the \s-1BIO\s0 set in binary mode rather than text mode. +.PP +\&\fBOSSL_DECODER_from_fp()\fR does the same thing as \fBOSSL_DECODER_from_bio()\fR, +except that the input is coming from the \fB\s-1FILE\s0\fR \fIfp\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_DECODER_from_bio()\fR, \fBOSSL_DECODER_from_data()\fR and \fBOSSL_DECODER_from_fp()\fR +return 1 on success, or 0 on failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To decode an \s-1RSA\s0 key encoded with \s-1PEM\s0 from a bio: +.PP +.Vb 6 +\& OSSL_DECODER_CTX *dctx; +\& EVP_PKEY *pkey = NULL; +\& const char *format = "PEM"; /* NULL for any format */ +\& const char *structure = NULL; /* any structure */ +\& const char *keytype = "RSA"; /* NULL for any key */ +\& const unsigned char *pass = "my password"; +\& +\& dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, format, structure, +\& keytype, +\& OSSL_KEYMGMT_SELECT_KEYPAIR, +\& NULL, NULL); +\& if (dctx == NULL) { +\& /* error: no suitable potential decoders found */ +\& } +\& if (pass != NULL) +\& OSSL_DECODER_CTX_set_passphrase(dctx, pass, strlen(pass)); +\& if (OSSL_DECODER_from_bio(dctx, bio)) { +\& /* pkey is created with the decoded data from the bio */ +\& } else { +\& /* decoding failure */ +\& } +\& OSSL_DECODER_CTX_free(dctx); +.Ve +.PP +To decode an \s-1EC\s0 key encoded with \s-1DER\s0 from a buffer: +.PP +.Vb 8 +\& OSSL_DECODER_CTX *dctx; +\& EVP_PKEY *pkey = NULL; +\& const char *format = "DER"; /* NULL for any format */ +\& const char *structure = NULL; /* any structure */ +\& const char *keytype = "EC"; /* NULL for any key */ +\& const unsigned char *pass = NULL +\& const unsigned char *data = buffer; +\& size_t datalen = sizeof(buffer); +\& +\& dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, format, structure, +\& keytype, +\& OSSL_KEYMGMT_SELECT_KEYPAIR +\& | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, +\& NULL, NULL); +\& if (dctx == NULL) { +\& /* error: no suitable potential decoders found */ +\& } +\& if (pass != NULL) +\& OSSL_DECODER_CTX_set_passphrase(dctx, pass, strlen(pass)); +\& if (OSSL_DECODER_from_data(dctx, &data, &datalen)) { +\& /* pkey is created with the decoded data from the buffer */ +\& } else { +\& /* decoding failure */ +\& } +\& OSSL_DECODER_CTX_free(dctx); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBprovider\fR\|(7), \s-1\fBOSSL_DECODER_CTX\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_DISPATCH.3 b/secure/lib/libcrypto/man/man3/OSSL_DISPATCH.3 new file mode 100644 index 000000000000..79c9920f27b0 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_DISPATCH.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_DISPATCH 3ossl" +.TH OSSL_DISPATCH 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_DISPATCH \- OpenSSL Core type to define a dispatchable function table +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/core.h> +\& +\& typedef struct ossl_dispatch_st OSSL_DISPATCH; +\& struct ossl_dispatch_st { +\& int function_id; +\& void (*function)(void); +\& }; +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This type is a tuple of function identity and function pointer. +Arrays of this type are passed between the OpenSSL libraries and the +providers to describe what functionality one side provides to the other. +.PP +Arrays of this type must be terminated with a tuple having function identity +zero and function pointer \s-1NULL.\s0 +.SS "\fB\s-1OSSL_DISPATCH\s0\fP fields" +.IX Subsection "OSSL_DISPATCH fields" +.IP "\fIfunction_id\fR" 4 +.IX Item "function_id" +OpenSSL defined function identity of the implemented function. +.IP "\fIfunction\fR" 4 +.IX Item "function" +Pointer to the implemented function itself. Despite the generic definition +of this field, the implemented function it points to must have a function +signature that corresponds to the \fIfunction_id\fR +.PP +Available function identities and corresponding function signatures are +defined in \fBopenssl\-core_dispatch.h\fR\|(7). +Furthermore, the chosen function identities and associated function +signature must be chosen specifically for the operation that it's intended +for, as determined by the intended \s-1\fBOSSL_ALGORITHM\s0\fR\|(3) array. +.PP +Any function identity not recognised by the recipient of this type +will be ignored. +This ensures that providers built with one OpenSSL version in mind +will work together with any other OpenSSL version that supports this +mechanism. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBopenssl\-core_dispatch.h\fR\|(7), \s-1\fBOSSL_ALGORITHM\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fB\s-1OSSL_DISPATCH\s0\fR was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_ENCODER.3 b/secure/lib/libcrypto/man/man3/OSSL_ENCODER.3 new file mode 100644 index 000000000000..49a969170c9a --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_ENCODER.3 @@ -0,0 +1,273 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_ENCODER 3ossl" +.TH OSSL_ENCODER 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_ENCODER, +OSSL_ENCODER_fetch, +OSSL_ENCODER_up_ref, +OSSL_ENCODER_free, +OSSL_ENCODER_get0_provider, +OSSL_ENCODER_get0_properties, +OSSL_ENCODER_is_a, +OSSL_ENCODER_get0_name, +OSSL_ENCODER_get0_description, +OSSL_ENCODER_do_all_provided, +OSSL_ENCODER_names_do_all, +OSSL_ENCODER_gettable_params, +OSSL_ENCODER_get_params +\&\- Encoder method routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/encoder.h> +\& +\& typedef struct ossl_encoder_st OSSL_ENCODER; +\& +\& OSSL_ENCODER *OSSL_ENCODER_fetch(OSSL_LIB_CTX *ctx, const char *name, +\& const char *properties); +\& int OSSL_ENCODER_up_ref(OSSL_ENCODER *encoder); +\& void OSSL_ENCODER_free(OSSL_ENCODER *encoder); +\& const OSSL_PROVIDER *OSSL_ENCODER_get0_provider(const OSSL_ENCODER *encoder); +\& const char *OSSL_ENCODER_get0_properties(const OSSL_ENCODER *encoder); +\& int OSSL_ENCODER_is_a(const OSSL_ENCODER *encoder, const char *name); +\& const char *OSSL_ENCODER_get0_name(const OSSL_ENCODER *encoder); +\& const char *OSSL_ENCODER_get0_description(const OSSL_ENCODER *encoder); +\& void OSSL_ENCODER_do_all_provided(OSSL_LIB_CTX *libctx, +\& void (*fn)(OSSL_ENCODER *encoder, void *arg), +\& void *arg); +\& int OSSL_ENCODER_names_do_all(const OSSL_ENCODER *encoder, +\& void (*fn)(const char *name, void *data), +\& void *data); +\& const OSSL_PARAM *OSSL_ENCODER_gettable_params(OSSL_ENCODER *encoder); +\& int OSSL_ENCODER_get_params(OSSL_ENCODER_CTX *ctx, const OSSL_PARAM params[]); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1OSSL_ENCODER\s0\fR is a method for encoders, which know how to +encode an object of some kind to a encoded form, such as \s-1PEM, +DER,\s0 or even human readable text. +.PP +\&\fBOSSL_ENCODER_fetch()\fR looks for an algorithm within the provider that +has been loaded into the \fB\s-1OSSL_LIB_CTX\s0\fR given by \fIctx\fR, having the +name given by \fIname\fR and the properties given by \fIproperties\fR. +The \fIname\fR determines what type of object the fetched encoder +method is expected to be able to encode, and the properties are +used to determine the expected output type. +For known properties and the values they may have, please have a look +in \*(L"Names and properties\*(R" in \fBprovider\-encoder\fR\|(7). +.PP +\&\fBOSSL_ENCODER_up_ref()\fR increments the reference count for the given +\&\fIencoder\fR. +.PP +\&\fBOSSL_ENCODER_free()\fR decrements the reference count for the given +\&\fIencoder\fR, and when the count reaches zero, frees it. +.PP +\&\fBOSSL_ENCODER_get0_provider()\fR returns the provider of the given +\&\fIencoder\fR. +.PP +\&\fBOSSL_ENCODER_get0_properties()\fR returns the property definition associated +with the given \fIencoder\fR. +.PP +\&\fBOSSL_ENCODER_is_a()\fR checks if \fIencoder\fR is an implementation of an +algorithm that's identifiable with \fIname\fR. +.PP +\&\fBOSSL_ENCODER_get0_name()\fR returns the name used to fetch the given \fIencoder\fR. +.PP +\&\fBOSSL_ENCODER_get0_description()\fR returns a description of the \fIloader\fR, meant +for display and human consumption. The description is at the discretion of the +\&\fIloader\fR implementation. +.PP +\&\fBOSSL_ENCODER_names_do_all()\fR traverses all names for the given +\&\fIencoder\fR, and calls \fIfn\fR with each name and \fIdata\fR as arguments. +.PP +\&\fBOSSL_ENCODER_do_all_provided()\fR traverses all encoder +implementations by all activated providers in the library context +\&\fIlibctx\fR, and for each of the implementations, calls \fIfn\fR with the +implementation method and \fIarg\fR as arguments. +.PP +\&\fBOSSL_ENCODER_gettable_params()\fR returns an \s-1\fBOSSL_PARAM\s0\fR\|(3) +array of parameter descriptors. +.PP +\&\fBOSSL_ENCODER_get_params()\fR attempts to get parameters specified +with an \s-1\fBOSSL_PARAM\s0\fR\|(3) array \fIparams\fR. Parameters that the +implementation doesn't recognise should be ignored. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_ENCODER_fetch()\fR returns a pointer to the key management +implementation represented by an \s-1OSSL_ENCODER\s0 object, or \s-1NULL\s0 on +error. +.PP +\&\fBOSSL_ENCODER_up_ref()\fR returns 1 on success, or 0 on error. +.PP +\&\fBOSSL_ENCODER_free()\fR doesn't return any value. +.PP +\&\fBOSSL_ENCODER_get0_provider()\fR returns a pointer to a provider object, or +\&\s-1NULL\s0 on error. +.PP +\&\fBOSSL_ENCODER_get0_properties()\fR returns a pointer to a property +definition string, or \s-1NULL\s0 on error. +.PP +\&\fBOSSL_ENCODER_is_a()\fR returns 1 of \fIencoder\fR was identifiable, +otherwise 0. +.PP +\&\fBOSSL_ENCODER_get0_name()\fR returns the algorithm name from the provided +implementation for the given \fIencoder\fR. Note that the \fIencoder\fR may have +multiple synonyms associated with it. In this case the first name from the +algorithm definition is returned. Ownership of the returned string is retained +by the \fIencoder\fR object and should not be freed by the caller. +.PP +\&\fBOSSL_ENCODER_get0_description()\fR returns a pointer to a description, or \s-1NULL\s0 if +there isn't one. +.PP +\&\fBOSSL_ENCODER_names_do_all()\fR returns 1 if the callback was called for all +names. A return value of 0 means that the callback was not called for any names. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBprovider\fR\|(7), \s-1\fBOSSL_ENCODER_CTX\s0\fR\|(3), \fBOSSL_ENCODER_to_bio\fR\|(3), +\&\fBOSSL_ENCODER_CTX_new_for_pkey\fR\|(3), \s-1\fBOSSL_LIB_CTX\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_ENCODER_CTX.3 b/secure/lib/libcrypto/man/man3/OSSL_ENCODER_CTX.3 new file mode 100644 index 000000000000..876ee48d88b4 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_ENCODER_CTX.3 @@ -0,0 +1,342 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_ENCODER_CTX 3ossl" +.TH OSSL_ENCODER_CTX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_ENCODER_CTX, +OSSL_ENCODER_CTX_new, +OSSL_ENCODER_settable_ctx_params, +OSSL_ENCODER_CTX_set_params, +OSSL_ENCODER_CTX_free, +OSSL_ENCODER_CTX_set_selection, +OSSL_ENCODER_CTX_set_output_type, +OSSL_ENCODER_CTX_set_output_structure, +OSSL_ENCODER_CTX_add_encoder, +OSSL_ENCODER_CTX_add_extra, +OSSL_ENCODER_CTX_get_num_encoders, +OSSL_ENCODER_INSTANCE, +OSSL_ENCODER_INSTANCE_get_encoder, +OSSL_ENCODER_INSTANCE_get_encoder_ctx, +OSSL_ENCODER_INSTANCE_get_output_type, +OSSL_ENCODER_INSTANCE_get_output_structure, +OSSL_ENCODER_CONSTRUCT, +OSSL_ENCODER_CLEANUP, +OSSL_ENCODER_CTX_set_construct, +OSSL_ENCODER_CTX_set_construct_data, +OSSL_ENCODER_CTX_set_cleanup +\&\- Encoder context routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/encoder.h> +\& +\& typedef struct ossl_encoder_ctx_st OSSL_ENCODER_CTX; +\& +\& OSSL_ENCODER_CTX *OSSL_ENCODER_CTX_new(); +\& const OSSL_PARAM *OSSL_ENCODER_settable_ctx_params(OSSL_ENCODER *encoder); +\& int OSSL_ENCODER_CTX_set_params(OSSL_ENCODER_CTX *ctx, +\& const OSSL_PARAM params[]); +\& void OSSL_ENCODER_CTX_free(OSSL_ENCODER_CTX *ctx); +\& +\& int OSSL_ENCODER_CTX_set_selection(OSSL_ENCODER_CTX *ctx, int selection); +\& int OSSL_ENCODER_CTX_set_output_type(OSSL_ENCODER_CTX *ctx, +\& const char *output_type); +\& int OSSL_ENCODER_CTX_set_output_structure(OSSL_ENCODER_CTX *ctx, +\& const char *output_structure); +\& +\& int OSSL_ENCODER_CTX_add_encoder(OSSL_ENCODER_CTX *ctx, OSSL_ENCODER *encoder); +\& int OSSL_ENCODER_CTX_add_extra(OSSL_ENCODER_CTX *ctx, +\& OSSL_LIB_CTX *libctx, const char *propq); +\& int OSSL_ENCODER_CTX_get_num_encoders(OSSL_ENCODER_CTX *ctx); +\& +\& typedef struct ossl_encoder_instance_st OSSL_ENCODER_INSTANCE; +\& OSSL_ENCODER * +\& OSSL_ENCODER_INSTANCE_get_encoder(OSSL_ENCODER_INSTANCE *encoder_inst); +\& void * +\& OSSL_ENCODER_INSTANCE_get_encoder_ctx(OSSL_ENCODER_INSTANCE *encoder_inst); +\& const char * +\& OSSL_ENCODER_INSTANCE_get_output_type(OSSL_ENCODER_INSTANCE *encoder_inst); +\& const char * +\& OSSL_ENCODER_INSTANCE_get_output_structure(OSSL_ENCODER_INSTANCE *encoder_inst); +\& +\& typedef const void *OSSL_ENCODER_CONSTRUCT(OSSL_ENCODER_INSTANCE *encoder_inst, +\& void *construct_data); +\& typedef void OSSL_ENCODER_CLEANUP(void *construct_data); +\& +\& int OSSL_ENCODER_CTX_set_construct(OSSL_ENCODER_CTX *ctx, +\& OSSL_ENCODER_CONSTRUCT *construct); +\& int OSSL_ENCODER_CTX_set_construct_data(OSSL_ENCODER_CTX *ctx, +\& void *construct_data); +\& int OSSL_ENCODER_CTX_set_cleanup(OSSL_ENCODER_CTX *ctx, +\& OSSL_ENCODER_CLEANUP *cleanup); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Encoding an input object to the desired encoding may be done with a chain of +encoder implementations, which means that the output from one encoder may be +the input for the next in the chain. The \fB\s-1OSSL_ENCODER_CTX\s0\fR holds all the +data about these encoders. This allows having generic format encoders such +as \s-1DER\s0 to \s-1PEM,\s0 as well as more specialized encoders like \s-1RSA\s0 to \s-1DER.\s0 +.PP +The final output type must be given, and a chain of encoders must end with +an implementation that produces that output type. +.PP +At the beginning of the encoding process, a constructor provided by the +caller is called to ensure that there is an appropriate provider-side object +to start with. +The constructor is set with \fBOSSL_ENCODER_CTX_set_construct()\fR. +.PP +\&\fB\s-1OSSL_ENCODER_INSTANCE\s0\fR is an opaque structure that contains data about the +encoder that is going to be used, and that may be useful for the +constructor. There are some functions to extract data from this type, +described in \*(L"Constructor\*(R" below. +.SS "Functions" +.IX Subsection "Functions" +\&\fBOSSL_ENCODER_CTX_new()\fR creates a \fB\s-1OSSL_ENCODER_CTX\s0\fR. +.PP +\&\fBOSSL_ENCODER_settable_ctx_params()\fR returns an \s-1\fBOSSL_PARAM\s0\fR\|(3) +array of parameter descriptors. +.PP +\&\fBOSSL_ENCODER_CTX_set_params()\fR attempts to set parameters specified +with an \s-1\fBOSSL_PARAM\s0\fR\|(3) array \fIparams\fR. Parameters that the +implementation doesn't recognise should be ignored. +.PP +\&\fBOSSL_ENCODER_CTX_free()\fR frees the given context \fIctx\fR. +.PP +\&\fBOSSL_ENCODER_CTX_add_encoder()\fR populates the \fB\s-1OSSL_ENCODER_CTX\s0\fR +\&\fIctx\fR with a encoder, to be used to encode an input object. +.PP +\&\fBOSSL_ENCODER_CTX_add_extra()\fR finds encoders that further encodes output +from already added encoders, and adds them as well. This is used to build +encoder chains. +.PP +\&\fBOSSL_ENCODER_CTX_set_output_type()\fR sets the ending output type. This must +be specified, and determines if a complete encoder chain is available. +.PP +\&\fBOSSL_ENCODER_CTX_set_output_structure()\fR sets the desired output structure. +This may be used to determines what encoder implementations may be used. +Depending on the type of object being encoded, the output structure may +not be relevant. +.PP +\&\fBOSSL_ENCODER_CTX_get_num_encoders()\fR gets the number of encoders currently +added to the context \fIctx\fR. +.PP +\&\fBOSSL_ENCODER_CTX_set_construct()\fR sets the constructor \fIconstruct\fR. +.PP +\&\fBOSSL_ENCODER_CTX_set_construct_data()\fR sets the constructor data that is +passed to the constructor every time it's called. +.PP +\&\fBOSSL_ENCODER_CTX_set_cleanup()\fR sets the constructor data \fIcleanup\fR +function. This is called by \fBOSSL_ENCODER_CTX_free\fR\|(3). +.SS "Constructor" +.IX Subsection "Constructor" +A \fB\s-1OSSL_ENCODER_CONSTRUCT\s0\fR gets the following arguments: +.IP "\fIencoder_inst\fR" 4 +.IX Item "encoder_inst" +The \fB\s-1OSSL_ENCODER_INSTANCE\s0\fR for the encoder from which the constructor gets +its data. +.IP "\fIconstruct_data\fR" 4 +.IX Item "construct_data" +The pointer that was set with \fBOSSL_ENCODE_CTX_set_construct_data()\fR. +.PP +The constructor is expected to return a valid (non-NULL) pointer to a +provider-native object that can be used as first input of an encoding chain, +or \s-1NULL\s0 to indicate that an error has occurred. +.PP +These utility functions may be used by a constructor: +.PP +\&\fBOSSL_ENCODER_INSTANCE_get_encoder()\fR can be used to get the encoder +implementation of the encoder instance \fIencoder_inst\fR. +.PP +\&\fBOSSL_ENCODER_INSTANCE_get_encoder_ctx()\fR can be used to get the encoder +implementation's provider context of the encoder instance \fIencoder_inst\fR. +.PP +\&\fBOSSL_ENCODER_INSTANCE_get_output_type()\fR can be used to get the output type +for the encoder implementation of the encoder instance \fIencoder_inst\fR. +This will never be \s-1NULL.\s0 +.PP +\&\fBOSSL_ENCODER_INSTANCE_get_output_structure()\fR can be used to get the output +structure for the encoder implementation of the encoder instance +\&\fIencoder_inst\fR. +This may be \s-1NULL.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_ENCODER_CTX_new()\fR returns a pointer to a \fB\s-1OSSL_ENCODER_CTX\s0\fR, or \s-1NULL\s0 +if the context structure couldn't be allocated. +.PP +\&\fBOSSL_ENCODER_settable_ctx_params()\fR returns an \s-1\fBOSSL_PARAM\s0\fR\|(3) array, or +\&\s-1NULL\s0 if none is available. +.PP +\&\fBOSSL_ENCODER_CTX_set_params()\fR returns 1 if all recognised parameters were +valid, or 0 if one of them was invalid or caused some other failure in the +implementation. +.PP +\&\fBOSSL_ENCODER_CTX_add_encoder()\fR, \fBOSSL_ENCODER_CTX_add_extra()\fR, +\&\fBOSSL_ENCODER_CTX_set_construct()\fR, \fBOSSL_ENCODER_CTX_set_construct_data()\fR and +\&\fBOSSL_ENCODER_CTX_set_cleanup()\fR return 1 on success, or 0 on failure. +.PP +\&\fBOSSL_ENCODER_CTX_get_num_encoders()\fR returns the current number of encoders. +It returns 0 if \fIctx\fR is \s-1NULL.\s0 +.PP +\&\fBOSSL_ENCODER_INSTANCE_get_encoder()\fR returns an \fB\s-1OSSL_ENCODER\s0\fR pointer on +success, or \s-1NULL\s0 on failure. +.PP +\&\fBOSSL_ENCODER_INSTANCE_get_encoder_ctx()\fR returns a provider context pointer on +success, or \s-1NULL\s0 on failure. +.PP +\&\fBOSSL_ENCODER_INSTANCE_get_output_type()\fR returns a string with the name of the +input type, if relevant. \s-1NULL\s0 is a valid returned value. +.PP +\&\fBOSSL_ENCODER_INSTANCE_get_output_type()\fR returns a string with the name of the +output type. +.PP +\&\fBOSSL_ENCODER_INSTANCE_get_output_structure()\fR returns a string with the name +of the output structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBprovider\fR\|(7), \s-1\fBOSSL_ENCODER\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_ENCODER_CTX_new_for_pkey.3 b/secure/lib/libcrypto/man/man3/OSSL_ENCODER_CTX_new_for_pkey.3 new file mode 100644 index 000000000000..f33efd48051c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_ENCODER_CTX_new_for_pkey.3 @@ -0,0 +1,269 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_ENCODER_CTX_NEW_FOR_PKEY 3ossl" +.TH OSSL_ENCODER_CTX_NEW_FOR_PKEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_ENCODER_CTX_new_for_pkey, +OSSL_ENCODER_CTX_set_cipher, +OSSL_ENCODER_CTX_set_passphrase, +OSSL_ENCODER_CTX_set_pem_password_cb, +OSSL_ENCODER_CTX_set_passphrase_cb, +OSSL_ENCODER_CTX_set_passphrase_ui +\&\- Encoder routines to encode EVP_PKEYs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/encoder.h> +\& +\& OSSL_ENCODER_CTX * +\& OSSL_ENCODER_CTX_new_for_pkey(const EVP_PKEY *pkey, int selection, +\& const char *output_type, +\& const char *output_structure, +\& const char *propquery); +\& +\& int OSSL_ENCODER_CTX_set_cipher(OSSL_ENCODER_CTX *ctx, +\& const char *cipher_name, +\& const char *propquery); +\& int OSSL_ENCODER_CTX_set_passphrase(OSSL_ENCODER_CTX *ctx, +\& const unsigned char *kstr, +\& size_t klen); +\& int OSSL_ENCODER_CTX_set_pem_password_cb(OSSL_ENCODER_CTX *ctx, +\& pem_password_cb *cb, void *cbarg); +\& int OSSL_ENCODER_CTX_set_passphrase_ui(OSSL_ENCODER_CTX *ctx, +\& const UI_METHOD *ui_method, +\& void *ui_data); +\& int OSSL_ENCODER_CTX_set_passphrase_cb(OSSL_ENCODER_CTX *ctx, +\& OSSL_PASSPHRASE_CALLBACK *cb, +\& void *cbarg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOSSL_ENCODER_CTX_new_for_pkey()\fR is a utility function that creates a +\&\fB\s-1OSSL_ENCODER_CTX\s0\fR, finds all applicable encoder implementations and sets +them up, so almost all the caller has to do next is call functions like +\&\fBOSSL_ENCODER_to_bio\fR\|(3). \fIoutput_type\fR determines the final output +encoding, and \fIselection\fR can be used to select what parts of the \fIpkey\fR +should be included in the output. \fIoutput_type\fR is further discussed in +\&\*(L"Output types\*(R" below, and \fIselection\fR is further described in +\&\*(L"Selections\*(R". +.PP +Internally, \fBOSSL_ENCODER_CTX_new_for_pkey()\fR uses the names from the +\&\s-1\fBEVP_KEYMGMT\s0\fR\|(3) implementation associated with \fIpkey\fR to build a list of +applicable encoder implementations that are used to process the \fIpkey\fR into +the encoding named by \fIoutput_type\fR, with the outermost structure named by +\&\fIoutput_structure\fR if that's relevant. All these implementations are +implicitly fetched, with \fIpropquery\fR for finer selection. +.PP +If no suitable encoder implementation is found, +\&\fBOSSL_ENCODER_CTX_new_for_pkey()\fR still creates a \fB\s-1OSSL_ENCODER_CTX\s0\fR, but +with no associated encoder (\fBOSSL_ENCODER_CTX_get_num_encoders\fR\|(3) returns +zero). This helps the caller to distinguish between an error when creating +the \fB\s-1OSSL_ENCODER_CTX\s0\fR and missing encoder implementation, and allows it to +act accordingly. +.PP +\&\fBOSSL_ENCODER_CTX_set_cipher()\fR tells the implementation what cipher +should be used to encrypt encoded keys. The cipher is given by +name \fIcipher_name\fR. The interpretation of that \fIcipher_name\fR is +implementation dependent. The implementation may implement the cipher +directly itself or by other implementations, or it may choose to fetch +it. If the implementation supports fetching the cipher, then it may +use \fIpropquery\fR as properties to be queried for when fetching. +\&\fIcipher_name\fR may also be \s-1NULL,\s0 which will result in unencrypted +encoding. +.PP +\&\fBOSSL_ENCODER_CTX_set_passphrase()\fR gives the implementation a +pass phrase to use when encrypting the encoded private key. +Alternatively, a pass phrase callback may be specified with the +following functions. +.PP +\&\fBOSSL_ENCODER_CTX_set_pem_password_cb()\fR, \fBOSSL_ENCODER_CTX_set_passphrase_ui()\fR +and \fBOSSL_ENCODER_CTX_set_passphrase_cb()\fR sets up a callback method that the +implementation can use to prompt for a pass phrase, giving the caller the +choice of preferred pass phrase callback form. These are called indirectly, +through an internal \s-1\fBOSSL_PASSPHRASE_CALLBACK\s0\fR\|(3) function. +.SS "Output types" +.IX Subsection "Output types" +The possible \fB\s-1EVP_PKEY\s0\fR output types depends on the available +implementations. +.PP +OpenSSL has built in implementations for the following output types: +.ie n .IP """TEXT""" 4 +.el .IP "\f(CWTEXT\fR" 4 +.IX Item "TEXT" +The output is a human readable description of the key. +\&\fBEVP_PKEY_print_private\fR\|(3), \fBEVP_PKEY_print_public\fR\|(3) and +\&\fBEVP_PKEY_print_params\fR\|(3) use this for their output. +.ie n .IP """DER""" 4 +.el .IP "\f(CWDER\fR" 4 +.IX Item "DER" +The output is the \s-1DER\s0 encoding of the \fIselection\fR of the \fIpkey\fR. +.ie n .IP """PEM""" 4 +.el .IP "\f(CWPEM\fR" 4 +.IX Item "PEM" +The output is the \fIselection\fR of the \fIpkey\fR in \s-1PEM\s0 format. +.SS "Selections" +.IX Subsection "Selections" +\&\fIselection\fR can be any one of the values described in +\&\*(L"Selections\*(R" in \fBEVP_PKEY_fromdata\fR\|(3). +.PP +These are only 'hints' since the encoder implementations are free to +determine what makes sense to include in the output, and this may depend on +the desired output. For example, an \s-1EC\s0 key in a PKCS#8 structure doesn't +usually include the public key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_ENCODER_CTX_new_for_pkey()\fR returns a pointer to an \fB\s-1OSSL_ENCODER_CTX\s0\fR, +or \s-1NULL\s0 if it couldn't be created. +.PP +\&\fBOSSL_ENCODER_CTX_set_cipher()\fR, \fBOSSL_ENCODER_CTX_set_passphrase()\fR, +\&\fBOSSL_ENCODER_CTX_set_pem_password_cb()\fR, \fBOSSL_ENCODER_CTX_set_passphrase_ui()\fR +and \fBOSSL_ENCODER_CTX_set_passphrase_cb()\fR all return 1 on success, or 0 on +failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBprovider\fR\|(7), \s-1\fBOSSL_ENCODER\s0\fR\|(3), \s-1\fBOSSL_ENCODER_CTX\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_ENCODER_to_bio.3 b/secure/lib/libcrypto/man/man3/OSSL_ENCODER_to_bio.3 new file mode 100644 index 000000000000..e8c48be3da89 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_ENCODER_to_bio.3 @@ -0,0 +1,258 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_ENCODER_TO_BIO 3ossl" +.TH OSSL_ENCODER_TO_BIO 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_ENCODER_to_data, +OSSL_ENCODER_to_bio, +OSSL_ENCODER_to_fp +\&\- Routines to perform an encoding +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/encoder.h> +\& +\& int OSSL_ENCODER_to_data(OSSL_ENCODER_CTX *ctx, unsigned char **pdata, +\& size_t *pdata_len); +\& int OSSL_ENCODER_to_bio(OSSL_ENCODER_CTX *ctx, BIO *out); +\& int OSSL_ENCODER_to_fp(OSSL_ENCODER_CTX *ctx, FILE *fp); +.Ve +.PP +Feature availability macros: +.IP "\fBOSSL_ENCODER_to_fp()\fR is only available when \fB\s-1OPENSSL_NO_STDIO\s0\fR is undefined." 4 +.IX Item "OSSL_ENCODER_to_fp() is only available when OPENSSL_NO_STDIO is undefined." +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOSSL_ENCODER_to_data()\fR runs the encoding process for the context \fIctx\fR, +with the output going to the \fI*pdata\fR and \fI*pdata_len\fR. +If \fI*pdata\fR is \s-1NULL\s0 when \fBOSSL_ENCODER_to_data()\fR is called, a buffer will be +allocated using \fBOPENSSL_zalloc\fR\|(3), and \fI*pdata\fR will be set to point at +the start of that buffer, and \fI*pdata_len\fR will be assigned its length when +\&\fBOSSL_ENCODER_to_data()\fR returns. +If \fI*pdata\fR is non-NULL when \fBOSSL_ENCODER_to_data()\fR is called, \fI*pdata_len\fR +is assumed to have its size. In this case, \fI*pdata\fR will be set to point +after the encoded bytes, and \fI*pdata_len\fR will be assigned the number of +remaining bytes. +.PP +\&\fBOSSL_ENCODER_to_bio()\fR runs the encoding process for the context \fIctx\fR, with +the output going to the \fB\s-1BIO\s0\fR \fIout\fR. +.PP +\&\fBOSSL_ENCODER_to_fp()\fR does the same thing as \fBOSSL_ENCODER_to_bio()\fR, except +that the output is going to the \fB\s-1FILE\s0\fR \fIfp\fR. +.PP +For \fBOSSL_ENCODER_to_bio()\fR and \fBOSSL_ENCODER_to_fp()\fR, the application is +required to set up the \fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR properly, for example to have +it in text or binary mode as is appropriate for the encoder output type. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_ENCODER_to_bio()\fR, \fBOSSL_ENCODER_to_fp()\fR and \fBOSSL_ENCODER_to_data()\fR +return 1 on success, or 0 on failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To encode a pkey as PKCS#8 with \s-1PEM\s0 format into a bio: +.PP +.Vb 4 +\& OSSL_ENCODER_CTX *ectx; +\& const char *format = "PEM"; +\& const char *structure = "PrivateKeyInfo"; /* PKCS#8 structure */ +\& const unsigned char *pass = "my password"; +\& +\& ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, +\& OSSL_KEYMGMT_SELECT_KEYPAIR +\& | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, +\& format, structure, +\& NULL); +\& if (ectx == NULL) { +\& /* error: no suitable potential encoders found */ +\& } +\& if (pass != NULL) +\& OSSL_ENCODER_CTX_set_passphrase(ectx, pass, strlen(pass)); +\& if (OSSL_ENCODER_to_bio(ectx, bio)) { +\& /* pkey was successfully encoded into the bio */ +\& } else { +\& /* encoding failure */ +\& } +\& OSSL_ENCODER_CTX_free(ectx); +.Ve +.PP +To encode a pkey as PKCS#8 with \s-1DER\s0 format encrypted with +\&\s-1AES\-256\-CBC\s0 into a buffer: +.PP +.Vb 6 +\& OSSL_ENCODER_CTX *ectx; +\& const char *format = "DER"; +\& const char *structure = "PrivateKeyInfo"; /* PKCS#8 structure */ +\& const unsigned char *pass = "my password"; +\& unsigned char *data = NULL; +\& size_t datalen; +\& +\& ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, +\& OSSL_KEYMGMT_SELECT_KEYPAIR +\& | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, +\& format, structure, +\& NULL); +\& if (ectx == NULL) { +\& /* error: no suitable potential encoders found */ +\& } +\& if (pass != NULL) { +\& OSSL_ENCODER_CTX_set_passphrase(ectx, pass, strlen(pass)); +\& OSSL_ENCODER_CTX_set_cipher(ctx, "AES\-256\-CBC", NULL); +\& } +\& if (OSSL_ENCODER_to_data(ectx, &data, &datalen)) { +\& /* +\& * pkey was successfully encoded into a newly allocated +\& * data buffer +\& */ +\& } else { +\& /* encoding failure */ +\& } +\& OSSL_ENCODER_CTX_free(ectx); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBprovider\fR\|(7), \s-1\fBOSSL_ENCODER_CTX\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_ESS_check_signing_certs.3 b/secure/lib/libcrypto/man/man3/OSSL_ESS_check_signing_certs.3 new file mode 100644 index 000000000000..cf3f93c3822e --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_ESS_check_signing_certs.3 @@ -0,0 +1,216 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_ESS_CHECK_SIGNING_CERTS 3ossl" +.TH OSSL_ESS_CHECK_SIGNING_CERTS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_ESS_signing_cert_new_init, +OSSL_ESS_signing_cert_v2_new_init, +OSSL_ESS_check_signing_certs +\&\- Enhanced Security Services (ESS) functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ess.h> +\& +\& ESS_SIGNING_CERT *OSSL_ESS_signing_cert_new_init(const X509 *signcert, +\& const STACK_OF(X509) *certs, +\& int set_issuer_serial); +\& ESS_SIGNING_CERT_V2 *OSSL_ESS_signing_cert_v2_new_init(const EVP_MD *hash_alg, +\& const X509 *signcert, +\& const +\& STACK_OF(X509) *certs, +\& int set_issuer_serial); +\& int OSSL_ESS_check_signing_certs(const ESS_SIGNING_CERT *ss, +\& const ESS_SIGNING_CERT_V2 *ssv2, +\& const STACK_OF(X509) *chain, +\& int require_signing_cert); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOSSL_ESS_signing_cert_new_init()\fR generates a new \fB\s-1ESS_SIGNING_CERT\s0\fR structure +referencing the given \fIsigncert\fR and any given further \fIcerts\fR +using their \s-1SHA\-1\s0 fingerprints. +If \fIset_issuer_serial\fR is nonzero then also the issuer and serial number +of \fIsigncert\fR are included in the \fB\s-1ESS_CERT_ID\s0\fR as the \fBissuerSerial\fR field. +For all members of \fIcerts\fR the \fBissuerSerial\fR field is always included. +.PP +\&\fBOSSL_ESS_signing_cert_v2_new_init()\fR is the same as +\&\fBOSSL_ESS_signing_cert_new_init()\fR except that it uses the given \fIhash_alg\fR and +generates a \fB\s-1ESS_SIGNING_CERT_V2\s0\fR structure with \fB\s-1ESS_CERT_ID_V2\s0\fR elements. +.PP +\&\fBOSSL_ESS_check_signing_certs()\fR checks if the validation chain \fIchain\fR contains +the certificates required by the identifiers given in \fIss\fR and/or \fIssv2\fR. +If \fIrequire_signing_cert\fR is nonzero, \fIss\fR or \fIssv2\fR must not be \s-1NULL.\s0 +If both \fIss\fR and \fIssv2\fR are not \s-1NULL,\s0 they are evaluated independently. +The list of certificate identifiers in \fIss\fR is of type \fB\s-1ESS_CERT_ID\s0\fR, +while the list contained in \fIssv2\fR is of type \fB\s-1ESS_CERT_ID_V2\s0\fR. +As far as these lists are present, they must be nonempty. +The certificate identified by their first entry must be the first element of +\&\fIchain\fR, i.e. the signer certificate. +Any further certificates referenced in the list must also be found in \fIchain\fR. +The matching is done using the given certificate hash algorithm and value. +In addition to the checks required by RFCs 2624 and 5035, +if the \fBissuerSerial\fR field is included in an \fBESSCertID\fR or \fBESSCertIDv2\fR +it must match the certificate issuer and serial number attributes. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1ESS\s0 has been defined in \s-1RFC 2634,\s0 which has been updated in \s-1RFC 5035\s0 +(\s-1ESS\s0 version 2) to support hash algorithms other than \s-1SHA\-1.\s0 +This is used for \s-1TSP\s0 (\s-1RFC 3161\s0) and CAdES-BES (informational \s-1RFC 5126\s0). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_ESS_signing_cert_new_init()\fR and \fBOSSL_ESS_signing_cert_v2_new_init()\fR +return a pointer to the new structure or \s-1NULL\s0 on malloc failure. +.PP +\&\fBOSSL_ESS_check_signing_certs()\fR returns 1 on success, +0 if a required certificate cannot be found, \-1 on other error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBTS_VERIFY_CTX_set_certs\fR\|(3), +\&\fBCMS_verify\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBOSSL_ESS_signing_cert_new_init()\fR, \fBOSSL_ESS_signing_cert_v2_new_init()\fR, and +\&\fBOSSL_ESS_check_signing_certs()\fR were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2021\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_HTTP_REQ_CTX.3 b/secure/lib/libcrypto/man/man3/OSSL_HTTP_REQ_CTX.3 new file mode 100644 index 000000000000..f8bf77c2d172 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_HTTP_REQ_CTX.3 @@ -0,0 +1,390 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_HTTP_REQ_CTX 3ossl" +.TH OSSL_HTTP_REQ_CTX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_HTTP_REQ_CTX, +OSSL_HTTP_REQ_CTX_new, +OSSL_HTTP_REQ_CTX_free, +OSSL_HTTP_REQ_CTX_set_request_line, +OSSL_HTTP_REQ_CTX_add1_header, +OSSL_HTTP_REQ_CTX_set_expected, +OSSL_HTTP_REQ_CTX_set1_req, +OSSL_HTTP_REQ_CTX_nbio, +OSSL_HTTP_REQ_CTX_nbio_d2i, +OSSL_HTTP_REQ_CTX_exchange, +OSSL_HTTP_REQ_CTX_get0_mem_bio, +OSSL_HTTP_REQ_CTX_get_resp_len, +OSSL_HTTP_REQ_CTX_set_max_response_length, +OSSL_HTTP_is_alive +\&\- HTTP client low\-level functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/http.h> +\& +\& typedef struct ossl_http_req_ctx_st OSSL_HTTP_REQ_CTX; +\& +\& OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, int buf_size); +\& void OSSL_HTTP_REQ_CTX_free(OSSL_HTTP_REQ_CTX *rctx); +\& +\& int OSSL_HTTP_REQ_CTX_set_request_line(OSSL_HTTP_REQ_CTX *rctx, int method_POST, +\& const char *server, const char *port, +\& const char *path); +\& int OSSL_HTTP_REQ_CTX_add1_header(OSSL_HTTP_REQ_CTX *rctx, +\& const char *name, const char *value); +\& +\& int OSSL_HTTP_REQ_CTX_set_expected(OSSL_HTTP_REQ_CTX *rctx, +\& const char *content_type, int asn1, +\& int timeout, int keep_alive); +\& int OSSL_HTTP_REQ_CTX_set1_req(OSSL_HTTP_REQ_CTX *rctx, const char *content_type, +\& const ASN1_ITEM *it, const ASN1_VALUE *req); +\& int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx); +\& int OSSL_HTTP_REQ_CTX_nbio_d2i(OSSL_HTTP_REQ_CTX *rctx, +\& ASN1_VALUE **pval, const ASN1_ITEM *it); +\& BIO *OSSL_HTTP_REQ_CTX_exchange(OSSL_HTTP_REQ_CTX *rctx); +\& +\& BIO *OSSL_HTTP_REQ_CTX_get0_mem_bio(const OSSL_HTTP_REQ_CTX *rctx); +\& size_t OSSL_HTTP_REQ_CTX_get_resp_len(const OSSL_HTTP_REQ_CTX *rctx); +\& void OSSL_HTTP_REQ_CTX_set_max_response_length(OSSL_HTTP_REQ_CTX *rctx, +\& unsigned long len); +\& +\& int OSSL_HTTP_is_alive(const OSSL_HTTP_REQ_CTX *rctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1OSSL_HTTP_REQ_CTX\s0\fR is a context structure for an \s-1HTTP\s0 request and response, +used to collect all the necessary data to perform that request. +.PP +This file documents low-level \s-1HTTP\s0 functions rarely used directly. High-level +\&\s-1HTTP\s0 client functions like \fBOSSL_HTTP_get\fR\|(3) and \fBOSSL_HTTP_transfer\fR\|(3) +should be preferred. +.PP +\&\fBOSSL_HTTP_REQ_CTX_new()\fR allocates a new \s-1HTTP\s0 request context structure, +which gets populated with the \fB\s-1BIO\s0\fR to write/send the request to (\fIwbio\fR), +the \fB\s-1BIO\s0\fR to read/receive the response from (\fIrbio\fR, which may be equal to +\&\fIwbio\fR), and the maximum expected response header line length \fIbuf_size\fR. +A value <= 0 indicates that +the \fB\s-1OSSL_HTTP_DEFAULT_MAX_LINE_LEN\s0\fR of 4KiB should be used. +\&\fIbuf_size\fR is also used as the number of content bytes that are read at a time. +The allocated context structure includes an internal memory \fB\s-1BIO\s0\fR, +which collects the \s-1HTTP\s0 request header lines. +.PP +\&\fBOSSL_HTTP_REQ_CTX_free()\fR frees up the \s-1HTTP\s0 request context \fIrctx\fR. +The \fIrbio\fR is not free'd, \fIwbio\fR will be free'd if \fIfree_wbio\fR is set. +.PP +\&\fBOSSL_HTTP_REQ_CTX_set_request_line()\fR adds the 1st \s-1HTTP\s0 request line to \fIrctx\fR. +The \s-1HTTP\s0 method is determined by \fImethod_POST\fR, +which should be 1 to indicate \f(CW\*(C`POST\*(C'\fR or 0 to indicate \f(CW\*(C`GET\*(C'\fR. +\&\fIserver\fR and \fIport\fR may be set to give the server and the optional port that +an \s-1HTTP\s0 proxy shall forward the request to, otherwise they must be left \s-1NULL.\s0 +\&\fIpath\fR provides the \s-1HTTP\s0 request path; if left \s-1NULL,\s0 \f(CW\*(C`/\*(C'\fR is used. +For backward compatibility, \fIpath\fR may begin with \f(CW\*(C`http://\*(C'\fR and thus convey +an absoluteURI. In this case it indicates \s-1HTTP\s0 proxy use and provides also the +server (and optionally the port) that the proxy shall forward the request to. +In this case the \fIserver\fR and \fIport\fR arguments must be \s-1NULL.\s0 +.PP +\&\fBOSSL_HTTP_REQ_CTX_add1_header()\fR adds header \fIname\fR with value \fIvalue\fR to the +context \fIrctx\fR. It can be called more than once to add multiple header lines. +For example, to add a \f(CW\*(C`Host\*(C'\fR header for \f(CW\*(C`example.com\*(C'\fR you would call: +.PP +.Vb 1 +\& OSSL_HTTP_REQ_CTX_add1_header(ctx, "Host", "example.com"); +.Ve +.PP +\&\fBOSSL_HTTP_REQ_CTX_set_expected()\fR optionally sets in \fIrctx\fR some expectations +of the \s-1HTTP\s0 client on the response. +Due to the structure of an \s-1HTTP\s0 request, if the \fIkeep_alive\fR argument is +nonzero the function must be used before calling \fBOSSL_HTTP_REQ_CTX_set1_req()\fR. +If the \fIcontent_type\fR parameter +is not \s-1NULL\s0 then the client will check that the given content type string +is included in the \s-1HTTP\s0 header of the response and return an error if not. +If the \fIasn1\fR parameter is nonzero a structure in \s-1ASN.1\s0 encoding will be +expected as the response content and input streaming is disabled. This means +that an \s-1ASN.1\s0 sequence header is required, its length field is checked, and +\&\fBOSSL_HTTP_REQ_CTX_get0_mem_bio()\fR should be used to get the buffered response. +Otherwise (by default) any input format is allowed without length checks. +In this case the \s-1BIO\s0 given as \fIrbio\fR argument to \fBOSSL_HTTP_REQ_CTX_new()\fR should +be used directly to read the response contents, which may support streaming. +If the \fItimeout\fR parameter is > 0 this indicates the maximum number of seconds +the subsequent \s-1HTTP\s0 transfer (sending the request and receiving a response) +is allowed to take. +\&\fItimeout\fR == 0 enables waiting indefinitely, i.e., no timeout can occur. +This is the default. +\&\fItimeout\fR < 0 takes over any value set via the \fIoverall_timeout\fR argument of +\&\fBOSSL_HTTP_open\fR\|(3) with the default being 0, which means no timeout. +If the \fIkeep_alive\fR parameter is 0, which is the default, the connection is not +kept open after receiving a response. This is the default behavior for \s-1HTTP 1.0.\s0 +If the value is 1 or 2 then a persistent connection is requested. +If the value is 2 then a persistent connection is required, +i.e., an error occurs in case the server does not grant it. +.PP +\&\fBOSSL_HTTP_REQ_CTX_set1_req()\fR finalizes the \s-1HTTP\s0 request context. +It is needed if the \fImethod_POST\fR parameter in the +\&\fBOSSL_HTTP_REQ_CTX_set_request_line()\fR call was 1 +and an \s-1ASN\s0.1\-encoded request should be sent. +It must also be used when requesting \*(L"keep-alive\*(R", +even if a \s-1GET\s0 request is going to be sent, in which case \fIreq\fR must be \s-1NULL.\s0 +Unless \fIreq\fR is \s-1NULL,\s0 the function adds the \s-1DER\s0 encoding of \fIreq\fR using +the \s-1ASN.1\s0 template \fIit\fR to do the encoding (which does not support streaming). +The \s-1HTTP\s0 header \f(CW\*(C`Content\-Length\*(C'\fR is filled out with the length of the request. +\&\fIcontent_type\fR must be \s-1NULL\s0 if \fIreq\fR is \s-1NULL.\s0 +If \fIcontent_type\fR isn't \s-1NULL,\s0 +the \s-1HTTP\s0 header \f(CW\*(C`Content\-Type\*(C'\fR is also added with the given string value. +The header lines are added to the internal memory \fB\s-1BIO\s0\fR for the request header. +.PP +\&\fBOSSL_HTTP_REQ_CTX_nbio()\fR attempts to send the request prepared in \fIrctx\fR +and to gather the response via \s-1HTTP,\s0 using the \fIwbio\fR and \fIrbio\fR +that were given when calling \fBOSSL_HTTP_REQ_CTX_new()\fR. +The function may need to be called again if its result is \-1, which indicates +\&\fBBIO_should_retry\fR\|(3). In such a case it is advisable to sleep a little in +between, using \fBBIO_wait\fR\|(3) on the read \s-1BIO\s0 to prevent a busy loop. +.PP +\&\fBOSSL_HTTP_REQ_CTX_nbio_d2i()\fR is like \fBOSSL_HTTP_REQ_CTX_nbio()\fR but on success +in addition parses the response, which must be a DER-encoded \s-1ASN.1\s0 structure, +using the \s-1ASN.1\s0 template \fIit\fR and places the result in \fI*pval\fR. +.PP +\&\fBOSSL_HTTP_REQ_CTX_exchange()\fR calls \fBOSSL_HTTP_REQ_CTX_nbio()\fR as often as needed +in order to exchange a request and response or until a timeout is reached. +On success it returns a pointer to the \s-1BIO\s0 that can be used to read the result. +If an \s-1ASN\s0.1\-encoded response was expected, this is the \s-1BIO\s0 +returned by \fBOSSL_HTTP_REQ_CTX_get0_mem_bio()\fR when called after the exchange. +This memory \s-1BIO\s0 does not support streaming. +Otherwise the returned \s-1BIO\s0 is the \fIrbio\fR given to \fBOSSL_HTTP_REQ_CTX_new()\fR, +which may support streaming. +When this \s-1BIO\s0 is returned, it has been read past the end of the response header, +such that the actual response body can be read from it. +The returned \s-1BIO\s0 pointer \s-1MUST NOT\s0 be freed by the caller. +.PP +\&\fBOSSL_HTTP_REQ_CTX_get0_mem_bio()\fR returns the internal memory \fB\s-1BIO\s0\fR. +Before the \s-1HTTP\s0 request is sent, this could be used to adapt its header lines. +\&\fIUse with caution!\fR +After receiving a response via \s-1HTTP,\s0 the \s-1BIO\s0 represents the current state of +reading the response header. If the response was expected to be \s-1ASN.1\s0 encoded, +its contents can be read via this \s-1BIO,\s0 which does not support streaming. +The returned \s-1BIO\s0 pointer must not be freed by the caller. +.PP +\&\fBOSSL_HTTP_REQ_CTX_get_resp_len()\fR returns the size of the response contents +in \fIrctx\fR if provided by the server as <Content\-Length> header field, else 0. +.PP +\&\fBOSSL_HTTP_REQ_CTX_set_max_response_length()\fR sets the maximum allowed +response content length for \fIrctx\fR to \fIlen\fR. If not set or \fIlen\fR is 0 +then the \fB\s-1OSSL_HTTP_DEFAULT_MAX_RESP_LEN\s0\fR is used, which currently is 100 KiB. +If the \f(CW\*(C`Content\-Length\*(C'\fR header is present and exceeds this value or +the content is an \s-1ASN.1\s0 encoded structure with a length exceeding this value +or both length indications are present but disagree then an error occurs. +.PP +\&\fBOSSL_HTTP_is_alive()\fR can be used to query if the \s-1HTTP\s0 connection +given by \fIrctx\fR is still alive, i.e., has not been closed. +It returns 0 if \fIrctx\fR is \s-1NULL.\s0 +.PP +If the client application requested or required a persistent connection +and this was granted by the server, it can keep \fIrctx\fR as long as it wants +to send further requests and \fBOSSL_HTTP_is_alive()\fR returns nonzero, +else it should call \fIOSSL_HTTP_REQ_CTX_free(rctx)\fR or \fBOSSL_HTTP_close\fR\|(3). +In case the client application keeps \fIrctx\fR but the connection then dies +for any reason at the server side, it will notice this obtaining an +I/O error when trying to send the next request via \fIrctx\fR. +.SH "WARNINGS" +.IX Header "WARNINGS" +The server's response may be unexpected if the hostname that was used to +create the \fIwbio\fR, any \f(CW\*(C`Host\*(C'\fR header, and the host specified in the +request \s-1URL\s0 do not match. +.PP +Many of these functions must be called in a certain order. +.PP +First, the \s-1HTTP\s0 request context must be allocated: +\&\fBOSSL_HTTP_REQ_CTX_new()\fR. +.PP +Then, the \s-1HTTP\s0 request must be prepared with request data: +.IP "1." 4 +Calling \fBOSSL_HTTP_REQ_CTX_set_request_line()\fR. +.IP "2." 4 +Adding extra header lines with \fBOSSL_HTTP_REQ_CTX_add1_header()\fR. +This is optional and may be done multiple times with different names. +.IP "3." 4 +Finalize the request using \fBOSSL_HTTP_REQ_CTX_set1_req()\fR. +This may be omitted if the \s-1GET\s0 method is used and \*(L"keep-alive\*(R" is not requested. +.PP +When the request context is fully prepared, the \s-1HTTP\s0 exchange may be performed +with \fBOSSL_HTTP_REQ_CTX_nbio()\fR or \fBOSSL_HTTP_REQ_CTX_exchange()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_HTTP_REQ_CTX_new()\fR returns a pointer to a \fB\s-1OSSL_HTTP_REQ_CTX\s0\fR, or \s-1NULL\s0 +on error. +.PP +\&\fBOSSL_HTTP_REQ_CTX_free()\fR and \fBOSSL_HTTP_REQ_CTX_set_max_response_length()\fR +do not return values. +.PP +\&\fBOSSL_HTTP_REQ_CTX_set_request_line()\fR, \fBOSSL_HTTP_REQ_CTX_add1_header()\fR, +\&\fBOSSL_HTTP_REQ_CTX_set1_req()\fR, and \fBOSSL_HTTP_REQ_CTX_set_expected()\fR +return 1 for success and 0 for failure. +.PP +\&\fBOSSL_HTTP_REQ_CTX_nbio()\fR and \fBOSSL_HTTP_REQ_CTX_nbio_d2i()\fR +return 1 for success, 0 on error or redirection, \-1 if retry is needed. +.PP +\&\fBOSSL_HTTP_REQ_CTX_exchange()\fR and \fBOSSL_HTTP_REQ_CTX_get0_mem_bio()\fR +return a pointer to a \fB\s-1BIO\s0\fR on success as described above or \s-1NULL\s0 on failure. +The returned \s-1BIO\s0 must not be freed by the caller. +.PP +\&\fBOSSL_HTTP_REQ_CTX_get_resp_len()\fR returns the size of the response contents +or 0 if not available or an error occurred. +.PP +\&\fBOSSL_HTTP_is_alive()\fR returns 1 if its argument is non-NULL +and the client requested a persistent connection +and the server did not disagree on keeping the connection open, else 0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBIO_should_retry\fR\|(3), +\&\fBBIO_wait\fR\|(3), +\&\fBASN1_item_d2i_bio\fR\|(3), +\&\fBASN1_item_i2d_mem_bio\fR\|(3), +\&\fBOSSL_HTTP_open\fR\|(3), +\&\fBOSSL_HTTP_get\fR\|(3), +\&\fBOSSL_HTTP_transfer\fR\|(3), +\&\fBOSSL_HTTP_close\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_HTTP_parse_url.3 b/secure/lib/libcrypto/man/man3/OSSL_HTTP_parse_url.3 new file mode 100644 index 000000000000..57c500d915c8 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_HTTP_parse_url.3 @@ -0,0 +1,238 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_HTTP_PARSE_URL 3ossl" +.TH OSSL_HTTP_PARSE_URL 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_HTTP_adapt_proxy, +OSSL_parse_url, +OSSL_HTTP_parse_url, +OCSP_parse_url +\&\- http utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/http.h> +\& +\& const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy, +\& const char *server, int use_ssl); +\& +\& int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost, +\& char **pport, int *pport_num, +\& char **ppath, char **pquery, char **pfrag); +\& int OSSL_HTTP_parse_url(const char *url, +\& int *pssl, char **puser, char **phost, +\& char **pport, int *pport_num, +\& char **ppath, char **pquery, char **pfrag); +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, +\& int *pssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOSSL_HTTP_adapt_proxy()\fR takes an optional proxy hostname \fIproxy\fR +and returns it transformed according to the optional \fIno_proxy\fR parameter, +\&\fIserver\fR, \fIuse_ssl\fR, and the applicable environment variable, as follows. +If \fIproxy\fR is \s-1NULL,\s0 take any default value from the \f(CW\*(C`http_proxy\*(C'\fR +environment variable, or from \f(CW\*(C`https_proxy\*(C'\fR if \fIuse_ssl\fR is nonzero. +If this still does not yield a proxy hostname, +take any further default value from the \f(CW\*(C`HTTP_PROXY\*(C'\fR +environment variable, or from \f(CW\*(C`HTTPS_PROXY\*(C'\fR if \fIuse_ssl\fR is nonzero. +If \fIno_proxy\fR is \s-1NULL,\s0 take any default exclusion value from the \f(CW\*(C`no_proxy\*(C'\fR +environment variable, or else from \f(CW\*(C`NO_PROXY\*(C'\fR. +Return the determined proxy hostname unless the exclusion contains \fIserver\fR. +Otherwise return \s-1NULL.\s0 +.PP +\&\fBOSSL_parse_url()\fR parses its input string \fIurl\fR as a \s-1URL\s0 of the form +\&\f(CW\*(C`[scheme://][userinfo@]host[:port][/path][?query][#fragment]\*(C'\fR and splits it up +into scheme, userinfo, host, port, path, query, and fragment components. +The host (or server) component may be a \s-1DNS\s0 name or an \s-1IP\s0 address +where IPv6 addresses should be enclosed in square brackets \f(CW\*(C`[\*(C'\fR and \f(CW\*(C`]\*(C'\fR. +The port component is optional and defaults to \f(CW0\fR. +If given, it must be in decimal form. If the \fIpport_num\fR argument is not \s-1NULL\s0 +the integer value of the port number is assigned to \fI*pport_num\fR on success. +The path component is also optional and defaults to \f(CW\*(C`/\*(C'\fR. +Each non-NULL result pointer argument \fIpscheme\fR, \fIpuser\fR, \fIphost\fR, \fIpport\fR, +\&\fIppath\fR, \fIpquery\fR, and \fIpfrag\fR, is assigned the respective url component. +On success, they are guaranteed to contain non-NULL string pointers, else \s-1NULL.\s0 +It is the responsibility of the caller to free them using \fBOPENSSL_free\fR\|(3). +If \fIpquery\fR is \s-1NULL,\s0 any given query component is handled as part of the path. +A string returned via \fI*ppath\fR is guaranteed to begin with a \f(CW\*(C`/\*(C'\fR character. +For absent scheme, userinfo, port, query, and fragment components +an empty string is provided. +.PP +\&\fBOSSL_HTTP_parse_url()\fR is a special form of \fBOSSL_parse_url()\fR +where the scheme, if given, must be \f(CW\*(C`http\*(C'\fR or \f(CW\*(C`https\*(C'\fR. +If \fIpssl\fR is not \s-1NULL,\s0 \fI*pssl\fR is assigned 1 in case parsing was successful +and the scheme is \f(CW\*(C`https\*(C'\fR, else 0. +The port component is optional and defaults to \f(CW443\fR if the scheme is \f(CW\*(C`https\*(C'\fR, +else \f(CW80\fR. +Note that relative paths must be given with a leading \f(CW\*(C`/\*(C'\fR, +otherwise the first path element is interpreted as the hostname. +.PP +Calling the deprecated function OCSP_parse_url(url, host, port, path, ssl) +is equivalent to +OSSL_HTTP_parse_url(url, ssl, \s-1NULL,\s0 host, port, \s-1NULL,\s0 path, \s-1NULL, NULL\s0). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_HTTP_adapt_proxy()\fR returns \s-1NULL\s0 if no proxy is to be used, +otherwise a constant proxy hostname string, +which is either the proxy name handed in or an environment variable value. +.PP +\&\fBOSSL_parse_url()\fR, \fBOSSL_HTTP_parse_url()\fR, and \fBOCSP_parse_url()\fR +return 1 on success, 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOSSL_HTTP_transfer\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBOSSL_HTTP_adapt_proxy()\fR, +\&\fBOSSL_parse_url()\fR and \fBOSSL_HTTP_parse_url()\fR were added in OpenSSL 3.0. +\&\fBOCSP_parse_url()\fR was deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_HTTP_transfer.3 b/secure/lib/libcrypto/man/man3/OSSL_HTTP_transfer.3 new file mode 100644 index 000000000000..9f1fafebd14b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_HTTP_transfer.3 @@ -0,0 +1,419 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_HTTP_TRANSFER 3ossl" +.TH OSSL_HTTP_TRANSFER 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_HTTP_open, +OSSL_HTTP_bio_cb_t, +OSSL_HTTP_proxy_connect, +OSSL_HTTP_set1_request, +OSSL_HTTP_exchange, +OSSL_HTTP_get, +OSSL_HTTP_transfer, +OSSL_HTTP_close +\&\- HTTP client high\-level functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/http.h> +\& +\& typedef BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg, +\& int connect, int detail); +\& OSSL_HTTP_REQ_CTX *OSSL_HTTP_open(const char *server, const char *port, +\& const char *proxy, const char *no_proxy, +\& int use_ssl, BIO *bio, BIO *rbio, +\& OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, +\& int buf_size, int overall_timeout); +\& int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port, +\& const char *proxyuser, const char *proxypass, +\& int timeout, BIO *bio_err, const char *prog); +\& int OSSL_HTTP_set1_request(OSSL_HTTP_REQ_CTX *rctx, const char *path, +\& const STACK_OF(CONF_VALUE) *headers, +\& const char *content_type, BIO *req, +\& const char *expected_content_type, int expect_asn1, +\& size_t max_resp_len, int timeout, int keep_alive); +\& BIO *OSSL_HTTP_exchange(OSSL_HTTP_REQ_CTX *rctx, char **redirection_url); +\& BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy, +\& BIO *bio, BIO *rbio, +\& OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, +\& int buf_size, const STACK_OF(CONF_VALUE) *headers, +\& const char *expected_content_type, int expect_asn1, +\& size_t max_resp_len, int timeout); +\& BIO *OSSL_HTTP_transfer(OSSL_HTTP_REQ_CTX **prctx, +\& const char *server, const char *port, +\& const char *path, int use_ssl, +\& const char *proxy, const char *no_proxy, +\& BIO *bio, BIO *rbio, +\& OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, +\& int buf_size, const STACK_OF(CONF_VALUE) *headers, +\& const char *content_type, BIO *req, +\& const char *expected_content_type, int expect_asn1, +\& size_t max_resp_len, int timeout, int keep_alive); +\& int OSSL_HTTP_close(OSSL_HTTP_REQ_CTX *rctx, int ok); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOSSL_HTTP_open()\fR initiates an \s-1HTTP\s0 session using the \fIbio\fR argument if not +\&\s-1NULL,\s0 else by connecting to a given \fIserver\fR optionally via a \fIproxy\fR. +.PP +Typically the OpenSSL build supports sockets and the \fIbio\fR parameter is \s-1NULL.\s0 +In this case \fIrbio\fR must be \s-1NULL\s0 as well and the \fIserver\fR must be non-NULL. +The function creates a network \s-1BIO\s0 internally using \fBBIO_new_connect\fR\|(3) +for connecting to the given server and the optionally given \fIport\fR, +defaulting to 80 for \s-1HTTP\s0 or 443 for \s-1HTTPS.\s0 +Then this internal \s-1BIO\s0 is used for setting up a connection +and for exchanging one or more request and response. +If \fIbio\fR is given and \fIrbio\fR is \s-1NULL\s0 then this \fIbio\fR is used instead. +If both \fIbio\fR and \fIrbio\fR are given (which may be memory BIOs for instance) +then no explicit connection is set up, but +\&\fIbio\fR is used for writing requests and \fIrbio\fR for reading responses. +As soon as the client has flushed \fIbio\fR the server must be ready to provide +a response or indicate a waiting condition via \fIrbio\fR. +.PP +If \fIbio\fR is given, it is an error to provide \fIproxy\fR or \fIno_proxy\fR arguments, +while \fIserver\fR and \fIport\fR arguments may be given to support diagnostic output. +If \fIbio\fR is \s-1NULL\s0 the optional \fIproxy\fR parameter can be used to set an +\&\s-1HTTP\s0(S) proxy to use (unless overridden by \*(L"no_proxy\*(R" settings). +If \s-1TLS\s0 is not used this defaults to the environment variable \f(CW\*(C`http_proxy\*(C'\fR +if set, else \f(CW\*(C`HTTP_PROXY\*(C'\fR. +If \fIuse_ssl\fR != 0 it defaults to \f(CW\*(C`https_proxy\*(C'\fR if set, else \f(CW\*(C`HTTPS_PROXY\*(C'\fR. +An empty proxy string \f(CW""\fR forbids using a proxy. +Else the format is +\&\f(CW\*(C`[http[s]://][userinfo@]host[:port][/path][?query][#fragment]\*(C'\fR, +where any userinfo, path, query, and fragment given is ignored. +The default proxy port number is 80, or 443 in case \*(L"https:\*(R" is given. +The \s-1HTTP\s0 client functions connect via the given proxy unless the \fIserver\fR +is found in the optional list \fIno_proxy\fR of proxy hostnames (if not \s-1NULL\s0; +default is the environment variable \f(CW\*(C`no_proxy\*(C'\fR if set, else \f(CW\*(C`NO_PROXY\*(C'\fR). +Proxying plain \s-1HTTP\s0 is supported directly, +while using a proxy for \s-1HTTPS\s0 connections requires a suitable callback function +such as \fBOSSL_HTTP_proxy_connect()\fR, described below. +.PP +If \fIuse_ssl\fR is nonzero a \s-1TLS\s0 connection is requested +and the \fIbio_update_fn\fR parameter must be provided. +.PP +The parameter \fIbio_update_fn\fR, which is optional if \fIuse_ssl\fR is 0, +may be used to modify the connection \s-1BIO\s0 used by the \s-1HTTP\s0 client, +but cannot be used when both \fIbio\fR and \fIrbio\fR are given. +\&\fIbio_update_fn\fR is a \s-1BIO\s0 connect/disconnect callback function with prototype +.PP +.Vb 1 +\& BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg, int connect, int detail) +.Ve +.PP +The callback function may modify the \s-1BIO\s0 provided in the \fIbio\fR argument, +whereby it may make use of a custom defined argument \fIarg\fR, +which may for instance point to an \fB\s-1SSL_CTX\s0\fR structure. +During connection establishment, just after calling \fBBIO_do_connect_retry()\fR, the +callback function is invoked with the \fIconnect\fR argument being 1 and +\&\fIdetail\fR being 1 if \fIuse_ssl\fR is nonzero (i.e., \s-1HTTPS\s0 is requested), else 0. +On disconnect \fIconnect\fR is 0 and \fIdetail\fR is 1 if no error occurred, else 0. +For instance, on connect the callback may push an \s-1SSL BIO\s0 to implement \s-1HTTPS\s0; +after disconnect it may do some diagnostic output and pop and free the \s-1SSL BIO.\s0 +.PP +The callback function must return either the potentially modified \s-1BIO\s0 \fIbio\fR. +or \s-1NULL\s0 to indicate failure, in which case it should not modify the \s-1BIO.\s0 +.PP +Here is a simple example that supports \s-1TLS\s0 connections (but not via a proxy): +.PP +.Vb 5 +\& BIO *http_tls_cb(BIO *bio, void *arg, int connect, int detail) +\& { +\& if (connect && detail) { /* connecting with TLS */ +\& SSL_CTX *ctx = (SSL_CTX *)arg; +\& BIO *sbio = BIO_new_ssl(ctx, 1); +\& +\& bio = sbio != NULL ? BIO_push(sbio, bio) : NULL; +\& } else if (!connect) { /* disconnecting */ +\& BIO *hbio; +\& +\& if (!detail) { /* an error has occurred */ +\& /* optionally add diagnostics here */ +\& } +\& BIO_ssl_shutdown(bio); +\& hbio = BIO_pop(bio); +\& BIO_free(bio); /* SSL BIO */ +\& bio = hbio; +\& } +\& return bio; +\& } +.Ve +.PP +After disconnect the modified \s-1BIO\s0 will be deallocated using \fBBIO_free_all()\fR. +.PP +The \fIbuf_size\fR parameter specifies the response header maximum line length. +A value <= 0 means that the \fB\s-1OSSL_HTTP_DEFAULT_MAX_LINE_LEN\s0\fR (4KiB) is used. +\&\fIbuf_size\fR is also used as the number of content bytes that are read at a time. +.PP +If the \fIoverall_timeout\fR parameter is > 0 this indicates the maximum number of +seconds the overall \s-1HTTP\s0 transfer (i.e., connection setup if needed, +sending requests, and receiving responses) is allowed to take until completion. +A value <= 0 enables waiting indefinitely, i.e., no timeout. +.PP +\&\fBOSSL_HTTP_proxy_connect()\fR may be used by an above \s-1BIO\s0 connect callback function +to set up an \s-1SSL/TLS\s0 connection via an \s-1HTTPS\s0 proxy. +It promotes the given \s-1BIO\s0 \fIbio\fR representing a connection +pre-established with a \s-1TLS\s0 proxy using the \s-1HTTP CONNECT\s0 method, +optionally using proxy client credentials \fIproxyuser\fR and \fIproxypass\fR, +to connect with \s-1TLS\s0 protection ultimately to \fIserver\fR and \fIport\fR. +If the \fIport\fR argument is \s-1NULL\s0 or the empty string it defaults to \*(L"443\*(R". +If the \fItimeout\fR parameter is > 0 this indicates the maximum number of +seconds the connection setup is allowed to take. +A value <= 0 enables waiting indefinitely, i.e., no timeout. +Since this function is typically called by applications such as +\&\fBopenssl\-s_client\fR\|(1) it uses the \fIbio_err\fR and \fIprog\fR parameters (unless +\&\s-1NULL\s0) to print additional diagnostic information in a user-oriented way. +.PP +\&\fBOSSL_HTTP_set1_request()\fR sets up in \fIrctx\fR the request header and content data +and expectations on the response using the following parameters. +If <rctx> indicates using a proxy for \s-1HTTP\s0 (but not \s-1HTTPS\s0), the server host +(and optionally port) needs to be placed in the header; thus it must be present +in \fIrctx\fR. +For backward compatibility, the server (and optional port) may also be given in +the \fIpath\fR argument beginning with \f(CW\*(C`http://\*(C'\fR (thus giving an absoluteURI). +If \fIpath\fR is \s-1NULL\s0 it defaults to \*(L"/\*(R". +If \fIreq\fR is \s-1NULL\s0 the \s-1HTTP GET\s0 method will be used to send the request +else \s-1HTTP POST\s0 with the contents of \fIreq\fR and optional \fIcontent_type\fR, where +the length of the data in \fIreq\fR does not need to be determined in advance: the +\&\s-1BIO\s0 will be read on-the-fly while sending the request, which supports streaming. +The optional list \fIheaders\fR may contain additional custom \s-1HTTP\s0 header lines. +If the parameter \fIexpected_content_type\fR +is not \s-1NULL\s0 then the client will check that the given content type string +is included in the \s-1HTTP\s0 header of the response and return an error if not. +If the \fIexpect_asn1\fR parameter is nonzero, +a structure in \s-1ASN.1\s0 encoding will be expected as response content. +The \fImax_resp_len\fR parameter specifies the maximum allowed +response content length, where the value 0 indicates no limit. +If the \fItimeout\fR parameter is > 0 this indicates the maximum number of seconds +the subsequent \s-1HTTP\s0 transfer (sending the request and receiving a response) +is allowed to take. +A value of 0 enables waiting indefinitely, i.e., no timeout. +A value < 0 indicates that the \fIoverall_timeout\fR parameter value given +when opening the \s-1HTTP\s0 transfer will be used instead. +If \fIkeep_alive\fR is 0 the connection is not kept open +after receiving a response, which is the default behavior for \s-1HTTP 1.0.\s0 +If the value is 1 or 2 then a persistent connection is requested. +If the value is 2 then a persistent connection is required, +i.e., an error occurs in case the server does not grant it. +.PP +\&\fBOSSL_HTTP_exchange()\fR exchanges any form of \s-1HTTP\s0 request and response +as specified by \fIrctx\fR, which must include both connection and request data, +typically set up using \fBOSSL_HTTP_open()\fR and \fBOSSL_HTTP_set1_request()\fR. +It implements the core of the functions described below. +If the \s-1HTTP\s0 method is \s-1GET\s0 and \fIredirection_url\fR +is not \s-1NULL\s0 the latter pointer is used to provide any new location that +the server may return with \s-1HTTP\s0 code 301 (\s-1MOVED_PERMANENTLY\s0) or 302 (\s-1FOUND\s0). +In this case the function returns \s-1NULL\s0 and the caller is +responsible for deallocating the \s-1URL\s0 with \fBOPENSSL_free\fR\|(3). +If the response header contains one or more \*(L"Content-Length\*(R" header lines and/or +an \s-1ASN\s0.1\-encoded response is expected, which should include a total length, +the length indications received are checked for consistency +and for not exceeding any given maximum response length. +If an \s-1ASN\s0.1\-encoded response is expected, the function returns on success +the contents buffered in a memory \s-1BIO,\s0 which does not support streaming. +Otherwise it returns directly the read \s-1BIO\s0 that holds the response contents, +which allows a response of indefinite length and may support streaming. +The caller is responsible for freeing the \s-1BIO\s0 pointer obtained. +.PP +\&\fBOSSL_HTTP_get()\fR uses \s-1HTTP GET\s0 to obtain data from \fIbio\fR if non-NULL, +else from the server contained in the \fIurl\fR, and returns it as a \s-1BIO.\s0 +It supports redirection via \s-1HTTP\s0 status code 301 or 302. It is meant for +transfers with a single round trip, so does not support persistent connections. +If \fIbio\fR is non-NULL, any host and port components in the \fIurl\fR are not used +for connecting but the hostname is used, as usual, for the \f(CW\*(C`Host\*(C'\fR header. +Any userinfo and fragment components in the \fIurl\fR are ignored. +Any query component is handled as part of the path component. +If the scheme component of the \fIurl\fR is \f(CW\*(C`https\*(C'\fR a \s-1TLS\s0 connection is requested +and the \fIbio_update_fn\fR, as described for \fBOSSL_HTTP_open()\fR, must be provided. +Also the remaining parameters are interpreted as described for \fBOSSL_HTTP_open()\fR +and \fBOSSL_HTTP_set1_request()\fR, respectively. +The caller is responsible for freeing the \s-1BIO\s0 pointer obtained. +.PP +\&\fBOSSL_HTTP_transfer()\fR exchanges an \s-1HTTP\s0 request and response +over a connection managed via \fIprctx\fR without supporting redirection. +It combines \fBOSSL_HTTP_open()\fR, \fBOSSL_HTTP_set1_request()\fR, \fBOSSL_HTTP_exchange()\fR, +and \fBOSSL_HTTP_close()\fR. +If \fIprctx\fR is not \s-1NULL\s0 it reuses any open connection represented by a non-NULL +\&\fI*prctx\fR. It keeps the connection open if a persistent connection is requested +or required and this was granted by the server, else it closes the connection +and assigns \s-1NULL\s0 to \fI*prctx\fR. +The remaining parameters are interpreted as described for \fBOSSL_HTTP_open()\fR +and \fBOSSL_HTTP_set1_request()\fR, respectively. +The caller is responsible for freeing the \s-1BIO\s0 pointer obtained. +.PP +\&\fBOSSL_HTTP_close()\fR closes the connection and releases \fIrctx\fR. +The \fIok\fR parameter is passed to any \s-1BIO\s0 update function +given during setup as described above for \fBOSSL_HTTP_open()\fR. +It must be 1 if no error occurred during the \s-1HTTP\s0 transfer and 0 otherwise. +.SH "NOTES" +.IX Header "NOTES" +The names of the environment variables used by this implementation: +\&\f(CW\*(C`http_proxy\*(C'\fR, \f(CW\*(C`HTTP_PROXY\*(C'\fR, \f(CW\*(C`https_proxy\*(C'\fR, \f(CW\*(C`HTTPS_PROXY\*(C'\fR, \f(CW\*(C`no_proxy\*(C'\fR, and +\&\f(CW\*(C`NO_PROXY\*(C'\fR, have been chosen for maximal compatibility with +other \s-1HTTP\s0 client implementations such as wget, curl, and git. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_HTTP_open()\fR returns on success a \fB\s-1OSSL_HTTP_REQ_CTX\s0\fR, else \s-1NULL.\s0 +.PP +\&\fBOSSL_HTTP_proxy_connect()\fR and \fBOSSL_HTTP_set1_request()\fR +return 1 on success, 0 on error. +.PP +On success, \fBOSSL_HTTP_exchange()\fR, \fBOSSL_HTTP_get()\fR, and \fBOSSL_HTTP_transfer()\fR +return a memory \s-1BIO\s0 that buffers all the data received if an \s-1ASN\s0.1\-encoded +response is expected, otherwise a \s-1BIO\s0 that may support streaming. +The \s-1BIO\s0 must be freed by the caller. +On failure, they return \s-1NULL.\s0 +Failure conditions include connection/transfer timeout, parse errors, etc. +The caller is responsible for freeing the \s-1BIO\s0 pointer obtained. +.PP +\&\fBOSSL_HTTP_close()\fR returns 0 if anything went wrong while disconnecting, else 1. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOSSL_HTTP_parse_url\fR\|(3), \fBBIO_new_connect\fR\|(3), +\&\fBASN1_item_i2d_mem_bio\fR\|(3), \fBASN1_item_d2i_bio\fR\|(3), +\&\fBOSSL_HTTP_is_alive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All the functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_ITEM.3 b/secure/lib/libcrypto/man/man3/OSSL_ITEM.3 new file mode 100644 index 000000000000..59270b67ed9b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_ITEM.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_ITEM 3ossl" +.TH OSSL_ITEM 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_ITEM \- OpenSSL Core type for generic itemized data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/core.h> +\& +\& typedef struct ossl_item_st OSSL_ITEM; +\& struct ossl_item_st { +\& unsigned int id; +\& void *ptr; +\& }; +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This type is a tuple of integer and pointer. +It's a generic type used as a generic descriptor, its exact meaning +being defined by how it's used. +Arrays of this type are passed between the OpenSSL libraries and the +providers, and must be terminated with a tuple where the integer is +zero and the pointer \s-1NULL.\s0 +.PP +This is currently mainly used for the return value of the provider's error +reason strings array, see \*(L"Provider Functions\*(R" in \fBprovider\-base\fR\|(7). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBprovider\-base\fR\|(7), \fBopenssl\-core.h\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fB\s-1OSSL_ITEM\s0\fR was added in OpenSSL 3.0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_LIB_CTX.3 b/secure/lib/libcrypto/man/man3/OSSL_LIB_CTX.3 new file mode 100644 index 000000000000..977ae66d83ca --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_LIB_CTX.3 @@ -0,0 +1,266 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_LIB_CTX 3ossl" +.TH OSSL_LIB_CTX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_LIB_CTX, OSSL_LIB_CTX_new, OSSL_LIB_CTX_new_from_dispatch, +OSSL_LIB_CTX_new_child, OSSL_LIB_CTX_free, OSSL_LIB_CTX_load_config, +OSSL_LIB_CTX_get0_global_default, OSSL_LIB_CTX_set0_default +\&\- OpenSSL library context +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/crypto.h> +\& +\& typedef struct ossl_lib_ctx_st OSSL_LIB_CTX; +\& +\& OSSL_LIB_CTX *OSSL_LIB_CTX_new(void); +\& OSSL_LIB_CTX *OSSL_LIB_CTX_new_from_dispatch(const OSSL_CORE_HANDLE *handle, +\& const OSSL_DISPATCH *in); +\& OSSL_LIB_CTX *OSSL_LIB_CTX_new_child(const OSSL_CORE_HANDLE *handle, +\& const OSSL_DISPATCH *in); +\& int OSSL_LIB_CTX_load_config(OSSL_LIB_CTX *ctx, const char *config_file); +\& void OSSL_LIB_CTX_free(OSSL_LIB_CTX *ctx); +\& OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void); +\& OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1OSSL_LIB_CTX\s0\fR is an internal OpenSSL library context type. +Applications may allocate their own, but may also use \s-1NULL\s0 to use +a default context with functions that take an \fB\s-1OSSL_LIB_CTX\s0\fR +argument. +.PP +When a non default library context is in use care should be taken with +multi-threaded applications to properly clean up thread local resources before +the \s-1OSSL_LIB_CTX\s0 is freed. +See \fBOPENSSL_thread_stop_ex\fR\|(3) for more information. +.PP +\&\fBOSSL_LIB_CTX_new()\fR creates a new OpenSSL library context. +.PP +\&\fBOSSL_LIB_CTX_new_from_dispatch()\fR creates a new OpenSSL library context +initialised to use callbacks from the \s-1OSSL_DISPATCH\s0 structure. This is primarily +useful for provider authors. The \fIhandle\fR and dispatch structure arguments +passed should be the same ones as passed to a provider's +OSSL_provider_init function. Some OpenSSL functions, such as +\&\fBBIO_new_from_core_bio\fR\|(3), require the library context to be created in this +way in order to work. +.PP +\&\fBOSSL_LIB_CTX_new_child()\fR is only useful to provider authors and does the same +thing as \fBOSSL_LIB_CTX_new_from_dispatch()\fR except that it additionally links the +new library context to the application library context. The new library context +is a full library context in its own right, but will have all the same providers +available to it that are available in the application library context (without +having to reload them). If the application loads or unloads providers from the +application library context then this will be automatically mirrored in the +child library context. +.PP +In addition providers that are not loaded in the parent library context can be +explicitly loaded into the child library context independently from the parent +library context. Providers loaded independently in this way will not be mirrored +in the parent library context and will not be affected if the parent library +context subsequently loads the same provider. +.PP +A provider may call the function \fBOSSL_PROVIDER_load\fR\|(3) with the child library +context as required. If the provider already exists due to it being mirrored +from the parent library context then it will remain available and its reference +count will be increased. If \fBOSSL_PROVIDER_load\fR\|(3) is called in this way then +\&\fBOSSL_PROVIDER_unload\fR\|(3) should be subsequently called to decrement the +reference count. \fBOSSL_PROVIDER_unload\fR\|(3) must not be called for a provider in +the child library context that did not have an earlier \fBOSSL_PROVIDER_load\fR\|(3) +call for that provider in that child library context. +.PP +In addition to providers, a child library context will also mirror the default +properties (set via \fBEVP_set_default_properties\fR\|(3)) from the parent library +context. If \fBEVP_set_default_properties\fR\|(3) is called directly on a child +library context then the new properties will override anything from the parent +library context and mirroring of the properties will stop. +.PP +When \fBOSSL_LIB_CTX_new_child()\fR is called from within the scope of a provider's +\&\fBOSSL_provider_init\fR function the currently initialising provider is not yet +available in the application's library context and therefore will similarly not +yet be available in the newly constructed child library context. As soon as the +\&\fBOSSL_provider_init\fR function returns then the new provider is available in the +application's library context and will be similarly mirrored in the child +library context. +.PP +\&\fBOSSL_LIB_CTX_load_config()\fR loads a configuration file using the given \fIctx\fR. +This can be used to associate a library context with providers that are loaded +from a configuration. +.PP +\&\fBOSSL_LIB_CTX_free()\fR frees the given \fIctx\fR, unless it happens to be the +default OpenSSL library context. +.PP +\&\fBOSSL_LIB_CTX_get0_global_default()\fR returns a concrete (non \s-1NULL\s0) reference to +the global default library context. +.PP +\&\fBOSSL_LIB_CTX_set0_default()\fR sets the default OpenSSL library context to be +\&\fIctx\fR in the current thread. The previous default library context is +returned. Care should be taken by the caller to restore the previous +default library context with a subsequent call of this function. If \fIctx\fR is +\&\s-1NULL\s0 then no change is made to the default library context, but a pointer to +the current library context is still returned. On a successful call of this +function the returned value will always be a concrete (non \s-1NULL\s0) library +context. +.PP +Care should be taken when changing the default library context and starting +async jobs (see \fBASYNC_start_job\fR\|(3)), as the default library context when +the job is started will be used throughout the lifetime of an async job, no +matter how the calling thread makes further default library context changes +in the mean time. This means that the calling thread must not free the +library context that was the default at the start of the async job before +that job has finished. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_LIB_CTX_new()\fR, \fBOSSL_LIB_CTX_get0_global_default()\fR and +\&\fBOSSL_LIB_CTX_set0_default()\fR return a library context pointer on success, or \s-1NULL\s0 +on error. +.PP +\&\fBOSSL_LIB_CTX_free()\fR doesn't return any value. +.PP +\&\fBOSSL_LIB_CTX_load_config()\fR returns 1 on success, 0 on error. +.SH "HISTORY" +.IX Header "HISTORY" +All of the functions described on this page were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2022 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_PARAM.3 b/secure/lib/libcrypto/man/man3/OSSL_PARAM.3 new file mode 100644 index 000000000000..a23a7d4711da --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_PARAM.3 @@ -0,0 +1,464 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_PARAM 3ossl" +.TH OSSL_PARAM 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_PARAM \- a structure to pass or request object parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/core.h> +\& +\& typedef struct ossl_param_st OSSL_PARAM; +\& struct ossl_param_st { +\& const char *key; /* the name of the parameter */ +\& unsigned char data_type; /* declare what kind of content is in data */ +\& void *data; /* value being passed in or out */ +\& size_t data_size; /* data size */ +\& size_t return_size; /* returned size */ +\& }; +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1OSSL_PARAM\s0\fR is a type that allows passing arbitrary data for some +object between two parties that have no or very little shared +knowledge about their respective internal structures for that object. +.PP +A typical usage example could be an application that wants to set some +parameters for an object, or wants to find out some parameters of an +object. +.PP +Arrays of this type can be used for the following purposes: +.IP "\(bu" 4 +Setting parameters for some object +.Sp +The caller sets up the \fB\s-1OSSL_PARAM\s0\fR array and calls some function +(the \fIsetter\fR) that has intimate knowledge about the object that can +take the data from the \fB\s-1OSSL_PARAM\s0\fR array and assign them in a +suitable form for the internal structure of the object. +.IP "\(bu" 4 +Request parameters of some object +.Sp +The caller (the \fIrequester\fR) sets up the \fB\s-1OSSL_PARAM\s0\fR array and +calls some function (the \fIresponder\fR) that has intimate knowledge +about the object, which can take the internal data of the object and +copy (possibly convert) that to the memory prepared by the +\&\fIrequester\fR and pointed at with the \fB\s-1OSSL_PARAM\s0\fR \fIdata\fR. +.IP "\(bu" 4 +Request parameter descriptors +.Sp +The caller gets an array of constant \fB\s-1OSSL_PARAM\s0\fR, which describe +available parameters and some of their properties; name, data type and +expected data size. +For a detailed description of each field for this use, see the field +descriptions below. +.Sp +The caller may then use the information from this descriptor array to +build up its own \fB\s-1OSSL_PARAM\s0\fR array to pass down to a \fIsetter\fR or +\&\fIresponder\fR. +.PP +Normally, the order of the an \fB\s-1OSSL_PARAM\s0\fR array is not relevant. +However, if the \fIresponder\fR can handle multiple elements with the +same key, those elements must be handled in the order they are in. +.PP +An \fB\s-1OSSL_PARAM\s0\fR array must have a terminating element, where \fIkey\fR +is \s-1NULL.\s0 The usual full terminating template is: +.PP +.Vb 1 +\& { NULL, 0, NULL, 0, 0 } +.Ve +.PP +This can also be specified using \s-1\fBOSSL_PARAM_END\s0\fR\|(3). +.SS "Functional support" +.IX Subsection "Functional support" +Libcrypto offers a limited set of helper functions to handle +\&\fB\s-1OSSL_PARAM\s0\fR items and arrays, please see \fBOSSL_PARAM_get_int\fR\|(3). +Developers are free to extend or replace those as they see fit. +.SS "\fB\s-1OSSL_PARAM\s0\fP fields" +.IX Subsection "OSSL_PARAM fields" +.IP "\fIkey\fR" 4 +.IX Item "key" +The identity of the parameter in the form of a string. +.Sp +In an \fB\s-1OSSL_PARAM\s0\fR array, an item with this field set to \s-1NULL\s0 is +considered a terminating item. +.IP "\fIdata_type\fR" 4 +.IX Item "data_type" +The \fIdata_type\fR is a value that describes the type and organization of +the data. +See \*(L"Supported types\*(R" below for a description of the types. +.IP "\fIdata\fR" 4 +.IX Item "data" +.PD 0 +.IP "\fIdata_size\fR" 4 +.IX Item "data_size" +.PD +\&\fIdata\fR is a pointer to the memory where the parameter data is (when +setting parameters) or shall (when requesting parameters) be stored, +and \fIdata_size\fR is its size in bytes. +The organization of the data depends on the parameter type and flag. +.Sp +The \fIdata_size\fR needs special attention with the parameter type +\&\fB\s-1OSSL_PARAM_UTF8_STRING\s0\fR in relation to C strings. When setting +parameters, the size should be set to the length of the string, not +counting the terminating \s-1NUL\s0 byte. When requesting parameters, the +size should be set to the size of the buffer to be populated, which +should accommodate enough space for a terminating \s-1NUL\s0 byte. +.Sp +When \fIrequesting parameters\fR, it's acceptable for \fIdata\fR to be \s-1NULL.\s0 +This can be used by the \fIrequester\fR to figure out dynamically exactly +how much buffer space is needed to store the parameter data. +In this case, \fIdata_size\fR is ignored. +.Sp +When the \fB\s-1OSSL_PARAM\s0\fR is used as a parameter descriptor, \fIdata\fR +should be ignored. +If \fIdata_size\fR is zero, it means that an arbitrary data size is +accepted, otherwise it specifies the maximum size allowed. +.IP "\fIreturn_size\fR" 4 +.IX Item "return_size" +When an array of \fB\s-1OSSL_PARAM\s0\fR is used to request data, the +\&\fIresponder\fR must set this field to indicate size of the parameter +data, including padding as the case may be. +In case the \fIdata_size\fR is an unsuitable size for the data, the +\&\fIresponder\fR must still set this field to indicate the minimum data +size required. +(further notes on this in \*(L"\s-1NOTES\*(R"\s0 below). +.Sp +When the \fB\s-1OSSL_PARAM\s0\fR is used as a parameter descriptor, +\&\fIreturn_size\fR should be ignored. +.PP +\&\fB\s-1NOTE:\s0\fR +.PP +The key names and associated types are defined by the entity that +offers these parameters, i.e. names for parameters provided by the +OpenSSL libraries are defined by the libraries, and names for +parameters provided by providers are defined by those providers, +except for the pointer form of strings (see data type descriptions +below). +Entities that want to set or request parameters need to know what +those keys are and of what type, any functionality between those two +entities should remain oblivious and just pass the \fB\s-1OSSL_PARAM\s0\fR array +along. +.SS "Supported types" +.IX Subsection "Supported types" +The \fIdata_type\fR field can be one of the following types: +.IP "\fB\s-1OSSL_PARAM_INTEGER\s0\fR" 4 +.IX Item "OSSL_PARAM_INTEGER" +.PD 0 +.IP "\fB\s-1OSSL_PARAM_UNSIGNED_INTEGER\s0\fR" 4 +.IX Item "OSSL_PARAM_UNSIGNED_INTEGER" +.PD +The parameter data is an integer (signed or unsigned) of arbitrary +length, organized in native form, i.e. most significant byte first on +Big-Endian systems, and least significant byte first on Little-Endian +systems. +.IP "\fB\s-1OSSL_PARAM_REAL\s0\fR" 4 +.IX Item "OSSL_PARAM_REAL" +The parameter data is a floating point value in native form. +.IP "\fB\s-1OSSL_PARAM_UTF8_STRING\s0\fR" 4 +.IX Item "OSSL_PARAM_UTF8_STRING" +The parameter data is a printable string. +.IP "\fB\s-1OSSL_PARAM_OCTET_STRING\s0\fR" 4 +.IX Item "OSSL_PARAM_OCTET_STRING" +The parameter data is an arbitrary string of bytes. +.IP "\fB\s-1OSSL_PARAM_UTF8_PTR\s0\fR" 4 +.IX Item "OSSL_PARAM_UTF8_PTR" +The parameter data is a pointer to a printable string. +.Sp +The difference between this and \fB\s-1OSSL_PARAM_UTF8_STRING\s0\fR is that \fIdata\fR +doesn't point directly at the data, but to a pointer that points to the data. +.Sp +If there is any uncertainty about which to use, \fB\s-1OSSL_PARAM_UTF8_STRING\s0\fR is +almost certainly the correct choice. +.Sp +This is used to indicate that constant data is or will be passed, +and there is therefore no need to copy the data that is passed, just +the pointer to it. +.Sp +\&\fIdata_size\fR must be set to the size of the data, not the size of the +pointer to the data. +If this is used in a parameter request, +\&\fIdata_size\fR is not relevant. However, the \fIresponder\fR will set +\&\fIreturn_size\fR to the size of the data. +.Sp +Note that the use of this type is \fBfragile\fR and can only be safely +used for data that remains constant and in a constant location for a +long enough duration (such as the life-time of the entity that +offers these parameters). +.IP "\fB\s-1OSSL_PARAM_OCTET_PTR\s0\fR" 4 +.IX Item "OSSL_PARAM_OCTET_PTR" +The parameter data is a pointer to an arbitrary string of bytes. +.Sp +The difference between this and \fB\s-1OSSL_PARAM_OCTET_STRING\s0\fR is that +\&\fIdata\fR doesn't point directly at the data, but to a pointer that +points to the data. +.Sp +If there is any uncertainty about which to use, \fB\s-1OSSL_PARAM_OCTET_STRING\s0\fR is +almost certainly the correct choice. +.Sp +This is used to indicate that constant data is or will be passed, and +there is therefore no need to copy the data that is passed, just the +pointer to it. +.Sp +\&\fIdata_size\fR must be set to the size of the data, not the size of the +pointer to the data. +If this is used in a parameter request, +\&\fIdata_size\fR is not relevant. However, the \fIresponder\fR will set +\&\fIreturn_size\fR to the size of the data. +.Sp +Note that the use of this type is \fBfragile\fR and can only be safely +used for data that remains constant and in a constant location for a +long enough duration (such as the life-time of the entity that +offers these parameters). +.SH "NOTES" +.IX Header "NOTES" +Both when setting and requesting parameters, the functions that are +called will have to decide what is and what is not an error. +The recommended behaviour is: +.IP "\(bu" 4 +Keys that a \fIsetter\fR or \fIresponder\fR doesn't recognise should simply +be ignored. +That in itself isn't an error. +.IP "\(bu" 4 +If the keys that a called \fIsetter\fR recognises form a consistent +enough set of data, that call should succeed. +.IP "\(bu" 4 +Apart from the \fIreturn_size\fR, a \fIresponder\fR must never change the fields +of an \fB\s-1OSSL_PARAM\s0\fR. +To return a value, it should change the contents of the memory that +\&\fIdata\fR points at. +.IP "\(bu" 4 +If the data type for a key that it's associated with is incorrect, +the called function may return an error. +.Sp +The called function may also try to convert the data to a suitable +form (for example, it's plausible to pass a large number as an octet +string, so even though a given key is defined as an +\&\fB\s-1OSSL_PARAM_UNSIGNED_INTEGER\s0\fR, is plausible to pass the value as an +\&\fB\s-1OSSL_PARAM_OCTET_STRING\s0\fR), but this is in no way mandatory. +.IP "\(bu" 4 +If \fIdata\fR for a \fB\s-1OSSL_PARAM_OCTET_STRING\s0\fR or a +\&\fB\s-1OSSL_PARAM_UTF8_STRING\s0\fR is \s-1NULL,\s0 the \fIresponder\fR should +set \fIreturn_size\fR to the size of the item to be returned +and return success. Later the responder will be called again +with \fIdata\fR pointing at the place for the value to be put. +.IP "\(bu" 4 +If a \fIresponder\fR finds that some data sizes are too small for the +requested data, it must set \fIreturn_size\fR for each such +\&\fB\s-1OSSL_PARAM\s0\fR item to the minimum required size, and eventually return +an error. +.IP "\(bu" 4 +For the integer type parameters (\fB\s-1OSSL_PARAM_UNSIGNED_INTEGER\s0\fR and +\&\fB\s-1OSSL_PARAM_INTEGER\s0\fR), a \fIresponder\fR may choose to return an error +if the \fIdata_size\fR isn't a suitable size (even if \fIdata_size\fR is +bigger than needed). If the \fIresponder\fR finds the size suitable, it +must fill all \fIdata_size\fR bytes and ensure correct padding for the +native endianness, and set \fIreturn_size\fR to the same value as +\&\fIdata_size\fR. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +A couple of examples to just show how \fB\s-1OSSL_PARAM\s0\fR arrays could be +set up. +.PP +\fIExample 1\fR +.IX Subsection "Example 1" +.PP +This example is for setting parameters on some object: +.PP +.Vb 1 +\& #include <openssl/core.h> +\& +\& const char *foo = "some string"; +\& size_t foo_l = strlen(foo); +\& const char bar[] = "some other string"; +\& OSSL_PARAM set[] = { +\& { "foo", OSSL_PARAM_UTF8_PTR, &foo, foo_l, 0 }, +\& { "bar", OSSL_PARAM_UTF8_STRING, (void *)&bar, sizeof(bar) \- 1, 0 }, +\& { NULL, 0, NULL, 0, 0 } +\& }; +.Ve +.PP +\fIExample 2\fR +.IX Subsection "Example 2" +.PP +This example is for requesting parameters on some object: +.PP +.Vb 9 +\& const char *foo = NULL; +\& size_t foo_l; +\& char bar[1024]; +\& size_t bar_l; +\& OSSL_PARAM request[] = { +\& { "foo", OSSL_PARAM_UTF8_PTR, &foo, 0 /*irrelevant*/, 0 }, +\& { "bar", OSSL_PARAM_UTF8_STRING, &bar, sizeof(bar), 0 }, +\& { NULL, 0, NULL, 0, 0 } +\& }; +.Ve +.PP +A \fIresponder\fR that receives this array (as \fIparams\fR in this example) +could fill in the parameters like this: +.PP +.Vb 1 +\& /* OSSL_PARAM *params */ +\& +\& int i; +\& +\& for (i = 0; params[i].key != NULL; i++) { +\& if (strcmp(params[i].key, "foo") == 0) { +\& *(char **)params[i].data = "foo value"; +\& params[i].return_size = 9; /* length of "foo value" string */ +\& } else if (strcmp(params[i].key, "bar") == 0) { +\& memcpy(params[i].data, "bar value", 10); +\& params[i].return_size = 9; /* length of "bar value" string */ +\& } +\& /* Ignore stuff we don\*(Aqt know */ +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBopenssl\-core.h\fR\|(7), \fBOSSL_PARAM_get_int\fR\|(3), \fBOSSL_PARAM_dup\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fB\s-1OSSL_PARAM\s0\fR was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_PARAM_BLD.3 b/secure/lib/libcrypto/man/man3/OSSL_PARAM_BLD.3 new file mode 100644 index 000000000000..c5fabb2a87dd --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_PARAM_BLD.3 @@ -0,0 +1,323 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_PARAM_BLD 3ossl" +.TH OSSL_PARAM_BLD 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_PARAM_BLD, OSSL_PARAM_BLD_new, OSSL_PARAM_BLD_to_param, +OSSL_PARAM_BLD_free, OSSL_PARAM_BLD_push_int, +OSSL_PARAM_BLD_push_uint, OSSL_PARAM_BLD_push_long, +OSSL_PARAM_BLD_push_ulong, OSSL_PARAM_BLD_push_int32, +OSSL_PARAM_BLD_push_uint32, OSSL_PARAM_BLD_push_int64, +OSSL_PARAM_BLD_push_uint64, OSSL_PARAM_BLD_push_size_t, +OSSL_PARAM_BLD_push_time_t, OSSL_PARAM_BLD_push_double, +OSSL_PARAM_BLD_push_BN, OSSL_PARAM_BLD_push_BN_pad, +OSSL_PARAM_BLD_push_utf8_string, OSSL_PARAM_BLD_push_utf8_ptr, +OSSL_PARAM_BLD_push_octet_string, OSSL_PARAM_BLD_push_octet_ptr +\&\- functions to assist in the creation of OSSL_PARAM arrays +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/param_build.h> +\& +\& typedef struct OSSL_PARAM_BLD; +\& +\& OSSL_PARAM_BLD *OSSL_PARAM_BLD_new(void); +\& OSSL_PARAM *OSSL_PARAM_BLD_to_param(OSSL_PARAM_BLD *bld); +\& void OSSL_PARAM_BLD_free(OSSL_PARAM_BLD *bld); +\& +\& int OSSL_PARAM_BLD_push_TYPE(OSSL_PARAM_BLD *bld, const char *key, TYPE val); +\& +\& int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD *bld, const char *key, +\& const BIGNUM *bn); +\& int OSSL_PARAM_BLD_push_BN_pad(OSSL_PARAM_BLD *bld, const char *key, +\& const BIGNUM *bn, size_t sz); +\& +\& int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key, +\& const char *buf, size_t bsize); +\& int OSSL_PARAM_BLD_push_utf8_ptr(OSSL_PARAM_BLD *bld, const char *key, +\& char *buf, size_t bsize); +\& int OSSL_PARAM_BLD_push_octet_string(OSSL_PARAM_BLD *bld, const char *key, +\& const void *buf, size_t bsize); +\& int OSSL_PARAM_BLD_push_octet_ptr(OSSL_PARAM_BLD *bld, const char *key, +\& void *buf, size_t bsize); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A collection of utility functions that simplify the creation of \s-1OSSL_PARAM\s0 +arrays. The \fB\f(BI\s-1TYPE\s0\fB\fR names are as per \fBOSSL_PARAM_int\fR\|(3). +.PP +\&\fBOSSL_PARAM_BLD_new()\fR allocates and initialises a new \s-1OSSL_PARAM_BLD\s0 structure +so that values can be added. +Any existing values are cleared. +.PP +\&\fBOSSL_PARAM_BLD_free()\fR deallocates the memory allocates by \fBOSSL_PARAM_BLD_new()\fR. +.PP +\&\fBOSSL_PARAM_BLD_to_param()\fR converts a built up \s-1OSSL_PARAM_BLD\s0 structure +\&\fIbld\fR into an allocated \s-1OSSL_PARAM\s0 array. +The \s-1OSSL_PARAM\s0 array and all associated storage must be freed by calling +\&\fBOSSL_PARAM_free()\fR with the functions return value. +\&\fBOSSL_PARAM_BLD_free()\fR can safely be called any time after this function is. +.PP +\&\fBOSSL_PARAM_BLD_push_\f(BI\s-1TYPE\s0\fB\fR() are a series of functions which will create +\&\s-1OSSL_PARAM\s0 objects of the specified size and correct type for the \fIval\fR +argument. +\&\fIval\fR is stored by value and an expression or auto variable can be used. +.PP +\&\fBOSSL_PARAM_BLD_push_BN()\fR is a function that will create an \s-1OSSL_PARAM\s0 object +that holds the specified \s-1BIGNUM\s0 \fIbn\fR. +If \fIbn\fR is marked as being securely allocated, its \s-1OSSL_PARAM\s0 representation +will also be securely allocated. +The \fIbn\fR argument is stored by reference and the underlying \s-1BIGNUM\s0 object +must exist until after \fBOSSL_PARAM_BLD_to_param()\fR has been called. +.PP +\&\fBOSSL_PARAM_BLD_push_BN_pad()\fR is a function that will create an \s-1OSSL_PARAM\s0 object +that holds the specified \s-1BIGNUM\s0 \fIbn\fR. +The object will be padded to occupy exactly \fIsz\fR bytes, if insufficient space +is specified an error results. +If \fIbn\fR is marked as being securely allocated, its \s-1OSSL_PARAM\s0 representation +will also be securely allocated. +The \fIbn\fR argument is stored by reference and the underlying \s-1BIGNUM\s0 object +must exist until after \fBOSSL_PARAM_BLD_to_param()\fR has been called. +.PP +\&\fBOSSL_PARAM_BLD_push_utf8_string()\fR is a function that will create an \s-1OSSL_PARAM\s0 +object that references the \s-1UTF8\s0 string specified by \fIbuf\fR. +The length of the string \fIbsize\fR should not include the terminating \s-1NUL\s0 byte. +If it is zero then it will be calculated. +The string that \fIbuf\fR points to is stored by reference and must remain in +scope until after \fBOSSL_PARAM_BLD_to_param()\fR has been called. +.PP +\&\fBOSSL_PARAM_BLD_push_octet_string()\fR is a function that will create an \s-1OSSL_PARAM\s0 +object that references the octet string specified by \fIbuf\fR and <bsize>. +The memory that \fIbuf\fR points to is stored by reference and must remain in +scope until after \fBOSSL_PARAM_BLD_to_param()\fR has been called. +.PP +\&\fBOSSL_PARAM_BLD_push_utf8_ptr()\fR is a function that will create an \s-1OSSL_PARAM\s0 +object that references the \s-1UTF8\s0 string specified by \fIbuf\fR. +The length of the string \fIbsize\fR should not include the terminating \s-1NUL\s0 byte. +If it is zero then it will be calculated. +The string \fIbuf\fR points to is stored by reference and must remain in +scope until the \s-1OSSL_PARAM\s0 array is freed. +.PP +\&\fBOSSL_PARAM_BLD_push_octet_ptr()\fR is a function that will create an \s-1OSSL_PARAM\s0 +object that references the octet string specified by \fIbuf\fR. +The memory \fIbuf\fR points to is stored by reference and must remain in +scope until the \s-1OSSL_PARAM\s0 array is freed. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_PARAM_BLD_new()\fR returns the allocated \s-1OSSL_PARAM_BLD\s0 structure, or \s-1NULL\s0 +on error. +.PP +\&\fBOSSL_PARAM_BLD_to_param()\fR returns the allocated \s-1OSSL_PARAM\s0 array, or \s-1NULL\s0 +on error. +.PP +All of the OSSL_PARAM_BLD_push_TYPE functions return 1 on success and 0 +on error. +.SH "NOTES" +.IX Header "NOTES" +\&\fBOSSL_PARAM_BLD_push_BN()\fR and \fBOSSL_PARAM_BLD_push_BN_pad()\fR currently only +support nonnegative \fB\s-1BIGNUM\s0\fRs. They return an error on negative \fB\s-1BIGNUM\s0\fRs. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Both examples creating an \s-1OSSL_PARAM\s0 array that contains an \s-1RSA\s0 key. +For both, the predefined key variables are: +.PP +.Vb 6 +\& BIGNUM *n; /* modulus */ +\& unsigned int e; /* public exponent */ +\& BIGNUM *d; /* private exponent */ +\& BIGNUM *p, *q; /* first two prime factors */ +\& BIGNUM *dmp1, *dmq1; /* first two CRT exponents */ +\& BIGNUM *iqmp; /* first CRT coefficient */ +.Ve +.SS "Example 1" +.IX Subsection "Example 1" +This example shows how to create an \s-1OSSL_PARAM\s0 array that contains an \s-1RSA\s0 +private key. +.PP +.Vb 2 +\& OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new(); +\& OSSL_PARAM *params = NULL; +\& +\& if (bld == NULL +\& || !OSSL_PARAM_BLD_push_BN(bld, "n", n) +\& || !OSSL_PARAM_BLD_push_uint(bld, "e", e) +\& || !OSSL_PARAM_BLD_push_BN(bld, "d", d) +\& || !OSSL_PARAM_BLD_push_BN(bld, "rsa\-factor1", p) +\& || !OSSL_PARAM_BLD_push_BN(bld, "rsa\-factor2", q) +\& || !OSSL_PARAM_BLD_push_BN(bld, "rsa\-exponent1", dmp1) +\& || !OSSL_PARAM_BLD_push_BN(bld, "rsa\-exponent2", dmq1) +\& || !OSSL_PARAM_BLD_push_BN(bld, "rsa\-coefficient1", iqmp) +\& || (params = OSSL_PARAM_BLD_to_param(bld)) == NULL) +\& goto err; +\& OSSL_PARAM_BLD_free(bld); +\& /* Use params */ +\& ... +\& OSSL_PARAM_free(params); +.Ve +.SS "Example 2" +.IX Subsection "Example 2" +This example shows how to create an \s-1OSSL_PARAM\s0 array that contains an \s-1RSA\s0 +public key. +.PP +.Vb 2 +\& OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new(); +\& OSSL_PARAM *params = NULL; +\& +\& if (nld == NULL +\& || !OSSL_PARAM_BLD_push_BN(bld, "n", n) +\& || !OSSL_PARAM_BLD_push_uint(bld, "e", e) +\& || (params = OSSL_PARAM_BLD_to_param(bld)) == NULL) +\& goto err; +\& OSSL_PARAM_BLD_free(bld); +\& /* Use params */ +\& ... +\& OSSL_PARAM_free(params); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOSSL_PARAM_int\fR\|(3), \s-1\fBOSSL_PARAM\s0\fR\|(3), \fBOSSL_PARAM_free\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were all added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2022 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_PARAM_allocate_from_text.3 b/secure/lib/libcrypto/man/man3/OSSL_PARAM_allocate_from_text.3 new file mode 100644 index 000000000000..5e122f3df527 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_PARAM_allocate_from_text.3 @@ -0,0 +1,328 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_PARAM_ALLOCATE_FROM_TEXT 3ossl" +.TH OSSL_PARAM_ALLOCATE_FROM_TEXT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_PARAM_allocate_from_text +\&\- OSSL_PARAM construction utilities +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/params.h> +\& +\& int OSSL_PARAM_allocate_from_text(OSSL_PARAM *to, +\& const OSSL_PARAM *paramdefs, +\& const char *key, const char *value, +\& size_t value_n, +\& int *found); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +With OpenSSL before version 3.0, parameters were passed down to or +retrieved from algorithm implementations via control functions. +Some of these control functions existed in variants that took string +parameters, for example \fBEVP_PKEY_CTX_ctrl_str\fR\|(3). +.PP +OpenSSL 3.0 introduces a new mechanism to do the same thing with an +array of parameters that contain name, value, value type and value +size (see \s-1\fBOSSL_PARAM\s0\fR\|(3) for more information). +.PP +\&\fBOSSL_PARAM_allocate_from_text()\fR uses \fIkey\fR to look up an item in +\&\fIparamdefs\fR. If an item was found, it converts \fIvalue\fR to something +suitable for that item's \fIdata_type\fR, and stores the result in +\&\fIto\->data\fR as well as its size in \fIto\->data_size\fR. +\&\fIto\->key\fR and \fIto\->data_type\fR are assigned the corresponding +values from the item that was found, and \fIto\->return_size\fR is set +to zero. +.PP +\&\fIto\->data\fR is always allocated using \fBOPENSSL_zalloc\fR\|(3) and +needs to be freed by the caller when it's not useful any more, using +\&\fBOPENSSL_free\fR\|(3). +.PP +If \fIfound\fR is not \s-1NULL,\s0 \fI*found\fR is set to 1 if \fIkey\fR could be +located in \fIparamdefs\fR, and to 0 otherwise. +.SS "The use of \fIkey\fP and \fIvalue\fP in detail" +.IX Subsection "The use of key and value in detail" +\&\fBOSSL_PARAM_allocate_from_text()\fR takes note if \fIkey\fR starts with +\&\*(L"hex\*(R", and will only use the rest of \fIkey\fR to look up an item in +\&\fIparamdefs\fR in that case. As an example, if \fIkey\fR is \*(L"hexid\*(R", \*(L"id\*(R" +will be looked up in \fIparamdefs\fR. +.PP +When an item in \fIparamdefs\fR has been found, \fIvalue\fR is converted +depending on that item's \fIdata_type\fR, as follows: +.IP "\fB\s-1OSSL_PARAM_INTEGER\s0\fR and \fB\s-1OSSL_PARAM_UNSIGNED_INTEGER\s0\fR" 4 +.IX Item "OSSL_PARAM_INTEGER and OSSL_PARAM_UNSIGNED_INTEGER" +If \fIkey\fR didn't start with \*(L"hex\*(R", \fIvalue\fR is assumed to contain +\&\fIvalue_n\fR decimal characters, which are decoded, and the resulting +bytes become the number stored in the \fIto\->data\fR storage. +.Sp +If \fIvalue\fR starts with \*(L"0x\*(R", it is assumed to contain \fIvalue_n\fR +hexadecimal characters. +.Sp +If \fIkey\fR started with \*(L"hex\*(R", \fIvalue\fR is assumed to contain +\&\fIvalue_n\fR hexadecimal characters without the \*(L"0x\*(R" prefix. +.Sp +If \fIvalue\fR contains characters that couldn't be decoded as +hexadecimal or decimal characters, \fBOSSL_PARAM_allocate_from_text()\fR +considers that an error. +.IP "\fB\s-1OSSL_PARAM_UTF8_STRING\s0\fR" 4 +.IX Item "OSSL_PARAM_UTF8_STRING" +If \fIkey\fR started with \*(L"hex\*(R", \fBOSSL_PARAM_allocate_from_text()\fR +considers that an error. +.Sp +Otherwise, \fIvalue\fR is considered a C string and is copied to the +\&\fIto\->data\fR storage. +On systems where the native character encoding is \s-1EBCDIC,\s0 the bytes in +\&\fIto\->data\fR are converted to \s-1ASCII.\s0 +.IP "\fB\s-1OSSL_PARAM_OCTET_STRING\s0\fR" 4 +.IX Item "OSSL_PARAM_OCTET_STRING" +If \fIkey\fR started with \*(L"hex\*(R", \fIvalue\fR is assumed to contain +\&\fIvalue_n\fR hexadecimal characters, which are decoded, and the +resulting bytes are stored in the \fIto\->data\fR storage. +If \fIvalue\fR contains characters that couldn't be decoded as +hexadecimal or decimal characters, \fBOSSL_PARAM_allocate_from_text()\fR +considers that an error. +.Sp +If \fIkey\fR didn't start with \*(L"hex\*(R", \fIvalue_n\fR bytes from \fIvalue\fR are +copied to the \fIto\->data\fR storage. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_PARAM_allocate_from_text()\fR returns 1 if \fIkey\fR was found in +\&\fIparamdefs\fR and there was no other failure, otherwise 0. +.SH "NOTES" +.IX Header "NOTES" +The parameter descriptor array comes from functions dedicated to +return them. +The following \s-1\fBOSSL_PARAM\s0\fR\|(3) attributes are used: +.IP "\fIkey\fR" 4 +.IX Item "key" +.PD 0 +.IP "\fIdata_type\fR" 4 +.IX Item "data_type" +.IP "\fIdata_size\fR" 4 +.IX Item "data_size" +.PD +.PP +All other attributes are ignored. +.PP +The \fIdata_size\fR attribute can be zero, meaning that the parameter it +describes expects arbitrary length data. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Code that looked like this: +.PP +.Vb 4 +\& int mac_ctrl_string(EVP_PKEY_CTX *ctx, const char *value) +\& { +\& int rv; +\& char *stmp, *vtmp = NULL; +\& +\& stmp = OPENSSL_strdup(value); +\& if (stmp == NULL) +\& return \-1; +\& vtmp = strchr(stmp, \*(Aq:\*(Aq); +\& if (vtmp != NULL) +\& *vtmp++ = \*(Aq\e0\*(Aq; +\& rv = EVP_MAC_ctrl_str(ctx, stmp, vtmp); +\& OPENSSL_free(stmp); +\& return rv; +\& } +\& +\& ... +\& +\& +\& for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) { +\& char *macopt = sk_OPENSSL_STRING_value(macopts, i); +\& +\& if (pkey_ctrl_string(mac_ctx, macopt) <= 0) { +\& BIO_printf(bio_err, +\& "MAC parameter error \e"%s\e"\en", macopt); +\& ERR_print_errors(bio_err); +\& goto mac_end; +\& } +\& } +.Ve +.PP +Can be written like this instead: +.PP +.Vb 6 +\& OSSL_PARAM *params = +\& OPENSSL_zalloc(sizeof(*params) +\& * (sk_OPENSSL_STRING_num(opts) + 1)); +\& const OSSL_PARAM *paramdefs = EVP_MAC_settable_ctx_params(mac); +\& size_t params_n; +\& char *opt = "<unknown>"; +\& +\& for (params_n = 0; params_n < (size_t)sk_OPENSSL_STRING_num(opts); +\& params_n++) { +\& char *stmp, *vtmp = NULL; +\& +\& opt = sk_OPENSSL_STRING_value(opts, (int)params_n); +\& if ((stmp = OPENSSL_strdup(opt)) == NULL +\& || (vtmp = strchr(stmp, \*(Aq:\*(Aq)) == NULL) +\& goto err; +\& +\& *vtmp++ = \*(Aq\e0\*(Aq; +\& if (!OSSL_PARAM_allocate_from_text(¶ms[params_n], +\& paramdefs, stmp, +\& vtmp, strlen(vtmp), NULL)) +\& goto err; +\& } +\& params[params_n] = OSSL_PARAM_construct_end(); +\& if (!EVP_MAC_CTX_set_params(ctx, params)) +\& goto err; +\& while (params_n\-\- > 0) +\& OPENSSL_free(params[params_n].data); +\& OPENSSL_free(params); +\& /* ... */ +\& return; +\& +\& err: +\& BIO_printf(bio_err, "MAC parameter error \*(Aq%s\*(Aq\en", opt); +\& ERR_print_errors(bio_err); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBOSSL_PARAM\s0\fR\|(3), \fBOSSL_PARAM_int\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_PARAM_dup.3 b/secure/lib/libcrypto/man/man3/OSSL_PARAM_dup.3 new file mode 100644 index 000000000000..59161be7b725 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_PARAM_dup.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_PARAM_DUP 3ossl" +.TH OSSL_PARAM_DUP 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_PARAM_dup, OSSL_PARAM_merge, OSSL_PARAM_free +\&\- OSSL_PARAM array copy functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/params.h> +\& +\& OSSL_PARAM *OSSL_PARAM_dup(const OSSL_PARAM *params); +\& OSSL_PARAM *OSSL_PARAM_merge(const OSSL_PARAM *params, const OSSL_PARAM *params1); +\& void OSSL_PARAM_free(OSSL_PARAM *params); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Algorithm parameters can be exported/imported from/to providers using arrays of +\&\s-1\fBOSSL_PARAM\s0\fR\|(3). The following utility functions allow the parameters to be +duplicated and merged with other \s-1\fBOSSL_PARAM\s0\fR\|(3) to assist in this process. +.PP +\&\fBOSSL_PARAM_dup()\fR duplicates the parameter array \fIparams\fR. This function does a +deep copy of the data. +.PP +\&\fBOSSL_PARAM_merge()\fR merges the parameter arrays \fIparams\fR and \fIparams1\fR into a +new parameter array. If \fIparams\fR and \fIparams1\fR contain values with the same +\&'key' then the value from \fIparams1\fR will replace the \fIparam\fR value. This +function does a shallow copy of the parameters. Either \fIparams\fR or \fIparams1\fR +may be \s-1NULL.\s0 The behaviour of the merge is unpredictable if \fIparams\fR and +\&\fIparams1\fR contain the same key, and there are multiple entries within either +array that have the same key. +.PP +\&\fBOSSL_PARAM_free()\fR frees the parameter array \fIparams\fR that was created using +\&\fBOSSL_PARAM_dup()\fR, \fBOSSL_PARAM_merge()\fR or \fBOSSL_PARAM_BLD_to_param()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions \fBOSSL_PARAM_dup()\fR and \fBOSSL_PARAM_merge()\fR return a newly allocated +\&\s-1\fBOSSL_PARAM\s0\fR\|(3) array, or \s-1NULL\s0 if there was an error. If both parameters are \s-1NULL\s0 + then \s-1NULL\s0 is returned. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBOSSL_PARAM\s0\fR\|(3), \s-1\fBOSSL_PARAM_BLD\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_PARAM_int.3 b/secure/lib/libcrypto/man/man3/OSSL_PARAM_int.3 new file mode 100644 index 000000000000..dc8b2fccbc7b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_PARAM_int.3 @@ -0,0 +1,516 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_PARAM_INT 3ossl" +.TH OSSL_PARAM_INT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_PARAM_double, OSSL_PARAM_int, OSSL_PARAM_int32, OSSL_PARAM_int64, +OSSL_PARAM_long, OSSL_PARAM_size_t, OSSL_PARAM_time_t, OSSL_PARAM_uint, +OSSL_PARAM_uint32, OSSL_PARAM_uint64, OSSL_PARAM_ulong, OSSL_PARAM_BN, +OSSL_PARAM_utf8_string, OSSL_PARAM_octet_string, OSSL_PARAM_utf8_ptr, +OSSL_PARAM_octet_ptr, +OSSL_PARAM_END, OSSL_PARAM_DEFN, +OSSL_PARAM_construct_double, OSSL_PARAM_construct_int, +OSSL_PARAM_construct_int32, OSSL_PARAM_construct_int64, +OSSL_PARAM_construct_long, OSSL_PARAM_construct_size_t, +OSSL_PARAM_construct_time_t, OSSL_PARAM_construct_uint, +OSSL_PARAM_construct_uint32, OSSL_PARAM_construct_uint64, +OSSL_PARAM_construct_ulong, OSSL_PARAM_construct_BN, +OSSL_PARAM_construct_utf8_string, OSSL_PARAM_construct_utf8_ptr, +OSSL_PARAM_construct_octet_string, OSSL_PARAM_construct_octet_ptr, +OSSL_PARAM_construct_end, +OSSL_PARAM_locate, OSSL_PARAM_locate_const, +OSSL_PARAM_get_double, OSSL_PARAM_get_int, OSSL_PARAM_get_int32, +OSSL_PARAM_get_int64, OSSL_PARAM_get_long, OSSL_PARAM_get_size_t, +OSSL_PARAM_get_time_t, OSSL_PARAM_get_uint, OSSL_PARAM_get_uint32, +OSSL_PARAM_get_uint64, OSSL_PARAM_get_ulong, OSSL_PARAM_get_BN, +OSSL_PARAM_get_utf8_string, OSSL_PARAM_get_octet_string, +OSSL_PARAM_get_utf8_ptr, OSSL_PARAM_get_octet_ptr, +OSSL_PARAM_get_utf8_string_ptr, OSSL_PARAM_get_octet_string_ptr, +OSSL_PARAM_set_double, OSSL_PARAM_set_int, OSSL_PARAM_set_int32, +OSSL_PARAM_set_int64, OSSL_PARAM_set_long, OSSL_PARAM_set_size_t, +OSSL_PARAM_set_time_t, OSSL_PARAM_set_uint, OSSL_PARAM_set_uint32, +OSSL_PARAM_set_uint64, OSSL_PARAM_set_ulong, OSSL_PARAM_set_BN, +OSSL_PARAM_set_utf8_string, OSSL_PARAM_set_octet_string, +OSSL_PARAM_set_utf8_ptr, OSSL_PARAM_set_octet_ptr, +OSSL_PARAM_UNMODIFIED, OSSL_PARAM_modified, OSSL_PARAM_set_all_unmodified +\&\- OSSL_PARAM helpers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/params.h> +\& +\& /* +\& * TYPE in function names is one of: +\& * double, int, int32, int64, long, size_t, time_t, uint, uint32, uint64, ulong +\& * Corresponding TYPE in function arguments is one of: +\& * double, int, int32_t, int64_t, long, size_t, time_t, unsigned int, uint32_t, +\& * uint64_t, unsigned long +\& */ +\& +\& #define OSSL_PARAM_TYPE(key, address) +\& #define OSSL_PARAM_BN(key, address, size) +\& #define OSSL_PARAM_utf8_string(key, address, size) +\& #define OSSL_PARAM_octet_string(key, address, size) +\& #define OSSL_PARAM_utf8_ptr(key, address, size) +\& #define OSSL_PARAM_octet_ptr(key, address, size) +\& #define OSSL_PARAM_END +\& +\& #define OSSL_PARAM_UNMODIFIED +\& +\& #define OSSL_PARAM_DEFN(key, type, addr, sz) \e +\& { (key), (type), (addr), (sz), OSSL_PARAM_UNMODIFIED } +\& +\& OSSL_PARAM OSSL_PARAM_construct_TYPE(const char *key, TYPE *buf); +\& OSSL_PARAM OSSL_PARAM_construct_BN(const char *key, unsigned char *buf, +\& size_t bsize); +\& OSSL_PARAM OSSL_PARAM_construct_utf8_string(const char *key, char *buf, +\& size_t bsize); +\& OSSL_PARAM OSSL_PARAM_construct_octet_string(const char *key, void *buf, +\& size_t bsize); +\& OSSL_PARAM OSSL_PARAM_construct_utf8_ptr(const char *key, char **buf, +\& size_t bsize); +\& OSSL_PARAM OSSL_PARAM_construct_octet_ptr(const char *key, void **buf, +\& size_t bsize); +\& OSSL_PARAM OSSL_PARAM_construct_end(void); +\& +\& OSSL_PARAM *OSSL_PARAM_locate(OSSL_PARAM *array, const char *key); +\& const OSSL_PARAM *OSSL_PARAM_locate_const(const OSSL_PARAM *array, +\& const char *key); +\& +\& int OSSL_PARAM_get_TYPE(const OSSL_PARAM *p, TYPE *val); +\& int OSSL_PARAM_set_TYPE(OSSL_PARAM *p, TYPE val); +\& +\& int OSSL_PARAM_get_BN(const OSSL_PARAM *p, BIGNUM **val); +\& int OSSL_PARAM_set_BN(OSSL_PARAM *p, const BIGNUM *val); +\& +\& int OSSL_PARAM_get_utf8_string(const OSSL_PARAM *p, char **val, +\& size_t max_len); +\& int OSSL_PARAM_set_utf8_string(OSSL_PARAM *p, const char *val); +\& +\& int OSSL_PARAM_get_octet_string(const OSSL_PARAM *p, void **val, +\& size_t max_len, size_t *used_len); +\& int OSSL_PARAM_set_octet_string(OSSL_PARAM *p, const void *val, size_t len); +\& +\& int OSSL_PARAM_get_utf8_ptr(const OSSL_PARAM *p, const char **val); +\& int OSSL_PARAM_set_utf8_ptr(OSSL_PARAM *p, const char *val); +\& +\& int OSSL_PARAM_get_octet_ptr(const OSSL_PARAM *p, const void **val, +\& size_t *used_len); +\& int OSSL_PARAM_set_octet_ptr(OSSL_PARAM *p, const void *val, +\& size_t used_len); +\& +\& int OSSL_PARAM_get_utf8_string_ptr(const OSSL_PARAM *p, const char **val); +\& int OSSL_PARAM_get_octet_string_ptr(const OSSL_PARAM *p, const void **val, +\& size_t *used_len); +\& +\& int OSSL_PARAM_modified(const OSSL_PARAM *param); +\& void OSSL_PARAM_set_all_unmodified(OSSL_PARAM *params); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A collection of utility functions that simplify and add type safety to the +\&\s-1\fBOSSL_PARAM\s0\fR\|(3) arrays. The following \fB\f(BI\s-1TYPE\s0\fB\fR names are supported: +.IP "\(bu" 1 +double +.IP "\(bu" 1 +int +.IP "\(bu" 1 +int32 (int32_t) +.IP "\(bu" 1 +int64 (int64_t) +.IP "\(bu" 1 +long int (long) +.IP "\(bu" 1 +time_t +.IP "\(bu" 1 +size_t +.IP "\(bu" 1 +uint32 (uint32_t) +.IP "\(bu" 1 +uint64 (uint64_t) +.IP "\(bu" 1 +unsigned int (uint) +.IP "\(bu" 1 +unsigned long int (ulong) +.PP +\&\s-1\fBOSSL_PARAM_TYPE\s0()\fR are a series of macros designed to assist initialising an +array of \s-1\fBOSSL_PARAM\s0\fR\|(3) structures. +Each of these macros defines a parameter of the specified \fB\f(BI\s-1TYPE\s0\fB\fR with the +provided \fIkey\fR and parameter variable \fIaddress\fR. +.PP +\&\fBOSSL_PARAM_utf8_string()\fR, \fBOSSL_PARAM_octet_string()\fR, \fBOSSL_PARAM_utf8_ptr()\fR, +\&\fBOSSL_PARAM_octet_ptr()\fR, \s-1\fBOSSL_PARAM_BN\s0()\fR are macros that provide support +for defining \s-1UTF8\s0 strings, \s-1OCTET\s0 strings and big numbers. +A parameter with name \fIkey\fR is defined. +The storage for this parameter is at \fIaddress\fR and is of \fIsize\fR bytes. +.PP +\&\s-1OSSL_PARAM_END\s0 provides an end of parameter list marker. +This should terminate all \s-1\fBOSSL_PARAM\s0\fR\|(3) arrays. +.PP +The \s-1\fBOSSL_PARAM_DEFN\s0()\fR macro provides the ability to construct a single +\&\s-1\fBOSSL_PARAM\s0\fR\|(3) (typically used in the construction of \fB\s-1OSSL_PARAM\s0\fR arrays). The +\&\fIkey\fR, \fItype\fR, \fIaddr\fR and \fIsz\fR arguments correspond to the \fIkey\fR, +\&\fIdata_type\fR, \fIdata\fR and \fIdata_size\fR fields of the \s-1\fBOSSL_PARAM\s0\fR\|(3) structure as +described on the \s-1\fBOSSL_PARAM\s0\fR\|(3) page. +.PP +\&\fBOSSL_PARAM_construct_TYPE()\fR are a series of functions that create \s-1\fBOSSL_PARAM\s0\fR\|(3) +records dynamically. +A parameter with name \fIkey\fR is created. +The parameter will use storage pointed to by \fIbuf\fR and return size of \fIret\fR. +.PP +\&\fBOSSL_PARAM_construct_BN()\fR is a function that constructs a large integer +\&\s-1\fBOSSL_PARAM\s0\fR\|(3) structure. +A parameter with name \fIkey\fR, storage \fIbuf\fR, size \fIbsize\fR and return +size \fIrsize\fR is created. +.PP +\&\fBOSSL_PARAM_construct_utf8_string()\fR is a function that constructs a \s-1UTF8\s0 +string \s-1\fBOSSL_PARAM\s0\fR\|(3) structure. +A parameter with name \fIkey\fR, storage \fIbuf\fR and size \fIbsize\fR is created. +If \fIbsize\fR is zero, the string length is determined using \fBstrlen\fR\|(3). +Generally pass zero for \fIbsize\fR instead of calling \fBstrlen\fR\|(3) yourself. +.PP +\&\fBOSSL_PARAM_construct_octet_string()\fR is a function that constructs an \s-1OCTET\s0 +string \s-1\fBOSSL_PARAM\s0\fR\|(3) structure. +A parameter with name \fIkey\fR, storage \fIbuf\fR and size \fIbsize\fR is created. +.PP +\&\fBOSSL_PARAM_construct_utf8_ptr()\fR is a function that constructs a \s-1UTF8\s0 string +pointer \s-1\fBOSSL_PARAM\s0\fR\|(3) structure. +A parameter with name \fIkey\fR, storage pointer \fI*buf\fR and size \fIbsize\fR +is created. +.PP +\&\fBOSSL_PARAM_construct_octet_ptr()\fR is a function that constructs an \s-1OCTET\s0 string +pointer \s-1\fBOSSL_PARAM\s0\fR\|(3) structure. +A parameter with name \fIkey\fR, storage pointer \fI*buf\fR and size \fIbsize\fR +is created. +.PP +\&\fBOSSL_PARAM_construct_end()\fR is a function that constructs the terminating +\&\s-1\fBOSSL_PARAM\s0\fR\|(3) structure. +.PP +\&\fBOSSL_PARAM_locate()\fR is a function that searches an \fIarray\fR of parameters for +the one matching the \fIkey\fR name. +.PP +\&\fBOSSL_PARAM_locate_const()\fR behaves exactly like \fBOSSL_PARAM_locate()\fR except for +the presence of \fIconst\fR for the \fIarray\fR argument and its return value. +.PP +\&\fBOSSL_PARAM_get_TYPE()\fR retrieves a value of type \fB\f(BI\s-1TYPE\s0\fB\fR from the parameter +\&\fIp\fR. +The value is copied to the address \fIval\fR. +Type coercion takes place as discussed in the \s-1NOTES\s0 section. +.PP +\&\fBOSSL_PARAM_set_TYPE()\fR stores a value \fIval\fR of type \fB\f(BI\s-1TYPE\s0\fB\fR into the +parameter \fIp\fR. +If the parameter's \fIdata\fR field is \s-1NULL,\s0 then only its \fIreturn_size\fR field +will be assigned the size the parameter's \fIdata\fR buffer should have. +Type coercion takes place as discussed in the \s-1NOTES\s0 section. +.PP +\&\fBOSSL_PARAM_get_BN()\fR retrieves a \s-1BIGNUM\s0 from the parameter pointed to by \fIp\fR. +The \s-1BIGNUM\s0 referenced by \fIval\fR is updated and is allocated if \fI*val\fR is +\&\s-1NULL.\s0 +.PP +\&\fBOSSL_PARAM_set_BN()\fR stores the \s-1BIGNUM\s0 \fIval\fR into the parameter \fIp\fR. +If the parameter's \fIdata\fR field is \s-1NULL,\s0 then only its \fIreturn_size\fR field +will be assigned the size the parameter's \fIdata\fR buffer should have. +.PP +\&\fBOSSL_PARAM_get_utf8_string()\fR retrieves a \s-1UTF8\s0 string from the parameter +pointed to by \fIp\fR. +The string is stored into \fI*val\fR with a size limit of \fImax_len\fR, +which must be large enough to accommodate a terminating \s-1NUL\s0 byte, +otherwise this function will fail. +If \fI*val\fR is \s-1NULL,\s0 memory is allocated for the string (including the +terminating \s-1NUL\s0 byte) and \fImax_len\fR is ignored. +If memory is allocated by this function, it must be freed by the caller. +.PP +\&\fBOSSL_PARAM_set_utf8_string()\fR sets a \s-1UTF8\s0 string from the parameter pointed to +by \fIp\fR to the value referenced by \fIval\fR. +If the parameter's \fIdata\fR field isn't \s-1NULL,\s0 its \fIdata_size\fR must indicate +that the buffer is large enough to accommodate the string that \fIval\fR points at, +not including the terminating \s-1NUL\s0 byte, or this function will fail. +A terminating \s-1NUL\s0 byte is added only if the parameter's \fIdata_size\fR indicates +the buffer is longer than the string length, otherwise the string will not be +\&\s-1NUL\s0 terminated. +If the parameter's \fIdata\fR field is \s-1NULL,\s0 then only its \fIreturn_size\fR field +will be assigned the minimum size the parameter's \fIdata\fR buffer should have +to accommodate the string, not including a terminating \s-1NUL\s0 byte. +.PP +\&\fBOSSL_PARAM_get_octet_string()\fR retrieves an \s-1OCTET\s0 string from the parameter +pointed to by \fIp\fR. +The OCTETs are either stored into \fI*val\fR with a length limit of \fImax_len\fR or, +in the case when \fI*val\fR is \s-1NULL,\s0 memory is allocated and +\&\fImax_len\fR is ignored. \fI*used_len\fR is populated with the number of OCTETs +stored. If \fIval\fR is \s-1NULL\s0 then the \s-1OCTETS\s0 are not stored, but \fI*used_len\fR is +still populated. +If memory is allocated by this function, it must be freed by the caller. +.PP +\&\fBOSSL_PARAM_set_octet_string()\fR sets an \s-1OCTET\s0 string from the parameter +pointed to by \fIp\fR to the value referenced by \fIval\fR. +If the parameter's \fIdata\fR field is \s-1NULL,\s0 then only its \fIreturn_size\fR field +will be assigned the size the parameter's \fIdata\fR buffer should have. +.PP +\&\fBOSSL_PARAM_get_utf8_ptr()\fR retrieves the \s-1UTF8\s0 string pointer from the parameter +referenced by \fIp\fR and stores it in \fI*val\fR. +.PP +\&\fBOSSL_PARAM_set_utf8_ptr()\fR sets the \s-1UTF8\s0 string pointer in the parameter +referenced by \fIp\fR to the values \fIval\fR. +.PP +\&\fBOSSL_PARAM_get_octet_ptr()\fR retrieves the \s-1OCTET\s0 string pointer from the parameter +referenced by \fIp\fR and stores it in \fI*val\fR. +The length of the \s-1OCTET\s0 string is stored in \fI*used_len\fR. +.PP +\&\fBOSSL_PARAM_set_octet_ptr()\fR sets the \s-1OCTET\s0 string pointer in the parameter +referenced by \fIp\fR to the values \fIval\fR. +The length of the \s-1OCTET\s0 string is provided by \fIused_len\fR. +.PP +\&\fBOSSL_PARAM_get_utf8_string_ptr()\fR retrieves the pointer to a \s-1UTF8\s0 string from +the parameter pointed to by \fIp\fR, and stores that pointer in \fI*val\fR. +This is different from \fBOSSL_PARAM_get_utf8_string()\fR, which copies the +string. +.PP +\&\fBOSSL_PARAM_get_octet_string_ptr()\fR retrieves the pointer to a octet string +from the parameter pointed to by \fIp\fR, and stores that pointer in \fI*val\fR, +along with the string's length in \fI*used_len\fR. +This is different from \fBOSSL_PARAM_get_octet_string()\fR, which copies the +string. +.PP +The \s-1OSSL_PARAM_UNMODIFIED\s0 macro is used to detect if a parameter was set. On +creation, via either the macros or construct calls, the \fIreturn_size\fR field +is set to this. If the parameter is set using the calls defined herein, the +\&\fIreturn_size\fR field is changed. +.PP +\&\fBOSSL_PARAM_modified()\fR queries if the parameter \fIparam\fR has been set or not +using the calls defined herein. +.PP +\&\fBOSSL_PARAM_set_all_unmodified()\fR resets the unused indicator for all parameters +in the array \fIparams\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_PARAM_construct_TYPE()\fR, \fBOSSL_PARAM_construct_BN()\fR, +\&\fBOSSL_PARAM_construct_utf8_string()\fR, \fBOSSL_PARAM_construct_octet_string()\fR, +\&\fBOSSL_PARAM_construct_utf8_ptr()\fR and \fBOSSL_PARAM_construct_octet_ptr()\fR +return a populated \s-1\fBOSSL_PARAM\s0\fR\|(3) structure. +.PP +\&\fBOSSL_PARAM_locate()\fR and \fBOSSL_PARAM_locate_const()\fR return a pointer to +the matching \s-1\fBOSSL_PARAM\s0\fR\|(3) object. They return \s-1NULL\s0 on error or when +no object matching \fIkey\fR exists in the \fIarray\fR. +.PP +\&\fBOSSL_PARAM_modified()\fR returns 1 if the parameter was set and 0 otherwise. +.PP +All other functions return 1 on success and 0 on failure. +.SH "NOTES" +.IX Header "NOTES" +Native types will be converted as required only if the value is exactly +representable by the target type or parameter. +Apart from that, the functions must be used appropriately for the +expected type of the parameter. +.PP +\&\fBOSSL_PARAM_get_BN()\fR and \fBOSSL_PARAM_set_BN()\fR currently only support +nonnegative \fB\s-1BIGNUM\s0\fRs, and by consequence, only +\&\fB\s-1OSSL_PARAM_UNSIGNED_INTEGER\s0\fR. \fBOSSL_PARAM_construct_BN()\fR currently +constructs an \s-1\fBOSSL_PARAM\s0\fR\|(3) structure with the data type +\&\fB\s-1OSSL_PARAM_UNSIGNED_INTEGER\s0\fR. +.PP +For \fBOSSL_PARAM_construct_utf8_ptr()\fR and \fBOSSL_PARAM_consstruct_octet_ptr()\fR, +\&\fIbsize\fR is not relevant if the purpose is to send the \s-1\fBOSSL_PARAM\s0\fR\|(3) array +to a \fIresponder\fR, i.e. to get parameter data back. +In that case, \fIbsize\fR can safely be given zero. +See \*(L"\s-1DESCRIPTION\*(R"\s0 in \s-1\fBOSSL_PARAM\s0\fR\|(3) for further information on the +possible purposes. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Reusing the examples from \s-1\fBOSSL_PARAM\s0\fR\|(3) to just show how +\&\s-1\fBOSSL_PARAM\s0\fR\|(3) arrays can be handled using the macros and functions +defined herein. +.SS "Example 1" +.IX Subsection "Example 1" +This example is for setting parameters on some object: +.PP +.Vb 1 +\& #include <openssl/core.h> +\& +\& const char *foo = "some string"; +\& size_t foo_l = strlen(foo); +\& const char bar[] = "some other string"; +\& const OSSL_PARAM set[] = { +\& OSSL_PARAM_utf8_ptr("foo", &foo, foo_l), +\& OSSL_PARAM_utf8_string("bar", bar, sizeof(bar) \- 1), +\& OSSL_PARAM_END +\& }; +.Ve +.SS "Example 2" +.IX Subsection "Example 2" +This example is for requesting parameters on some object, and also +demonstrates that the requester isn't obligated to request all +available parameters: +.PP +.Vb 7 +\& const char *foo = NULL; +\& char bar[1024]; +\& OSSL_PARAM request[] = { +\& OSSL_PARAM_utf8_ptr("foo", &foo, 0), +\& OSSL_PARAM_utf8_string("bar", bar, sizeof(bar)), +\& OSSL_PARAM_END +\& }; +.Ve +.PP +A \fIresponder\fR that receives this array (as \f(CW\*(C`params\*(C'\fR in this example) +could fill in the parameters like this: +.PP +.Vb 1 +\& /* OSSL_PARAM *params */ +\& +\& OSSL_PARAM *p; +\& +\& if ((p = OSSL_PARAM_locate(params, "foo")) != NULL) +\& OSSL_PARAM_set_utf8_ptr(p, "foo value"); +\& if ((p = OSSL_PARAM_locate(params, "bar")) != NULL) +\& OSSL_PARAM_set_utf8_string(p, "bar value"); +\& if ((p = OSSL_PARAM_locate(params, "cookie")) != NULL) +\& OSSL_PARAM_set_utf8_ptr(p, "cookie value"); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBopenssl\-core.h\fR\|(7), \s-1\fBOSSL_PARAM\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These APIs were introduced in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_PROVIDER.3 b/secure/lib/libcrypto/man/man3/OSSL_PROVIDER.3 new file mode 100644 index 000000000000..c0a462613e3b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_PROVIDER.3 @@ -0,0 +1,352 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_PROVIDER 3ossl" +.TH OSSL_PROVIDER 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_PROVIDER_set_default_search_path, +OSSL_PROVIDER, OSSL_PROVIDER_load, OSSL_PROVIDER_try_load, OSSL_PROVIDER_unload, +OSSL_PROVIDER_available, OSSL_PROVIDER_do_all, +OSSL_PROVIDER_gettable_params, OSSL_PROVIDER_get_params, +OSSL_PROVIDER_query_operation, OSSL_PROVIDER_unquery_operation, +OSSL_PROVIDER_get0_provider_ctx, OSSL_PROVIDER_get0_dispatch, +OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_get0_name, OSSL_PROVIDER_get_capabilities, +OSSL_PROVIDER_self_test +\&\- provider routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/provider.h> +\& +\& typedef struct ossl_provider_st OSSL_PROVIDER; +\& +\& int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *libctx, +\& const char *path); +\& +\& OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *libctx, const char *name); +\& OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *libctx, const char *name, +\& int retain_fallbacks); +\& int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov); +\& int OSSL_PROVIDER_available(OSSL_LIB_CTX *libctx, const char *name); +\& int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx, +\& int (*cb)(OSSL_PROVIDER *provider, void *cbdata), +\& void *cbdata); +\& +\& const OSSL_PARAM *OSSL_PROVIDER_gettable_params(OSSL_PROVIDER *prov); +\& int OSSL_PROVIDER_get_params(OSSL_PROVIDER *prov, OSSL_PARAM params[]); +\& +\& const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov, +\& int operation_id, +\& int *no_cache); +\& void OSSL_PROVIDER_unquery_operation(const OSSL_PROVIDER *prov, +\& int operation_id, +\& const OSSL_ALGORITHM *algs); +\& void *OSSL_PROVIDER_get0_provider_ctx(const OSSL_PROVIDER *prov); +\& const OSSL_DISPATCH *OSSL_PROVIDER_get0_dispatch(const OSSL_PROVIDER *prov); +\& +\& int OSSL_PROVIDER_add_builtin(OSSL_LIB_CTX *libctx, const char *name, +\& ossl_provider_init_fn *init_fn); +\& +\& const char *OSSL_PROVIDER_get0_name(const OSSL_PROVIDER *prov); +\& +\& int OSSL_PROVIDER_get_capabilities(const OSSL_PROVIDER *prov, +\& const char *capability, +\& OSSL_CALLBACK *cb, +\& void *arg); +\& int OSSL_PROVIDER_self_test(const OSSL_PROVIDER *prov); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1OSSL_PROVIDER\s0\fR is a type that holds internal information about +implementation providers (see \fBprovider\fR\|(7) for information on what a +provider is). +A provider can be built in to the application or the OpenSSL +libraries, or can be a loadable module. +The functions described here handle both forms. +.PP +Some of these functions operate within a library context, please see +\&\s-1\fBOSSL_LIB_CTX\s0\fR\|(3) for further details. +.SS "Functions" +.IX Subsection "Functions" +\&\fBOSSL_PROVIDER_set_default_search_path()\fR specifies the default search \fIpath\fR +that is to be used for looking for providers in the specified \fIlibctx\fR. +If left unspecified, an environment variable and a fall back default value will +be used instead. +.PP +\&\fBOSSL_PROVIDER_add_builtin()\fR is used to add a built in provider to +\&\fB\s-1OSSL_PROVIDER\s0\fR store in the given library context, by associating a +provider name with a provider initialization function. +This name can then be used with \fBOSSL_PROVIDER_load()\fR. +.PP +\&\fBOSSL_PROVIDER_load()\fR loads and initializes a provider. +This may simply initialize a provider that was previously added with +\&\fBOSSL_PROVIDER_add_builtin()\fR and run its given initialization function, +or load a provider module with the given name and run its provider +entry point, \f(CW\*(C`OSSL_provider_init\*(C'\fR. The \fIname\fR can be a path +to a provider module, in that case the provider name as returned +by \fBOSSL_PROVIDER_get0_name()\fR will be the path. Interpretation +of relative paths is platform dependent and they are relative +to the configured \*(L"\s-1MODULESDIR\*(R"\s0 directory or the path set in +the environment variable \s-1OPENSSL_MODULES\s0 if set. +.PP +\&\fBOSSL_PROVIDER_try_load()\fR functions like \fBOSSL_PROVIDER_load()\fR, except that +it does not disable the fallback providers if the provider cannot be +loaded and initialized or if \fIretain_fallbacks\fR is nonzero. +If the provider loads successfully and \fIretain_fallbacks\fR is zero, the +fallback providers are disabled. +.PP +\&\fBOSSL_PROVIDER_unload()\fR unloads the given provider. +For a provider added with \fBOSSL_PROVIDER_add_builtin()\fR, this simply +runs its teardown function. +.PP +\&\fBOSSL_PROVIDER_available()\fR checks if a named provider is available +for use. +.PP +\&\fBOSSL_PROVIDER_do_all()\fR iterates over all loaded providers, calling +\&\fIcb\fR for each one, with the current provider in \fIprovider\fR and the +\&\fIcbdata\fR that comes from the caller. If no other provider has been loaded +before calling this function, the default provider is still available as +fallback. +See \fBOSSL_PROVIDER\-default\fR\|(7) for more information on this fallback +behaviour. +.PP +\&\fBOSSL_PROVIDER_gettable_params()\fR is used to get a provider parameter +descriptor set as a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array. +.PP +\&\fBOSSL_PROVIDER_get_params()\fR is used to get provider parameter values. +The caller must prepare the \s-1\fBOSSL_PARAM\s0\fR\|(3) array before calling this +function, and the variables acting as buffers for this parameter array +should be filled with data when it returns successfully. +.PP +\&\fBOSSL_PROVIDER_self_test()\fR is used to run a provider's self tests on demand. +If the self tests fail then the provider will fail to provide any further +services and algorithms. \fBOSSL_SELF_TEST_set_callback\fR\|(3) may be called +beforehand in order to display diagnostics for the running self tests. +.PP +\&\fBOSSL_PROVIDER_query_operation()\fR calls the provider's \fIquery_operation\fR +function (see \fBprovider\fR\|(7)), if the provider has one. It returns an +array of \fI\s-1OSSL_ALGORITHM\s0\fR for the given \fIoperation_id\fR terminated by an all +\&\s-1NULL OSSL_ALGORITHM\s0 entry. This is considered a low-level function that most +applications should not need to call. +.PP +\&\fBOSSL_PROVIDER_unquery_operation()\fR calls the provider's \fIunquery_operation\fR +function (see \fBprovider\fR\|(7)), if the provider has one. This is considered a +low-level function that most applications should not need to call. +.PP +\&\fBOSSL_PROVIDER_get0_provider_ctx()\fR returns the provider context for the given +provider. The provider context is an opaque handle set by the provider itself +and is passed back to the provider by libcrypto in various function calls. +.PP +\&\fBOSSL_PROVIDER_get0_dispatch()\fR returns the provider's dispatch table as it was +returned in the \fIout\fR parameter from the provider's init function. See +\&\fBprovider\-base\fR\|(7). +.PP +If it is permissible to cache references to this array then \fI*no_store\fR is set +to 0 or 1 otherwise. If the array is not cacheable then it is assumed to +have a short lifetime. +.PP +\&\fBOSSL_PROVIDER_get0_name()\fR returns the name of the given provider. +.PP +\&\fBOSSL_PROVIDER_get_capabilities()\fR provides information about the capabilities +supported by the provider specified in \fIprov\fR with the capability name +\&\fIcapability\fR. For each capability of that name supported by the provider it +will call the callback \fIcb\fR and supply a set of \s-1\fBOSSL_PARAM\s0\fR\|(3)s describing the +capability. It will also pass back the argument \fIarg\fR. For more details about +capabilities and what they can be used for please see +\&\*(L"\s-1CAPABILTIIES\*(R"\s0 in \fBprovider\-base\fR\|(7). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_PROVIDER_set_default_search_path()\fR, \fBOSSL_PROVIDER_add()\fR, +\&\fBOSSL_PROVIDER_unload()\fR, \fBOSSL_PROVIDER_get_params()\fR and +\&\fBOSSL_PROVIDER_get_capabilities()\fR return 1 on success, or 0 on error. +.PP +\&\fBOSSL_PROVIDER_load()\fR and \fBOSSL_PROVIDER_try_load()\fR return a pointer to a +provider object on success, or \s-1NULL\s0 on error. +.PP +\&\fBOSSL_PROVIDER_do_all()\fR returns 1 if the callback \fIcb\fR returns 1 for every +provider it is called with, or 0 if any provider callback invocation returns 0; +callback processing stops at the first callback invocation on a provider +that returns 0. +.PP +\&\fBOSSL_PROVIDER_available()\fR returns 1 if the named provider is available, +otherwise 0. +.PP +\&\fBOSSL_PROVIDER_gettable_params()\fR returns a pointer to an array +of constant \s-1\fBOSSL_PARAM\s0\fR\|(3), or \s-1NULL\s0 if none is provided. +.PP +\&\fBOSSL_PROVIDER_get_params()\fR and returns 1 on success, or 0 on error. +.PP +\&\fBOSSL_PROVIDER_query_operation()\fR returns an array of \s-1OSSL_ALGORITHM\s0 or \s-1NULL\s0 on +error. +.PP +\&\fBOSSL_PROVIDER_self_test()\fR returns 1 if the self tests pass, or 0 on error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This demonstrates how to load the provider module \*(L"foo\*(R" and ask for +its build information. +.PP +.Vb 3 +\& #include <openssl/params.h> +\& #include <openssl/provider.h> +\& #include <openssl/err.h> +\& +\& OSSL_PROVIDER *prov = NULL; +\& const char *build = NULL; +\& OSSL_PARAM request[] = { +\& { "buildinfo", OSSL_PARAM_UTF8_PTR, &build, 0, 0 }, +\& { NULL, 0, NULL, 0, 0 } +\& }; +\& +\& if ((prov = OSSL_PROVIDER_load(NULL, "foo")) != NULL +\& && OSSL_PROVIDER_get_params(prov, request)) +\& printf("Provider \*(Aqfoo\*(Aq buildinfo: %s\en", build); +\& else +\& ERR_print_errors_fp(stderr); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBopenssl\-core.h\fR\|(7), \s-1\fBOSSL_LIB_CTX\s0\fR\|(3), \fBprovider\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The type and functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_SELF_TEST_new.3 b/secure/lib/libcrypto/man/man3/OSSL_SELF_TEST_new.3 new file mode 100644 index 000000000000..0aa376f9b0ab --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_SELF_TEST_new.3 @@ -0,0 +1,289 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_SELF_TEST_NEW 3ossl" +.TH OSSL_SELF_TEST_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_SELF_TEST_new, +OSSL_SELF_TEST_free, +OSSL_SELF_TEST_onbegin, +OSSL_SELF_TEST_oncorrupt_byte, +OSSL_SELF_TEST_onend \- functionality to trigger a callback during a self test +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/self_test.h> +\& +\& OSSL_SELF_TEST *OSSL_SELF_TEST_new(OSSL_CALLBACK *cb, void *cbarg); +\& void OSSL_SELF_TEST_free(OSSL_SELF_TEST *st); +\& +\& void OSSL_SELF_TEST_onbegin(OSSL_SELF_TEST *st, const char *type, +\& const char *desc); +\& int OSSL_SELF_TEST_oncorrupt_byte(OSSL_SELF_TEST *st, unsigned char *bytes); +\& void OSSL_SELF_TEST_onend(OSSL_SELF_TEST *st, int ret); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These methods are intended for use by provider implementers, to display +diagnostic information during self testing. +.PP +\&\fBOSSL_SELF_TEST_new()\fR allocates an opaque \fB\s-1OSSL_SELF_TEST\s0\fR object that has a +callback and callback argument associated with it. +.PP +The callback \fIcb\fR may be triggered multiple times by a self test to indicate +different phases. +.PP +\&\fBOSSL_SELF_TEST_free()\fR frees the space allocated by \fBOSSL_SELF_TEST_new()\fR. +.PP +\&\fBOSSL_SELF_TEST_onbegin()\fR may be inserted at the start of a block of self test +code. It can be used for diagnostic purposes. +If this method is called the callback \fIcb\fR will receive the following +\&\s-1\fBOSSL_PARAM\s0\fR\|(3) object. +.ie n .IP """st-phase"" (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_PHASE\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``st-phase'' (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_PHASE\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "st-phase (OSSL_PROV_PARAM_SELF_TEST_PHASE) <UTF8 string>" +The value is the string \*(L"Start\*(R" +.PP +\&\fBOSSL_SELF_TEST_oncorrupt_byte()\fR may be inserted just after the known answer is +calculated, but before the self test compares the result. The first byte in the +passed in array of \fIbytes\fR will be corrupted if the callback returns 0, +otherwise it leaves the array unaltered. It can be used for failure testing. +The \fItype\fR and \fIdesc\fR can be used to identify an individual self test to +target for failure testing. +If this method is called the callback \fIcb\fR will receive the following +\&\s-1\fBOSSL_PARAM\s0\fR\|(3) object. +.ie n .IP """st-phase"" (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_PHASE\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``st-phase'' (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_PHASE\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "st-phase (OSSL_PROV_PARAM_SELF_TEST_PHASE) <UTF8 string>" +The value is the string \*(L"Corrupt\*(R" +.PP +\&\fBOSSL_SELF_TEST_onend()\fR may be inserted at the end of a block of self test code +just before cleanup to indicate if the test passed or failed. It can be used for +diagnostic purposes. +If this method is called the callback \fIcb\fR will receive the following +\&\s-1\fBOSSL_PARAM\s0\fR\|(3) object. +.ie n .IP """st-phase"" (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_PHASE\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``st-phase'' (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_PHASE\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "st-phase (OSSL_PROV_PARAM_SELF_TEST_PHASE) <UTF8 string>" +The value of the string is \*(L"Pass\*(R" if \fIret\fR is non zero, otherwise it has the +value \*(L"Fail\*(R". +.PP +After the callback \fIcb\fR has been called the values that were set by +\&\fBOSSL_SELF_TEST_onbegin()\fR for \fItype\fR and \fIdesc\fR are set to the value \*(L"None\*(R". +.PP +If \fBOSSL_SELF_TEST_onbegin()\fR, \fBOSSL_SELF_TEST_oncorrupt_byte()\fR or +\&\fBOSSL_SELF_TEST_onend()\fR is called the following additional \s-1\fBOSSL_PARAM\s0\fR\|(3) are +passed to the callback. +.ie n .IP """st-type"" (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``st-type'' (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "st-type (OSSL_PROV_PARAM_SELF_TEST_TYPE) <UTF8 string>" +The value is setup by the \fItype\fR passed to \fBOSSL_SELF_TEST_onbegin()\fR. +This allows the callback to identify the type of test being run. +.ie n .IP """st-desc"" (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_DESC\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``st-desc'' (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_DESC\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "st-desc (OSSL_PROV_PARAM_SELF_TEST_DESC) <UTF8 string>" +The value is setup by the \fItype\fR passed to \fBOSSL_SELF_TEST_onbegin()\fR. +This allows the callback to identify the sub category of the test being run. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_SELF_TEST_new()\fR returns the allocated \fB\s-1OSSL_SELF_TEST\s0\fR object, or \s-1NULL\s0 if +it fails. +.PP +\&\fBOSSL_SELF_TEST_oncorrupt_byte()\fR returns 1 if corruption occurs, otherwise it +returns 0. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +A single self test could be set up in the following way: +.PP +.Vb 8 +\& OSSL_SELF_TEST *st = NULL; +\& OSSL_CALLBACK *cb; +\& void *cbarg; +\& int ok = 0; +\& unsigned char out[EVP_MAX_MD_SIZE]; +\& unsigned int out_len = 0; +\& EVP_MD_CTX *ctx = EVP_MD_CTX_new(); +\& EVP_MD *md = EVP_MD_fetch(libctx, t\->algorithm, NULL); +\& +\& /* +\& * Retrieve the callback \- will be NULL if not set by the application via +\& * OSSL_SELF_TEST_set_callback(). +\& */ +\& OSSL_SELF_TEST_get_callback(libctx, &cb, &cbarg); +\& +\& st = OSSL_SELF_TEST_new(cb, cb_arg); +\& +\& /* Trigger the optional callback */ +\& OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_DIGEST, +\& OSSL_SELF_TEST_DESC_MD_SHA2); +\& +\& if (!EVP_DigestInit_ex(ctx, md, NULL) +\& || !EVP_DigestUpdate(ctx, pt, pt_len) +\& || !EVP_DigestFinal(ctx, out, &out_len)) +\& goto err; +\& +\& /* Optional corruption \- If the application callback returns 0 */ +\& OSSL_SELF_TEST_oncorrupt_byte(st, out); +\& +\& if (out_len != t\->expected_len +\& || memcmp(out, t\->expected, out_len) != 0) +\& goto err; +\& ok = 1; +\& err: +\& OSSL_SELF_TEST_onend(st, ok); +\& EVP_MD_free(md); +\& EVP_MD_CTX_free(ctx); +.Ve +.PP +Multiple self test's can be set up in a similar way by repeating the pattern of +\&\fBOSSL_SELF_TEST_onbegin()\fR, \fBOSSL_SELF_TEST_oncorrupt_byte()\fR, \fBOSSL_SELF_TEST_onend()\fR +for each test. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOSSL_SELF_TEST_set_callback\fR\|(3), +\&\fBopenssl\-core.h\fR\|(7), +\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_SELF_TEST_set_callback.3 b/secure/lib/libcrypto/man/man3/OSSL_SELF_TEST_set_callback.3 new file mode 100644 index 000000000000..4ed98d3403cb --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_SELF_TEST_set_callback.3 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_SELF_TEST_SET_CALLBACK 3ossl" +.TH OSSL_SELF_TEST_SET_CALLBACK 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_SELF_TEST_set_callback, +OSSL_SELF_TEST_get_callback \- specify a callback for processing self tests +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/self_test.h> +\& +\& void OSSL_SELF_TEST_set_callback(OSSL_LIB_CTX *ctx, OSSL_CALLBACK *cb, void *cbarg); +\& void OSSL_SELF_TEST_get_callback(OSSL_LIB_CTX *ctx, OSSL_CALLBACK **cb, void **cbarg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Set or gets the optional application callback (and the callback argument) that +is called during self testing. +The application callback \s-1\fBOSSL_CALLBACK\s0\fR\|(3) is associated with a \fB\s-1OSSL_LIB_CTX\s0\fR. +The application callback function receives information about a running self test, +and may return a result to the calling self test. +See \fBopenssl\-core.h\fR\|(7) for further information on the callback. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_SELF_TEST_get_callback()\fR returns the callback and callback argument that +has been set via \fBOSSL_SELF_TEST_set_callback()\fR for the given library context +\&\fIctx\fR. +These returned parameters will be \s-1NULL\s0 if \fBOSSL_SELF_TEST_set_callback()\fR has +not been called. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBopenssl\-core.h\fR\|(7), +\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7) +\&\fBOSSL_SELF_TEST_new\fR\|(3) +\&\s-1\fBOSSL_LIB_CTX\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_STORE_INFO.3 b/secure/lib/libcrypto/man/man3/OSSL_STORE_INFO.3 index 124b4a0ca576..c3c147e6ace0 100644 --- a/secure/lib/libcrypto/man/man3/OSSL_STORE_INFO.3 +++ b/secure/lib/libcrypto/man/man3/OSSL_STORE_INFO.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,26 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "OSSL_STORE_INFO 3" -.TH OSSL_STORE_INFO 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "OSSL_STORE_INFO 3ossl" +.TH OSSL_STORE_INFO 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -OSSL_STORE_INFO, OSSL_STORE_INFO_get_type, OSSL_STORE_INFO_get0_NAME, OSSL_STORE_INFO_get0_NAME_description, OSSL_STORE_INFO_get0_PARAMS, OSSL_STORE_INFO_get0_PKEY, OSSL_STORE_INFO_get0_CERT, OSSL_STORE_INFO_get0_CRL, OSSL_STORE_INFO_get1_NAME, OSSL_STORE_INFO_get1_NAME_description, OSSL_STORE_INFO_get1_PARAMS, OSSL_STORE_INFO_get1_PKEY, OSSL_STORE_INFO_get1_CERT, OSSL_STORE_INFO_get1_CRL, OSSL_STORE_INFO_type_string, OSSL_STORE_INFO_free, OSSL_STORE_INFO_new_NAME, OSSL_STORE_INFO_set0_NAME_description, OSSL_STORE_INFO_new_PARAMS, OSSL_STORE_INFO_new_PKEY, OSSL_STORE_INFO_new_CERT, OSSL_STORE_INFO_new_CRL \- Functions to manipulate OSSL_STORE_INFO objects +OSSL_STORE_INFO, OSSL_STORE_INFO_get_type, OSSL_STORE_INFO_get0_NAME, +OSSL_STORE_INFO_get0_NAME_description, +OSSL_STORE_INFO_get0_PARAMS, OSSL_STORE_INFO_get0_PUBKEY, +OSSL_STORE_INFO_get0_PKEY, OSSL_STORE_INFO_get0_CERT, OSSL_STORE_INFO_get0_CRL, +OSSL_STORE_INFO_get1_NAME, OSSL_STORE_INFO_get1_NAME_description, +OSSL_STORE_INFO_get1_PARAMS, OSSL_STORE_INFO_get1_PUBKEY, +OSSL_STORE_INFO_get1_PKEY, OSSL_STORE_INFO_get1_CERT, OSSL_STORE_INFO_get1_CRL, +OSSL_STORE_INFO_type_string, OSSL_STORE_INFO_free, +OSSL_STORE_INFO_new_NAME, OSSL_STORE_INFO_set0_NAME_description, +OSSL_STORE_INFO_new_PARAMS, OSSL_STORE_INFO_new_PUBKEY, +OSSL_STORE_INFO_new_PKEY, OSSL_STORE_INFO_new_CERT, OSSL_STORE_INFO_new_CRL, +OSSL_STORE_INFO_new, OSSL_STORE_INFO_get0_data +\&\- Functions to manipulate OSSL_STORE_INFO objects .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -155,6 +165,8 @@ OSSL_STORE_INFO, OSSL_STORE_INFO_get_type, OSSL_STORE_INFO_get0_NAME, OSSL_STORE \& char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *store_info); \& EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *store_info); \& EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *store_info); +\& EVP_PKEY *OSSL_STORE_INFO_get0_PUBKEY(const OSSL_STORE_INFO *info); +\& EVP_PKEY *OSSL_STORE_INFO_get1_PUBKEY(const OSSL_STORE_INFO *info); \& EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *store_info); \& EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *store_info); \& X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *store_info); @@ -169,9 +181,13 @@ OSSL_STORE_INFO, OSSL_STORE_INFO_get_type, OSSL_STORE_INFO_get0_NAME, OSSL_STORE \& OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name); \& int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc); \& OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(DSA *dsa_params); +\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_PUBKEY(EVP_PKEY *pubkey); \& OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey); \& OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509); \& OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl); +\& +\& OSSL_STORE_INFO *OSSL_STORE_INFO_new(int type, void *data); +\& void *OSSL_STORE_INFO_get0_data(int type, const OSSL_STORE_INFO *info); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -181,50 +197,68 @@ loaders to create \fB\s-1OSSL_STORE_INFO\s0\fR holders. .SS "Types" .IX Subsection "Types" \&\fB\s-1OSSL_STORE_INFO\s0\fR is an opaque type that's just an intermediary holder for -the objects that have been retrieved by \fBOSSL_STORE_load()\fR and similar -functions. +the objects that have been retrieved by \fBOSSL_STORE_load()\fR and similar functions. Supported OpenSSL type object can be extracted using one of -\&\fBSTORE_INFO_get0_TYPE()\fR. +STORE_INFO_get0_<\s-1TYPE\s0>() where <\s-1TYPE\s0> can be \s-1NAME, PARAMS, PKEY, CERT,\s0 or \s-1CRL.\s0 The life time of this extracted object is as long as the life time of the \fB\s-1OSSL_STORE_INFO\s0\fR it was extracted from, so care should be taken not to free the latter too early. -As an alternative, \fBSTORE_INFO_get1_TYPE()\fR extracts a duplicate (or the +As an alternative, STORE_INFO_get1_<\s-1TYPE\s0>() extracts a duplicate (or the same object with its reference count increased), which can be used after the containing \fB\s-1OSSL_STORE_INFO\s0\fR has been freed. -The object returned by \fBSTORE_INFO_get1_TYPE()\fR must be freed separately +The object returned by STORE_INFO_get1_<\s-1TYPE\s0>() must be freed separately by the caller. -See \*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 for more information on the types that are -supported. +See \*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 for more information on the types that are supported. .SS "Functions" .IX Subsection "Functions" \&\fBOSSL_STORE_INFO_get_type()\fR takes a \fB\s-1OSSL_STORE_INFO\s0\fR and returns the \s-1STORE\s0 type number for the object inside. +.PP \&\fBSTORE_INFO_get_type_string()\fR takes a \s-1STORE\s0 type number and returns a short string describing it. .PP \&\fBOSSL_STORE_INFO_get0_NAME()\fR, \fBOSSL_STORE_INFO_get0_NAME_description()\fR, -\&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR, -\&\fBOSSL_STORE_INFO_get0_CERT()\fR and \fBOSSL_STORE_INFO_get0_CRL()\fR all take a -\&\fB\s-1OSSL_STORE_INFO\s0\fR and return the held object of the appropriate OpenSSL -type provided that's what's held. +\&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PUBKEY()\fR, +\&\fBOSSL_STORE_INFO_get0_PKEY()\fR, \fBOSSL_STORE_INFO_get0_CERT()\fR, +\&\fBOSSL_STORE_INFO_get0_CRL()\fR +all take a \fB\s-1OSSL_STORE_INFO\s0\fR and return the object it holds if the +\&\fB\s-1OSSL_STORE_INFO\s0\fR type (as returned by \fBOSSL_STORE_INFO_get_type()\fR) +matches the function, otherwise \s-1NULL.\s0 .PP \&\fBOSSL_STORE_INFO_get1_NAME()\fR, \fBOSSL_STORE_INFO_get1_NAME_description()\fR, -\&\fBOSSL_STORE_INFO_get1_PARAMS()\fR, \fBOSSL_STORE_INFO_get1_PKEY()\fR, -\&\fBOSSL_STORE_INFO_get1_CERT()\fR and \fBOSSL_STORE_INFO_get1_CRL()\fR all take a -\&\fB\s-1OSSL_STORE_INFO\s0\fR and return a duplicate of the held object of the -appropriate OpenSSL type provided that's what's held. +\&\fBOSSL_STORE_INFO_get1_PARAMS()\fR, \fBOSSL_STORE_INFO_get1_PUBKEY()\fR, +\&\fBOSSL_STORE_INFO_get1_PKEY()\fR, \fBOSSL_STORE_INFO_get1_CERT()\fR and +\&\fBOSSL_STORE_INFO_get1_CRL()\fR +all take a \fB\s-1OSSL_STORE_INFO\s0\fR and return a duplicate the object it +holds if the \fB\s-1OSSL_STORE_INFO\s0\fR type (as returned by +\&\fBOSSL_STORE_INFO_get_type()\fR) matches the function, otherwise \s-1NULL.\s0 .PP \&\fBOSSL_STORE_INFO_free()\fR frees a \fB\s-1OSSL_STORE_INFO\s0\fR and its contained type. .PP \&\fBOSSL_STORE_INFO_new_NAME()\fR , \fBOSSL_STORE_INFO_new_PARAMS()\fR, -\&\fBOSSL_STORE_INFO_new_PKEY()\fR, \fBOSSL_STORE_INFO_new_CERT()\fR and -\&\fBOSSL_STORE_INFO_new_CRL()\fR create a \fB\s-1OSSL_STORE_INFO\s0\fR -object to hold the given input object. -Additionally, for \fB\s-1OSSL_STORE_INFO_NAME\s0\fR` objects, +, \fBOSSL_STORE_INFO_new_PUBKEY()\fR, \fBOSSL_STORE_INFO_new_PKEY()\fR, +\&\fBOSSL_STORE_INFO_new_CERT()\fR and \fBOSSL_STORE_INFO_new_CRL()\fR +create a \fB\s-1OSSL_STORE_INFO\s0\fR object to hold the given input object. +On success the input object is consumed. +.PP +Additionally, for \fB\s-1OSSL_STORE_INFO_NAME\s0\fR objects, \&\fBOSSL_STORE_INFO_set0_NAME_description()\fR can be used to add an extra description. This description is meant to be human readable and should be used for information printout. +.PP +\&\fBOSSL_STORE_INFO_new()\fR creates a \fB\s-1OSSL_STORE_INFO\s0\fR with an arbitrary \fItype\fR +number and \fIdata\fR structure. It's the responsibility of the caller to +define type numbers other than the ones defined by \fI<openssl/store.h>\fR, +and to handle freeing the associated data structure on their own. +\&\fIUsing type numbers that are defined by \fI<openssl/store.h>\fI may cause +undefined behaviours, including crashes\fR. +.PP +\&\fBOSSL_STORE_INFO_get0_data()\fR returns the data pointer that was passed to +\&\fBOSSL_STORE_INFO_new()\fR if \fItype\fR matches the type number in \fIinfo\fR. +.PP +\&\fBOSSL_STORE_INFO_new()\fR and \fBOSSL_STORE_INFO_get0_data()\fR may be useful for +applications that define their own \s-1STORE\s0 data, but must be used with care. .SH "SUPPORTED OBJECTS" .IX Header "SUPPORTED OBJECTS" Currently supported object types are: @@ -259,7 +293,10 @@ extra description may be attached as well. Key parameters. .IP "\s-1OSSL_STORE_INFO_PKEY\s0" 4 .IX Item "OSSL_STORE_INFO_PKEY" -A private/public key of some sort. +A keypair or just a private key (possibly with key parameters). +.IP "\s-1OSSL_STORE_INFO_PUBKEY\s0" 4 +.IX Item "OSSL_STORE_INFO_PUBKEY" +A public key (possibly with key parameters). .IP "\s-1OSSL_STORE_INFO_CERT\s0" 4 .IX Item "OSSL_STORE_INFO_CERT" An X.509 certificate. @@ -277,18 +314,18 @@ There is no error value. \&\fBOSSL_STORE_INFO_get0_CERT()\fR and \fBOSSL_STORE_INFO_get0_CRL()\fR all return a pointer to the OpenSSL object on success, \s-1NULL\s0 otherwise. .PP -\&\fBOSSL_STORE_INFO_get0_NAME()\fR, \fBOSSL_STORE_INFO_get0_NAME_description()\fR, -\&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR, -\&\fBOSSL_STORE_INFO_get0_CERT()\fR and \fBOSSL_STORE_INFO_get0_CRL()\fR all return +\&\fBOSSL_STORE_INFO_get1_NAME()\fR, \fBOSSL_STORE_INFO_get1_NAME_description()\fR, +\&\fBOSSL_STORE_INFO_get1_PARAMS()\fR, \fBOSSL_STORE_INFO_get1_PKEY()\fR, +\&\fBOSSL_STORE_INFO_get1_CERT()\fR and \fBOSSL_STORE_INFO_get1_CRL()\fR all return a pointer to a duplicate of the OpenSSL object on success, \s-1NULL\s0 otherwise. .PP -\&\fBOSSL_STORE_INFO_type_string()\fR returns a string on success, or \fB\s-1NULL\s0\fR on +\&\fBOSSL_STORE_INFO_type_string()\fR returns a string on success, or \s-1NULL\s0 on failure. .PP \&\fBOSSL_STORE_INFO_new_NAME()\fR, \fBOSSL_STORE_INFO_new_PARAMS()\fR, \&\fBOSSL_STORE_INFO_new_PKEY()\fR, \fBOSSL_STORE_INFO_new_CERT()\fR and \&\fBOSSL_STORE_INFO_new_CRL()\fR return a \fB\s-1OSSL_STORE_INFO\s0\fR -pointer on success, or \fB\s-1NULL\s0\fR on failure. +pointer on success, or \s-1NULL\s0 on failure. .PP \&\fBOSSL_STORE_INFO_set0_NAME_description()\fR returns 1 on success, or 0 on failure. @@ -297,18 +334,14 @@ failure. \&\fBossl_store\fR\|(7), \fBOSSL_STORE_open\fR\|(3), \fBOSSL_STORE_register_loader\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\s-1\fBOSSL_STORE_INFO\s0()\fR, \fBOSSL_STORE_INFO_get_type()\fR, \fBOSSL_STORE_INFO_get0_NAME()\fR, -\&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR, -\&\fBOSSL_STORE_INFO_get0_CERT()\fR, \fBOSSL_STORE_INFO_get0_CRL()\fR, -\&\fBOSSL_STORE_INFO_type_string()\fR, \fBOSSL_STORE_INFO_free()\fR, \fBOSSL_STORE_INFO_new_NAME()\fR, -\&\fBOSSL_STORE_INFO_new_PARAMS()\fR, \fBOSSL_STORE_INFO_new_PKEY()\fR, -\&\fBOSSL_STORE_INFO_new_CERT()\fR and \fBOSSL_STORE_INFO_new_CRL()\fR -were added in OpenSSL 1.1.1. +The \s-1OSSL_STORE API\s0 was added in OpenSSL 1.1.1. +.PP +The \s-1OSSL_STORE_INFO_PUBKEY\s0 object type was added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_STORE_LOADER.3 b/secure/lib/libcrypto/man/man3/OSSL_STORE_LOADER.3 index 3b3aaedc8da6..ee48211472ea 100644 --- a/secure/lib/libcrypto/man/man3/OSSL_STORE_LOADER.3 +++ b/secure/lib/libcrypto/man/man3/OSSL_STORE_LOADER.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,37 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "OSSL_STORE_LOADER 3" -.TH OSSL_STORE_LOADER 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "OSSL_STORE_LOADER 3ossl" +.TH OSSL_STORE_LOADER 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -OSSL_STORE_LOADER, OSSL_STORE_LOADER_CTX, OSSL_STORE_LOADER_new, OSSL_STORE_LOADER_get0_engine, OSSL_STORE_LOADER_get0_scheme, OSSL_STORE_LOADER_set_open, OSSL_STORE_LOADER_set_ctrl, OSSL_STORE_LOADER_set_expect, OSSL_STORE_LOADER_set_find, OSSL_STORE_LOADER_set_load, OSSL_STORE_LOADER_set_eof, OSSL_STORE_LOADER_set_error, OSSL_STORE_LOADER_set_close, OSSL_STORE_LOADER_free, OSSL_STORE_register_loader, OSSL_STORE_unregister_loader, OSSL_STORE_open_fn, OSSL_STORE_ctrl_fn, OSSL_STORE_expect_fn, OSSL_STORE_find_fn, OSSL_STORE_load_fn, OSSL_STORE_eof_fn, OSSL_STORE_error_fn, OSSL_STORE_close_fn \- Types and functions to manipulate, register and unregister STORE loaders for different URI schemes +OSSL_STORE_LOADER, +OSSL_STORE_LOADER_fetch, +OSSL_STORE_LOADER_up_ref, +OSSL_STORE_LOADER_free, +OSSL_STORE_LOADER_get0_provider, +OSSL_STORE_LOADER_get0_properties, +OSSL_STORE_LOADER_is_a, +OSSL_STORE_LOADER_get0_description, +OSSL_STORE_LOADER_do_all_provided, +OSSL_STORE_LOADER_names_do_all, +OSSL_STORE_LOADER_CTX, OSSL_STORE_LOADER_new, +OSSL_STORE_LOADER_get0_engine, OSSL_STORE_LOADER_get0_scheme, +OSSL_STORE_LOADER_set_open, OSSL_STORE_LOADER_set_open_ex, +OSSL_STORE_LOADER_set_attach, OSSL_STORE_LOADER_set_ctrl, +OSSL_STORE_LOADER_set_expect, OSSL_STORE_LOADER_set_find, +OSSL_STORE_LOADER_set_load, OSSL_STORE_LOADER_set_eof, +OSSL_STORE_LOADER_set_error, OSSL_STORE_LOADER_set_close, +OSSL_STORE_register_loader, OSSL_STORE_unregister_loader, +OSSL_STORE_open_fn, OSSL_STORE_open_ex_fn, +OSSL_STORE_attach_fn, OSSL_STORE_ctrl_fn, +OSSL_STORE_expect_fn, OSSL_STORE_find_fn, +OSSL_STORE_load_fn, OSSL_STORE_eof_fn, OSSL_STORE_error_fn, +OSSL_STORE_close_fn \- Types and functions to manipulate, register and +unregister STORE loaders for different URI schemes .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -147,6 +168,31 @@ OSSL_STORE_LOADER, OSSL_STORE_LOADER_CTX, OSSL_STORE_LOADER_new, OSSL_STORE_LOAD \& \& typedef struct ossl_store_loader_st OSSL_STORE_LOADER; \& +\& OSSL_STORE_LOADER *OSSL_STORE_LOADER_fetch(OSSL_LIB_CTX *libctx, +\& const char *scheme, +\& const char *properties); +\& int OSSL_STORE_LOADER_up_ref(OSSL_STORE_LOADER *loader); +\& void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader); +\& const OSSL_PROVIDER *OSSL_STORE_LOADER_get0_provider(const OSSL_STORE_LOADER * +\& loader); +\& const char *OSSL_STORE_LOADER_get0_properties(const OSSL_STORE_LOADER *loader); +\& const char *OSSL_STORE_LOADER_get0_description(const OSSL_STORE_LOADER *loader); +\& int OSSL_STORE_LOADER_is_a(const OSSL_STORE_LOADER *loader, +\& const char *scheme); +\& void OSSL_STORE_LOADER_do_all_provided(OSSL_LIB_CTX *libctx, +\& void (*user_fn)(OSSL_STORE_LOADER *loader, +\& void *arg), +\& void *user_arg); +\& int OSSL_STORE_LOADER_names_do_all(const OSSL_STORE_LOADER *loader, +\& void (*fn)(const char *name, void *data), +\& void *data); +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 5 \& OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme); \& const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER \& *store_loader); @@ -156,11 +202,21 @@ OSSL_STORE_LOADER, OSSL_STORE_LOADER_CTX, OSSL_STORE_LOADER_new, OSSL_STORE_LOAD \& /* struct ossl_store_loader_ctx_st is defined differently by each loader */ \& typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX; \& -\& typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const char *uri, -\& const UI_METHOD *ui_method, -\& void *ui_data); +\& typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)( +\& const char *uri, const UI_METHOD *ui_method, void *ui_data); \& int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *store_loader, \& OSSL_STORE_open_fn store_open_function); +\& typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_ex_fn)( +\& const char *uri, const UI_METHOD *ui_method, void *ui_data); +\& int OSSL_STORE_LOADER_set_open_ex +\& (OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_open_ex_fn store_open_ex_function); +\& typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_attach_fn) +\& (const OSSL_STORE_LOADER *loader, BIO *bio, +\& OSSL_LIB_CTX *libctx, const char *propq, +\& const UI_METHOD *ui_method, void *ui_data); +\& int OSSL_STORE_LOADER_set_attach(OSSL_STORE_LOADER *loader, +\& OSSL_STORE_attach_fn attach_function); \& typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd, \& va_list args); \& int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *store_loader, @@ -193,37 +249,79 @@ OSSL_STORE_LOADER, OSSL_STORE_LOADER_CTX, OSSL_STORE_LOADER_new, OSSL_STORE_LOAD .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +\&\fB\s-1OSSL_STORE_LOADER\s0\fR is a method for \s-1OSSL_STORE\s0 loaders, which implement +\&\fBOSSL_STORE_open()\fR, \fBOSSL_STORE_open_ex()\fR, \fBOSSL_STORE_load()\fR, +\&\fBOSSL_STORE_eof()\fR, \fBOSSL_STORE_error()\fR and \fBOSSL_STORE_close()\fR for specific +storage schemes. +.PP +\&\fBOSSL_STORE_LOADER_fetch()\fR looks for an implementation for a storage +\&\fIscheme\fR within the providers that has been loaded into the \fB\s-1OSSL_LIB_CTX\s0\fR +given by \fIlibctx\fR, and with the properties given by \fIproperties\fR. +.PP +\&\fBOSSL_STORE_LOADER_up_ref()\fR increments the reference count for the given +\&\fIloader\fR. +.PP +\&\fBOSSL_STORE_LOADER_free()\fR decrements the reference count for the given +\&\fIloader\fR, and when the count reaches zero, frees it. +.PP +\&\fBOSSL_STORE_LOADER_get0_provider()\fR returns the provider of the given +\&\fIloader\fR. +.PP +\&\fBOSSL_STORE_LOADER_get0_properties()\fR returns the property definition associated +with the given \fIloader\fR. +.PP +\&\fBOSSL_STORE_LOADER_is_a()\fR checks if \fIloader\fR is an implementation +of an algorithm that's identifiable with \fIscheme\fR. +.PP +\&\fBOSSL_STORE_LOADER_get0_description()\fR returns a description of the \fIloader\fR, meant +for display and human consumption. The description is at the discretion of the +\&\fIloader\fR implementation. +.PP +\&\fBOSSL_STORE_LOADER_do_all_provided()\fR traverses all store implementations +by all activated providers in the library context \fIlibctx\fR, and for each +of the implementations, calls \fIuser_fn\fR with the implementation method and +\&\fIuser_arg\fR as arguments. +.PP +\&\fBOSSL_STORE_LOADER_names_do_all()\fR traverses all names for the given +\&\fIloader\fR, and calls \fIfn\fR with each name and \fIdata\fR. +.SS "Legacy Types and Functions (deprecated)" +.IX Subsection "Legacy Types and Functions (deprecated)" These functions help applications and engines to create loaders for -schemes they support. -.SS "Types" -.IX Subsection "Types" -\&\fB\s-1OSSL_STORE_LOADER\s0\fR is the type to hold a loader. -It contains a scheme and the functions needed to implement -\&\fBOSSL_STORE_open()\fR, \fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR, \fBOSSL_STORE_error()\fR and -\&\fBOSSL_STORE_close()\fR for this scheme. +schemes they support. These are all deprecated and discouraged in favour of +provider implementations, see \fBprovider\-storemgmt\fR\|(7). .PP \&\fB\s-1OSSL_STORE_LOADER_CTX\s0\fR is a type template, to be defined by each loader -using \fBstruct ossl_store_loader_ctx_st { ... }\fR. +using \f(CW\*(C`struct ossl_store_loader_ctx_st { ... }\*(C'\fR. .PP -\&\fBOSSL_STORE_open_fn\fR, \fBOSSL_STORE_ctrl_fn\fR, \fBOSSL_STORE_expect_fn\fR, -\&\fBOSSL_STORE_find_fn\fR, \fBOSSL_STORE_load_fn\fR, \fBOSSL_STORE_eof_fn\fR, -and \fBOSSL_STORE_close_fn\fR +\&\fBOSSL_STORE_open_fn\fR, \fBOSSL_STORE_open_ex_fn\fR, +\&\fBOSSL_STORE_ctrl_fn\fR, \fBOSSL_STORE_expect_fn\fR, \fBOSSL_STORE_find_fn\fR, +\&\fBOSSL_STORE_load_fn\fR, \fBOSSL_STORE_eof_fn\fR, and \fBOSSL_STORE_close_fn\fR are the function pointer types used within a \s-1STORE\s0 loader. The functions pointed at define the functionality of the given loader. -.IP "\fBOSSL_STORE_open_fn\fR" 4 -.IX Item "OSSL_STORE_open_fn" -This function takes a \s-1URI\s0 and is expected to interpret it in the best -manner possible according to the scheme the loader implements, it also -takes a \fB\s-1UI_METHOD\s0\fR and associated data, to be used any time -something needs to be prompted for. +.IP "\fBOSSL_STORE_open_fn\fR and \fBOSSL_STORE_open_ex_fn\fR" 4 +.IX Item "OSSL_STORE_open_fn and OSSL_STORE_open_ex_fn" +\&\fBOSSL_STORE_open_ex_fn\fR takes a \s-1URI\s0 and is expected to +interpret it in the best manner possible according to the scheme the +loader implements. It also takes a \fB\s-1UI_METHOD\s0\fR and associated data, +to be used any time something needs to be prompted for, as well as a +library context \fIlibctx\fR with an associated property query \fIpropq\fR, +to be used when fetching necessary algorithms to perform the loads. Furthermore, this function is expected to initialize what needs to be -initialized, to create a private data store (\fB\s-1OSSL_STORE_LOADER_CTX\s0\fR, see -above), and to return it. +initialized, to create a private data store (\fB\s-1OSSL_STORE_LOADER_CTX\s0\fR, +see above), and to return it. If something goes wrong, this function is expected to return \s-1NULL.\s0 +.Sp +\&\fBOSSL_STORE_open_fn\fR does the same thing as +\&\fBOSSL_STORE_open_ex_fn\fR but uses \s-1NULL\s0 for the library +context \fIlibctx\fR and property query \fIpropq\fR. +.IP "\fBOSSL_STORE_attach_fn\fR" 4 +.IX Item "OSSL_STORE_attach_fn" +This function takes a \fB\s-1BIO\s0\fR, otherwise works like +\&\fBOSSL_STORE_open_ex_fn\fR. .IP "\fBOSSL_STORE_ctrl_fn\fR" 4 .IX Item "OSSL_STORE_ctrl_fn" This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer, a command number -\&\fBcmd\fR and a \fBva_list\fR \fBargs\fR and is used to manipulate loader +\&\fIcmd\fR and a \fBva_list\fR \fIargs\fR and is used to manipulate loader specific parameters. .Sp Loader specific command numbers must begin at \fB\s-1OSSL_STORE_C_CUSTOM_START\s0\fR. @@ -234,9 +332,9 @@ This function is expected to return 1 on success, 0 on error. .IP "\fBOSSL_STORE_expect_fn\fR" 4 .IX Item "OSSL_STORE_expect_fn" This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and a \fB\s-1OSSL_STORE_INFO\s0\fR -identity \fBexpected\fR, and is used to tell the loader what object type is +identity \fIexpected\fR, and is used to tell the loader what object type is expected. -\&\fBexpected\fR may be zero to signify that no specific object type is expected. +\&\fIexpected\fR may be zero to signify that no specific object type is expected. .Sp This function is expected to return 1 on success, 0 on error. .IP "\fBOSSL_STORE_find_fn\fR" 4 @@ -245,10 +343,10 @@ This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and a \&\fB\s-1OSSL_STORE_SEARCH\s0\fR search criterion, and is used to tell the loader what to search for. .Sp -When called with the loader context being \fB\s-1NULL\s0\fR, this function is expected +When called with the loader context being \s-1NULL,\s0 this function is expected to return 1 if the loader supports the criterion, otherwise 0. .Sp -When called with the loader context being something other than \fB\s-1NULL\s0\fR, this +When called with the loader context being something other than \s-1NULL,\s0 this function is expected to return 1 on success, 0 on error. .IP "\fBOSSL_STORE_load_fn\fR" 4 .IX Item "OSSL_STORE_load_fn" @@ -280,83 +378,123 @@ This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and is expected close or shut down what needs to be closed, and finally free the contents of the \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer. It returns 1 on success and 0 on error. -.SS "Functions" -.IX Subsection "Functions" +.PP \&\fBOSSL_STORE_LOADER_new()\fR creates a new \fB\s-1OSSL_STORE_LOADER\s0\fR. -It takes an \fB\s-1ENGINE\s0\fR \fBe\fR and a string \fBscheme\fR. -\&\fBscheme\fR must \fIalways\fR be set. -Both \fBe\fR and \fBscheme\fR are used as is and must therefore be alive as +It takes an \fB\s-1ENGINE\s0\fR \fIe\fR and a string \fIscheme\fR. +\&\fIscheme\fR must \fIalways\fR be set. +Both \fIe\fR and \fIscheme\fR are used as is and must therefore be alive as long as the created loader is. .PP -\&\fBOSSL_STORE_LOADER_get0_engine()\fR returns the engine of the \fBstore_loader\fR. -\&\fBOSSL_STORE_LOADER_get0_scheme()\fR returns the scheme of the \fBstore_loader\fR. +\&\fBOSSL_STORE_LOADER_get0_engine()\fR returns the engine of the \fIstore_loader\fR. +\&\fBOSSL_STORE_LOADER_get0_scheme()\fR returns the scheme of the \fIstore_loader\fR. .PP \&\fBOSSL_STORE_LOADER_set_open()\fR sets the opener function for the -\&\fBstore_loader\fR. +\&\fIstore_loader\fR. +.PP +\&\fBOSSL_STORE_LOADER_set_open_ex()\fR sets the opener with library context +function for the \fIstore_loader\fR. +.PP +\&\fBOSSL_STORE_LOADER_set_attach()\fR sets the attacher function for the +\&\fIstore_loader\fR. .PP \&\fBOSSL_STORE_LOADER_set_ctrl()\fR sets the control function for the -\&\fBstore_loader\fR. +\&\fIstore_loader\fR. .PP \&\fBOSSL_STORE_LOADER_set_expect()\fR sets the expect function for the -\&\fBstore_loader\fR. +\&\fIstore_loader\fR. .PP \&\fBOSSL_STORE_LOADER_set_load()\fR sets the loader function for the -\&\fBstore_loader\fR. +\&\fIstore_loader\fR. .PP \&\fBOSSL_STORE_LOADER_set_eof()\fR sets the end of file checker function for the -\&\fBstore_loader\fR. +\&\fIstore_loader\fR. .PP \&\fBOSSL_STORE_LOADER_set_close()\fR sets the closing function for the -\&\fBstore_loader\fR. +\&\fIstore_loader\fR. .PP -\&\fBOSSL_STORE_LOADER_free()\fR frees the given \fBstore_loader\fR. +\&\fBOSSL_STORE_LOADER_free()\fR frees the given \fIstore_loader\fR. .PP -\&\fBOSSL_STORE_register_loader()\fR register the given \fBstore_loader\fR and thereby -makes it available for use with \fBOSSL_STORE_open()\fR, \fBOSSL_STORE_load()\fR, -\&\fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR. +\&\fBOSSL_STORE_register_loader()\fR register the given \fIstore_loader\fR and +thereby makes it available for use with \fBOSSL_STORE_open()\fR, +\&\fBOSSL_STORE_open_ex()\fR, \fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR +and \fBOSSL_STORE_close()\fR. .PP \&\fBOSSL_STORE_unregister_loader()\fR unregister the store loader for the given -\&\fBscheme\fR. -.SH "NOTES" -.IX Header "NOTES" -The \fBfile:\fR scheme has built in support. +\&\fIscheme\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The functions with the types \fBOSSL_STORE_open_fn\fR, \fBOSSL_STORE_ctrl_fn\fR, -\&\fBOSSL_STORE_expect_fn\fR, -\&\fBOSSL_STORE_load_fn\fR, \fBOSSL_STORE_eof_fn\fR and \fBOSSL_STORE_close_fn\fR have the -same return values as \fBOSSL_STORE_open()\fR, \fBOSSL_STORE_ctrl()\fR, \fBOSSL_STORE_expect()\fR, +\&\fBOSSL_STORE_LOADER_fetch()\fR returns a pointer to an \s-1OSSL_STORE_LOADER\s0 object, +or \s-1NULL\s0 on error. +.PP +\&\fBOSSL_STORE_LOADER_up_ref()\fR returns 1 on success, or 0 on error. +.PP +\&\fBOSSL_STORE_LOADER_names_do_all()\fR returns 1 if the callback was called for all +names. A return value of 0 means that the callback was not called for any names. +.PP +\&\fBOSSL_STORE_LOADER_free()\fR doesn't return any value. +.PP +\&\fBOSSL_STORE_LOADER_get0_provider()\fR returns a pointer to a provider object, or +\&\s-1NULL\s0 on error. +.PP +\&\fBOSSL_STORE_LOADER_get0_properties()\fR returns a pointer to a property +definition string, or \s-1NULL\s0 on error. +.PP +\&\fBOSSL_STORE_LOADER_is_a()\fR returns 1 if \fIloader\fR was identifiable, +otherwise 0. +.PP +\&\fBOSSL_STORE_LOADER_get0_description()\fR returns a pointer to a description, or \s-1NULL\s0 if +there isn't one. +.PP +The functions with the types \fBOSSL_STORE_open_fn\fR, +\&\fBOSSL_STORE_open_ex_fn\fR, \fBOSSL_STORE_ctrl_fn\fR, +\&\fBOSSL_STORE_expect_fn\fR, \fBOSSL_STORE_load_fn\fR, \fBOSSL_STORE_eof_fn\fR +and \fBOSSL_STORE_close_fn\fR have the same return values as \fBOSSL_STORE_open()\fR, +\&\fBOSSL_STORE_open_ex()\fR, \fBOSSL_STORE_ctrl()\fR, \fBOSSL_STORE_expect()\fR, \&\fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR, respectively. .PP \&\fBOSSL_STORE_LOADER_new()\fR returns a pointer to a \fB\s-1OSSL_STORE_LOADER\s0\fR on success, -or \fB\s-1NULL\s0\fR on failure. +or \s-1NULL\s0 on failure. .PP -\&\fBOSSL_STORE_LOADER_set_open()\fR, \fBOSSL_STORE_LOADER_set_ctrl()\fR, -\&\fBOSSL_STORE_LOADER_set_load()\fR, \fBOSSL_STORE_LOADER_set_eof()\fR and -\&\fBOSSL_STORE_LOADER_set_close()\fR return 1 on success, or 0 on failure. +\&\fBOSSL_STORE_LOADER_set_open()\fR, \fBOSSL_STORE_LOADER_set_open_ex()\fR, +\&\fBOSSL_STORE_LOADER_set_ctrl()\fR, \fBOSSL_STORE_LOADER_set_load()\fR, +\&\fBOSSL_STORE_LOADER_set_eof()\fR and \fBOSSL_STORE_LOADER_set_close()\fR return 1 +on success, or 0 on failure. .PP \&\fBOSSL_STORE_register_loader()\fR returns 1 on success, or 0 on failure. .PP \&\fBOSSL_STORE_unregister_loader()\fR returns the unregistered loader on success, -or \fB\s-1NULL\s0\fR on failure. +or \s-1NULL\s0 on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBossl_store\fR\|(7), \fBOSSL_STORE_open\fR\|(3) +\&\fBossl_store\fR\|(7), \fBOSSL_STORE_open\fR\|(3), \s-1\fBOSSL_LIB_CTX\s0\fR\|(3), +\&\fBprovider\-storemgmt\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" -\&\s-1\fBOSSL_STORE_LOADER\s0()\fR, \s-1\fBOSSL_STORE_LOADER_CTX\s0()\fR, \fBOSSL_STORE_LOADER_new()\fR, -\&\fBOSSL_STORE_LOADER_set0_scheme()\fR, \fBOSSL_STORE_LOADER_set_open()\fR, -\&\fBOSSL_STORE_LOADER_set_ctrl()\fR, \fBOSSL_STORE_LOADER_set_load()\fR, -\&\fBOSSL_STORE_LOADER_set_eof()\fR, \fBOSSL_STORE_LOADER_set_close()\fR, -\&\fBOSSL_STORE_LOADER_free()\fR, \fBOSSL_STORE_register_loader()\fR, +\&\fBOSSL_STORE_LOADER_fetch()\fR, \fBOSSL_STORE_LOADER_up_ref()\fR, +\&\fBOSSL_STORE_LOADER_free()\fR, \fBOSSL_STORE_LOADER_get0_provider()\fR, +\&\fBOSSL_STORE_LOADER_get0_properties()\fR, \fBOSSL_STORE_LOADER_is_a()\fR, +\&\fBOSSL_STORE_LOADER_do_all_provided()\fR and +\&\fBOSSL_STORE_LOADER_names_do_all()\fR were added in OpenSSL 3.0. +.PP +\&\fBOSSL_STORE_open_ex_fn()\fR was added in OpenSSL 3.0. +.PP +\&\fB\s-1OSSL_STORE_LOADER\s0\fR, \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR, \fBOSSL_STORE_LOADER_new()\fR, +\&\fBOSSL_STORE_LOADER_set0_scheme()\fR, \fBOSSL_STORE_LOADER_get0_scheme()\fR, +\&\fBOSSL_STORE_LOADER_get0_engine()\fR, \fBOSSL_STORE_LOADER_set_expect()\fR, +\&\fBOSSL_STORE_LOADER_set_find()\fR, \fBOSSL_STORE_LOADER_set_attach()\fR, +\&\fBOSSL_STORE_LOADER_set_open_ex()\fR, \fBOSSL_STORE_LOADER_set_open()\fR, +\&\fBOSSL_STORE_LOADER_set_ctrl()\fR, +\&\fBOSSL_STORE_LOADER_set_load()\fR, \fBOSSL_STORE_LOADER_set_eof()\fR, +\&\fBOSSL_STORE_LOADER_set_close()\fR, \fBOSSL_STORE_LOADER_free()\fR, +\&\fBOSSL_STORE_register_loader()\fR, \fBOSSL_STORE_LOADER_set_error()\fR, \&\fBOSSL_STORE_unregister_loader()\fR, \fBOSSL_STORE_open_fn()\fR, \fBOSSL_STORE_ctrl_fn()\fR, \&\fBOSSL_STORE_load_fn()\fR, \fBOSSL_STORE_eof_fn()\fR and \fBOSSL_STORE_close_fn()\fR -were added in OpenSSL 1.1.1. +were added in OpenSSL 1.1.1, and became deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_STORE_SEARCH.3 b/secure/lib/libcrypto/man/man3/OSSL_STORE_SEARCH.3 index d0453f09c48d..28a3ca4554c4 100644 --- a/secure/lib/libcrypto/man/man3/OSSL_STORE_SEARCH.3 +++ b/secure/lib/libcrypto/man/man3/OSSL_STORE_SEARCH.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,26 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "OSSL_STORE_SEARCH 3" -.TH OSSL_STORE_SEARCH 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "OSSL_STORE_SEARCH 3ossl" +.TH OSSL_STORE_SEARCH 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -OSSL_STORE_SEARCH, OSSL_STORE_SEARCH_by_name, OSSL_STORE_SEARCH_by_issuer_serial, OSSL_STORE_SEARCH_by_key_fingerprint, OSSL_STORE_SEARCH_by_alias, OSSL_STORE_SEARCH_free, OSSL_STORE_SEARCH_get_type, OSSL_STORE_SEARCH_get0_name, OSSL_STORE_SEARCH_get0_serial, OSSL_STORE_SEARCH_get0_bytes, OSSL_STORE_SEARCH_get0_string, OSSL_STORE_SEARCH_get0_digest \&\- Type and functions to create OSSL_STORE search criteria +OSSL_STORE_SEARCH, +OSSL_STORE_SEARCH_by_name, +OSSL_STORE_SEARCH_by_issuer_serial, +OSSL_STORE_SEARCH_by_key_fingerprint, +OSSL_STORE_SEARCH_by_alias, +OSSL_STORE_SEARCH_free, +OSSL_STORE_SEARCH_get_type, +OSSL_STORE_SEARCH_get0_name, +OSSL_STORE_SEARCH_get0_serial, +OSSL_STORE_SEARCH_get0_bytes, +OSSL_STORE_SEARCH_get0_string, +OSSL_STORE_SEARCH_get0_digest +\&\- Type and functions to create OSSL_STORE search criteria .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -251,27 +261,27 @@ and the actual alias is retrieved with \fBOSSL_STORE_SEARCH_get0_string()\fR. \&\fBOSSL_STORE_SEARCH_by_issuer_serial()\fR, \&\fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR, and \fBOSSL_STORE_SEARCH_by_alias()\fR -return a \fB\s-1OSSL_STORE_SEARCH\s0\fR pointer on success, or \fB\s-1NULL\s0\fR on failure. +return a \fB\s-1OSSL_STORE_SEARCH\s0\fR pointer on success, or \s-1NULL\s0 on failure. .PP \&\fBOSSL_STORE_SEARCH_get_type()\fR returns the criterion type of the given \&\fB\s-1OSSL_STORE_SEARCH\s0\fR. There is no error value. .PP \&\fBOSSL_STORE_SEARCH_get0_name()\fR returns a \fBX509_NAME\fR pointer on success, -or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. +or \s-1NULL\s0 when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. .PP \&\fBOSSL_STORE_SEARCH_get0_serial()\fR returns a \fB\s-1ASN1_INTEGER\s0\fR pointer on success, -or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. +or \s-1NULL\s0 when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. .PP \&\fBOSSL_STORE_SEARCH_get0_bytes()\fR returns a \fBconst unsigned char\fR pointer and -sets \fB*length\fR to the strings length on success, or \fB\s-1NULL\s0\fR when the given +sets \fI*length\fR to the strings length on success, or \s-1NULL\s0 when the given \&\fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. .PP \&\fBOSSL_STORE_SEARCH_get0_string()\fR returns a \fBconst char\fR pointer on success, -or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. +or \s-1NULL\s0 when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. .PP \&\fBOSSL_STORE_SEARCH_get0_digest()\fR returns a \fBconst \s-1EVP_MD\s0\fR pointer. -\&\fB\s-1NULL\s0\fR is a valid value and means that the store loader default will +\&\s-1NULL\s0 is a valid value and means that the store loader default will be used when applicable. .SH "SEE ALSO" .IX Header "SEE ALSO" @@ -292,9 +302,9 @@ and \fBOSSL_STORE_SEARCH_get0_string()\fR were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_STORE_attach.3 b/secure/lib/libcrypto/man/man3/OSSL_STORE_attach.3 new file mode 100644 index 000000000000..2917b4691c85 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_STORE_attach.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE_ATTACH 3ossl" +.TH OSSL_STORE_ATTACH 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_STORE_attach \- Functions to read objects from a BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/store.h> +\& +\& OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bio, const char *scheme, +\& OSSL_LIB_CTX *libctx, const char *propq, +\& const UI_METHOD *ui_method, void *ui_data, +\& const OSSL_PARAM params[], +\& OSSL_STORE_post_process_info_fn post_process, +\& void *post_process_data); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOSSL_STORE_attach()\fR works like \fBOSSL_STORE_open\fR\|(3), except it takes a \fB\s-1BIO\s0\fR +\&\fIbio\fR instead of a \fIuri\fR, along with a \fIscheme\fR to determine what loader +should be used to process the data. The reference count of the \fB\s-1BIO\s0\fR object +is increased by 1 if the call is successful. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_STORE_attach()\fR returns a pointer to a \fB\s-1OSSL_STORE_CTX\s0\fR on success, or +\&\s-1NULL\s0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBossl_store\fR\|(7), \fBOSSL_STORE_open\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBOSSL_STORE_attach()\fR was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_STORE_expect.3 b/secure/lib/libcrypto/man/man3/OSSL_STORE_expect.3 index e52ee62fcc65..93404593cfb1 100644 --- a/secure/lib/libcrypto/man/man3/OSSL_STORE_expect.3 +++ b/secure/lib/libcrypto/man/man3/OSSL_STORE_expect.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,17 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "OSSL_STORE_EXPECT 3" -.TH OSSL_STORE_EXPECT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "OSSL_STORE_EXPECT 3ossl" +.TH OSSL_STORE_EXPECT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -OSSL_STORE_expect, OSSL_STORE_supports_search, OSSL_STORE_find \&\- Specify what object type is expected +OSSL_STORE_expect, +OSSL_STORE_supports_search, +OSSL_STORE_find +\&\- Specify what object type is expected .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -155,18 +156,20 @@ OSSL_STORE_expect, OSSL_STORE_supports_search, OSSL_STORE_find \&\- Specify what .IX Header "DESCRIPTION" \&\fBOSSL_STORE_expect()\fR helps applications filter what \fBOSSL_STORE_load()\fR returns by specifying a \fB\s-1OSSL_STORE_INFO\s0\fR type. -For example, if \f(CW\*(C`file:/foo/bar/store.pem\*(C'\fR contains several different objects -and only the certificates are interesting, the application can simply say +By default, no expectations on the types of objects to be loaded are made. +\&\fIexpected_type\fR may be 0 to indicate explicitly that no expectation is made, +or it may be any of the known object types (see +\&\*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3)) except for \fB\s-1OSSL_STORE_INFO_NAME\s0\fR. +For example, if \f(CW\*(C`file:/foo/bar/store.pem\*(C'\fR contains several objects of different +type and only certificates are interesting, the application can simply say that it expects the type \fB\s-1OSSL_STORE_INFO_CERT\s0\fR. -All known object types (see \*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3)) -except for \fB\s-1OSSL_STORE_INFO_NAME\s0\fR are supported. .PP \&\fBOSSL_STORE_find()\fR helps applications specify a criterion for a more fine grained search of objects. .PP \&\fBOSSL_STORE_supports_search()\fR checks if the loader of the given \s-1OSSL_STORE\s0 context supports the given search type. -See \*(L"\s-1SUPPORTED CRITERION TYPES\*(R"\s0 in \s-1OSSL_STORE_SEARCH\s0 for information on the +See \*(L"\s-1SUPPORTED CRITERION TYPES\*(R"\s0 in \s-1\fBOSSL_STORE_SEARCH\s0\fR\|(3) for information on the supported search criterion types. .PP \&\fBOSSL_STORE_expect()\fR and OSSL_STORE_find \fImust\fR be called before the first @@ -198,9 +201,9 @@ otherwise. were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_STORE_open.3 b/secure/lib/libcrypto/man/man3/OSSL_STORE_open.3 index a40ea54d0e3f..f8f64dfddf5f 100644 --- a/secure/lib/libcrypto/man/man3/OSSL_STORE_open.3 +++ b/secure/lib/libcrypto/man/man3/OSSL_STORE_open.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,18 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "OSSL_STORE_OPEN 3" -.TH OSSL_STORE_OPEN 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "OSSL_STORE_OPEN 3ossl" +.TH OSSL_STORE_OPEN 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -OSSL_STORE_CTX, OSSL_STORE_post_process_info_fn, OSSL_STORE_open, OSSL_STORE_ctrl, OSSL_STORE_load, OSSL_STORE_eof, OSSL_STORE_error, OSSL_STORE_close \- Types and functions to read objects from a URI +OSSL_STORE_CTX, OSSL_STORE_post_process_info_fn, +OSSL_STORE_open, OSSL_STORE_open_ex, +OSSL_STORE_ctrl, OSSL_STORE_load, OSSL_STORE_eof, +OSSL_STORE_error, OSSL_STORE_close +\&\- Types and functions to read objects from a URI .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -154,18 +156,31 @@ OSSL_STORE_CTX, OSSL_STORE_post_process_info_fn, OSSL_STORE_open, OSSL_STORE_ctr \& void *ui_data, \& OSSL_STORE_post_process_info_fn post_process, \& void *post_process_data); -\& int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */); +\& OSSL_STORE_CTX * +\& OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq, +\& const UI_METHOD *ui_method, void *ui_data, +\& const OSSL_PARAM params[], +\& OSSL_STORE_post_process_info_fn post_process, +\& void *post_process_data); +\& \& OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx); \& int OSSL_STORE_eof(OSSL_STORE_CTX *ctx); \& int OSSL_STORE_error(OSSL_STORE_CTX *ctx); \& int OSSL_STORE_close(OSSL_STORE_CTX *ctx); .Ve +.PP +The following function has been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions help the application to fetch supported objects (see \&\*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3) for information on which those are) -from a given \s-1URI\s0 (see \*(L"\s-1SUPPORTED SCHEMES\*(R"\s0 for more information on -the supported \s-1URI\s0 schemes). +from a given \s-1URI.\s0 The general method to do so is to \*(L"open\*(R" the \s-1URI\s0 using \fBOSSL_STORE_open()\fR, read each available and supported object using \fBOSSL_STORE_load()\fR as long as \&\fBOSSL_STORE_eof()\fR hasn't been reached, and finish it off with \fBOSSL_STORE_close()\fR. @@ -175,18 +190,22 @@ described in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3). .SS "Types" .IX Subsection "Types" \&\fB\s-1OSSL_STORE_CTX\s0\fR is a context variable that holds all the internal -information for \fBOSSL_STORE_open()\fR, \fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and -\&\fBOSSL_STORE_close()\fR to work together. +information for \fBOSSL_STORE_open()\fR, \fBOSSL_STORE_open_ex()\fR, +\&\fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR to work +together. .SS "Functions" .IX Subsection "Functions" -\&\fBOSSL_STORE_open()\fR takes a uri or path \fIuri\fR, password \s-1UI\s0 method +\&\fBOSSL_STORE_open_ex()\fR takes a uri or path \fIuri\fR, password \s-1UI\s0 method \&\fIui_method\fR with associated data \fIui_data\fR, and post processing callback \fIpost_process\fR with associated data \fIpost_process_data\fR, -opens a channel to the data located at that \s-1URI\s0 and returns a +a library context \fIlibctx\fR with an associated property query \fIpropq\fR, +and opens a channel to the data located at the \s-1URI\s0 and returns a \&\fB\s-1OSSL_STORE_CTX\s0\fR with all necessary internal information. The given \fIui_method\fR and \fIui_data\fR will be reused by all functions that use \fB\s-1OSSL_STORE_CTX\s0\fR when interaction is needed, for instance to provide a password. +The auxiliary \s-1\fBOSSL_PARAM\s0\fR\|(3) parameters in \fIparams\fR can be set to further +modify the store operation. The given \fIpost_process\fR and \fIpost_process_data\fR will be reused by \&\fBOSSL_STORE_load()\fR to manipulate or drop the value to be returned. The \fIpost_process\fR function drops values by returning \s-1NULL,\s0 which @@ -194,6 +213,9 @@ will cause \fBOSSL_STORE_load()\fR to start its process over with loading the next object, until \fIpost_process\fR returns something other than \&\s-1NULL,\s0 or the end of data is reached as indicated by \fBOSSL_STORE_eof()\fR. .PP +\&\fBOSSL_STORE_open()\fR is similar to \fBOSSL_STORE_open_ex()\fR but uses \s-1NULL\s0 for +the \fIparams\fR, the library context \fIlibctx\fR and property query \fIpropq\fR. +.PP \&\fBOSSL_STORE_ctrl()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, and command number \fIcmd\fR and more arguments not specified here. The available loader specific command numbers and arguments they each @@ -205,12 +227,12 @@ There are also global controls available: .IX Item "OSSL_STORE_C_USE_SECMEM" Controls if the loader should attempt to use secure memory for any allocated \fB\s-1OSSL_STORE_INFO\s0\fR and its contents. -This control expects one argument, a pointer to an \fBint\fR that is expected to +This control expects one argument, a pointer to an \fIint\fR that is expected to have the value 1 (yes) or 0 (no). Any other value is an error. .PP -\&\fBOSSL_STORE_load()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, tries to load the next available -object and return it wrapped with \fB\s-1OSSL_STORE_INFO\s0\fR. +\&\fBOSSL_STORE_load()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR and tries to load the next +available object and return it wrapped with \fB\s-1OSSL_STORE_INFO\s0\fR. .PP \&\fBOSSL_STORE_eof()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR and checks if we've reached the end of data. @@ -224,11 +246,6 @@ Note that it may still be meaningful to try and load more objects, unless by \fBOSSL_STORE_open()\fR and frees all other information that was stored in the \&\fB\s-1OSSL_STORE_CTX\s0\fR, as well as the \fB\s-1OSSL_STORE_CTX\s0\fR itself. If \fIctx\fR is \s-1NULL\s0 it does nothing. -.SH "SUPPORTED SCHEMES" -.IX Header "SUPPORTED SCHEMES" -The basic supported scheme is \fBfile:\fR. -Any other scheme can be added dynamically, using -\&\fBOSSL_STORE_register_loader()\fR. .SH "NOTES" .IX Header "NOTES" A string without a scheme prefix (that is, a non-URI string) is @@ -252,13 +269,13 @@ See \fBpassphrase\-encoding\fR\|(7) for further information. \&\fBOSSL_STORE_open()\fR returns a pointer to a \fB\s-1OSSL_STORE_CTX\s0\fR on success, or \&\s-1NULL\s0 on failure. .PP -\&\fBOSSL_STORE_load()\fR returns a pointer to a \fB\s-1OSSL_STORE_INFO\s0\fR on success, or -\&\s-1NULL\s0 on error or when end of data is reached. +\&\fBOSSL_STORE_load()\fR returns a pointer to a \fB\s-1OSSL_STORE_INFO\s0\fR on success, or \s-1NULL\s0 +on error or when end of data is reached. Use \fBOSSL_STORE_error()\fR and \fBOSSL_STORE_eof()\fR to determine the meaning of a returned \s-1NULL.\s0 .PP -\&\fBOSSL_STORE_eof()\fR returns 1 if the end of data has been reached, otherwise -0. +\&\fBOSSL_STORE_eof()\fR returns 1 if the end of data has been reached +or an error occurred, 0 otherwise. .PP \&\fBOSSL_STORE_error()\fR returns 1 if an error occurred in an \fBOSSL_STORE_load()\fR call, otherwise 0. @@ -270,17 +287,23 @@ otherwise 0. \&\fBpassphrase\-encoding\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" -\&\s-1\fBOSSL_STORE_CTX\s0()\fR, \fBOSSL_STORE_post_process_info_fn()\fR, \fBOSSL_STORE_open()\fR, +\&\fBOSSL_STORE_open_ex()\fR was added in OpenSSL 3.0. +.PP +\&\fB\s-1OSSL_STORE_CTX\s0\fR, \fBOSSL_STORE_post_process_info_fn()\fR, \fBOSSL_STORE_open()\fR, \&\fBOSSL_STORE_ctrl()\fR, \fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR were added in OpenSSL 1.1.1. .PP Handling of \s-1NULL\s0 \fIctx\fR argument for \fBOSSL_STORE_close()\fR was introduced in OpenSSL 1.1.1h. +.PP +\&\fBOSSL_STORE_open_ex()\fR was added in OpenSSL 3.0. +.PP +\&\fBOSSL_STORE_ctrl()\fR and \fBOSSL_STORE_vctrl()\fR were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_trace_enabled.3 b/secure/lib/libcrypto/man/man3/OSSL_trace_enabled.3 new file mode 100644 index 000000000000..fe5f8c20303e --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_trace_enabled.3 @@ -0,0 +1,426 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_TRACE_ENABLED 3ossl" +.TH OSSL_TRACE_ENABLED 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_trace_enabled, OSSL_trace_begin, OSSL_trace_end, +OSSL_TRACE_BEGIN, OSSL_TRACE_END, OSSL_TRACE_CANCEL, +OSSL_TRACE, OSSL_TRACE1, OSSL_TRACE2, OSSL_TRACE3, OSSL_TRACE4, +OSSL_TRACE5, OSSL_TRACE6, OSSL_TRACE7, OSSL_TRACE8, OSSL_TRACE9, +OSSL_TRACEV, +OSSL_TRACE_ENABLED +\&\- OpenSSL Tracing API +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/trace.h> +\& +\& int OSSL_trace_enabled(int category); +\& +\& BIO *OSSL_trace_begin(int category); +\& void OSSL_trace_end(int category, BIO *channel); +\& +\& /* trace group macros */ +\& OSSL_TRACE_BEGIN(category) { +\& ... +\& if (some_error) { +\& /* Leave trace group prematurely in case of an error */ +\& OSSL_TRACE_CANCEL(category); +\& goto err; +\& } +\& ... +\& } OSSL_TRACE_END(category); +\& +\& /* one\-shot trace macros */ +\& OSSL_TRACE1(category, format, arg1) +\& OSSL_TRACE2(category, format, arg1, arg2) +\& ... +\& OSSL_TRACE9(category, format, arg1, ..., arg9) +\& +\& /* check whether a trace category is enabled */ +\& if (OSSL_TRACE_ENABLED(category)) { +\& ... +\& } +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions described here are mainly interesting for those who provide +OpenSSL functionality, either in OpenSSL itself or in engine modules +or similar. +.PP +If tracing is enabled (see \*(L"\s-1NOTES\*(R"\s0 below), these functions are used to +generate free text tracing output. +.PP +The tracing output is divided into types which are enabled +individually by the application. +The tracing types are described in detail in +\&\*(L"Trace types\*(R" in \fBOSSL_trace_set_callback\fR\|(3). +The fallback type \fB\s-1OSSL_TRACE_CATEGORY_ALL\s0\fR should \fInot\fR be used +with the functions described here. +.PP +Tracing for a specific category is enabled if a so called +\&\fItrace channel\fR is attached to it. A trace channel is simply a +\&\s-1BIO\s0 object to which the application can write its trace output. +.PP +The application has two different ways of registering a trace channel, +either by directly providing a \s-1BIO\s0 object using \fBOSSL_trace_set_channel()\fR, +or by providing a callback routine using \fBOSSL_trace_set_callback()\fR. +The latter is wrapped internally by a dedicated \s-1BIO\s0 object, so for the +tracing code both channel types are effectively indistinguishable. +We call them a \fIsimple trace channel\fR and a \fIcallback trace channel\fR, +respectively. +.PP +To produce trace output, it is necessary to obtain a pointer to the +trace channel (i.e., the \s-1BIO\s0 object) using \fBOSSL_trace_begin()\fR, write +to it using arbitrary \s-1BIO\s0 output routines, and finally releases the +channel using \fBOSSL_trace_end()\fR. The \fBOSSL_trace_begin()\fR/\fBOSSL_trace_end()\fR +calls surrounding the trace output create a group, which acts as a +critical section (guarded by a mutex) to ensure that the trace output +of different threads does not get mixed up. +.PP +The tracing code normally does not call OSSL_trace_{begin,end}() directly, +but rather uses a set of convenience macros, see the \*(L"Macros\*(R" section below. +.SS "Functions" +.IX Subsection "Functions" +\&\fBOSSL_trace_enabled()\fR can be used to check if tracing for the given +\&\fIcategory\fR is enabled. +.PP +\&\fBOSSL_trace_begin()\fR is used to starts a tracing section, and get the +channel for the given \fIcategory\fR in form of a \s-1BIO.\s0 +This \s-1BIO\s0 can only be used for output. +.PP +\&\fBOSSL_trace_end()\fR is used to end a tracing section. +.PP +Using \fBOSSL_trace_begin()\fR and \fBOSSL_trace_end()\fR to wrap tracing sections +is \fImandatory\fR. +The result of trying to produce tracing output outside of such +sections is undefined. +.SS "Macros" +.IX Subsection "Macros" +There are a number of convenience macros defined, to make tracing +easy and consistent. +.PP +\&\s-1\fBOSSL_TRACE_BEGIN\s0()\fR and \s-1\fBOSSL_TRACE_END\s0()\fR reserve the \fB\s-1BIO\s0\fR \f(CW\*(C`trc_out\*(C'\fR and are +used as follows to wrap a trace section: +.PP +.Vb 1 +\& OSSL_TRACE_BEGIN(TLS) { +\& +\& BIO_fprintf(trc_out, ... ); +\& +\& } OSSL_TRACE_END(TLS); +.Ve +.PP +This will normally expand to: +.PP +.Vb 8 +\& do { +\& BIO *trc_out = OSSL_trace_begin(OSSL_TRACE_CATEGORY_TLS); +\& if (trc_out != NULL) { +\& ... +\& BIO_fprintf(trc_out, ...); +\& } +\& OSSL_trace_end(OSSL_TRACE_CATEGORY_TLS, trc_out); +\& } while (0); +.Ve +.PP +\&\s-1\fBOSSL_TRACE_CANCEL\s0()\fR must be used before returning from or jumping out of a +trace section: +.PP +.Vb 1 +\& OSSL_TRACE_BEGIN(TLS) { +\& +\& if (some_error) { +\& OSSL_TRACE_CANCEL(TLS); +\& goto err; +\& } +\& BIO_fprintf(trc_out, ... ); +\& +\& } OSSL_TRACE_END(TLS); +.Ve +.PP +This will normally expand to: +.PP +.Vb 11 +\& do { +\& BIO *trc_out = OSSL_trace_begin(OSSL_TRACE_CATEGORY_TLS); +\& if (trc_out != NULL) { +\& if (some_error) { +\& OSSL_trace_end(OSSL_TRACE_CATEGORY_TLS, trc_out); +\& goto err; +\& } +\& BIO_fprintf(trc_out, ... ); +\& } +\& OSSL_trace_end(OSSL_TRACE_CATEGORY_TLS, trc_out); +\& } while (0); +.Ve +.PP +\&\s-1\fBOSSL_TRACE\s0()\fR and \s-1\fBOSSL_TRACE1\s0()\fR, \s-1\fBOSSL_TRACE2\s0()\fR, ... \s-1\fBOSSL_TRACE9\s0()\fR are +so-called one-shot macros: +.PP +The macro call \f(CW\*(C`OSSL_TRACE(category, text)\*(C'\fR, produces literal text trace output. +.PP +The macro call \f(CW\*(C`OSSL_TRACEn(category, format, arg1, ..., argn)\*(C'\fR produces +printf-style trace output with n format field arguments (n=1,...,9). +It expands to: +.PP +.Vb 3 +\& OSSL_TRACE_BEGIN(category) { +\& BIO_printf(trc_out, format, arg1, ..., argN) +\& } OSSL_TRACE_END(category) +.Ve +.PP +Internally, all one-shot macros are implemented using a generic \s-1\fBOSSL_TRACEV\s0()\fR +macro, since C90 does not support variadic macros. This helper macro has a rather +weird synopsis and should not be used directly. +.PP +The \s-1\fBOSSL_TRACE_ENABLED\s0()\fR macro can be used to conditionally execute some code +only if a specific trace category is enabled. +In some situations this is simpler than entering a trace section using +\&\s-1\fBOSSL_TRACE_BEGIN\s0()\fR and \s-1\fBOSSL_TRACE_END\s0()\fR. +For example, the code +.PP +.Vb 3 +\& if (OSSL_TRACE_ENABLED(TLS)) { +\& ... +\& } +.Ve +.PP +expands to +.PP +.Vb 3 +\& if (OSSL_trace_enabled(OSSL_TRACE_CATEGORY_TLS) { +\& ... +\& } +.Ve +.SH "NOTES" +.IX Header "NOTES" +If producing the trace output requires carrying out auxiliary calculations, +this auxiliary code should be placed inside a conditional block which is +executed only if the trace category is enabled. +.PP +The most natural way to do this is to place the code inside the trace section +itself because it already introduces such a conditional block. +.PP +.Vb 2 +\& OSSL_TRACE_BEGIN(TLS) { +\& int var = do_some_auxiliary_calculation(); +\& +\& BIO_printf(trc_out, "var = %d\en", var); +\& +\& } OSSL_TRACE_END(TLS); +.Ve +.PP +In some cases it is more advantageous to use a simple conditional group instead +of a trace section. This is the case if calculations and tracing happen in +different locations of the code, or if the calculations are so time consuming +that placing them inside a (critical) trace section would create too much +contention. +.PP +.Vb 2 +\& if (OSSL_TRACE_ENABLED(TLS)) { +\& int var = do_some_auxiliary_calculation(); +\& +\& OSSL_TRACE1("var = %d\en", var); +\& } +.Ve +.PP +Note however that premature optimization of tracing code is in general futile +and it's better to keep the tracing code as simple as possible. +Because most often the limiting factor for the application's speed is the time +it takes to print the trace output, not to calculate it. +.SS "Configure Tracing" +.IX Subsection "Configure Tracing" +By default, the OpenSSL library is built with tracing disabled. To +use the tracing functionality documented here, it is therefore +necessary to configure and build OpenSSL with the 'enable\-trace' option. +.PP +When the library is built with tracing disabled: +.IP "\(bu" 4 +The macro \fB\s-1OPENSSL_NO_TRACE\s0\fR is defined in \fI<openssl/opensslconf.h>\fR. +.IP "\(bu" 4 +all functions are still present, but \fBOSSL_trace_enabled()\fR will always +report the categories as disabled, and all other functions will do +nothing. +.IP "\(bu" 4 +the convenience macros are defined to produce dead code. +For example, take this example from \*(L"Macros\*(R" section above: +.Sp +.Vb 1 +\& OSSL_TRACE_BEGIN(TLS) { +\& +\& if (condition) { +\& OSSL_TRACE_CANCEL(TLS); +\& goto err; +\& } +\& BIO_fprintf(trc_out, ... ); +\& +\& } OSSL_TRACE_END(TLS); +.Ve +.Sp +When the tracing \s-1API\s0 isn't operational, that will expand to: +.Sp +.Vb 10 +\& do { +\& BIO *trc_out = NULL; +\& if (0) { +\& if (condition) { +\& ((void)0); +\& goto err; +\& } +\& BIO_fprintf(trc_out, ... ); +\& } +\& } while (0); +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_trace_enabled()\fR returns 1 if tracing for the given \fItype\fR is +operational and enabled, otherwise 0. +.PP +\&\fBOSSL_trace_begin()\fR returns a \fB\s-1BIO\s0\fR pointer if the given \fItype\fR is enabled, +otherwise \s-1NULL.\s0 +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL Tracing \s-1API\s0 was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_trace_get_category_num.3 b/secure/lib/libcrypto/man/man3/OSSL_trace_get_category_num.3 new file mode 100644 index 000000000000..617e187d1991 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_trace_get_category_num.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_TRACE_GET_CATEGORY_NUM 3ossl" +.TH OSSL_TRACE_GET_CATEGORY_NUM 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_trace_get_category_num, OSSL_trace_get_category_name +\&\- OpenSSL tracing information functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/trace.h> +\& +\& int OSSL_trace_get_category_num(const char *name); +\& const char *OSSL_trace_get_category_name(int num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOSSL_trace_get_category_num()\fR gives the category number corresponding +to the given \f(CW\*(C`name\*(C'\fR. +.PP +\&\fBOSSL_trace_get_category_name()\fR gives the category name corresponding +to the given \f(CW\*(C`num\*(C'\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_trace_get_category_num()\fR returns the category number if the given +\&\f(CW\*(C`name\*(C'\fR is a recognised category name, otherwise \-1. +.PP +\&\fBOSSL_trace_get_category_name()\fR returns the category name if the given +\&\f(CW\*(C`num\*(C'\fR is a recognised category number, otherwise \s-1NULL.\s0 +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL Tracing \s-1API\s0 was added ino OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OSSL_trace_set_channel.3 b/secure/lib/libcrypto/man/man3/OSSL_trace_set_channel.3 new file mode 100644 index 000000000000..49e757ae36d0 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_trace_set_channel.3 @@ -0,0 +1,435 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_TRACE_SET_CHANNEL 3ossl" +.TH OSSL_TRACE_SET_CHANNEL 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_trace_set_channel, OSSL_trace_set_prefix, OSSL_trace_set_suffix, +OSSL_trace_set_callback, OSSL_trace_cb \- Enabling trace output +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/trace.h> +\& +\& typedef size_t (*OSSL_trace_cb)(const char *buf, size_t cnt, +\& int category, int cmd, void *data); +\& +\& void OSSL_trace_set_channel(int category, BIO *bio); +\& void OSSL_trace_set_prefix(int category, const char *prefix); +\& void OSSL_trace_set_suffix(int category, const char *suffix); +\& void OSSL_trace_set_callback(int category, OSSL_trace_cb cb, void *data); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +If available (see \*(L"\s-1NOTES\*(R"\s0 below), the application can request +internal trace output. +This output comes in form of free text for humans to read. +.PP +The trace output is divided into categories which can be +enabled individually. +Every category can be enabled individually by attaching a so called +\&\fItrace channel\fR to it, which in the simplest case is just a \s-1BIO\s0 object +to which the application can write the tracing output for this category. +Alternatively, the application can provide a tracer callback in order to +get more finegrained trace information. This callback will be wrapped +internally by a dedicated \s-1BIO\s0 object. +.PP +For the tracing code, both trace channel types are indistinguishable. +These are called a \fIsimple trace channel\fR and a \fIcallback trace channel\fR, +respectively. +.SS "Functions" +.IX Subsection "Functions" +\&\fBOSSL_trace_set_channel()\fR is used to enable the given trace \f(CW\*(C`category\*(C'\fR +by attaching the \fB\s-1BIO\s0\fR \fIbio\fR object as (simple) trace channel. +On success the ownership of the \s-1BIO\s0 is transferred to the channel, +so the caller must not free it directly. +.PP +\&\fBOSSL_trace_set_prefix()\fR and \fBOSSL_trace_set_suffix()\fR can be used to add +an extra line for each channel, to be output before and after group of +tracing output. +What constitutes an output group is decided by the code that produces +the output. +The lines given here are considered immutable; for more dynamic +tracing prefixes, consider setting a callback with +\&\fBOSSL_trace_set_callback()\fR instead. +.PP +\&\fBOSSL_trace_set_callback()\fR is used to enable the given trace +\&\fIcategory\fR by giving it the tracer callback \fIcb\fR with the associated +data \fIdata\fR, which will simply be passed through to \fIcb\fR whenever +it's called. The callback function is internally wrapped by a +dedicated \s-1BIO\s0 object, the so called \fIcallback trace channel\fR. +This should be used when it's desirable to do form the trace output to +something suitable for application needs where a prefix and suffix +line aren't enough. +.PP +\&\fBOSSL_trace_set_channel()\fR and \fBOSSL_trace_set_callback()\fR are mutually +exclusive, calling one of them will clear whatever was set by the +previous call. +.PP +Calling \fBOSSL_trace_set_channel()\fR with \s-1NULL\s0 for \fIchannel\fR or +\&\fBOSSL_trace_set_callback()\fR with \s-1NULL\s0 for \fIcb\fR disables tracing for +the given \fIcategory\fR. +.SS "Trace callback" +.IX Subsection "Trace callback" +The tracer callback must return a \fBsize_t\fR, which must be zero on +error and otherwise return the number of bytes that were output. +It receives a text buffer \fIbuf\fR with \fIcnt\fR bytes of text, as well as +the \fIcategory\fR, a control number \fIcmd\fR, and the \fIdata\fR that was +passed to \fBOSSL_trace_set_callback()\fR. +.PP +The possible control numbers are: +.IP "\fB\s-1OSSL_TRACE_CTRL_BEGIN\s0\fR" 4 +.IX Item "OSSL_TRACE_CTRL_BEGIN" +The callback is called from \fBOSSL_trace_begin()\fR, which gives the +callback the possibility to output a dynamic starting line, or set a +prefix that should be output at the beginning of each line, or +something other. +.IP "\fB\s-1OSSL_TRACE_CTRL_WRITE\s0\fR" 4 +.IX Item "OSSL_TRACE_CTRL_WRITE" +This callback is called whenever data is written to the \s-1BIO\s0 by some +regular \s-1BIO\s0 output routine. +An arbitrary number of \fB\s-1OSSL_TRACE_CTRL_WRITE\s0\fR callbacks can occur +inside a group marked by a pair of \fB\s-1OSSL_TRACE_CTRL_BEGIN\s0\fR and +\&\fB\s-1OSSL_TRACE_CTRL_END\s0\fR calls, but never outside such a group. +.IP "\fB\s-1OSSL_TRACE_CTRL_END\s0\fR" 4 +.IX Item "OSSL_TRACE_CTRL_END" +The callback is called from \fBOSSL_trace_end()\fR, which gives the callback +the possibility to output a dynamic ending line, or reset the line +prefix that was set with \fB\s-1OSSL_TRACE_CTRL_BEGIN\s0\fR, or something other. +.SS "Trace categories" +.IX Subsection "Trace categories" +The trace categories are simple numbers available through macros. +.IP "\fB\s-1OSSL_TRACE_CATEGORY_TRACE\s0\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_TRACE" +Traces the OpenSSL trace \s-1API\s0 itself. +.Sp +More precisely, this will generate trace output any time a new +trace hook is set. +.IP "\fB\s-1OSSL_TRACE_CATEGORY_INIT\s0\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_INIT" +Traces OpenSSL library initialization and cleanup. +.Sp +This needs special care, as OpenSSL will do automatic cleanup after +exit from \f(CW\*(C`main()\*(C'\fR, and any tracing output done during this cleanup +will be lost if the tracing channel or callback were cleaned away +prematurely. +A suggestion is to make such cleanup part of a function that's +registered very early with \fBatexit\fR\|(3). +.IP "\fB\s-1OSSL_TRACE_CATEGORY_TLS\s0\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_TLS" +Traces the \s-1TLS/SSL\s0 protocol. +.IP "\fB\s-1OSSL_TRACE_CATEGORY_TLS_CIPHER\s0\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_TLS_CIPHER" +Traces the ciphers used by the \s-1TLS/SSL\s0 protocol. +.IP "\fB\s-1OSSL_TRACE_CATEGORY_CONF\s0\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_CONF" +Traces details about the provider and engine configuration. +.IP "\fB\s-1OSSL_TRACE_CATEGORY_ENGINE_TABLE\s0\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_ENGINE_TABLE" +Traces the \s-1ENGINE\s0 algorithm table selection. +.Sp +More precisely, functions like \fBENGINE_get_pkey_asn1_meth_engine()\fR, +\&\fBENGINE_get_pkey_meth_engine()\fR, \fBENGINE_get_cipher_engine()\fR, +\&\fBENGINE_get_digest_engine()\fR, will generate trace summaries of the +handling of internal tables. +.IP "\fB\s-1OSSL_TRACE_CATEGORY_ENGINE_REF_COUNT\s0\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_ENGINE_REF_COUNT" +Traces the \s-1ENGINE\s0 reference counting. +.Sp +More precisely, both reference counts in the \s-1ENGINE\s0 structure will be +monitored with a line of trace output generated for each change. +.IP "\fB\s-1OSSL_TRACE_CATEGORY_PKCS5V2\s0\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_PKCS5V2" +Traces PKCS#5 v2 key generation. +.IP "\fB\s-1OSSL_TRACE_CATEGORY_PKCS12_KEYGEN\s0\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_PKCS12_KEYGEN" +Traces PKCS#12 key generation. +.IP "\fB\s-1OSSL_TRACE_CATEGORY_PKCS12_DECRYPT\s0\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_PKCS12_DECRYPT" +Traces PKCS#12 decryption. +.IP "\fB\s-1OSSL_TRACE_CATEGORY_X509V3_POLICY\s0\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_X509V3_POLICY" +Traces X509v3 policy processing. +.Sp +More precisely, this generates the complete policy tree at various +point during evaluation. +.IP "\fB\s-1OSSL_TRACE_CATEGORY_BN_CTX\s0\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_BN_CTX" +Traces \s-1BIGNUM\s0 context operations. +.IP "\fB\s-1OSSL_TRACE_CATEGORY_CMP\s0\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_CMP" +Traces \s-1CMP\s0 client and server activity. +.IP "\fB\s-1OSSL_TRACE_CATEGORY_STORE\s0\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_STORE" +Traces \s-1STORE\s0 operations. +.IP "\fB\s-1OSSL_TRACE_CATEGORY_DECODER\s0\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_DECODER" +Traces decoder operations. +.IP "\fB\s-1OSSL_TRACE_CATEGORY_ENCODER\s0\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_ENCODER" +Traces encoder operations. +.IP "\fB\s-1OSSL_TRACE_CATEGORY_REF_COUNT\s0\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_REF_COUNT" +Traces decrementing certain \s-1ASN.1\s0 structure references. +.PP +There is also \fB\s-1OSSL_TRACE_CATEGORY_ALL\s0\fR, which works as a fallback +and can be used to get \fIall\fR trace output. +.PP +Note, however, that in this case all trace output will effectively be +associated with the '\s-1ALL\s0' category, which is undesirable if the +application intends to include the category name in the trace output. +In this case it is better to register separate channels for each +trace category instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_trace_set_channel()\fR, \fBOSSL_trace_set_prefix()\fR, +\&\fBOSSL_trace_set_suffix()\fR, and \fBOSSL_trace_set_callback()\fR return 1 on +success, or 0 on failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +In all examples below, the trace producing code is assumed to be +the following: +.PP +.Vb 3 +\& int foo = 42; +\& const char bar[] = { 0, 1, 2, 3, 4, 5, 6, 7, +\& 8, 9, 10, 11, 12, 13, 14, 15 }; +\& +\& OSSL_TRACE_BEGIN(TLS) { +\& BIO_puts(trc_out, "foo: "); +\& BIO_printf(trc_out, "%d\en", foo); +\& BIO_dump(trc_out, bar, sizeof(bar)); +\& } OSSL_TRACE_END(TLS); +.Ve +.SS "Simple example" +.IX Subsection "Simple example" +An example with just a channel and constant prefix / suffix. +.PP +.Vb 6 +\& int main(int argc, char *argv[]) +\& { +\& BIO *err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); +\& OSSL_trace_set_channel(OSSL_TRACE_CATEGORY_SSL, err); +\& OSSL_trace_set_prefix(OSSL_TRACE_CATEGORY_SSL, "BEGIN TRACE[TLS]"); +\& OSSL_trace_set_suffix(OSSL_TRACE_CATEGORY_SSL, "END TRACE[TLS]"); +\& +\& /* ... work ... */ +\& } +.Ve +.PP +When the trace producing code above is performed, this will be output +on standard error: +.PP +.Vb 4 +\& BEGIN TRACE[TLS] +\& foo: 42 +\& 0000 \- 00 01 02 03 04 05 06 07\-08 09 0a 0b 0c 0d 0e 0f ................ +\& END TRACE[TLS] +.Ve +.SS "Advanced example" +.IX Subsection "Advanced example" +This example uses the callback, and depends on pthreads functionality. +.PP +.Vb 5 +\& static size_t cb(const char *buf, size_t cnt, +\& int category, int cmd, void *vdata) +\& { +\& BIO *bio = vdata; +\& const char *label = NULL; +\& +\& switch (cmd) { +\& case OSSL_TRACE_CTRL_BEGIN: +\& label = "BEGIN"; +\& break; +\& case OSSL_TRACE_CTRL_END: +\& label = "END"; +\& break; +\& } +\& +\& if (label != NULL) { +\& union { +\& pthread_t tid; +\& unsigned long ltid; +\& } tid; +\& +\& tid.tid = pthread_self(); +\& BIO_printf(bio, "%s TRACE[%s]:%lx\en", +\& label, OSSL_trace_get_category_name(category), tid.ltid); +\& } +\& return (size_t)BIO_puts(bio, buf); +\& } +\& +\& int main(int argc, char *argv[]) +\& { +\& BIO *err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); +\& OSSL_trace_set_callback(OSSL_TRACE_CATEGORY_SSL, cb, err); +\& +\& /* ... work ... */ +\& } +.Ve +.PP +The output is almost the same as for the simple example above. +.PP +.Vb 4 +\& BEGIN TRACE[TLS]:7f9eb0193b80 +\& foo: 42 +\& 0000 \- 00 01 02 03 04 05 06 07\-08 09 0a 0b 0c 0d 0e 0f ................ +\& END TRACE[TLS]:7f9eb0193b80 +.Ve +.SH "NOTES" +.IX Header "NOTES" +.SS "Configure Tracing" +.IX Subsection "Configure Tracing" +By default, the OpenSSL library is built with tracing disabled. To +use the tracing functionality documented here, it is therefore +necessary to configure and build OpenSSL with the 'enable\-trace' option. +.PP +When the library is built with tracing disabled, the macro +\&\fB\s-1OPENSSL_NO_TRACE\s0\fR is defined in \fI<openssl/opensslconf.h>\fR and all +functions described here are inoperational, i.e. will do nothing. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBOSSL_trace_set_channel()\fR, \fBOSSL_trace_set_prefix()\fR, +\&\fBOSSL_trace_set_suffix()\fR, and \fBOSSL_trace_set_callback()\fR were all added +in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OpenSSL_add_all_algorithms.3 b/secure/lib/libcrypto/man/man3/OpenSSL_add_all_algorithms.3 index 45a741308178..16da7c0ec864 100644 --- a/secure/lib/libcrypto/man/man3/OpenSSL_add_all_algorithms.3 +++ b/secure/lib/libcrypto/man/man3/OpenSSL_add_all_algorithms.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,30 +130,31 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "OPENSSL_ADD_ALL_ALGORITHMS 3" -.TH OPENSSL_ADD_ALL_ALGORITHMS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "OPENSSL_ADD_ALL_ALGORITHMS 3ossl" +.TH OPENSSL_ADD_ALL_ALGORITHMS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests, EVP_cleanup \- add algorithms to internal table +OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests, EVP_cleanup \- +add algorithms to internal table .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> .Ve .PP -Deprecated: +The following functions have been deprecated since OpenSSL 1.1.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): .PP -.Vb 4 -\& # if OPENSSL_API_COMPAT < 0x10100000L +.Vb 3 \& void OpenSSL_add_all_algorithms(void); \& void OpenSSL_add_all_ciphers(void); \& void OpenSSL_add_all_digests(void); \& -\& void EVP_cleanup(void) -\&# endif +\& void EVP_cleanup(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -187,9 +186,9 @@ were deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_crypto()\fR and should not be used. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/OpenSSL_version.3 b/secure/lib/libcrypto/man/man3/OpenSSL_version.3 new file mode 100644 index 000000000000..008721cb7d69 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OpenSSL_version.3 @@ -0,0 +1,346 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_VERSION 3ossl" +.TH OPENSSL_VERSION 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_VERSION_MAJOR, OPENSSL_VERSION_MINOR, OPENSSL_VERSION_PATCH, +OPENSSL_VERSION_PRE_RELEASE, OPENSSL_VERSION_BUILD_METADATA, +OPENSSL_VERSION_TEXT, OPENSSL_VERSION_PREREQ, OPENSSL_version_major, +OPENSSL_version_minor, OPENSSL_version_patch, OPENSSL_version_pre_release, +OPENSSL_version_build_metadata, OpenSSL_version, OPENSSL_VERSION_NUMBER, +OpenSSL_version_num, OPENSSL_info +\&\- get OpenSSL version number and other information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/opensslv.h> +\& +\& #define OPENSSL_VERSION_MAJOR x +\& #define OPENSSL_VERSION_MINOR y +\& #define OPENSSL_VERSION_PATCH z +\& +\& /* The definitions here are typical release values */ +\& #define OPENSSL_VERSION_PRE_RELEASE "" +\& #define OPENSSL_VERSION_BUILD_METADATA "" +\& +\& #define OPENSSL_VERSION_TEXT "OpenSSL x.y.z xx XXX xxxx" +\& +\& #define OPENSSL_VERSION_PREREQ(maj,min) +\& +\& #include <openssl/crypto.h> +\& +\& unsigned int OPENSSL_version_major(void); +\& unsigned int OPENSSL_version_minor(void); +\& unsigned int OPENSSL_version_patch(void); +\& const char *OPENSSL_version_pre_release(void); +\& const char *OPENSSL_version_build_metadata(void); +\& +\& const char *OpenSSL_version(int t); +\& +\& const char *OPENSSL_info(int t); +\& +\& /* from openssl/opensslv.h */ +\& #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnL +\& +\& /* from openssl/crypto.h */ +\& unsigned long OpenSSL_version_num(); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +.SS "Macros" +.IX Subsection "Macros" +The three macros \fB\s-1OPENSSL_VERSION_MAJOR\s0\fR, \fB\s-1OPENSSL_VERSION_MINOR\s0\fR and +\&\fB\s-1OPENSSL_VERSION_PATCH\s0\fR represent the three parts of a version +identifier, \fB\f(BI\s-1MAJOR\s0\fB.\f(BI\s-1MINOR\s0\fB.\f(BI\s-1PATCH\s0\fB\fR. +.PP +The macro \fB\s-1OPENSSL_VERSION_PRE_RELEASE\s0\fR is an added bit of text that +indicates that this is a pre-release version, such as \f(CW"\-dev"\fR for an +ongoing development snapshot or \f(CW"\-alpha3"\fR for an alpha release. +The value must be a string. +.PP +The macro \fB\s-1OPENSSL_VERSION_BUILD_METADATA\s0\fR is extra information, reserved +for other parties, such as \f(CW"+fips"\fR, or \f(CW"+vendor.1"\fR). +The OpenSSL project will not touch this macro (will leave it an empty string). +The value must be a string. +.PP +\&\fB\s-1OPENSSL_VERSION_STR\s0\fR is a convenience macro to get the short version +identifier string, \f(CW"\f(CIMAJOR\f(CW.\f(CIMINOR\f(CW.\f(CIPATCH\f(CW"\fR. +.PP +\&\fB\s-1OPENSSL_FULL_VERSION_STR\s0\fR is a convenience macro to get the longer +version identifier string, which combines \fB\s-1OPENSSL_VERSION_STR\s0\fR, +\&\fB\s-1OPENSSL_VERSION_PRE_RELEASE\s0\fR and \fB\s-1OPENSSL_VERSION_BUILD_METADATA\s0\fR. +.PP +\&\fB\s-1OPENSSL_VERSION_TEXT\s0\fR is a convenience macro to get a full descriptive +version text, which includes \fB\s-1OPENSSL_FULL_VERSION_STR\s0\fR and the release +date. +.PP +\&\fB\s-1OPENSSL_VERSION_PREREQ\s0\fR is a useful macro for checking whether the OpenSSL +version for the headers in use is at least at the given pre-requisite major +(\fBmaj\fR) and minor (\fBmin\fR) number or not. It will evaluate to true if the +header version number (\fB\s-1OPENSSL_VERSION_MAJOR\s0\fR.\fB\s-1OPENSSL_VERSION_MINOR\s0\fR) is +greater than or equal to \fBmaj\fR.\fBmin\fR. +.PP +\&\fB\s-1OPENSSL_VERSION_NUMBER\s0\fR is a combination of the major, minor and +patch version into a single integer 0xMNN00PP0L, where: +.IP "M" 4 +.IX Item "M" +is the number from \fB\s-1OPENSSL_VERSION_MAJOR\s0\fR, in hexadecimal notation +.IP "\s-1NN\s0" 4 +.IX Item "NN" +is the number from \fB\s-1OPENSSL_VERSION_MINOR\s0\fR, in hexadecimal notation +.IP "\s-1PP\s0" 4 +.IX Item "PP" +is the number from \fB\s-1OPENSSL_VERSION_PATCH\s0\fR, in hexadecimal notation +.SS "Functions" +.IX Subsection "Functions" +\&\fBOPENSSL_version_major()\fR, \fBOPENSSL_version_minor()\fR, \fBOPENSSL_version_patch()\fR, +\&\fBOPENSSL_version_pre_release()\fR, and \fBOPENSSL_version_build_metadata()\fR return +the values of the macros above for the build of the library, respectively. +.PP +\&\fBOpenSSL_version()\fR returns different strings depending on \fIt\fR: +.IP "\s-1OPENSSL_VERSION\s0" 4 +.IX Item "OPENSSL_VERSION" +The value of \fB\s-1OPENSSL_VERSION_TEXT\s0\fR +.IP "\s-1OPENSSL_VERSION_STRING\s0" 4 +.IX Item "OPENSSL_VERSION_STRING" +The value of \fB\s-1OPENSSL_VERSION_STR\s0\fR +.IP "\s-1OPENSSL_FULL_VERSION_STRING\s0" 4 +.IX Item "OPENSSL_FULL_VERSION_STRING" +The value of \fB\s-1OPENSSL_FULL_VERSION_STR\s0\fR +.IP "\s-1OPENSSL_CFLAGS\s0" 4 +.IX Item "OPENSSL_CFLAGS" +The compiler flags set for the compilation process in the form +\&\f(CW\*(C`compiler: ...\*(C'\fR if available, or \f(CW\*(C`compiler: information not available\*(C'\fR +otherwise. +.IP "\s-1OPENSSL_BUILT_ON\s0" 4 +.IX Item "OPENSSL_BUILT_ON" +The date of the build process in the form \f(CW\*(C`built on: ...\*(C'\fR if available +or \f(CW\*(C`built on: date not available\*(C'\fR otherwise. +The date would not be available in a reproducible build, for example. +.IP "\s-1OPENSSL_PLATFORM\s0" 4 +.IX Item "OPENSSL_PLATFORM" +The \*(L"Configure\*(R" target of the library build in the form \f(CW\*(C`platform: ...\*(C'\fR +if available, or \f(CW\*(C`platform: information not available\*(C'\fR otherwise. +.IP "\s-1OPENSSL_DIR\s0" 4 +.IX Item "OPENSSL_DIR" +The \fB\s-1OPENSSLDIR\s0\fR setting of the library build in the form \f(CW\*(C`OPENSSLDIR: "..."\*(C'\fR +if available, or \f(CW\*(C`OPENSSLDIR: N/A\*(C'\fR otherwise. +.IP "\s-1OPENSSL_ENGINES_DIR\s0" 4 +.IX Item "OPENSSL_ENGINES_DIR" +The \fB\s-1ENGINESDIR\s0\fR setting of the library build in the form \f(CW\*(C`ENGINESDIR: "..."\*(C'\fR +if available, or \f(CW\*(C`ENGINESDIR: N/A\*(C'\fR otherwise. This option is deprecated in +OpenSSL 3.0. +.IP "\s-1OPENSSL_MODULES_DIR\s0" 4 +.IX Item "OPENSSL_MODULES_DIR" +The \fB\s-1MODULESDIR\s0\fR setting of the library build in the form \f(CW\*(C`MODULESDIR: "..."\*(C'\fR +if available, or \f(CW\*(C`MODULESDIR: N/A\*(C'\fR otherwise. +.IP "\s-1OPENSSL_CPU_INFO\s0" 4 +.IX Item "OPENSSL_CPU_INFO" +The current OpenSSL cpu settings. +This is the current setting of the cpu capability flags. It is usually +automatically configured but may be set via an environment variable. +The value has the same syntax as the environment variable. +For x86 the string looks like \f(CW\*(C`CPUINFO: OPENSSL_ia32cap=0x123:0x456\*(C'\fR +or \f(CW\*(C`CPUINFO: N/A\*(C'\fR if not available. +.PP +For an unknown \fIt\fR, the text \f(CW\*(C`not available\*(C'\fR is returned. +.PP +\&\fBOPENSSL_info()\fR also returns different strings depending on \fIt\fR: +.IP "\s-1OPENSSL_INFO_CONFIG_DIR\s0" 4 +.IX Item "OPENSSL_INFO_CONFIG_DIR" +The configured \f(CW\*(C`OPENSSLDIR\*(C'\fR, which is the default location for +OpenSSL configuration files. +.IP "\s-1OPENSSL_INFO_ENGINES_DIR\s0" 4 +.IX Item "OPENSSL_INFO_ENGINES_DIR" +The configured \f(CW\*(C`ENGINESDIR\*(C'\fR, which is the default location for +OpenSSL engines. +.IP "\s-1OPENSSL_INFO_MODULES_DIR\s0" 4 +.IX Item "OPENSSL_INFO_MODULES_DIR" +The configured \f(CW\*(C`MODULESDIR\*(C'\fR, which is the default location for +dynamically loadable OpenSSL modules other than engines. +.IP "\s-1OPENSSL_INFO_DSO_EXTENSION\s0" 4 +.IX Item "OPENSSL_INFO_DSO_EXTENSION" +The configured dynamically loadable module extension. +.IP "\s-1OPENSSL_INFO_DIR_FILENAME_SEPARATOR\s0" 4 +.IX Item "OPENSSL_INFO_DIR_FILENAME_SEPARATOR" +The separator between a directory specification and a filename. +Note that on some operating systems, this is not the same as the +separator between directory elements. +.IP "\s-1OPENSSL_INFO_LIST_SEPARATOR\s0" 4 +.IX Item "OPENSSL_INFO_LIST_SEPARATOR" +The OpenSSL list separator. +This is typically used in strings that are lists of items, such as the +value of the environment variable \f(CW$PATH\fR on Unix (where the +separator is \f(CW\*(C`:\*(C'\fR) or \f(CW\*(C`%PATH%\*(C'\fR on Windows (where the separator is +\&\f(CW\*(C`;\*(C'\fR). +.IP "\s-1OPENSSL_INFO_CPU_SETTINGS\s0" 4 +.IX Item "OPENSSL_INFO_CPU_SETTINGS" +The current OpenSSL cpu settings. +This is the current setting of the cpu capability flags. It is usually +automatically configured but may be set via an environment variable. +The value has the same syntax as the environment variable. +For x86 the string looks like \f(CW\*(C`OPENSSL_ia32cap=0x123:0x456\*(C'\fR. +.PP +For an unknown \fIt\fR, \s-1NULL\s0 is returned. +.PP +\&\fBOpenSSL_version_num()\fR returns the value of \fB\s-1OPENSSL_VERSION_NUMBER\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOPENSSL_version_major()\fR, \fBOPENSSL_version_minor()\fR and \fBOPENSSL_version_patch()\fR +return the version number parts as integers. +.PP +\&\fBOPENSSL_version_pre_release()\fR and \fBOPENSSL_version_build_metadata()\fR return +the values of \fB\s-1OPENSSL_VERSION_PRE_RELEASE\s0\fR and +\&\fB\s-1OPENSSL_VERSION_BUILD_METADATA\s0\fR respectively as constant strings. +For any of them that is undefined, the empty string is returned. +.PP +\&\fBOpenSSL_version()\fR returns constant strings. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The macros and functions described here were added in OpenSSL 3.0, +except for \s-1OPENSSL_VERSION_NUMBER\s0 and \fBOpenSSL_version_num()\fR. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2022 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PEM_X509_INFO_read_bio_ex.3 b/secure/lib/libcrypto/man/man3/PEM_X509_INFO_read_bio_ex.3 new file mode 100644 index 000000000000..4ac89b8c4e65 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PEM_X509_INFO_read_bio_ex.3 @@ -0,0 +1,212 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_X509_INFO_READ_BIO_EX 3ossl" +.TH PEM_X509_INFO_READ_BIO_EX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PEM_X509_INFO_read_ex, PEM_X509_INFO_read, PEM_X509_INFO_read_bio_ex, PEM_X509_INFO_read_bio +\&\- read PEM\-encoded data structures into one or more X509_INFO objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/pem.h> +\& +\& STACK_OF(X509_INFO) *PEM_X509_INFO_read_ex(FILE *fp, STACK_OF(X509_INFO) *sk, +\& pem_password_cb *cb, void *u, +\& OSSL_LIB_CTX *libctx, +\& const char *propq); +\& STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, +\& pem_password_cb *cb, void *u); +\& STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio_ex(BIO *bio, +\& STACK_OF(X509_INFO) *sk, +\& pem_password_cb *cb, void *u, +\& OSSL_LIB_CTX *libctx, +\& const char *propq); +\& STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, +\& pem_password_cb *cb, void *u); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPEM_X509_INFO_read_ex()\fR loads the \fBX509_INFO\fR objects from a file \fIfp\fR. +.PP +\&\fBPEM_X509_INFO_read()\fR is similar to \fBPEM_X509_INFO_read_ex()\fR +but uses the default (\s-1NULL\s0) library context \fIlibctx\fR +and empty property query \fIpropq\fR. +.PP +\&\fBPEM_X509_INFO_read_bio_ex()\fR loads the \fBX509_INFO\fR objects using a bio \fIbp\fR. +.PP +\&\fBPEM_X509_INFO_read_bio()\fR is similar to \fBPEM_X509_INFO_read_bio_ex()\fR +but uses the default (\s-1NULL\s0) library context \fIlibctx\fR +and empty property query \fIpropq\fR. +.PP +Each of the loaded \fBX509_INFO\fR objects can contain a \s-1CRL,\s0 a certificate, +and/or a private key. +The elements are read sequentially, and as far as they are of different type than +the elements read before, they are combined into the same \fBX509_INFO\fR object. +The idea behind this is that if, for instance, a certificate is followed by +a private key, the private key is supposed to correspond to the certificate. +.PP +If the input stack \fIsk\fR is \s-1NULL\s0 a new stack is allocated, +else the given stack is extended. +.PP +The optional \fIcb\fR and \fIu\fR parameters can be used for providing a pass phrase +needed for decrypting encrypted \s-1PEM\s0 structures (normally only private keys). +See \fBPEM_read_bio_PrivateKey\fR\|(3) and \fBpassphrase\-encoding\fR\|(7) for details. +.PP +The library context \fIlibctx\fR and property query \fIpropq\fR are used for fetching +algorithms from providers. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPEM_X509_INFO_read_ex()\fR, \fBPEM_X509_INFO_read()\fR, +\&\fBPEM_X509_INFO_read_bio_ex()\fR and \fBPEM_X509_INFO_read_bio()\fR return +a stack of \fBX509_INFO\fR objects or \s-1NULL\s0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPEM_read_bio_ex\fR\|(3), +\&\fBPEM_read_bio_PrivateKey\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The functions \fBPEM_X509_INFO_read_ex()\fR and +\&\fBPEM_X509_INFO_read_bio_ex()\fR were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2022 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PEM_bytes_read_bio.3 b/secure/lib/libcrypto/man/man3/PEM_bytes_read_bio.3 index 8f2912991341..74cdb4a2d001 100644 --- a/secure/lib/libcrypto/man/man3/PEM_bytes_read_bio.3 +++ b/secure/lib/libcrypto/man/man3/PEM_bytes_read_bio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "PEM_BYTES_READ_BIO 3" -.TH PEM_BYTES_READ_BIO 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "PEM_BYTES_READ_BIO 3ossl" +.TH PEM_BYTES_READ_BIO 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -210,7 +208,7 @@ It will simply be treated as a byte sequence. .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PEM_read.3 b/secure/lib/libcrypto/man/man3/PEM_read.3 index 20077f853820..36793e7e5f89 100644 --- a/secure/lib/libcrypto/man/man3/PEM_read.3 +++ b/secure/lib/libcrypto/man/man3/PEM_read.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,23 +130,25 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "PEM_READ 3" -.TH PEM_READ 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "PEM_READ 3ossl" +.TH PEM_READ 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -PEM_write, PEM_write_bio, PEM_read, PEM_read_bio, PEM_do_header, PEM_get_EVP_CIPHER_INFO \&\- PEM encoding routines +PEM_write, PEM_write_bio, +PEM_read, PEM_read_bio, PEM_do_header, PEM_get_EVP_CIPHER_INFO +\&\- PEM encoding routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/pem.h> \& \& int PEM_write(FILE *fp, const char *name, const char *header, -\& const unsigned char *data, long len) +\& const unsigned char *data, long len); \& int PEM_write_bio(BIO *bp, const char *name, const char *header, -\& const unsigned char *data, long len) +\& const unsigned char *data, long len); \& \& int PEM_read(FILE *fp, char **name, char **header, \& unsigned char **data, long *len); @@ -255,9 +255,9 @@ It will simply be treated as a byte sequence. \&\fBpassphrase\-encoding\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 1998\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 1998\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PEM_read_CMS.3 b/secure/lib/libcrypto/man/man3/PEM_read_CMS.3 index a29485188b2e..79e84d0d0fad 100644 --- a/secure/lib/libcrypto/man/man3/PEM_read_CMS.3 +++ b/secure/lib/libcrypto/man/man3/PEM_read_CMS.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,52 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "PEM_READ_CMS 3" -.TH PEM_READ_CMS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "PEM_READ_CMS 3ossl" +.TH PEM_READ_CMS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -DECLARE_PEM_rw, PEM_read_CMS, PEM_read_bio_CMS, PEM_write_CMS, PEM_write_bio_CMS, PEM_write_DHxparams, PEM_write_bio_DHxparams, PEM_read_ECPKParameters, PEM_read_bio_ECPKParameters, PEM_write_ECPKParameters, PEM_write_bio_ECPKParameters, PEM_read_ECPrivateKey, PEM_write_ECPrivateKey, PEM_write_bio_ECPrivateKey, PEM_read_EC_PUBKEY, PEM_read_bio_EC_PUBKEY, PEM_write_EC_PUBKEY, PEM_write_bio_EC_PUBKEY, PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, PEM_write_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, PEM_read_PKCS8, PEM_read_bio_PKCS8, PEM_write_PKCS8, PEM_write_bio_PKCS8, PEM_write_PKCS8_PRIV_KEY_INFO, PEM_read_bio_PKCS8_PRIV_KEY_INFO, PEM_read_PKCS8_PRIV_KEY_INFO, PEM_write_bio_PKCS8_PRIV_KEY_INFO, PEM_read_SSL_SESSION, PEM_read_bio_SSL_SESSION, PEM_write_SSL_SESSION, PEM_write_bio_SSL_SESSION \&\- PEM object encoding routines +DECLARE_PEM_rw, +PEM_read_CMS, +PEM_read_bio_CMS, +PEM_write_CMS, +PEM_write_bio_CMS, +PEM_write_DHxparams, +PEM_write_bio_DHxparams, +PEM_read_ECPKParameters, +PEM_read_bio_ECPKParameters, +PEM_write_ECPKParameters, +PEM_write_bio_ECPKParameters, +PEM_read_ECPrivateKey, +PEM_write_ECPrivateKey, +PEM_write_bio_ECPrivateKey, +PEM_read_EC_PUBKEY, +PEM_read_bio_EC_PUBKEY, +PEM_write_EC_PUBKEY, +PEM_write_bio_EC_PUBKEY, +PEM_read_NETSCAPE_CERT_SEQUENCE, +PEM_read_bio_NETSCAPE_CERT_SEQUENCE, +PEM_write_NETSCAPE_CERT_SEQUENCE, +PEM_write_bio_NETSCAPE_CERT_SEQUENCE, +PEM_read_PKCS8, +PEM_read_bio_PKCS8, +PEM_write_PKCS8, +PEM_write_bio_PKCS8, +PEM_write_PKCS8_PRIV_KEY_INFO, +PEM_read_bio_PKCS8_PRIV_KEY_INFO, +PEM_read_PKCS8_PRIV_KEY_INFO, +PEM_write_bio_PKCS8_PRIV_KEY_INFO, +PEM_read_SSL_SESSION, +PEM_read_bio_SSL_SESSION, +PEM_write_SSL_SESSION, +PEM_write_bio_SSL_SESSION, +PEM_read_X509_PUBKEY, +PEM_read_bio_X509_PUBKEY, +PEM_write_X509_PUBKEY, +PEM_write_bio_X509_PUBKEY +\&\- PEM object encoding routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -152,10 +188,43 @@ DECLARE_PEM_rw, PEM_read_CMS, PEM_read_bio_CMS, PEM_write_CMS, PEM_write_bio_CMS \& int PEM_write_TYPE(FILE *fp, const TYPE *a); \& int PEM_write_bio_TYPE(BIO *bp, const TYPE *a); .Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& #include <openssl/pem.h> +\& +\& int PEM_write_DHxparams(FILE *out, const DH *dh); +\& int PEM_write_bio_DHxparams(BIO *out, const DH *dh); +\& EC_GROUP *PEM_read_ECPKParameters(FILE *fp, EC_GROUP **x, pem_password_cb *cb, void *u); +\& EC_GROUP *PEM_read_bio_ECPKParameters(BIO *bp, EC_GROUP **x, pem_password_cb *cb, void *u); +\& int PEM_write_ECPKParameters(FILE *out, const EC_GROUP *x); +\& int PEM_write_bio_ECPKParameters(BIO *out, const EC_GROUP *x), +\& +\& EC_KEY *PEM_read_EC_PUBKEY(FILE *fp, EC_KEY **x, pem_password_cb *cb, void *u); +\& EC_KEY *PEM_read_bio_EC_PUBKEY(BIO *bp, EC_KEY **x, pem_password_cb *cb, void *u); +\& int PEM_write_EC_PUBKEY(FILE *out, const EC_KEY *x); +\& int PEM_write_bio_EC_PUBKEY(BIO *out, const EC_KEY *x); +\& +\& EC_KEY *PEM_read_ECPrivateKey(FILE *out, EC_KEY **x, pem_password_cb *cb, void *u); +\& EC_KEY *PEM_read_bio_ECPrivateKey(BIO *out, EC_KEY **x, pem_password_cb *cb, void *u); +\& int PEM_write_ECPrivateKey(FILE *out, const EC_KEY *x, const EVP_CIPHER *enc, +\& const unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_ECPrivateKey(BIO *out, const EC_KEY *x, const EVP_CIPHER *enc, +\& const unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -In the description below, \fI\s-1TYPE\s0\fR is used -as a placeholder for any of the OpenSSL datatypes, such as \fIX509\fR. +All of the functions described on this page are deprecated. +Applications should use \fBOSSL_ENCODER_to_bio()\fR and \fBOSSL_DECODER_from_bio()\fR +instead. +.PP +In the description below, \fB\f(BI\s-1TYPE\s0\fB\fR is used +as a placeholder for any of the OpenSSL datatypes, such as \fBX509\fR. The macro \fBDECLARE_PEM_rw\fR expands to the set of declarations shown in the next four lines of the synopsis. .PP @@ -164,15 +233,17 @@ the \s-1PEM\s0 encoding. For more information on the templates, see \&\s-1\fBASN1_ITEM\s0\fR\|(3). For more information on the lower-level routines used by the functions here, see \fBPEM_read\fR\|(3). .PP -\&\fBPEM_read_TYPE()\fR reads a PEM-encoded object of \fI\s-1TYPE\s0\fR from the file \fBfp\fR -and returns it. The \fBcb\fR and \fBu\fR parameters are as described in +\&\fBPEM_read_\f(BI\s-1TYPE\s0\fB\fR() reads a PEM-encoded object of \fB\f(BI\s-1TYPE\s0\fB\fR from the file +\&\fIfp\fR and returns it. The \fIcb\fR and \fIu\fR parameters are as described in \&\fBpem_password_cb\fR\|(3). .PP -\&\fBPEM_read_bio_TYPE()\fR is similar to \fBPEM_read_TYPE()\fR but reads from the \s-1BIO\s0 \fBbp\fR. +\&\fBPEM_read_bio_\f(BI\s-1TYPE\s0\fB\fR() is similar to \fBPEM_read_\f(BI\s-1TYPE\s0\fB\fR() but reads from +the \s-1BIO\s0 \fIbp\fR. .PP -\&\fBPEM_write_TYPE()\fR writes the \s-1PEM\s0 encoding of the object \fBa\fR to the file \fBfp\fR. +\&\fBPEM_write_\f(BI\s-1TYPE\s0\fB\fR() writes the \s-1PEM\s0 encoding of the object \fIa\fR to the file +\&\fIfp\fR. .PP -\&\fBPEM_write_bio_TYPE()\fR similarly writes to the \s-1BIO\s0 \fBbp\fR. +\&\fBPEM_write_bio_\f(BI\s-1TYPE\s0\fB\fR() similarly writes to the \s-1BIO\s0 \fIbp\fR. .SH "NOTES" .IX Header "NOTES" These functions make no assumption regarding the pass phrase received from the @@ -180,20 +251,30 @@ password callback. It will simply be treated as a byte sequence. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBPEM_read_TYPE()\fR and \fBPEM_read_bio_TYPE()\fR return a pointer to an allocated -object, which should be released by calling \fBTYPE_free()\fR, or \s-1NULL\s0 on error. +\&\fBPEM_read_\f(BI\s-1TYPE\s0\fB\fR() and \fBPEM_read_bio_\f(BI\s-1TYPE\s0\fB\fR() return a pointer to an +allocated object, which should be released by calling \fB\f(BI\s-1TYPE\s0\fB_free\fR(), or +\&\s-1NULL\s0 on error. .PP -\&\fBPEM_write_TYPE()\fR and \fBPEM_write_bio_TYPE()\fR return the number of bytes written -or zero on error. +\&\fBPEM_write_\f(BI\s-1TYPE\s0\fB\fR() and \fBPEM_write_bio_\f(BI\s-1TYPE\s0\fB\fR() return 1 for success or 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBPEM_read\fR\|(3), \&\fBpassphrase\-encoding\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The functions \fBPEM_write_DHxparams()\fR, \fBPEM_write_bio_DHxparams()\fR, +\&\fBPEM_read_ECPKParameters()\fR, \fBPEM_read_bio_ECPKParameters()\fR, +\&\fBPEM_write_ECPKParameters()\fR, \fBPEM_write_bio_ECPKParameters()\fR, +\&\fBPEM_read_EC_PUBKEY()\fR, \fBPEM_read_bio_EC_PUBKEY()\fR, +\&\fBPEM_write_EC_PUBKEY()\fR, \fBPEM_write_bio_EC_PUBKEY()\fR, +\&\fBPEM_read_ECPrivateKey()\fR, \fBPEM_read_bio_ECPrivateKey()\fR, +\&\fBPEM_write_ECPrivateKey()\fR and \fBPEM_write_bio_ECPrivateKey()\fR +were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 1998\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 1998\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PEM_read_bio_PrivateKey.3 b/secure/lib/libcrypto/man/man3/PEM_read_bio_PrivateKey.3 index a0fb6625bac3..2b22e6489464 100644 --- a/secure/lib/libcrypto/man/man3/PEM_read_bio_PrivateKey.3 +++ b/secure/lib/libcrypto/man/man3/PEM_read_bio_PrivateKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,43 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "PEM_READ_BIO_PRIVATEKEY 3" -.TH PEM_READ_BIO_PRIVATEKEY 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "PEM_READ_BIO_PRIVATEKEY 3ossl" +.TH PEM_READ_BIO_PRIVATEKEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -pem_password_cb, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, PEM_write_bio_PrivateKey_traditional, PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, PEM_write_DSA_PUBKEY, PEM_read_bio_Parameters, PEM_write_bio_Parameters, PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7 \- PEM routines +pem_password_cb, +PEM_read_bio_PrivateKey_ex, PEM_read_bio_PrivateKey, +PEM_read_PrivateKey_ex, PEM_read_PrivateKey, +PEM_write_bio_PrivateKey_ex, PEM_write_bio_PrivateKey, +PEM_write_bio_PrivateKey_traditional, +PEM_write_PrivateKey_ex, PEM_write_PrivateKey, +PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, +PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, +PEM_read_bio_PUBKEY_ex, PEM_read_bio_PUBKEY, +PEM_read_PUBKEY_ex, PEM_read_PUBKEY, +PEM_write_bio_PUBKEY_ex, PEM_write_bio_PUBKEY, +PEM_write_PUBKEY_ex, PEM_write_PUBKEY, +PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, +PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, +PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, +PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, +PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, +PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, +PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, +PEM_write_DSA_PUBKEY, PEM_read_bio_Parameters_ex, PEM_read_bio_Parameters, +PEM_write_bio_Parameters, PEM_read_bio_DSAparams, PEM_read_DSAparams, +PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, +PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, +PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, +PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, +PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, +PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, +PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, +PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, +PEM_write_bio_PKCS7, PEM_write_PKCS7 \- PEM routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -147,41 +174,107 @@ pem_password_cb, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_Pri \& \& typedef int pem_password_cb(char *buf, int size, int rwflag, void *u); \& +\& EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u, +\& OSSL_LIB_CTX *libctx, const char *propq); \& EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, \& pem_password_cb *cb, void *u); +\& EVP_PKEY *PEM_read_PrivateKey_ex(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, +\& void *u, OSSL_LIB_CTX *libctx, +\& const char *propq); \& EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, \& pem_password_cb *cb, void *u); -\& int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& int PEM_write_bio_PrivateKey_ex(BIO *bp, const EVP_PKEY *x, +\& const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u, +\& OSSL_LIB_CTX *libctx, const char *propq); +\& int PEM_write_bio_PrivateKey(BIO *bp, const EVP_PKEY *x, const EVP_CIPHER *enc, \& unsigned char *kstr, int klen, \& pem_password_cb *cb, void *u); \& int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x, \& const EVP_CIPHER *enc, \& unsigned char *kstr, int klen, \& pem_password_cb *cb, void *u); +\& int PEM_write_PrivateKey_ex(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u, +\& OSSL_LIB_CTX *libctx, const char *propq); \& int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, \& unsigned char *kstr, int klen, \& pem_password_cb *cb, void *u); -\& \& int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, \& char *kstr, int klen, \& pem_password_cb *cb, void *u); \& int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, \& char *kstr, int klen, \& pem_password_cb *cb, void *u); -\& int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, +\& int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, const EVP_PKEY *x, int nid, \& char *kstr, int klen, \& pem_password_cb *cb, void *u); -\& int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, +\& int PEM_write_PKCS8PrivateKey_nid(FILE *fp, const EVP_PKEY *x, int nid, \& char *kstr, int klen, \& pem_password_cb *cb, void *u); \& +\& EVP_PKEY *PEM_read_bio_PUBKEY_ex(BIO *bp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u, +\& OSSL_LIB_CTX *libctx, const char *propq); \& EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x, \& pem_password_cb *cb, void *u); +\& EVP_PKEY *PEM_read_PUBKEY_ex(FILE *fp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u, +\& OSSL_LIB_CTX *libctx, const char *propq); \& EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x, \& pem_password_cb *cb, void *u); +\& int PEM_write_bio_PUBKEY_ex(BIO *bp, EVP_PKEY *x, +\& OSSL_LIB_CTX *libctx, const char *propq); \& int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x); +\& int PEM_write_PUBKEY_ex(FILE *fp, EVP_PKEY *x, +\& OSSL_LIB_CTX *libctx, const char *propq); \& int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x); \& +\& EVP_PKEY *PEM_read_bio_Parameters_ex(BIO *bp, EVP_PKEY **x, +\& OSSL_LIB_CTX *libctx, const char *propq); +\& EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); +\& int PEM_write_bio_Parameters(BIO *bp, const EVP_PKEY *x); +\& +\& X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u); +\& X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u); +\& int PEM_write_bio_X509(BIO *bp, X509 *x); +\& int PEM_write_X509(FILE *fp, X509 *x); +\& +\& X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u); +\& X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u); +\& int PEM_write_bio_X509_AUX(BIO *bp, X509 *x); +\& int PEM_write_X509_AUX(FILE *fp, X509 *x); +\& +\& X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x, +\& pem_password_cb *cb, void *u); +\& X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x); +\& int PEM_write_X509_REQ(FILE *fp, X509_REQ *x); +\& int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x); +\& int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x); +\& +\& X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x, +\& pem_password_cb *cb, void *u); +\& X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x); +\& int PEM_write_X509_CRL(FILE *fp, X509_CRL *x); +\& +\& PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u); +\& PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u); +\& int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x); +\& int PEM_write_PKCS7(FILE *fp, PKCS7 *x); +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 10 \& RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x, \& pem_password_cb *cb, void *u); \& RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x, @@ -224,10 +317,6 @@ pem_password_cb, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_Pri \& pem_password_cb *cb, void *u); \& int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x); \& int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x); -\& -\& EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); -\& int PEM_write_bio_Parameters(BIO *bp, const EVP_PKEY *x); -\& \& DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u); \& DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u); \& int PEM_write_bio_DSAparams(BIO *bp, DSA *x); @@ -237,40 +326,13 @@ pem_password_cb, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_Pri \& DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u); \& int PEM_write_bio_DHparams(BIO *bp, DH *x); \& int PEM_write_DHparams(FILE *fp, DH *x); -\& -\& X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u); -\& X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u); -\& int PEM_write_bio_X509(BIO *bp, X509 *x); -\& int PEM_write_X509(FILE *fp, X509 *x); -\& -\& X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u); -\& X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u); -\& int PEM_write_bio_X509_AUX(BIO *bp, X509 *x); -\& int PEM_write_X509_AUX(FILE *fp, X509 *x); -\& -\& X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x, -\& pem_password_cb *cb, void *u); -\& X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x, -\& pem_password_cb *cb, void *u); -\& int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x); -\& int PEM_write_X509_REQ(FILE *fp, X509_REQ *x); -\& int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x); -\& int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x); -\& -\& X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x, -\& pem_password_cb *cb, void *u); -\& X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x, -\& pem_password_cb *cb, void *u); -\& int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x); -\& int PEM_write_X509_CRL(FILE *fp, X509_CRL *x); -\& -\& PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u); -\& PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u); -\& int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x); -\& int PEM_write_PKCS7(FILE *fp, PKCS7 *x); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page that have a \fI\s-1TYPE\s0\fR of \fB\s-1DH\s0\fR, \fB\s-1DSA\s0\fR +and \fB\s-1RSA\s0\fR are deprecated. Applications should use \fBOSSL_ENCODER_to_bio\fR\|(3) and +\&\fBOSSL_DECODER_from_bio\fR\|(3) instead. +.PP The \s-1PEM\s0 functions read or write structures in \s-1PEM\s0 format. In this sense \s-1PEM\s0 format is simply base64 encoded data surrounded by header lines. @@ -279,13 +341,23 @@ For more details about the meaning of arguments see the \&\fB\s-1PEM FUNCTION ARGUMENTS\s0\fR section. .PP Each operation has four functions associated with it. For -brevity the term "\fB\s-1TYPE\s0\fR functions" will be used below to collectively -refer to the \fBPEM_read_bio_TYPE()\fR, \fBPEM_read_TYPE()\fR, -\&\fBPEM_write_bio_TYPE()\fR, and \fBPEM_write_TYPE()\fR functions. -.PP -The \fBPrivateKey\fR functions read or write a private key in \s-1PEM\s0 format using an -\&\s-1EVP_PKEY\s0 structure. The write routines use PKCS#8 private key format and are -equivalent to \fBPEM_write_bio_PKCS8PrivateKey()\fR.The read functions transparently +brevity the term "\fB\f(BI\s-1TYPE\s0\fB\fR functions" will be used below to collectively +refer to the \fBPEM_read_bio_\f(BI\s-1TYPE\s0\fB\fR(), \fBPEM_read_\f(BI\s-1TYPE\s0\fB\fR(), +\&\fBPEM_write_bio_\f(BI\s-1TYPE\s0\fB\fR(), and \fBPEM_write_\f(BI\s-1TYPE\s0\fB\fR() functions. +.PP +Some operations have additional variants that take a library context \fIlibctx\fR +and a property query string \fIpropq\fR. The \fBX509\fR, \fBX509_REQ\fR and \fBX509_CRL\fR +objects may have an associated library context or property query string but +there are no variants of these functions that take a library context or property +query string parameter. In this case it is possible to set the appropriate +library context or property query string by creating an empty \fBX509\fR, +\&\fBX509_REQ\fR or \fBX509_CRL\fR object using \fBX509_new_ex\fR\|(3), \fBX509_REQ_new_ex\fR\|(3) +or \fBX509_CRL_new_ex\fR\|(3) respectively. Then pass the empty object as a parameter +to the relevant \s-1PEM\s0 function. See the \*(L"\s-1EXAMPLES\*(R"\s0 section below. +.PP +The \fBPrivateKey\fR functions read or write a private key in \s-1PEM\s0 format using +an \s-1EVP_PKEY\s0 structure. The write routines use PKCS#8 private key format and are +equivalent to \fBPEM_write_bio_PKCS8PrivateKey()\fR. The read functions transparently handle traditional and PKCS#8 format encrypted and unencrypted keys. .PP \&\fBPEM_write_bio_PrivateKey_traditional()\fR writes out a private key in the @@ -294,16 +366,16 @@ be used for compatibility with legacy programs. .PP \&\fBPEM_write_bio_PKCS8PrivateKey()\fR and \fBPEM_write_PKCS8PrivateKey()\fR write a private key in an \s-1EVP_PKEY\s0 structure in PKCS#8 EncryptedPrivateKeyInfo format using -PKCS#5 v2.0 password based encryption algorithms. The \fBcipher\fR argument +PKCS#5 v2.0 password based encryption algorithms. The \fIcipher\fR argument specifies the encryption algorithm to use: unlike some other \s-1PEM\s0 routines the encryption is applied at the PKCS#8 level and not in the \s-1PEM\s0 headers. If -\&\fBcipher\fR is \s-1NULL\s0 then no encryption is used and a PKCS#8 PrivateKeyInfo +\&\fIcipher\fR is \s-1NULL\s0 then no encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead. .PP \&\fBPEM_write_bio_PKCS8PrivateKey_nid()\fR and \fBPEM_write_PKCS8PrivateKey_nid()\fR also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm -to use is specified in the \fBnid\fR parameter and should be the \s-1NID\s0 of the +to use is specified in the \fInid\fR parameter and should be the \s-1NID\s0 of the corresponding \s-1OBJECT IDENTIFIER\s0 (see \s-1NOTES\s0 section). .PP The \fB\s-1PUBKEY\s0\fR functions process a public key using an \s-1EVP_PKEY\s0 @@ -371,36 +443,36 @@ structure. .IX Header "PEM FUNCTION ARGUMENTS" The \s-1PEM\s0 functions have many common arguments. .PP -The \fBbp\fR \s-1BIO\s0 parameter (if present) specifies the \s-1BIO\s0 to read from +The \fIbp\fR \s-1BIO\s0 parameter (if present) specifies the \s-1BIO\s0 to read from or write to. .PP -The \fBfp\fR \s-1FILE\s0 parameter (if present) specifies the \s-1FILE\s0 pointer to +The \fIfp\fR \s-1FILE\s0 parameter (if present) specifies the \s-1FILE\s0 pointer to read from or write to. .PP -The \s-1PEM\s0 read functions all take an argument \fB\s-1TYPE\s0 **x\fR and return -a \fB\s-1TYPE\s0 *\fR pointer. Where \fB\s-1TYPE\s0\fR is whatever structure the function -uses. If \fBx\fR is \s-1NULL\s0 then the parameter is ignored. If \fBx\fR is not -\&\s-1NULL\s0 but \fB*x\fR is \s-1NULL\s0 then the structure returned will be written -to \fB*x\fR. If neither \fBx\fR nor \fB*x\fR is \s-1NULL\s0 then an attempt is made -to reuse the structure at \fB*x\fR (but see \s-1BUGS\s0 and \s-1EXAMPLES\s0 sections). -Irrespective of the value of \fBx\fR a pointer to the structure is always +The \s-1PEM\s0 read functions all take an argument \fI\f(BI\s-1TYPE\s0\fI **x\fR and return +a \fI\f(BI\s-1TYPE\s0\fI *\fR pointer. Where \fI\f(BI\s-1TYPE\s0\fI\fR is whatever structure the function +uses. If \fIx\fR is \s-1NULL\s0 then the parameter is ignored. If \fIx\fR is not +\&\s-1NULL\s0 but \fI*x\fR is \s-1NULL\s0 then the structure returned will be written +to \fI*x\fR. If neither \fIx\fR nor \fI*x\fR is \s-1NULL\s0 then an attempt is made +to reuse the structure at \fI*x\fR (but see \s-1BUGS\s0 and \s-1EXAMPLES\s0 sections). +Irrespective of the value of \fIx\fR a pointer to the structure is always returned (or \s-1NULL\s0 if an error occurred). .PP -The \s-1PEM\s0 functions which write private keys take an \fBenc\fR parameter +The \s-1PEM\s0 functions which write private keys take an \fIenc\fR parameter which specifies the encryption algorithm to use, encryption is done at the \s-1PEM\s0 level. If this parameter is set to \s-1NULL\s0 then the private key is written in unencrypted form. .PP -The \fBcb\fR argument is the callback to use when querying for the pass +The \fIcb\fR argument is the callback to use when querying for the pass phrase used for encrypted \s-1PEM\s0 structures (normally only private keys). .PP -For the \s-1PEM\s0 write routines if the \fBkstr\fR parameter is not \s-1NULL\s0 then -\&\fBklen\fR bytes at \fBkstr\fR are used as the passphrase and \fBcb\fR is +For the \s-1PEM\s0 write routines if the \fIkstr\fR parameter is not \s-1NULL\s0 then +\&\fIklen\fR bytes at \fIkstr\fR are used as the passphrase and \fIcb\fR is ignored. .PP -If the \fBcb\fR parameters is set to \s-1NULL\s0 and the \fBu\fR parameter is not -\&\s-1NULL\s0 then the \fBu\fR parameter is interpreted as a null terminated string -to use as the passphrase. If both \fBcb\fR and \fBu\fR are \s-1NULL\s0 then the +If the \fIcb\fR parameters is set to \s-1NULL\s0 and the \fIu\fR parameter is not +\&\s-1NULL\s0 then the \fIu\fR parameter is interpreted as a \s-1NUL\s0 terminated string +to use as the passphrase. If both \fIcb\fR and \fIu\fR are \s-1NULL\s0 then the default callback routine is used which will typically prompt for the passphrase on the current terminal with echoing turned off. .PP @@ -412,18 +484,29 @@ routine has the following form: \& int cb(char *buf, int size, int rwflag, void *u); .Ve .PP -\&\fBbuf\fR is the buffer to write the passphrase to. \fBsize\fR is the maximum -length of the passphrase (i.e. the size of buf). \fBrwflag\fR is a flag +\&\fIbuf\fR is the buffer to write the passphrase to. \fIsize\fR is the maximum +length of the passphrase (i.e. the size of buf). \fIrwflag\fR is a flag which is set to 0 when reading and 1 when writing. A typical routine will ask the user to verify the passphrase (for example by prompting -for it twice) if \fBrwflag\fR is 1. The \fBu\fR parameter has the same -value as the \fBu\fR parameter passed to the \s-1PEM\s0 routine. It allows +for it twice) if \fIrwflag\fR is 1. The \fIu\fR parameter has the same +value as the \fIu\fR parameter passed to the \s-1PEM\s0 routine. It allows arbitrary data to be passed to the callback by the application (for example a window handle in a \s-1GUI\s0 application). The callback -\&\fBmust\fR return the number of characters in the passphrase or \-1 if -an error occurred. +\&\fImust\fR return the number of characters in the passphrase or \-1 if +an error occurred. The passphrase can be arbitrary data; in the case where it +is a string, it is not \s-1NUL\s0 terminated. See the \*(L"\s-1EXAMPLES\*(R"\s0 section below. +.PP +Some implementations may need to use cryptographic algorithms during their +operation. If this is the case and \fIlibctx\fR and \fIpropq\fR parameters have been +passed then any algorithm fetches will use that library context and property +query string. Otherwise the default library context and property query string +will be used. .SH "NOTES" .IX Header "NOTES" +The \s-1PEM\s0 reading functions will skip any extraneous content or \s-1PEM\s0 data of +a different type than they expect. This allows for example having a certificate +(or multiple certificates) and a key in the \s-1PEM\s0 format in a single file. +.PP The old \fBPrivateKey\fR write routines are retained for compatibility. New applications should write private keys using the \&\fBPEM_write_bio_PKCS8PrivateKey()\fR or \fBPEM_write_PKCS8PrivateKey()\fR routines @@ -443,7 +526,7 @@ this: \& PEM_read_bio_X509(bp, &x, 0, NULL); .Ve .PP -this is a bug because an attempt will be made to reuse the data at \fBx\fR +this is a bug because an attempt will be made to reuse the data at \fIx\fR which is an uninitialised pointer. .PP These functions make no assumption regarding the pass phrase received from the @@ -472,15 +555,15 @@ cipher encoded as a set of hexadecimal digits. After those two lines is the base64\-encoded encrypted data. .PP The encryption key is derived using \fBEVP_BytesToKey()\fR. The cipher's -initialization vector is passed to \fBEVP_BytesToKey()\fR as the \fBsalt\fR +initialization vector is passed to \fBEVP_BytesToKey()\fR as the \fIsalt\fR parameter. Internally, \fB\s-1PKCS5_SALT_LEN\s0\fR bytes of the salt are used (regardless of the size of the initialization vector). The user's -password is passed to \fBEVP_BytesToKey()\fR using the \fBdata\fR and \fBdatal\fR +password is passed to \fBEVP_BytesToKey()\fR using the \fIdata\fR and \fIdatal\fR parameters. Finally, the library uses an iteration count of 1 for \&\fBEVP_BytesToKey()\fR. .PP -The \fBkey\fR derived by \fBEVP_BytesToKey()\fR along with the original initialization -vector is then used to decrypt the encrypted data. The \fBiv\fR produced by +The \fIkey\fR derived by \fBEVP_BytesToKey()\fR along with the original initialization +vector is then used to decrypt the encrypted data. The \fIiv\fR produced by \&\fBEVP_BytesToKey()\fR is not utilized or needed, and \s-1NULL\s0 should be passed to the function. .PP @@ -490,8 +573,8 @@ The pseudo code to derive the key would look similar to: \& EVP_CIPHER* cipher = EVP_des_ede3_cbc(); \& EVP_MD* md = EVP_md5(); \& -\& unsigned int nkey = EVP_CIPHER_key_length(cipher); -\& unsigned int niv = EVP_CIPHER_iv_length(cipher); +\& unsigned int nkey = EVP_CIPHER_get_key_length(cipher); +\& unsigned int niv = EVP_CIPHER_get_iv_length(cipher); \& unsigned char key[nkey]; \& unsigned char iv[niv]; \& @@ -511,14 +594,15 @@ an existing structure. Therefore, the following: \& PEM_read_bio_X509(bp, &x, 0, NULL); .Ve .PP -where \fBx\fR already contains a valid certificate, may not work, whereas: +where \fIx\fR already contains a valid certificate, may not work, whereas: .PP .Vb 2 \& X509_free(x); \& x = PEM_read_bio_X509(bp, NULL, 0, NULL); .Ve .PP -is guaranteed to work. +is guaranteed to work. It is always acceptable for \fIx\fR to contain a newly +allocated, empty \fBX509\fR object (for example allocated via \fBX509_new_ex\fR\|(3)). .SH "RETURN VALUES" .IX Header "RETURN VALUES" The read routines return either a pointer to the structure read or \s-1NULL\s0 @@ -530,6 +614,18 @@ The write routines return 1 for success or 0 for failure. Although the \s-1PEM\s0 routines take several arguments in almost all applications most of them are set to 0 or \s-1NULL.\s0 .PP +To read a certificate with a library context in \s-1PEM\s0 format from a \s-1BIO:\s0 +.PP +.Vb 1 +\& X509 *x = X509_new_ex(libctx, NULL); +\& +\& if (x == NULL) +\& /* Error */ +\& +\& if (PEM_read_bio_X509(bp, &x, 0, NULL) == NULL) +\& /* Error */ +.Ve +.PP Read a certificate in \s-1PEM\s0 format from a \s-1BIO:\s0 .PP .Vb 1 @@ -612,11 +708,30 @@ Skeleton pass phrase callback: The old Netscape certificate sequences were no longer documented in OpenSSL 1.1.0; applications should use the \s-1PKCS7\s0 standard instead as they will be formally deprecated in a future releases. +.PP +\&\fBPEM_read_bio_PrivateKey_ex()\fR, \fBPEM_read_PrivateKey_ex()\fR, +\&\fBPEM_read_bio_PUBKEY_ex()\fR, \fBPEM_read_PUBKEY_ex()\fR and +\&\fBPEM_read_bio_Parameters_ex()\fR were introduced in OpenSSL 3.0. +.PP +The functions \fBPEM_read_bio_RSAPrivateKey()\fR, \fBPEM_read_RSAPrivateKey()\fR, +\&\fBPEM_write_bio_RSAPrivateKey()\fR, \fBPEM_write_RSAPrivateKey()\fR, +\&\fBPEM_read_bio_RSAPublicKey()\fR, \fBPEM_read_RSAPublicKey()\fR, +\&\fBPEM_write_bio_RSAPublicKey()\fR, \fBPEM_write_RSAPublicKey()\fR, +\&\fBPEM_read_bio_RSA_PUBKEY()\fR, \fBPEM_read_RSA_PUBKEY()\fR, +\&\fBPEM_write_bio_RSA_PUBKEY()\fR, \fBPEM_write_RSA_PUBKEY()\fR, +\&\fBPEM_read_bio_DSAPrivateKey()\fR, \fBPEM_read_DSAPrivateKey()\fR, +\&\fBPEM_write_bio_DSAPrivateKey()\fR, \fBPEM_write_DSAPrivateKey()\fR, +\&\fBPEM_read_bio_DSA_PUBKEY()\fR, \fBPEM_read_DSA_PUBKEY()\fR, +\&\fBPEM_write_bio_DSA_PUBKEY()\fR, \fBPEM_write_DSA_PUBKEY()\fR; +\&\fBPEM_read_bio_DSAparams()\fR, \fBPEM_read_DSAparams()\fR, +\&\fBPEM_write_bio_DSAparams()\fR, \fBPEM_write_DSAparams()\fR, +\&\fBPEM_read_bio_DHparams()\fR, \fBPEM_read_DHparams()\fR, +\&\fBPEM_write_bio_DHparams()\fR and \fBPEM_write_DHparams()\fR were deprecated in 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PEM_read_bio_ex.3 b/secure/lib/libcrypto/man/man3/PEM_read_bio_ex.3 index 2bbc99ad513c..ae3849264809 100644 --- a/secure/lib/libcrypto/man/man3/PEM_read_bio_ex.3 +++ b/secure/lib/libcrypto/man/man3/PEM_read_bio_ex.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "PEM_READ_BIO_EX 3" -.TH PEM_READ_BIO_EX 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "PEM_READ_BIO_EX 3ossl" +.TH PEM_READ_BIO_EX 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -PEM_read_bio_ex, PEM_FLAG_SECURE, PEM_FLAG_EAY_COMPATIBLE, PEM_FLAG_ONLY_B64 \- read PEM format files with custom processing +PEM_read_bio_ex, PEM_FLAG_SECURE, PEM_FLAG_EAY_COMPATIBLE, +PEM_FLAG_ONLY_B64 \- read PEM format files with custom processing .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -193,7 +192,7 @@ The \fBPEM_read_bio_ex()\fR function was added in OpenSSL 1.1.1. .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PEM_write_bio_CMS_stream.3 b/secure/lib/libcrypto/man/man3/PEM_write_bio_CMS_stream.3 index 997a93416850..a1bfc7a28f1a 100644 --- a/secure/lib/libcrypto/man/man3/PEM_write_bio_CMS_stream.3 +++ b/secure/lib/libcrypto/man/man3/PEM_write_bio_CMS_stream.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "PEM_WRITE_BIO_CMS_STREAM 3" -.TH PEM_WRITE_BIO_CMS_STREAM 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "PEM_WRITE_BIO_CMS_STREAM 3ossl" +.TH PEM_WRITE_BIO_CMS_STREAM 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -174,7 +172,7 @@ The \fBPEM_write_bio_CMS_stream()\fR function was added in OpenSSL 1.0.0. .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PEM_write_bio_PKCS7_stream.3 b/secure/lib/libcrypto/man/man3/PEM_write_bio_PKCS7_stream.3 index 7db25665814f..75b7405eafe9 100644 --- a/secure/lib/libcrypto/man/man3/PEM_write_bio_PKCS7_stream.3 +++ b/secure/lib/libcrypto/man/man3/PEM_write_bio_PKCS7_stream.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "PEM_WRITE_BIO_PKCS7_STREAM 3" -.TH PEM_WRITE_BIO_PKCS7_STREAM 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "PEM_WRITE_BIO_PKCS7_STREAM 3ossl" +.TH PEM_WRITE_BIO_PKCS7_STREAM 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -173,7 +171,7 @@ The \fBPEM_write_bio_PKCS7_stream()\fR function was added in OpenSSL 1.0.0. .IX Header "COPYRIGHT" Copyright 2007\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS12_PBE_keyivgen.3 b/secure/lib/libcrypto/man/man3/PKCS12_PBE_keyivgen.3 new file mode 100644 index 000000000000..fe978b633953 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS12_PBE_keyivgen.3 @@ -0,0 +1,235 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_PBE_KEYIVGEN 3ossl" +.TH PKCS12_PBE_KEYIVGEN 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_PBE_keyivgen, PKCS12_PBE_keyivgen_ex, +PKCS12_pbe_crypt, PKCS12_pbe_crypt_ex \- PKCS#12 Password based encryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, +\& ASN1_TYPE *param, const EVP_CIPHER *cipher, +\& const EVP_MD *md_type, int en_de); +\& int PKCS12_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, +\& ASN1_TYPE *param, const EVP_CIPHER *cipher, +\& const EVP_MD *md_type, int en_de, +\& OSSL_LIB_CTX *libctx, const char *propq); +\& unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, +\& const char *pass, int passlen, +\& const unsigned char *in, int inlen, +\& unsigned char **data, int *datalen, +\& int en_de); +\& unsigned char *PKCS12_pbe_crypt_ex(const X509_ALGOR *algor, +\& const char *pass, int passlen, +\& const unsigned char *in, int inlen, +\& unsigned char **data, int *datalen, +\& int en_de, OSSL_LIB_CTX *libctx, +\& const char *propq); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS12_PBE_keyivgen()\fR and \fBPKCS12_PBE_keyivgen_ex()\fR take a password \fIpass\fR of +length \fIpasslen\fR, parameters \fIparam\fR and a message digest function \fImd_type\fR +and perform a key derivation according to PKCS#12. The resulting key is +then used to initialise the cipher context \fIctx\fR with a cipher \fIcipher\fR for +encryption (\fIen_de\fR=1) or decryption (\fIen_de\fR=0). +.PP +\&\fBPKCS12_PBE_keyivgen_ex()\fR also allows the application to specify a library context +\&\fIlibctx\fR and property query \fIpropq\fR to select appropriate algorithm +implementations. +.PP +\&\fBPKCS12_pbe_crypt()\fR and \fBPKCS12_pbe_crypt_ex()\fR will encrypt or decrypt a buffer +based on the algorithm in \fIalgor\fR and password \fIpass\fR of length \fIpasslen\fR. +The input is from \fIin\fR of length \fIinlen\fR and output is into a malloc'd buffer +returned in \fI*data\fR of length \fIdatalen\fR. The operation is determined by \fIen_de\fR, +encryption (\fIen_de\fR=1) or decryption (\fIen_de\fR=0). +.PP +\&\fBPKCS12_pbe_crypt_ex()\fR allows the application to specify a library context +\&\fIlibctx\fR and property query \fIpropq\fR to select appropriate algorithm +implementations. +.PP +\&\fIpass\fR is the password used in the derivation of length \fIpasslen\fR. \fIpass\fR +is an optional parameter and can be \s-1NULL.\s0 If \fIpasslen\fR is \-1, then the +function will calculate the length of \fIpass\fR using \fBstrlen()\fR. +.PP +\&\fIsalt\fR is the salt used in the derivation of length \fIsaltlen\fR. If the +\&\fIsalt\fR is \s-1NULL,\s0 then \fIsaltlen\fR must be 0. The function will not +attempt to calculate the length of the \fIsalt\fR because it is not assumed to +be \s-1NULL\s0 terminated. +.PP +\&\fIiter\fR is the iteration count and its value should be greater than or +equal to 1. \s-1RFC 2898\s0 suggests an iteration count of at least 1000. Any +\&\fIiter\fR less than 1 is treated as a single iteration. +.PP +\&\fIdigest\fR is the message digest function used in the derivation. +.PP +Functions ending in \fB_ex()\fR take optional parameters \fIlibctx\fR and \fIpropq\fR which +are used to select appropriate algorithm implementations. +.SH "NOTES" +.IX Header "NOTES" +The functions are typically used in PKCS#12 to encrypt objects. +.PP +These functions make no assumption regarding the given password. +It will simply be treated as a byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS12_PBE_keyivgen()\fR, \fBPKCS12_PBE_keyivgen_ex()\fR return 1 on success or 0 on error. +.PP +\&\fBPKCS12_pbe_crypt()\fR and \fBPKCS12_pbe_crypt_ex()\fR return a buffer containing the +output or \s-1NULL\s0 if an error occurred. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1IETF RFC 7292\s0 (<https://tools.ietf.org/html/rfc7292>) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PBE_CipherInit_ex\fR\|(3), +\&\fBPKCS8_encrypt_ex\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBPKCS12_PBE_keyivgen_ex()\fR and \fBPKCS12_pbe_crypt_ex()\fR were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS12_SAFEBAG_create_cert.3 b/secure/lib/libcrypto/man/man3/PKCS12_SAFEBAG_create_cert.3 new file mode 100644 index 000000000000..bd9e15e3569b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS12_SAFEBAG_create_cert.3 @@ -0,0 +1,227 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_SAFEBAG_CREATE_CERT 3ossl" +.TH PKCS12_SAFEBAG_CREATE_CERT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_SAFEBAG_create_cert, PKCS12_SAFEBAG_create_crl, +PKCS12_SAFEBAG_create_secret, PKCS12_SAFEBAG_create0_p8inf, +PKCS12_SAFEBAG_create0_pkcs8, PKCS12_SAFEBAG_create_pkcs8_encrypt, +PKCS12_SAFEBAG_create_pkcs8_encrypt_ex \- Create PKCS#12 safeBag objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/pkcs12.h> +\& +\& PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509); +\& PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl); +\& PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_secret(int type, int vtype, +\& const unsigned char* value, +\& int len); +\& PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8); +\& PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8); +\& PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, +\& const char *pass, +\& int passlen, +\& unsigned char *salt, +\& int saltlen, int iter, +\& PKCS8_PRIV_KEY_INFO *p8inf); +\& PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(int pbe_nid, +\& const char *pass, +\& int passlen, +\& unsigned char *salt, +\& int saltlen, int iter, +\& PKCS8_PRIV_KEY_INFO *p8inf, +\& OSSL_LIB_CTX *ctx, +\& const char *propq); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS12_SAFEBAG_create_cert()\fR creates a new \fB\s-1PKCS12_SAFEBAG\s0\fR of type \fBNID_certBag\fR +containing the supplied certificate. +.PP +\&\fBPKCS12_SAFEBAG_create_crl()\fR creates a new \fB\s-1PKCS12_SAFEBAG\s0\fR of type \fBNID_crlBag\fR +containing the supplied crl. +.PP +\&\fBPKCS12_SAFEBAG_create_secret()\fR creates a new \fB\s-1PKCS12_SAFEBAG\s0\fR of type +corresponding to a PKCS#12 \fBsecretBag\fR. The \fBsecretBag\fR contents are tagged as +\&\fItype\fR with an \s-1ASN1\s0 value of type \fIvtype\fR constructed using the bytes in +\&\fIvalue\fR of length \fIlen\fR. +.PP +\&\fBPKCS12_SAFEBAG_create0_p8inf()\fR creates a new \fB\s-1PKCS12_SAFEBAG\s0\fR of type \fBNID_keyBag\fR +containing the supplied \s-1PKCS8\s0 structure. +.PP +\&\fBPKCS12_SAFEBAG_create0_pkcs8()\fR creates a new \fB\s-1PKCS12_SAFEBAG\s0\fR of type +\&\fBNID_pkcs8ShroudedKeyBag\fR containing the supplied \s-1PKCS8\s0 structure. +.PP +\&\fBPKCS12_SAFEBAG_create_pkcs8_encrypt()\fR creates a new \fB\s-1PKCS12_SAFEBAG\s0\fR of type +\&\fBNID_pkcs8ShroudedKeyBag\fR by encrypting the supplied \s-1PKCS8\s0 \fIp8inf\fR. +If \fIpbe_nid\fR is 0, a default encryption algorithm is used. \fIpass\fR is the +passphrase and \fIiter\fR is the iteration count. If \fIiter\fR is zero then a default +value of 2048 is used. If \fIsalt\fR is \s-1NULL\s0 then a salt is generated randomly. +.PP +\&\fBPKCS12_SAFEBAG_create_pkcs8_encrypt_ex()\fR is identical to \fBPKCS12_SAFEBAG_create_pkcs8_encrypt()\fR +but allows for a library context \fIctx\fR and property query \fIpropq\fR to be used to select +algorithm implementations. +.SH "NOTES" +.IX Header "NOTES" +\&\fBPKCS12_SAFEBAG_create_pkcs8_encrypt()\fR makes assumptions regarding the encoding of the given pass +phrase. +See \fBpassphrase\-encoding\fR\|(7) for more information. +.PP +\&\fBPKCS12_SAFEBAG_create_secret()\fR was added in OpenSSL 3.0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All of these functions return a valid \fB\s-1PKCS12_SAFEBAG\s0\fR structure or \s-1NULL\s0 if an error occurred. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1IETF RFC 7292\s0 (<https://tools.ietf.org/html/rfc7292>) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPKCS12_create\fR\|(3), +\&\fBPKCS12_add_safe\fR\|(3), +\&\fBPKCS12_add_safes\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBPKCS12_SAFEBAG_create_pkcs8_encrypt_ex()\fR was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS12_SAFEBAG_get0_attrs.3 b/secure/lib/libcrypto/man/man3/PKCS12_SAFEBAG_get0_attrs.3 new file mode 100644 index 000000000000..7ff5af1e83c3 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS12_SAFEBAG_get0_attrs.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_SAFEBAG_GET0_ATTRS 3ossl" +.TH PKCS12_SAFEBAG_GET0_ATTRS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_SAFEBAG_get0_attrs, PKCS12_get_attr_gen +\&\- Retrieve attributes from a PKCS#12 safeBag +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/pkcs12.h> +\& +\& const STACK_OF(X509_ATTRIBUTE) *PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag); +\& +\& ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, +\& int attr_nid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS12_SAFEBAG_get0_attrs()\fR retrieves the stack of \fBX509_ATTRIBUTE\fRs from a +PKCS#12 safeBag. \fIbag\fR is the \fB\s-1PKCS12_SAFEBAG\s0\fR to retrieve the attributes from. +.PP +\&\fBPKCS12_get_attr_gen()\fR retrieves an attribute by \s-1NID\s0 from a stack of +\&\fBX509_ATTRIBUTE\fRs. \fIattr_nid\fR is the \s-1NID\s0 of the attribute to retrieve. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS12_SAFEBAG_get0_attrs()\fR returns the stack of \fBX509_ATTRIBUTE\fRs from a +PKCS#12 safeBag, which could be empty. +.PP +\&\fBPKCS12_get_attr_gen()\fR returns an \fB\s-1ASN1_TYPE\s0\fR object containing the attribute, +or \s-1NULL\s0 if the attribute was either not present or an error occurred. +.PP +\&\fBPKCS12_get_attr_gen()\fR does not allocate a new attribute. The returned attribute +is still owned by the \fB\s-1PKCS12_SAFEBAG\s0\fR in which it resides. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPKCS12_get_friendlyname\fR\|(3), +\&\fBPKCS12_add_friendlyname_asc\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS12_SAFEBAG_get1_cert.3 b/secure/lib/libcrypto/man/man3/PKCS12_SAFEBAG_get1_cert.3 new file mode 100644 index 000000000000..2554353884f9 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS12_SAFEBAG_get1_cert.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_SAFEBAG_GET1_CERT 3ossl" +.TH PKCS12_SAFEBAG_GET1_CERT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_SAFEBAG_get0_attr, PKCS12_SAFEBAG_get0_type, +PKCS12_SAFEBAG_get_nid, PKCS12_SAFEBAG_get_bag_nid, +PKCS12_SAFEBAG_get0_bag_obj, PKCS12_SAFEBAG_get0_bag_type, +PKCS12_SAFEBAG_get1_cert, PKCS12_SAFEBAG_get1_crl, +PKCS12_SAFEBAG_get0_safes, PKCS12_SAFEBAG_get0_p8inf, +PKCS12_SAFEBAG_get0_pkcs8 \- Get objects from a PKCS#12 safeBag +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/pkcs12.h> +\& +\& const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, +\& int attr_nid); +\& const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag); +\& int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag); +\& int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag); +\& const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag); +\& const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag); +\& X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag); +\& X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag); +\& const STACK_OF(PKCS12_SAFEBAG) *PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag); +\& const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag); +\& const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS12_SAFEBAG_get0_attr()\fR gets the attribute value corresponding to the \fBattr_nid\fR. +.PP +\&\fBPKCS12_SAFEBAG_get0_type()\fR gets the \fBsafeBag\fR type as an \s-1OID,\s0 whereas +\&\fBPKCS12_SAFEBAG_get_nid()\fR gets the \fBsafeBag\fR type as an \s-1NID,\s0 which could be +\&\fBNID_certBag\fR, \fBNID_crlBag\fR, \fBNID_keyBag\fR, \fBNID_secretBag\fR, \fBNID_safeContentsBag\fR +or \fBNID_pkcs8ShroudedKeyBag\fR. +.PP +\&\fBPKCS12_SAFEBAG_get_bag_nid()\fR gets the type of the object contained within the +\&\fB\s-1PKCS12_SAFEBAG\s0\fR. This corresponds to the bag type for most bags, but can be +arbitrary for \fBsecretBag\fRs. \fBPKCS12_SAFEBAG_get0_bag_type()\fR gets this type as an \s-1OID.\s0 +.PP +\&\fBPKCS12_SAFEBAG_get0_bag_obj()\fR retrieves the object contained within the safeBag. +.PP +\&\fBPKCS12_SAFEBAG_get1_cert()\fR and \fBPKCS12_SAFEBAG_get1_crl()\fR return new \fBX509\fR or +\&\fBX509_CRL\fR objects from the item in the safeBag. +.PP +\&\fBPKCS12_SAFEBAG_get0_p8inf()\fR and \fBPKCS12_SAFEBAG_get0_pkcs8()\fR return the \s-1PKCS8\s0 object +from a PKCS8shroudedKeyBag or a keyBag. +.PP +\&\fBPKCS12_SAFEBAG_get0_safes()\fR retrieves the set of \fBsafeBags\fR contained within a +safeContentsBag. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS12_SAFEBAG_get_nid()\fR and \fBPKCS12_SAFEBAG_get_bag_nid()\fR return the \s-1NID\s0 of the safeBag +or bag object, or \-1 if there is no corresponding \s-1NID.\s0 +Other functions return a valid object of the specified type or \s-1NULL\s0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPKCS12_create\fR\|(3), +\&\fBPKCS12_add_safe\fR\|(3), +\&\fBPKCS12_add_safes\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS12_add1_attr_by_NID.3 b/secure/lib/libcrypto/man/man3/PKCS12_add1_attr_by_NID.3 new file mode 100644 index 000000000000..50719248dd4c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS12_add1_attr_by_NID.3 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_ADD1_ATTR_BY_NID 3ossl" +.TH PKCS12_ADD1_ATTR_BY_NID 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_add1_attr_by_NID, PKCS12_add1_attr_by_txt \- Add an attribute to a PKCS#12 +safeBag structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/pkcs12.h> +\& +\& int PKCS12_add1_attr_by_NID(PKCS12_SAFEBAG *bag, int nid, int type, +\& const unsigned char *bytes, int len); +\& int PKCS12_add1_attr_by_txt(PKCS12_SAFEBAG *bag, const char *attrname, int type, +\& const unsigned char *bytes, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions add a PKCS#12 Attribute to the Attribute Set of the \fBbag\fR. +.PP +\&\fBPKCS12_add1_attr_by_NID()\fR adds an attribute of type \fBnid\fR with a value of \s-1ASN1\s0 +type \fBtype\fR constructed using \fBlen\fR bytes from \fBbytes\fR. +.PP +\&\fBPKCS12_add1_attr_by_txt()\fR adds an attribute of type \fBattrname\fR with a value of +\&\s-1ASN1\s0 type \fBtype\fR constructed using \fBlen\fR bytes from \fBbytes\fR. +.SH "NOTES" +.IX Header "NOTES" +These functions do not check whether an existing attribute of the same type is +present. There can be multiple attributes with the same type assigned to a +safeBag. +.PP +Both functions were added in OpenSSL 3.0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +A return value of 1 indicates success, 0 indicates failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPKCS12_create\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS12_add_CSPName_asc.3 b/secure/lib/libcrypto/man/man3/PKCS12_add_CSPName_asc.3 new file mode 100644 index 000000000000..56b235e3231c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS12_add_CSPName_asc.3 @@ -0,0 +1,166 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_ADD_CSPNAME_ASC 3ossl" +.TH PKCS12_ADD_CSPNAME_ASC 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_add_CSPName_asc \- Add a Microsoft CSP Name attribute to a PKCS#12 safeBag +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/pkcs12.h> +\& +\& int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS12_add_CSPName_asc()\fR adds an \s-1ASCII\s0 string representation of the Microsoft \s-1CSP\s0 Name attribute to a PKCS#12 safeBag. +.PP +\&\fIbag\fR is the \fB\s-1PKCS12_SAFEBAG\s0\fR to add the attribute to. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPKCS12_add_friendlyname_asc\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS12_add_cert.3 b/secure/lib/libcrypto/man/man3/PKCS12_add_cert.3 new file mode 100644 index 000000000000..986a51da17eb --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS12_add_cert.3 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_ADD_CERT 3ossl" +.TH PKCS12_ADD_CERT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_add_cert, PKCS12_add_key, PKCS12_add_key_ex, +PKCS12_add_secret \- Add an object to a set of PKCS#12 safeBags +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/pkcs12.h> +\& +\& PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); +\& PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, +\& EVP_PKEY *key, int key_usage, int iter, +\& int key_nid, const char *pass); +\& PKCS12_SAFEBAG *PKCS12_add_key_ex(STACK_OF(PKCS12_SAFEBAG) **pbags, +\& EVP_PKEY *key, int key_usage, int iter, +\& int key_nid, const char *pass, +\& OSSL_LIB_CTX *ctx, const char *propq); +\& +\& PKCS12_SAFEBAG *PKCS12_add_secret(STACK_OF(PKCS12_SAFEBAG) **pbags, +\& int nid_type, const unsigned char *value, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions create a new \fB\s-1PKCS12_SAFEBAG\s0\fR and add it to the set of safeBags +in \fIpbags\fR. +.PP +\&\fBPKCS12_add_cert()\fR creates a PKCS#12 certBag containing the supplied +certificate and adds this to the set of PKCS#12 safeBags. +.PP +\&\fBPKCS12_add_key()\fR creates a PKCS#12 keyBag (unencrypted) or a pkcs8shroudedKeyBag +(encrypted) containing the supplied \fB\s-1EVP_PKEY\s0\fR and adds this to the set of PKCS#12 +safeBags. If \fIkey_nid\fR is not \-1 then the key is encrypted with the supplied +algorithm, using \fIpass\fR as the passphrase and \fIiter\fR as the iteration count. If +\&\fIiter\fR is zero then a default value for iteration count of 2048 is used. +.PP +\&\fBPKCS12_add_key_ex()\fR is identical to \fBPKCS12_add_key()\fR but allows for a library +context \fIctx\fR and property query \fIpropq\fR to be used to select algorithm +implementations. +.PP +\&\fBPKCS12_add_secret()\fR creates a PKCS#12 secretBag with an \s-1OID\s0 corresponding to +the supplied \fInid_type\fR containing the supplied value as an \s-1ASN1\s0 octet string. +This is then added to the set of PKCS#12 safeBags. +.SH "NOTES" +.IX Header "NOTES" +If a certificate contains an \fIalias\fR or a \fIkeyid\fR then this will be +used for the corresponding \fBfriendlyName\fR or \fBlocalKeyID\fR in the +\&\s-1PKCS12\s0 structure. +.PP +\&\fBPKCS12_add_key()\fR makes assumptions regarding the encoding of the given pass +phrase. +See \fBpassphrase\-encoding\fR\|(7) for more information. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +A valid \fB\s-1PKCS12_SAFEBAG\s0\fR structure or \s-1NULL\s0 if an error occurred. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1IETF RFC 7292\s0 (<https://tools.ietf.org/html/rfc7292>) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPKCS12_create\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBPKCS12_add_secret()\fR and \fBPKCS12_add_key_ex()\fR were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS12_add_friendlyname_asc.3 b/secure/lib/libcrypto/man/man3/PKCS12_add_friendlyname_asc.3 new file mode 100644 index 000000000000..d882ee67bbea --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS12_add_friendlyname_asc.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_ADD_FRIENDLYNAME_ASC 3ossl" +.TH PKCS12_ADD_FRIENDLYNAME_ASC 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_add_friendlyname_asc, PKCS12_add_friendlyname_utf8, +PKCS12_add_friendlyname_uni \- Functions to add the friendlyname attribute to a +PKCS#12 safeBag +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/pkcs12.h> +\& +\& int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, +\& int namelen); +\& +\& int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name, +\& int namelen); +\& +\& int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, +\& const unsigned char *name, int namelen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS12_add_friendlyname_asc()\fR adds an \s-1ASCII\s0 string representation of the PKCS#9 +friendlyName attribute to a PKCS#12 safeBag. +.PP +\&\fBPKCS12_add_friendlyname_utf8()\fR adds a \s-1UTF\-8\s0 string representation of the PKCS#9 +friendlyName attribute to a PKCS#12 safeBag. +.PP +\&\fBPKCS12_add_friendlyname_uni()\fR adds a Unicode string representation of the PKCS#9 +friendlyName attribute to a PKCS#12 safeBag. +.PP +\&\fIbag\fR is the \fB\s-1PKCS12_SAFEBAG\s0\fR to add the attribute to. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPKCS12_get_friendlyname\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS12_add_localkeyid.3 b/secure/lib/libcrypto/man/man3/PKCS12_add_localkeyid.3 new file mode 100644 index 000000000000..ce9a3755c342 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS12_add_localkeyid.3 @@ -0,0 +1,168 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_ADD_LOCALKEYID 3ossl" +.TH PKCS12_ADD_LOCALKEYID 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_add_localkeyid \- Add the localKeyId attribute to a PKCS#12 safeBag +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/pkcs12.h> +\& +\& int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, const char *name, +\& int namelen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS12_add_localkeyid()\fR adds an octet string representation of the PKCS#9 +localKeyId attribute to a PKCS#12 safeBag. +.PP +\&\fIbag\fR is the \fB\s-1PKCS12_SAFEBAG\s0\fR to add the attribute to. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPKCS12_add_friendlyname_asc\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS12_add_safe.3 b/secure/lib/libcrypto/man/man3/PKCS12_add_safe.3 new file mode 100644 index 000000000000..698adaf45f3c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS12_add_safe.3 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_ADD_SAFE 3ossl" +.TH PKCS12_ADD_SAFE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_add_safe, PKCS12_add_safe_ex, +PKCS12_add_safes, PKCS12_add_safes_ex \- Create and add objects to a PKCS#12 structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/pkcs12.h> +\& +\& int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, +\& int safe_nid, int iter, const char *pass); +\& int PKCS12_add_safe_ex(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, +\& int safe_nid, int iter, const char *pass, +\& OSSL_LIB_CTX *ctx, const char *propq); +\& +\& PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); +\& PKCS12 *PKCS12_add_safes_ex(STACK_OF(PKCS7) *safes, int p7_nid, +\& OSSL_LIB_CTX *ctx, const char *propq); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS12_add_safe()\fR creates a new \s-1PKCS7\s0 contentInfo containing the supplied +\&\fB\s-1PKCS12_SAFEBAG\s0\fRs and adds this to a set of \s-1PKCS7\s0 contentInfos. Its type +depends on the value of \fBsafe_nid\fR: +.IP "\(bu" 4 +If \fIsafe_nid\fR is \-1, a plain \s-1PKCS7\s0 \fIdata\fR contentInfo is created. +.IP "\(bu" 4 +If \fIsafe_nid\fR is a valid \s-1PBE\s0 algorithm \s-1NID,\s0 a \s-1PKCS7\s0 \fBencryptedData\fR +contentInfo is created. The algorithm uses \fIpass\fR as the passphrase and \fIiter\fR +as the iteration count. If \fIiter\fR is zero then a default value for iteration +count of 2048 is used. +.IP "\(bu" 4 +If \fIsafe_nid\fR is 0, a \s-1PKCS7\s0 \fBencryptedData\fR contentInfo is created using +a default encryption algorithm, currently \fBNID_pbe_WithSHA1And3_Key_TripleDES_CBC\fR. +.PP +\&\fBPKCS12_add_safe_ex()\fR is identical to \fBPKCS12_add_safe()\fR but allows for a library +context \fIctx\fR and property query \fIpropq\fR to be used to select algorithm +implementations. +.PP +\&\fBPKCS12_add_safes()\fR creates a \fB\s-1PKCS12\s0\fR structure containing the supplied set of +\&\s-1PKCS7\s0 contentInfos. The \fIsafes\fR are enclosed first within a \s-1PKCS7\s0 contentInfo +of type \fIp7_nid\fR. Currently the only supported type is \fBNID_pkcs7_data\fR. +.PP +\&\fBPKCS12_add_safes_ex()\fR is identical to \fBPKCS12_add_safes()\fR but allows for a +library context \fIctx\fR and property query \fIpropq\fR to be used to select +algorithm implementations. +.SH "NOTES" +.IX Header "NOTES" +\&\fBPKCS12_add_safe()\fR makes assumptions regarding the encoding of the given pass +phrase. +See \fBpassphrase\-encoding\fR\|(7) for more information. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS12_add_safe()\fR returns a value of 1 indicating success or 0 for failure. +.PP +\&\fBPKCS12_add_safes()\fR returns a valid \fB\s-1PKCS12\s0\fR structure or \s-1NULL\s0 if an error occurred. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1IETF RFC 7292\s0 (<https://tools.ietf.org/html/rfc7292>) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPKCS12_create\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBPKCS12_add_safe_ex()\fR and \fBPKCS12_add_safes_ex()\fR were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS12_create.3 b/secure/lib/libcrypto/man/man3/PKCS12_create.3 index 68b0cb47340b..3b3ac2d60229 100644 --- a/secure/lib/libcrypto/man/man3/PKCS12_create.3 +++ b/secure/lib/libcrypto/man/man3/PKCS12_create.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,14 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "PKCS12_CREATE 3" -.TH PKCS12_CREATE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "PKCS12_CREATE 3ossl" +.TH PKCS12_CREATE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -PKCS12_create \- create a PKCS#12 structure +PKCS12_create, PKCS12_create_ex \- create a PKCS#12 structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -148,35 +146,44 @@ PKCS12_create \- create a PKCS#12 structure \& PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, \& X509 *cert, STACK_OF(X509) *ca, \& int nid_key, int nid_cert, int iter, int mac_iter, int keytype); +\& PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey, +\& X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, +\& int iter, int mac_iter, int keytype, +\& OSSL_LIB_CTX *ctx, const char *propq); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBPKCS12_create()\fR creates a PKCS#12 structure. .PP -\&\fBpass\fR is the passphrase to use. \fBname\fR is the \fBfriendlyName\fR to use for -the supplied certificate and key. \fBpkey\fR is the private key to include in -the structure and \fBcert\fR its corresponding certificates. \fBca\fR, if not \fB\s-1NULL\s0\fR +\&\fIpass\fR is the passphrase to use. \fIname\fR is the \fBfriendlyName\fR to use for +the supplied certificate and key. \fIpkey\fR is the private key to include in +the structure and \fIcert\fR its corresponding certificates. \fIca\fR, if not \fB\s-1NULL\s0\fR is an optional set of certificates to also include in the structure. .PP -\&\fBnid_key\fR and \fBnid_cert\fR are the encryption algorithms that should be used +\&\fInid_key\fR and \fInid_cert\fR are the encryption algorithms that should be used for the key and certificate respectively. The modes -\&\s-1GCM, CCM, XTS,\s0 and \s-1OCB\s0 are unsupported. \fBiter\fR is the encryption algorithm -iteration count to use and \fBmac_iter\fR is the \s-1MAC\s0 iteration count to use. -\&\fBkeytype\fR is the type of key. +\&\s-1GCM, CCM, XTS,\s0 and \s-1OCB\s0 are unsupported. \fIiter\fR is the encryption algorithm +iteration count to use and \fImac_iter\fR is the \s-1MAC\s0 iteration count to use. +\&\fIkeytype\fR is the type of key. +.PP +\&\fBPKCS12_create_ex()\fR is identical to \fBPKCS12_create()\fR but allows for a library context +\&\fIctx\fR and property query \fIpropq\fR to be used to select algorithm implementations. .SH "NOTES" .IX Header "NOTES" -The parameters \fBnid_key\fR, \fBnid_cert\fR, \fBiter\fR, \fBmac_iter\fR and \fBkeytype\fR +The parameters \fInid_key\fR, \fInid_cert\fR, \fIiter\fR, \fImac_iter\fR and \fIkeytype\fR can all be set to zero and sensible defaults will be used. .PP -These defaults are: 40 bit \s-1RC2\s0 encryption for certificates, triple \s-1DES\s0 -encryption for private keys, a key iteration count of \s-1PKCS12_DEFAULT_ITER\s0 -(currently 2048) and a \s-1MAC\s0 iteration count of 1. +These defaults are: \s-1AES\s0 password based encryption (\s-1PBES2\s0 with \s-1PBKDF2\s0 and +\&\s-1AES\-256\-CBC\s0) for private keys and certificates, the \s-1PBKDF2\s0 and \s-1MAC\s0 key +derivation iteration count of \fB\s-1PKCS12_DEFAULT_ITER\s0\fR (currently 2048), and +\&\s-1MAC\s0 algorithm \s-1HMAC\s0 with \s-1SHA2\-256.\s0 The \s-1MAC\s0 key derivation algorithm used +for the outer PKCS#12 structure is \s-1PKCS12KDF.\s0 .PP The default \s-1MAC\s0 iteration count is 1 in order to retain compatibility with old software which did not interpret \s-1MAC\s0 iteration counts. If such compatibility -is not required then \fBmac_iter\fR should be set to \s-1PKCS12_DEFAULT_ITER.\s0 +is not required then \fImac_iter\fR should be set to \s-1PKCS12_DEFAULT_ITER.\s0 .PP -\&\fBkeytype\fR adds a flag to the store private key. This is a non standard extension +\&\fIkeytype\fR adds a flag to the store private key. This is a non standard extension that is only currently interpreted by \s-1MSIE.\s0 If set to zero the flag is omitted, if set to \fB\s-1KEY_SIG\s0\fR the key can be used for signing only, if set to \fB\s-1KEY_EX\s0\fR it can be used for signing and encryption. This option was useful for old @@ -184,18 +191,20 @@ export grade software which could use signing only keys of arbitrary size but had restrictions on the permissible sizes of keys which could be used for encryption. .PP -If a certificate contains an \fBalias\fR or \fBkeyid\fR then this will be +If a certificate contains an \fIalias\fR or \fIkeyid\fR then this will be used for the corresponding \fBfriendlyName\fR or \fBlocalKeyID\fR in the \&\s-1PKCS12\s0 structure. .PP -Either \fBpkey\fR, \fBcert\fR or both can be \fB\s-1NULL\s0\fR to indicate that no key or +Either \fIpkey\fR, \fIcert\fR or both can be \fB\s-1NULL\s0\fR to indicate that no key or certificate is required. In previous versions both had to be present or a fatal error is returned. .PP -\&\fBnid_key\fR or \fBnid_cert\fR can be set to \-1 indicating that no encryption +\&\fInid_key\fR or \fInid_cert\fR can be set to \-1 indicating that no encryption should be used. .PP -\&\fBmac_iter\fR can be set to \-1 and the \s-1MAC\s0 will then be omitted entirely. +\&\fImac_iter\fR can be set to \-1 and the \s-1MAC\s0 will then be omitted entirely. +This can be useful when running with the \s-1FIPS\s0 provider as the \s-1PKCS12KDF\s0 +is not a \s-1FIPS\s0 approvable algorithm. .PP \&\fBPKCS12_create()\fR makes assumptions regarding the encoding of the given pass phrase. @@ -203,15 +212,27 @@ See \fBpassphrase\-encoding\fR\|(7) for more information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBPKCS12_create()\fR returns a valid \fB\s-1PKCS12\s0\fR structure or \s-1NULL\s0 if an error occurred. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1IETF RFC 7292\s0 (<https://tools.ietf.org/html/rfc7292>) .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\s-1\fBEVP_KDF\-PKCS12KDF\s0\fR\|(7), \&\fBd2i_PKCS12\fR\|(3), +\&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7), \&\fBpassphrase\-encoding\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBPKCS12_create_ex()\fR was added in OpenSSL 3.0. +.PP +The defaults for encryption algorithms, \s-1MAC\s0 algorithm, and the \s-1MAC\s0 key +derivation iteration count were changed in OpenSSL 3.0 to more modern +standards. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS12_decrypt_skey.3 b/secure/lib/libcrypto/man/man3/PKCS12_decrypt_skey.3 new file mode 100644 index 000000000000..5cb81e306fc2 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS12_decrypt_skey.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_DECRYPT_SKEY 3ossl" +.TH PKCS12_DECRYPT_SKEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_decrypt_skey, PKCS12_decrypt_skey_ex \- PKCS12 shrouded keyBag +decrypt functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/pkcs12.h> +\& +\& PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, +\& const char *pass, int passlen); +\& PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey_ex(const PKCS12_SAFEBAG *bag, +\& const char *pass, int passlen, +\& OSSL_LIB_CTX *ctx, +\& const char *propq); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS12_decrypt_skey()\fR Decrypt the PKCS#8 shrouded keybag contained within \fIbag\fR +using the supplied password \fIpass\fR of length \fIpasslen\fR. +.PP +\&\fBPKCS12_decrypt_skey_ex()\fR is similar to the above but allows for a library context +\&\fIctx\fR and property query \fIpropq\fR to be used to select algorithm implementations. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Both functions will return the decrypted key or \s-1NULL\s0 if an error occurred. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1IETF RFC 7292\s0 (<https://tools.ietf.org/html/rfc7292>) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPKCS8_decrypt_ex\fR\|(3), +\&\fBPKCS8_encrypt_ex\fR\|(3), +\&\fBPKCS12_add_key_ex\fR\|(3), +\&\fBPKCS12_SAFEBAG_create_pkcs8_encrypt_ex\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBPKCS12_decrypt_skey_ex()\fR was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2021\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS12_gen_mac.3 b/secure/lib/libcrypto/man/man3/PKCS12_gen_mac.3 new file mode 100644 index 000000000000..5cef6fb77747 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS12_gen_mac.3 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_GEN_MAC 3ossl" +.TH PKCS12_GEN_MAC 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_gen_mac, PKCS12_setup_mac, PKCS12_set_mac, +PKCS12_verify_mac \- Functions to create and manipulate a PKCS#12 structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/pkcs12.h> +\& +\& int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, +\& unsigned char *mac, unsigned int *maclen); +\& int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); +\& int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, +\& unsigned char *salt, int saltlen, int iter, +\& const EVP_MD *md_type); +\& int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, +\& int saltlen, const EVP_MD *md_type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS12_gen_mac()\fR generates an \s-1HMAC\s0 over the entire PKCS#12 object using the +supplied password along with a set of already configured parameters. +The default key generation mechanism used is \s-1PKCS12KDF.\s0 +.PP +\&\fBPKCS12_verify_mac()\fR verifies the PKCS#12 object's \s-1HMAC\s0 using the supplied +password. +.PP +\&\fBPKCS12_setup_mac()\fR sets the \s-1MAC\s0 part of the PKCS#12 structure with the supplied +parameters. +.PP +\&\fBPKCS12_set_mac()\fR sets the \s-1MAC\s0 and \s-1MAC\s0 parameters into the PKCS#12 object. +.PP +\&\fIpass\fR is the passphrase to use in the \s-1HMAC.\s0 \fIsalt\fR is the salt value to use, +\&\fIiter\fR is the iteration count and \fImd_type\fR is the message digest +function to use. +.SH "NOTES" +.IX Header "NOTES" +If \fIsalt\fR is \s-1NULL\s0 then a suitable salt will be generated and used. +.PP +If \fIiter\fR is 1 then an iteration count will be omitted from the PKCS#12 +structure. +.PP +\&\fBPKCS12_gen_mac()\fR, \fBPKCS12_verify_mac()\fR and \fBPKCS12_set_mac()\fR make assumptions +regarding the encoding of the given passphrase. See \fBpassphrase\-encoding\fR\|(7) +for more information. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All functions return 1 on success and 0 if an error occurred. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1IETF RFC 7292\s0 (<https://tools.ietf.org/html/rfc7292>) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_PKCS12\fR\|(3), +\&\s-1\fBEVP_KDF\-PKCS12KDF\s0\fR\|(7), +\&\fBPKCS12_create\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2021\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS12_get_friendlyname.3 b/secure/lib/libcrypto/man/man3/PKCS12_get_friendlyname.3 new file mode 100644 index 000000000000..7c5702d1af8a --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS12_get_friendlyname.3 @@ -0,0 +1,169 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_GET_FRIENDLYNAME 3ossl" +.TH PKCS12_GET_FRIENDLYNAME 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_get_friendlyname \- Retrieve the friendlyname attribute from a PKCS#12 safeBag +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/pkcs12.h> +\& +\& char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS12_get_friendlyname()\fR retrieves a \s-1UTF\-8\s0 string representation of the PKCS#9 +friendlyName attribute for a PKCS#12 safeBag item. +.PP +\&\fIbag\fR is the \fB\s-1PKCS12_SAFEBAG\s0\fR to retrieve the attribute from. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +A \s-1UTF\-8\s0 string, or \s-1NULL\s0 if the attribute was either not present or an error occurred. +.PP +The returned string is allocated by OpenSSL and should be freed by the user. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPKCS12_add_friendlyname_asc\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS12_init.3 b/secure/lib/libcrypto/man/man3/PKCS12_init.3 new file mode 100644 index 000000000000..1ec09b8c416e --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS12_init.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_INIT 3ossl" +.TH PKCS12_INIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_init, PKCS12_init_ex \- Create a new empty PKCS#12 structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/pkcs12.h> +\& +\& PKCS12 *PKCS12_init(int mode); +\& PKCS12 *PKCS12_init_ex(int mode, OSSL_LIB_CTX *ctx, const char *propq); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS12_init()\fR creates an empty PKCS#12 structure. Any PKCS#7 authSafes added +to this structure are enclosed first within a single PKCS#7 contentInfo +of type \fImode\fR. Currently the only supported type is \fBNID_pkcs7_data\fR. +.PP +\&\fBPKCS12_init_ex()\fR creates an empty PKCS#12 structure and assigns the supplied +\&\fIctx\fR and \fIpropq\fR to be used to select algorithm implementations for +operations performed on the \fB\s-1PKCS12\s0\fR object. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS12_init()\fR and \fBPKCS12_init_ex()\fR return a valid \fB\s-1PKCS12\s0\fR structure or \s-1NULL\s0 +if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_PKCS12\fR\|(3), +\&\fBPKCS12_create\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBPKCS12_init_ex()\fR was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS12_item_decrypt_d2i.3 b/secure/lib/libcrypto/man/man3/PKCS12_item_decrypt_d2i.3 new file mode 100644 index 000000000000..88be93f412cd --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS12_item_decrypt_d2i.3 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_ITEM_DECRYPT_D2I 3ossl" +.TH PKCS12_ITEM_DECRYPT_D2I 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_item_decrypt_d2i, PKCS12_item_decrypt_d2i_ex, +PKCS12_item_i2d_encrypt, PKCS12_item_i2d_encrypt_ex \- PKCS12 item +encrypt/decrypt functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/pkcs12.h> +\& +\& void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, +\& const char *pass, int passlen, +\& const ASN1_OCTET_STRING *oct, int zbuf); +\& void *PKCS12_item_decrypt_d2i_ex(const X509_ALGOR *algor, const ASN1_ITEM *it, +\& const char *pass, int passlen, +\& const ASN1_OCTET_STRING *oct, int zbuf, +\& OSSL_LIB_CTX *libctx, +\& const char *propq); +\& ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, +\& const ASN1_ITEM *it, +\& const char *pass, int passlen, +\& void *obj, int zbuf); +\& ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt_ex(X509_ALGOR *algor, +\& const ASN1_ITEM *it, +\& const char *pass, int passlen, +\& void *obj, int zbuf, +\& OSSL_LIB_CTX *ctx, +\& const char *propq); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS12_item_decrypt_d2i()\fR and \fBPKCS12_item_decrypt_d2i_ex()\fR decrypt an octet +string containing an \s-1ASN.1\s0 encoded object using the algorithm \fIalgor\fR and +password \fIpass\fR of length \fIpasslen\fR. If \fIzbuf\fR is nonzero then the output +buffer will zeroed after the decrypt. +.PP +\&\fBPKCS12_item_i2d_encrypt()\fR and \fBPKCS12_item_i2d_encrypt_ex()\fR encrypt an \s-1ASN.1\s0 +object \fIit\fR using the algorithm \fIalgor\fR and password \fIpass\fR of length +\&\fIpasslen\fR, returning an encoded object in \fIobj\fR. If \fIzbuf\fR is nonzero then +the buffer containing the input encoding will be zeroed after the encrypt. +.PP +Functions ending in \fB_ex()\fR allow for a library context \fIctx\fR and property query +\&\fIpropq\fR to be used to select algorithm implementations. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS12_item_decrypt_d2i()\fR and \fBPKCS12_item_decrypt_d2i_ex()\fR return the decrypted +object or \s-1NULL\s0 if an error occurred. +.PP +\&\fBPKCS12_item_i2d_encrypt()\fR and \fBPKCS12_item_i2d_encrypt_ex()\fR return the encrypted +data as an \s-1ASN.1\s0 Octet String or \s-1NULL\s0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPKCS12_pbe_crypt_ex\fR\|(3), +\&\fBPKCS8_encrypt_ex\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBPKCS12_item_decrypt_d2i_ex()\fR and \fBPKCS12_item_i2d_encrypt_ex()\fR were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS12_key_gen_utf8_ex.3 b/secure/lib/libcrypto/man/man3/PKCS12_key_gen_utf8_ex.3 new file mode 100644 index 000000000000..41f39d36cec7 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS12_key_gen_utf8_ex.3 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_KEY_GEN_UTF8_EX 3ossl" +.TH PKCS12_KEY_GEN_UTF8_EX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_key_gen_asc, PKCS12_key_gen_asc_ex, +PKCS12_key_gen_uni, PKCS12_key_gen_uni_ex, +PKCS12_key_gen_utf8, PKCS12_key_gen_utf8_ex \- PKCS#12 Password based key derivation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/pkcs12.h> +\& +\& int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, +\& int saltlen, int id, int iter, int n, +\& unsigned char *out, const EVP_MD *md_type); +\& int PKCS12_key_gen_asc_ex(const char *pass, int passlen, unsigned char *salt, +\& int saltlen, int id, int iter, int n, +\& unsigned char *out, const EVP_MD *md_type, +\& OSSL_LIB_CTX *ctx, const char *propq); +\& int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, +\& int saltlen, int id, int iter, int n, +\& unsigned char *out, const EVP_MD *md_type); +\& int PKCS12_key_gen_uni_ex(unsigned char *pass, int passlen, unsigned char *salt, +\& int saltlen, int id, int iter, int n, +\& unsigned char *out, const EVP_MD *md_type, +\& OSSL_LIB_CTX *ctx, const char *propq); +\& int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt, +\& int saltlen, int id, int iter, int n, +\& unsigned char *out, const EVP_MD *md_type); +\& int PKCS12_key_gen_utf8_ex(const char *pass, int passlen, unsigned char *salt, +\& int saltlen, int id, int iter, int n, +\& unsigned char *out, const EVP_MD *md_type, +\& OSSL_LIB_CTX *ctx, const char *propq); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These methods perform a key derivation according to PKCS#12 (\s-1RFC7292\s0) +with an input password \fIpass\fR of length \fIpasslen\fR, a salt \fIsalt\fR of length +\&\fIsaltlen\fR, an iteration count \fIiter\fR and a digest algorithm \fImd_type\fR. +The \s-1ID\s0 byte \fIid\fR determines how the resulting key is intended to be used: +.IP "\(bu" 4 +If ID=1, then the pseudorandom bits being produced are to be used +as key material for performing encryption or decryption. +.IP "\(bu" 4 +If ID=2, then the pseudorandom bits being produced are to be used +as an \s-1IV\s0 (Initial Value) for encryption or decryption. +.IP "\(bu" 4 +If ID=3, then the pseudorandom bits being produced are to be used +as an integrity key for MACing. +.PP +The intended format of the supplied password is determined by the method chosen: +.IP "\(bu" 4 +\&\fBPKCS12_key_gen_asc()\fR and \fBPKCS12_key_gen_asc_ex()\fR expect an ASCII-formatted password. +.IP "\(bu" 4 +\&\fBPKCS12_key_gen_uni()\fR and \fBPKCS12_key_gen_uni_ex()\fR expect a Unicode-formatted password. +.IP "\(bu" 4 +\&\fBPKCS12_key_gen_utf8()\fR and \fBPKCS12_key_gen_utf8_ex()\fR expect a \s-1UTF\-8\s0 encoded password. +.PP +\&\fIpass\fR is the password used in the derivation of length \fIpasslen\fR. \fIpass\fR +is an optional parameter and can be \s-1NULL.\s0 If \fIpasslen\fR is \-1, then the +function will calculate the length of \fIpass\fR using \fBstrlen()\fR. +.PP +\&\fIsalt\fR is the salt used in the derivation of length \fIsaltlen\fR. If the +\&\fIsalt\fR is \s-1NULL,\s0 then \fIsaltlen\fR must be 0. The function will not +attempt to calculate the length of the \fIsalt\fR because it is not assumed to +be \s-1NULL\s0 terminated. +.PP +\&\fIiter\fR is the iteration count and its value should be greater than or +equal to 1. \s-1RFC 2898\s0 suggests an iteration count of at least 1000. Any +\&\fIiter\fR less than 1 is treated as a single iteration. +.PP +\&\fIdigest\fR is the message digest function used in the derivation. +.PP +The derived key will be written to \fIout\fR. The size of the \fIout\fR buffer +is specified via \fIn\fR. +.PP +Functions ending in \fB_ex()\fR allow for a library context \fIctx\fR and property query +\&\fIpropq\fR to be used to select algorithm implementations. +.SH "NOTES" +.IX Header "NOTES" +A typical application of this function is to derive keying material for an +encryption algorithm from a password in the \fIpass\fR, a salt in \fIsalt\fR, +and an iteration count. +.PP +Increasing the \fIiter\fR parameter slows down the algorithm which makes it +harder for an attacker to perform a brute force attack using a large number +of candidate passwords. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Returns 1 on success or 0 on error. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1IETF RFC 7292\s0 (<https://tools.ietf.org/html/rfc7292>) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPKCS12_create_ex\fR\|(3), +\&\fBPKCS12_pbe_crypt_ex\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBPKCS12_key_gen_asc_ex()\fR, \fBPKCS12_key_gen_uni_ex()\fR and \fBPKCS12_key_gen_utf8_ex()\fR +were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS12_newpass.3 b/secure/lib/libcrypto/man/man3/PKCS12_newpass.3 index af64ed273e85..65291e441603 100644 --- a/secure/lib/libcrypto/man/man3/PKCS12_newpass.3 +++ b/secure/lib/libcrypto/man/man3/PKCS12_newpass.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "PKCS12_NEWPASS 3" -.TH PKCS12_NEWPASS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "PKCS12_NEWPASS 3ossl" +.TH PKCS12_NEWPASS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -153,8 +151,7 @@ PKCS12_newpass \- change the password of a PKCS12 structure .PP \&\fBp12\fR is a pointer to a \s-1PKCS12\s0 structure. \fBoldpass\fR is the existing password and \fBnewpass\fR is the new password. -.SH "NOTES" -.IX Header "NOTES" +.PP Each of \fBoldpass\fR and \fBnewpass\fR is independently interpreted as a string in the \s-1UTF\-8\s0 encoding. If it is not valid \s-1UTF\-8,\s0 it is assumed to be \s-1ISO8859\-1\s0 instead. @@ -164,6 +161,15 @@ In particular, this means that passwords in the locale character set use. This may include passwords from local text files, or input from the terminal or command line. Refer to the documentation of \&\fBUI_OpenSSL\fR\|(3), for example. +.PP +If the PKCS#12 structure does not have a password, then you must use the empty +string "" for \fBoldpass\fR. Using \s-1NULL\s0 for \fBoldpass\fR will result in a +\&\fBPKCS12_newpass()\fR failure. +.PP +If the wrong password is used for \fBoldpass\fR then the function will fail, +with a \s-1MAC\s0 verification error. In rare cases the \s-1PKCS12\s0 structure does not +contain a \s-1MAC:\s0 in this case it will usually fail with a decryption padding +error. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBPKCS12_newpass()\fR returns 1 on success or 0 on failure. Applications can @@ -217,16 +223,6 @@ the result to a new file. \& return 0; \& } .Ve -.SH "NOTES" -.IX Header "NOTES" -If the PKCS#12 structure does not have a password, then you must use the empty -string "" for \fBoldpass\fR. Using \s-1NULL\s0 for \fBoldpass\fR will result in a -\&\fBPKCS12_newpass()\fR failure. -.PP -If the wrong password is used for \fBoldpass\fR then the function will fail, -with a \s-1MAC\s0 verification error. In rare cases the \s-1PKCS12\s0 structure does not -contain a \s-1MAC:\s0 in this case it will usually fail with a decryption padding -error. .SH "BUGS" .IX Header "BUGS" The password format is a \s-1NULL\s0 terminated \s-1ASCII\s0 string which is converted to @@ -238,9 +234,9 @@ this function. \&\fBpassphrase\-encoding\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS12_pack_p7encdata.3 b/secure/lib/libcrypto/man/man3/PKCS12_pack_p7encdata.3 new file mode 100644 index 000000000000..8f9e11f8efba --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS12_pack_p7encdata.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_PACK_P7ENCDATA 3ossl" +.TH PKCS12_PACK_P7ENCDATA 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_pack_p7encdata, PKCS12_pack_p7encdata_ex \- Pack a set of PKCS#12 safeBags +into a PKCS#7 encrypted data object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/pkcs12.h> +\& +\& PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, +\& unsigned char *salt, int saltlen, int iter, +\& STACK_OF(PKCS12_SAFEBAG) *bags); +\& PKCS7 *PKCS12_pack_p7encdata_ex(int pbe_nid, const char *pass, int passlen, +\& unsigned char *salt, int saltlen, int iter, +\& STACK_OF(PKCS12_SAFEBAG) *bags, +\& OSSL_LIB_CTX *ctx, const char *propq); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS12_pack_p7encdata()\fR generates a PKCS#7 ContentInfo object of encrypted-data +type from the set of safeBags \fIbags\fR. The algorithm \s-1ID\s0 in \fIpbe_nid\fR can be +a PKCS#12 or PKCS#5 password based encryption algorithm, or a cipher algorithm. +If a cipher algorithm is passed, the PKCS#5 \s-1PBES2\s0 algorithm will be used with +this cipher as a parameter. +The password \fIpass\fR of length \fIpasslen\fR, salt \fIsalt\fR of length \fIsaltlen\fR +and iteration count \fIiter\fR are inputs into the encryption operation. +.PP +\&\fBPKCS12_pack_p7encdata_ex()\fR operates similar to the above but allows for a +library context \fIctx\fR and property query \fIpropq\fR to be used to select the +algorithm implementation. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +A \fB\s-1PKCS7\s0\fR object if successful, or \s-1NULL\s0 if an error occurred. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1IETF RFC 2315\s0 (<https://tools.ietf.org/html/rfc2315>) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPKCS12_pbe_crypt_ex\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBPKCS12_pack_p7encdata_ex()\fR was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS12_parse.3 b/secure/lib/libcrypto/man/man3/PKCS12_parse.3 index 03a31d1bc6b8..08047e8b193f 100644 --- a/secure/lib/libcrypto/man/man3/PKCS12_parse.3 +++ b/secure/lib/libcrypto/man/man3/PKCS12_parse.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "PKCS12_PARSE 3" -.TH PKCS12_PARSE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "PKCS12_PARSE 3ossl" +.TH PKCS12_PARSE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -157,10 +155,14 @@ If successful the private key will be written to \fB*pkey\fR, the corresponding certificate to \fB*cert\fR and any additional certificates to \fB*ca\fR. .SH "NOTES" .IX Header "NOTES" -The parameters \fBpkey\fR and \fBcert\fR cannot be \fB\s-1NULL\s0\fR. \fBca\fR can be <\s-1NULL\s0> in -which case additional certificates will be discarded. \fB*ca\fR can also be a -valid \s-1STACK\s0 in which case additional certificates are appended to \fB*ca\fR. If -\&\fB*ca\fR is \fB\s-1NULL\s0\fR a new \s-1STACK\s0 will be allocated. +Each of the parameters \fBpkey\fR, \fBcert\fR, and \fBca\fR can be \s-1NULL\s0 in which case +the private key, the corresponding certificate, or the additional certificates, +respectively, will be discarded. +If any of \fBpkey\fR and \fBcert\fR is non-NULL the variable it points to is +initialized. +If \fBca\fR is non-NULL and \fB*ca\fR is \s-1NULL\s0 a new \s-1STACK\s0 will be allocated. +If \fBca\fR is non-NULL and \fB*ca\fR is a valid \s-1STACK\s0 +then additional certificates are appended in the given order to \fB*ca\fR. .PP The \fBfriendlyName\fR and \fBlocalKeyID\fR attributes (if present) on each certificate will be stored in the \fBalias\fR and \fBkeyid\fR attributes of the @@ -195,9 +197,9 @@ Attributes currently cannot be stored in the private key \fB\s-1EVP_PKEY\s0\fR s \&\fBpassphrase\-encoding\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS5_PBE_keyivgen.3 b/secure/lib/libcrypto/man/man3/PKCS5_PBE_keyivgen.3 new file mode 100644 index 000000000000..ae5c3283e135 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS5_PBE_keyivgen.3 @@ -0,0 +1,303 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS5_PBE_KEYIVGEN 3ossl" +.TH PKCS5_PBE_KEYIVGEN 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex, PKCS5_pbe2_set, PKCS5_pbe2_set_iv, +PKCS5_pbe2_set_iv_ex, PKCS5_pbe_set, PKCS5_pbe_set_ex, PKCS5_pbe2_set_scrypt, +PKCS5_pbe_set0_algor, PKCS5_pbe_set0_algor_ex, +PKCS5_v2_PBE_keyivgen, PKCS5_v2_PBE_keyivgen_ex, +PKCS5_v2_scrypt_keyivgen, PKCS5_v2_scrypt_keyivgen_ex, +PKCS5_pbkdf2_set, PKCS5_pbkdf2_set_ex, EVP_PBE_scrypt, EVP_PBE_scrypt_ex +\&\- PKCS#5 Password based encryption routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +\& +\& int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, +\& ASN1_TYPE *param, const EVP_CIPHER *cipher, +\& const EVP_MD *md, int en_de); +\& int PKCS5_PBE_keyivgen_ex(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, +\& ASN1_TYPE *param, const EVP_CIPHER *cipher, +\& const EVP_MD *md, int en_de, OSSL_LIB_CTX *libctx, +\& const char *propq); +\& int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, +\& ASN1_TYPE *param, const EVP_CIPHER *cipher, +\& const EVP_MD *md, int en_de); +\& int PKCS5_v2_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, +\& ASN1_TYPE *param, const EVP_CIPHER *cipher, +\& const EVP_MD *md, int en_de, +\& OSSL_LIB_CTX *libctx, const char *propq); +\& int EVP_PBE_scrypt(const char *pass, size_t passlen, +\& const unsigned char *salt, size_t saltlen, +\& uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, +\& unsigned char *key, size_t keylen); +\& int EVP_PBE_scrypt_ex(const char *pass, size_t passlen, +\& const unsigned char *salt, size_t saltlen, +\& uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, +\& unsigned char *key, size_t keylen, +\& OSSL_LIB_CTX *ctx, const char *propq); +\& int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, +\& int passlen, ASN1_TYPE *param, +\& const EVP_CIPHER *c, const EVP_MD *md, int en_de); +\& int PKCS5_v2_scrypt_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, +\& int passlen, ASN1_TYPE *param, +\& const EVP_CIPHER *c, const EVP_MD *md, int en_de, +\& OSSL_LIB_CTX *libctx, const char *propq); +\& +\& #include <openssl/x509.h> +\& +\& int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, +\& const unsigned char *salt, int saltlen); +\& int PKCS5_pbe_set0_algor_ex(X509_ALGOR *algor, int alg, int iter, +\& const unsigned char *salt, int saltlen, +\& OSSL_LIB_CTX *libctx); +\& +\& X509_ALGOR *PKCS5_pbe_set(int alg, int iter, +\& const unsigned char *salt, int saltlen); +\& X509_ALGOR *PKCS5_pbe_set_ex(int alg, int iter, +\& const unsigned char *salt, int saltlen, +\& OSSL_LIB_CTX *libctx); +\& +\& X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, +\& unsigned char *salt, int saltlen); +\& X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, +\& unsigned char *salt, int saltlen, +\& unsigned char *aiv, int prf_nid); +\& X509_ALGOR *PKCS5_pbe2_set_iv_ex(const EVP_CIPHER *cipher, int iter, +\& unsigned char *salt, int saltlen, +\& unsigned char *aiv, int prf_nid, +\& OSSL_LIB_CTX *libctx); +\& X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, +\& const unsigned char *salt, int saltlen, +\& unsigned char *aiv, uint64_t N, uint64_t r, +\& uint64_t p); +\& +\& X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, +\& int prf_nid, int keylen); +\& X509_ALGOR *PKCS5_pbkdf2_set_ex(int iter, unsigned char *salt, int saltlen, +\& int prf_nid, int keylen, +\& OSSL_LIB_CTX *libctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +.SS "Key Derivation" +.IX Subsection "Key Derivation" +\&\fBPKCS5_PBE_keyivgen()\fR and \fBPKCS5_PBE_keyivgen_ex()\fR take a password \fIpass\fR of +length \fIpasslen\fR, parameters \fIparam\fR and a message digest function \fImd_type\fR +and performs a key derivation according to PKCS#5 \s-1PBES1.\s0 The resulting key is +then used to initialise the cipher context \fIctx\fR with a cipher \fIcipher\fR for +encryption (\fIen_de\fR=1) or decryption (\fIen_de\fR=0). +.PP +\&\fIpass\fR is an optional parameter and can be \s-1NULL.\s0 If \fIpasslen\fR is \-1, then the +function will calculate the length of \fIpass\fR using \fBstrlen()\fR. +.PP +\&\fBPKCS5_v2_PBE_keyivgen()\fR and \fBPKCS5_v2_PBE_keyivgen_ex()\fR are similar to the above +but instead use PKCS#5 \s-1PBES2\s0 as the encryption algorithm using the supplied +parameters. +.PP +\&\fBPKCS5_v2_scrypt_keyivgen()\fR and \fBPKCS5_v2_scrypt_keyivgen_ex()\fR use \s-1SCRYPT\s0 as the +key derivation part of the encryption algorithm. +.PP +\&\fIsalt\fR is the salt used in the derivation of length \fIsaltlen\fR. If the +\&\fIsalt\fR is \s-1NULL,\s0 then \fIsaltlen\fR must be 0. The function will not +attempt to calculate the length of the \fIsalt\fR because it is not assumed to +be \s-1NULL\s0 terminated. +.PP +\&\fIiter\fR is the iteration count and its value should be greater than or +equal to 1. \s-1RFC 2898\s0 suggests an iteration count of at least 1000. Any +\&\fIiter\fR less than 1 is treated as a single iteration. +.PP +\&\fIdigest\fR is the message digest function used in the derivation. +.PP +Functions ending in \fB_ex()\fR take optional parameters \fIlibctx\fR and \fIpropq\fR which +are used to select appropriate algorithm implementations. +.SS "Algorithm Identifier Creation" +.IX Subsection "Algorithm Identifier Creation" +\&\fBPKCS5_pbe_set()\fR, \fBPKCS5_pbe_set_ex()\fR, \fBPKCS5_pbe2_set()\fR, \fBPKCS5_pbe2_set_iv()\fR, +\&\fBPKCS5_pbe2_set_iv_ex()\fR and \fBPKCS5_pbe2_set_scrypt()\fR generate an \fBX509_ALGOR\fR +object which represents an AlgorithmIdentifier containing the algorithm \s-1OID\s0 and +associated parameters for the \s-1PBE\s0 algorithm. +.PP +\&\fBPKCS5_pbkdf2_set()\fR and \fBPKCS5_pbkdf2_set_ex()\fR generate an \fBX509_ALGOR\fR +object which represents an AlgorithmIdentifier containing the algorithm \s-1OID\s0 and +associated parameters for the \s-1PBKDF2\s0 algorithm. +.PP +\&\fBPKCS5_pbe_set0_algor()\fR and \fBPKCS5_pbe_set0_algor_ex()\fR set the \s-1PBE\s0 algorithm \s-1OID\s0 and +parameters into the supplied \fBX509_ALGOR\fR. +.SH "NOTES" +.IX Header "NOTES" +The *\fB_keyivgen()\fR functions are typically used in PKCS#12 to encrypt objects. +.PP +These functions make no assumption regarding the given password. +It will simply be treated as a byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS5_PBE_keyivgen()\fR, \fBPKCS5_v2_PBE_keyivgen()\fR, +\&\fBPKCS5_v2_PBE_keyivgen_ex()\fR, \fBPKCS5_v2_scrypt_keyivgen()\fR, +\&\fBPKCS5_v2_scrypt_keyivgen_ex()\fR, \fBPKCS5_pbe_set0_algor()\fR and +\&\fBPKCS5_pbe_set0_algor_ex()\fR return 1 for success and 0 if an error occurs. +.PP +\&\fBPKCS5_pbe_set()\fR, \fBPKCS5_pbe_set_ex()\fR, \fBPKCS5_pbe2_set()\fR, \fBPKCS5_pbe2_set_iv()\fR, +\&\fBPKCS5_pbe2_set_iv_ex()\fR, \fBPKCS5_pbe2_set_scrypt()\fR, +\&\fBPKCS5_pbkdf2_set()\fR and \fBPKCS5_pbkdf2_set_ex()\fR return an \fBX509_ALGOR\fR object or +\&\s-1NULL\s0 if an error occurs. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1IETF RFC 8018\s0 (<https://tools.ietf.org/html/rfc8018>) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PBE_CipherInit_ex\fR\|(3), +\&\fBPKCS12_pbe_crypt_ex\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBPKCS5_v2_PBE_keyivgen_ex()\fR, \fBEVP_PBE_scrypt_ex()\fR, \fBPKCS5_v2_scrypt_keyivgen_ex()\fR, +\&\fBPKCS5_pbe_set0_algor_ex()\fR, \fBPKCS5_pbe_set_ex()\fR, \fBPKCS5_pbe2_set_iv_ex()\fR and +\&\fBPKCS5_pbkdf2_set_ex()\fR were added in OpenSSL 3.0. +.PP +From OpenSSL 3.0 the \s-1PBKDF1\s0 algorithm used in \fBPKCS5_PBE_keyivgen()\fR and +\&\fBPKCS5_PBE_keyivgen_ex()\fR has been moved to the legacy provider as an \s-1EVP_KDF.\s0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS5_PBKDF2_HMAC.3 b/secure/lib/libcrypto/man/man3/PKCS5_PBKDF2_HMAC.3 index 4278f380bac2..8523d1a92fd7 100644 --- a/secure/lib/libcrypto/man/man3/PKCS5_PBKDF2_HMAC.3 +++ b/secure/lib/libcrypto/man/man3/PKCS5_PBKDF2_HMAC.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "PKCS5_PBKDF2_HMAC 3" -.TH PKCS5_PBKDF2_HMAC 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "PKCS5_PBKDF2_HMAC 3ossl" +.TH PKCS5_PBKDF2_HMAC 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -172,9 +170,8 @@ be \s-1NULL\s0 terminated. equal to 1. \s-1RFC 2898\s0 suggests an iteration count of at least 1000. Any \&\fBiter\fR less than 1 is treated as a single iteration. .PP -\&\fBdigest\fR is the message digest function used in the derivation. Values include -any of the EVP_* message digests. \s-1\fBPKCS5_PBKDF2_HMAC_SHA1\s0()\fR calls -\&\s-1\fBPKCS5_PBKDF2_HMAC\s0()\fR with \fBEVP_sha1()\fR. +\&\fBdigest\fR is the message digest function used in the derivation. +\&\s-1\fBPKCS5_PBKDF2_HMAC_SHA1\s0()\fR calls \s-1\fBPKCS5_PBKDF2_HMAC\s0()\fR with \fBEVP_sha1()\fR. .PP The derived key will be written to \fBout\fR. The size of the \fBout\fR buffer is specified via \fBkeylen\fR. @@ -200,9 +197,9 @@ It will simply be treated as a byte sequence. \&\fBpassphrase\-encoding\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2014\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS7_decrypt.3 b/secure/lib/libcrypto/man/man3/PKCS7_decrypt.3 index 00806bda28fe..85b2075db568 100644 --- a/secure/lib/libcrypto/man/man3/PKCS7_decrypt.3 +++ b/secure/lib/libcrypto/man/man3/PKCS7_decrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "PKCS7_DECRYPT 3" -.TH PKCS7_DECRYPT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "PKCS7_DECRYPT 3ossl" +.TH PKCS7_DECRYPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -181,7 +179,7 @@ mentioned in \fBPKCS7_sign()\fR also applies to \fBPKCS7_verify()\fR. .IX Header "COPYRIGHT" Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS7_encrypt.3 b/secure/lib/libcrypto/man/man3/PKCS7_encrypt.3 index 7eed9afeae0d..69a6c309b8f3 100644 --- a/secure/lib/libcrypto/man/man3/PKCS7_encrypt.3 +++ b/secure/lib/libcrypto/man/man3/PKCS7_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,29 +130,34 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "PKCS7_ENCRYPT 3" -.TH PKCS7_ENCRYPT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "PKCS7_ENCRYPT 3ossl" +.TH PKCS7_ENCRYPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -PKCS7_encrypt \- create a PKCS#7 envelopedData structure +PKCS7_encrypt_ex, PKCS7_encrypt +\&\- create a PKCS#7 envelopedData structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/pkcs7.h> \& +\& PKCS7 *PKCS7_encrypt_ex(STACK_OF(X509) *certs, BIO *in, +\& const EVP_CIPHER *cipher, int flags, +\& OSSL_LIB_CTX *libctx, const char *propq); \& PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, \& int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBPKCS7_encrypt()\fR creates and returns a PKCS#7 envelopedData structure. \fBcerts\fR -is a list of recipient certificates. \fBin\fR is the content to be encrypted. -\&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags. -.SH "NOTES" -.IX Header "NOTES" +\&\fBPKCS7_encrypt_ex()\fR creates and returns a PKCS#7 envelopedData structure. +\&\fIcerts\fR is a list of recipient certificates. \fIin\fR is the content to be +encrypted. \fIcipher\fR is the symmetric cipher to use. \fIflags\fR is an optional set +of flags. The library context \fIlibctx\fR and the property query \fIpropq\fR are used +when retrieving algorithms from providers. +.PP Only \s-1RSA\s0 keys are supported in PKCS#7 and envelopedData so the recipient certificates supplied to this function must all contain \s-1RSA\s0 public keys, though they do not have to be signed using the \s-1RSA\s0 algorithm. @@ -187,8 +190,7 @@ otherwise the translation will corrupt it. If \fB\s-1PKCS7_BINARY\s0\fR is set t .PP If the \fB\s-1PKCS7_STREAM\s0\fR flag is set a partial \fB\s-1PKCS7\s0\fR structure is output suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR. -.SH "NOTES" -.IX Header "NOTES" +.PP If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR complete and outputting its contents via a function that does not properly finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable @@ -198,21 +200,26 @@ Several functions including \fBSMIME_write_PKCS7()\fR, \fBi2d_PKCS7_bio_stream() \&\fBPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using \&\fBBIO_new_PKCS7()\fR. +.PP +\&\fBPKCS7_encrypt()\fR is similar to \fBPKCS7_encrypt_ex()\fR but uses default +values of \s-1NULL\s0 for the library context \fIlibctx\fR and the property query \fIpropq\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBPKCS7_encrypt()\fR returns either a \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred. -The error can be obtained from \fBERR_get_error\fR\|(3). +\&\fBPKCS7_encrypt_ex()\fR and \fBPKCS7_encrypt()\fR return either a \s-1PKCS7\s0 structure +or \s-1NULL\s0 if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBPKCS7_decrypt\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" +The function \fBPKCS7_encrypt_ex()\fR was added in OpenSSL 3.0. +.PP The \fB\s-1PKCS7_STREAM\s0\fR flag was added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS7_get_octet_string.3 b/secure/lib/libcrypto/man/man3/PKCS7_get_octet_string.3 new file mode 100644 index 000000000000..7fd3a97af44a --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS7_get_octet_string.3 @@ -0,0 +1,169 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS7_GET_OCTET_STRING 3ossl" +.TH PKCS7_GET_OCTET_STRING 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS7_get_octet_string \- return octet string from a PKCS#7 envelopedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/pkcs7.h> +\& +\& ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS7_get_octet_string()\fR returns a pointer to an \s-1ASN1\s0 octet string from a +PKCS#7 envelopedData structure or \fB\s-1NULL\s0\fR if the structure cannot be parsed. +.SH "NOTES" +.IX Header "NOTES" +As the \fB0\fR implies, \fBPKCS7_get_octet_string()\fR returns internal pointers which +should not be freed by the caller. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS7_get_octet_string()\fR returns an \s-1ASN1_OCTET_STRING\s0 pointer. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPKCS7_type_is_data\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS7_sign.3 b/secure/lib/libcrypto/man/man3/PKCS7_sign.3 index aec64895ed24..c34e732412c4 100644 --- a/secure/lib/libcrypto/man/man3/PKCS7_sign.3 +++ b/secure/lib/libcrypto/man/man3/PKCS7_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,46 +130,51 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "PKCS7_SIGN 3" -.TH PKCS7_SIGN 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "PKCS7_SIGN 3ossl" +.TH PKCS7_SIGN 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -PKCS7_sign \- create a PKCS#7 signedData structure +PKCS7_sign_ex, PKCS7_sign +\&\- create a PKCS#7 signedData structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/pkcs7.h> \& +\& PKCS7 *PKCS7_sign_ex(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, +\& BIO *data, int flags, OSSL_LIB_CTX *libctx, +\& const char *propq); \& PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, \& BIO *data, int flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBPKCS7_sign()\fR creates and returns a PKCS#7 signedData structure. \fBsigncert\fR is -the certificate to sign with, \fBpkey\fR is the corresponding private key. -\&\fBcerts\fR is an optional additional set of certificates to include in the PKCS#7 -structure (for example any intermediate CAs in the chain). +\&\fBPKCS7_sign_ex()\fR creates and returns a PKCS#7 signedData structure. +\&\fIsigncert\fR is the certificate to sign with, \fIpkey\fR is the corresponding +private key. \fIcerts\fR is an optional set of extra certificates to include +in the PKCS#7 structure (for example any intermediate CAs in the chain). +The library context \fIlibctx\fR and property query \fIpropq\fR are used when +retrieving algorithms from providers. +.PP +The data to be signed is read from \s-1BIO\s0 \fIdata\fR. .PP -The data to be signed is read from \s-1BIO\s0 \fBdata\fR. +\&\fIflags\fR is an optional set of flags. .PP -\&\fBflags\fR is an optional set of flags. -.SH "NOTES" -.IX Header "NOTES" -Any of the following flags (ored together) can be passed in the \fBflags\fR +Any of the following flags (ored together) can be passed in the \fIflags\fR parameter. .PP Many S/MIME clients expect the signed content to include valid \s-1MIME\s0 headers. If -the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended +the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \f(CW\*(C`text/plain\*(C'\fR are prepended to the data. .PP -If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the -\&\s-1PKCS7\s0 structure, the signer's certificate must still be supplied in the -\&\fBsigncert\fR parameter though. This can reduce the size of the signature if the -signers certificate can be obtained by other means: for example a previously -signed message. +If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate and the extra \fIcerts\fR +will not be included in the \s-1PKCS7\s0 structure. +The signer's certificate must still be supplied in the \fIsigncert\fR parameter +though. This can reduce the size of the signatures if the signer's certificates +can be obtained by other means: for example a previously signed message. .PP The data being signed is included in the \s-1PKCS7\s0 structure, unless \&\fB\s-1PKCS7_DETACHED\s0\fR is set in which case it is omitted. This is used for \s-1PKCS7\s0 @@ -195,14 +198,13 @@ these algorithms is disabled then it will not be included. .PP If the flags \fB\s-1PKCS7_STREAM\s0\fR is set then the returned \fB\s-1PKCS7\s0\fR structure is just initialized ready to perform the signing operation. The signing is however -\&\fBnot\fR performed and the data to be signed is not read from the \fBdata\fR +\&\fBnot\fR performed and the data to be signed is not read from the \fIdata\fR parameter. Signing is deferred until after the data has been written. In this way data can be signed in a single pass. .PP If the \fB\s-1PKCS7_PARTIAL\s0\fR flag is set a partial \fB\s-1PKCS7\s0\fR structure is output to which additional signers and capabilities can be added before finalization. -.SH "NOTES" -.IX Header "NOTES" +.PP If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR complete and outputting its contents via a function that does not properly finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable results. @@ -215,38 +217,44 @@ can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directl If a signer is specified it will use the default digest for the signing algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys. .PP -The \fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be -\&\fB\s-1NULL\s0\fR if the \fB\s-1PKCS7_PARTIAL\s0\fR flag is set. One or more signers can be added +The \fIcerts\fR, \fIsigncert\fR and \fIpkey\fR parameters can all be +\&\s-1NULL\s0 if the \fB\s-1PKCS7_PARTIAL\s0\fR flag is set. One or more signers can be added using the function \fBPKCS7_sign_add_signer()\fR. \fBPKCS7_final()\fR must also be called to finalize the structure if streaming is not enabled. Alternative signing digests can also be specified using this method. .PP -If \fBsigncert\fR and \fBpkey\fR are \s-1NULL\s0 then a certificates only +If \fIsigncert\fR and \fIpkey\fR are \s-1NULL\s0 then a certificates only PKCS#7 structure is output. .PP -In versions of OpenSSL before 1.0.0 the \fBsigncert\fR and \fBpkey\fR parameters must -\&\fB\s-1NOT\s0\fR be \s-1NULL.\s0 +In versions of OpenSSL before 1.0.0 the \fIsigncert\fR and \fIpkey\fR parameters must +not be \s-1NULL.\s0 +.PP +\&\fBPKCS7_sign()\fR is like \fBPKCS7_sign_ex()\fR except that it uses default values of +\&\s-1NULL\s0 for the library context \fIlibctx\fR and the property query \fIpropq\fR. +This is retained for \s-1API\s0 backward compatibility. .SH "BUGS" .IX Header "BUGS" Some advanced attributes such as counter signatures are not supported. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBPKCS7_sign()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error -occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +\&\fBPKCS7_sign_ex()\fR and \fBPKCS7_sign()\fR return either a valid \s-1PKCS7\s0 structure +or \s-1NULL\s0 if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBPKCS7_verify\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -The \fB\s-1PKCS7_PARTIAL\s0\fR flag, and the ability for \fBcerts\fR, \fBsigncert\fR, -and \fBpkey\fR parameters to be \fB\s-1NULL\s0\fR were added in OpenSSL 1.0.0. +The function \fBPKCS7_sign_ex()\fR was added in OpenSSL 3.0. +.PP +The \fB\s-1PKCS7_PARTIAL\s0\fR flag, and the ability for \fIcerts\fR, \fIsigncert\fR, +and \fIpkey\fR parameters to be \s-1NULL\s0 were added in OpenSSL 1.0.0. .PP The \fB\s-1PKCS7_STREAM\s0\fR flag was added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS7_sign_add_signer.3 b/secure/lib/libcrypto/man/man3/PKCS7_sign_add_signer.3 index ccf38bf5feb0..14edbb328a02 100644 --- a/secure/lib/libcrypto/man/man3/PKCS7_sign_add_signer.3 +++ b/secure/lib/libcrypto/man/man3/PKCS7_sign_add_signer.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "PKCS7_SIGN_ADD_SIGNER 3" -.TH PKCS7_SIGN_ADD_SIGNER 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "PKCS7_SIGN_ADD_SIGNER 3ossl" +.TH PKCS7_SIGN_ADD_SIGNER 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -PKCS7_sign_add_signer \- add a signer PKCS7 signed data structure +PKCS7_sign_add_signer, +PKCS7_add_certificate, PKCS7_add_crl \- add information to PKCS7 structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -147,21 +146,22 @@ PKCS7_sign_add_signer \- add a signer PKCS7 signed data structure \& \& PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, \& EVP_PKEY *pkey, const EVP_MD *md, int flags); +\& int PKCS7_add_certificate(PKCS7 *p7, X509 *cert); +\& int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBPKCS7_sign_add_signer()\fR adds a signer with certificate \fBsigncert\fR and private -key \fBpkey\fR using message digest \fBmd\fR to a \s-1PKCS7\s0 signed data structure -\&\fBp7\fR. +\&\fBPKCS7_sign_add_signer()\fR adds a signer with certificate \fIsigncert\fR and private +key \fIpkey\fR using message digest \fImd\fR to a \s-1PKCS7\s0 signed data structure \fIp7\fR. .PP -The \s-1PKCS7\s0 structure should be obtained from an initial call to \fBPKCS7_sign()\fR -with the flag \fB\s-1PKCS7_PARTIAL\s0\fR set or in the case or re-signing a valid \s-1PKCS7\s0 +The \fB\s-1PKCS7\s0\fR structure should be obtained from an initial call to \fBPKCS7_sign()\fR +with the flag \fB\s-1PKCS7_PARTIAL\s0\fR set or in the case or re-signing a valid PKCS#7 signed data structure. .PP -If the \fBmd\fR parameter is \fB\s-1NULL\s0\fR then the default digest for the public +If the \fImd\fR parameter is \s-1NULL\s0 then the default digest for the public key algorithm will be used. .PP -Unless the \fB\s-1PKCS7_REUSE_DIGEST\s0\fR flag is set the returned \s-1PKCS7\s0 structure +Unless the \fB\s-1PKCS7_REUSE_DIGEST\s0\fR flag is set the returned \fB\s-1PKCS7\s0\fR structure is not complete and must be finalized either by streaming (if applicable) or a call to \fBPKCS7_final()\fR. .SH "NOTES" @@ -171,13 +171,13 @@ signed data structure where the simpler \fBPKCS7_sign()\fR function defaults are not appropriate. For example if multiple signers or non default digest algorithms are needed. .PP -Any of the following flags (ored together) can be passed in the \fBflags\fR +Any of the following flags (ored together) can be passed in the \fIflags\fR parameter. .PP If \fB\s-1PKCS7_REUSE_DIGEST\s0\fR is set then an attempt is made to copy the content -digest value from the \s-1PKCS7\s0 structure: to add a signer to an existing structure. +digest value from the \fB\s-1PKCS7\s0\fR structure: to add a signer to an existing structure. An error occurs if a matching digest value cannot be found to copy. The -returned \s-1PKCS7\s0 structure will be valid and finalized when this flag is set. +returned \fB\s-1PKCS7\s0\fR structure will be valid and finalized when this flag is set. .PP If \fB\s-1PKCS7_PARTIAL\s0\fR is set in addition to \fB\s-1PKCS7_REUSE_DIGEST\s0\fR then the \&\fB\s-1PKCS7_SIGNER_INO\s0\fR structure will not be finalized so additional attributes @@ -185,8 +185,8 @@ can be added. In this case an explicit call to \fBPKCS7_SIGNER_INFO_sign()\fR is needed to finalize it. .PP If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the -\&\s-1PKCS7\s0 structure, the signer's certificate must still be supplied in the -\&\fBsigncert\fR parameter though. This can reduce the size of the signature if the +\&\fB\s-1PKCS7\s0\fR structure, the signer's certificate must still be supplied in the +\&\fIsigncert\fR parameter though. This can reduce the size of the signature if the signers certificate can be obtained by other means: for example a previously signed message. .PP @@ -200,25 +200,38 @@ If present the SMIMECapabilities attribute indicates support for the following algorithms: triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 If any of these algorithms is disabled then it will not be included. .PP -\&\fBPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0 -structure just added, this can be used to set additional attributes +\&\fBPKCS7_sign_add_signers()\fR returns an internal pointer to the \fB\s-1PKCS7_SIGNER_INFO\s0\fR +structure just added, which can be used to set additional attributes before it is finalized. +.PP +\&\fBPKCS7_add_certificate()\fR adds to the \fB\s-1PKCS7\s0\fR structure \fIp7\fR the certificate +\&\fIcert\fR, which may be an end-entity (signer) certificate +or a \s-1CA\s0 certificate useful for chain building. +This is done internally by \fBPKCS7_sign_ex\fR\|(3) and similar signing functions. +It may have to be used before calling \fBPKCS7_verify\fR\|(3) +in order to provide any missing certificate(s) needed for verification. +.PP +\&\fBPKCS7_add_crl()\fR adds the \s-1CRL\s0 \fIcrl\fR to the \fB\s-1PKCS7\s0\fR structure \fIp7\fR. +This may be called to provide certificate status information +to be included when signing or to use when verifying the \fB\s-1PKCS7\s0\fR structure. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0 +\&\fBPKCS7_sign_add_signers()\fR returns an internal pointer to the \fB\s-1PKCS7_SIGNER_INFO\s0\fR structure just added or \s-1NULL\s0 if an error occurs. +.PP +\&\fBPKCS7_add_certificate()\fR and \fBPKCS7_add_crl()\fR return 1 on success, 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), -\&\fBPKCS7_final\fR\|(3), +\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign_ex\fR\|(3), +\&\fBPKCS7_final\fR\|(3), \fBPKCS7_verify\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBPPKCS7_sign_add_signer()\fR function was added in OpenSSL 1.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2007\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/d2i_DHparams.3 b/secure/lib/libcrypto/man/man3/PKCS7_type_is_other.3 index 8ef502289ee1..71c16c85d70b 100644 --- a/secure/lib/libcrypto/man/man3/d2i_DHparams.3 +++ b/secure/lib/libcrypto/man/man3/PKCS7_type_is_other.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,43 +130,43 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "D2I_DHPARAMS 3" -.TH D2I_DHPARAMS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "PKCS7_TYPE_IS_OTHER 3ossl" +.TH PKCS7_TYPE_IS_OTHER 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -d2i_DHparams, i2d_DHparams \- PKCS#3 DH parameter functions +PKCS7_type_is_other \- determine content type of PKCS#7 envelopedData structure .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& #include <openssl/dh.h> +\& #include <openssl/pkcs7.h> \& -\& DH *d2i_DHparams(DH **a, const unsigned char **pp, long length); -\& int i2d_DHparams(DH *a, unsigned char **pp); +\& int PKCS7_type_is_other(PKCS7 *p7); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -These functions decode and encode PKCS#3 \s-1DH\s0 parameters using the -DHparameter structure described in PKCS#3. +\&\fBPKCS7_type_is_other()\fR returns the whether the content type of a PKCS#7 envelopedData +structure is one of the following content types: .PP -Otherwise these behave in a similar way to \fBd2i_X509()\fR and \fBi2d_X509()\fR -described in the \fBd2i_X509\fR\|(3) manual page. +NID_pkcs7_data +NID_pkcs7_signed +NID_pkcs7_enveloped +NID_pkcs7_signedAndEnveloped +NID_pkcs7_digest +NID_pkcs7_encrypted .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBd2i_DHparams()\fR returns a valid \fB\s-1DH\s0\fR structure or \s-1NULL\s0 if an error occurred. -.PP -\&\fBi2d_DHparams()\fR returns the length of encoded data on success or a value which -is less than or equal to 0 on error. +\&\fBPKCS7_type_is_other()\fR returns either 0 if the content type is matched or 1 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBd2i_X509\fR\|(3) +\&\fBPKCS7_type_is_data\fR\|(3), \fBPKCS7_get_octet_string\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS7_verify.3 b/secure/lib/libcrypto/man/man3/PKCS7_verify.3 index 9b9d9bdddc1b..7e5140fd7bb5 100644 --- a/secure/lib/libcrypto/man/man3/PKCS7_verify.3 +++ b/secure/lib/libcrypto/man/man3/PKCS7_verify.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "PKCS7_VERIFY 3" -.TH PKCS7_VERIFY 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "PKCS7_VERIFY 3ossl" +.TH PKCS7_VERIFY 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,107 +150,119 @@ PKCS7_verify, PKCS7_get0_signers \- verify a PKCS#7 signedData structure .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBPKCS7_verify()\fR verifies a PKCS#7 signedData structure. \fBp7\fR is the \s-1PKCS7\s0 -structure to verify. \fBcerts\fR is a set of certificates in which to search for -the signer's certificate. \fBstore\fR is a trusted certificate store (used for -chain verification). \fBindata\fR is the signed data if the content is not -present in \fBp7\fR (that is it is detached). The content is written to \fBout\fR -if it is not \s-1NULL.\s0 -.PP -\&\fBflags\fR is an optional set of flags, which can be used to modify the verify -operation. +\&\fBPKCS7_verify()\fR is very similar to \fBCMS_verify\fR\|(3). +It verifies a PKCS#7 signedData structure given in \fIp7\fR. +The optional \fIcerts\fR parameter refers to a set of certificates +in which to search for signer's certificates. +\&\fIp7\fR may contain extra untrusted \s-1CA\s0 certificates that may be used for +chain building as well as CRLs that may be used for certificate validation. +\&\fIstore\fR may be \s-1NULL\s0 or point to +the trusted certificate store to use for chain verification. +\&\fIindata\fR refers to the signed data if the content is detached from \fIp7\fR. +Otherwise \fIindata\fR should be \s-1NULL,\s0 and then the signed data must be in \fIp7\fR. +The content is written to the \s-1BIO\s0 \fIout\fR unless it is \s-1NULL.\s0 +\&\fIflags\fR is an optional set of flags, which can be used to modify the operation. .PP -\&\fBPKCS7_get0_signers()\fR retrieves the signer's certificates from \fBp7\fR, it does -\&\fBnot\fR check their validity or whether any signatures are valid. The \fBcerts\fR -and \fBflags\fR parameters have the same meanings as in \fBPKCS7_verify()\fR. +\&\fBPKCS7_get0_signers()\fR retrieves the signer's certificates from \fIp7\fR, it does +\&\fBnot\fR check their validity or whether any signatures are valid. The \fIcerts\fR +and \fIflags\fR parameters have the same meanings as in \fBPKCS7_verify()\fR. .SH "VERIFY PROCESS" .IX Header "VERIFY PROCESS" Normally the verify process proceeds as follows. .PP -Initially some sanity checks are performed on \fBp7\fR. The type of \fBp7\fR must -be signedData. There must be at least one signature on the data and if -the content is detached \fBindata\fR cannot be \fB\s-1NULL\s0\fR. If the content is -not detached and \fBindata\fR is not \fB\s-1NULL\s0\fR, then the structure has both +Initially some sanity checks are performed on \fIp7\fR. The type of \fIp7\fR must +be SignedData. There must be at least one signature on the data and if +the content is detached \fIindata\fR cannot be \s-1NULL.\s0 If the content is +not detached and \fIindata\fR is not \s-1NULL\s0 then the structure has both embedded and external content. To treat this as an error, use the flag \&\fB\s-1PKCS7_NO_DUAL_CONTENT\s0\fR. The default behavior allows this, for compatibility with older versions of OpenSSL. .PP An attempt is made to locate all the signer's certificates, first looking in -the \fBcerts\fR parameter (if it is not \fB\s-1NULL\s0\fR) and then looking in any certificates -contained in the \fBp7\fR structure itself. If any signer's certificates cannot be -located the operation fails. +the \fIcerts\fR parameter (if it is not \s-1NULL\s0). Then they are looked up in any +certificates contained in the \fIp7\fR structure unless \fB\s-1PKCS7_NOINTERN\s0\fR is set. +If any signer's certificates cannot be located the operation fails. .PP Each signer's certificate is chain verified using the \fBsmimesign\fR purpose and -the supplied trusted certificate store. Any internal certificates in the message -are used as untrusted CAs. If any chain verify fails an error code is returned. +using the trusted certificate store \fIstore\fR if supplied. +Any internal certificates in the message, which may have been added using +\&\fBPKCS7_add_certificate\fR\|(3), are used as untrusted CAs unless \fB\s-1PKCS7_NOCHAIN\s0\fR +is set. +If \s-1CRL\s0 checking is enabled in \fIstore\fR and \fB\s-1PKCS7_NOCRL\s0\fR is not set, +any internal CRLs, which may have been added using \fBPKCS7_add_crl\fR\|(3), +are used in addition to attempting to look them up in \fIstore\fR. +If \fIstore\fR is not \s-1NULL\s0 and any chain verify fails an error code is returned. .PP -Finally the signed content is read (and written to \fBout\fR is it is not \s-1NULL\s0) and -the signature's checked. +Finally the signed content is read (and written to \fIout\fR unless it is \s-1NULL\s0) +and the signature is checked. .PP -If all signature's verify correctly then the function is successful. +If all signatures verify correctly then the function is successful. .PP -Any of the following flags (ored together) can be passed in the \fBflags\fR parameter -to change the default verify behaviour. Only the flag \fB\s-1PKCS7_NOINTERN\s0\fR is -meaningful to \fBPKCS7_get0_signers()\fR. +Any of the following flags (ored together) can be passed in the \fIflags\fR +parameter to change the default verify behaviour. +Only the flag \fB\s-1PKCS7_NOINTERN\s0\fR is meaningful to \fBPKCS7_get0_signers()\fR. .PP If \fB\s-1PKCS7_NOINTERN\s0\fR is set the certificates in the message itself are not -searched when locating the signer's certificate. This means that all the signers -certificates must be in the \fBcerts\fR parameter. +searched when locating the signer's certificates. +This means that all the signer's certificates must be in the \fIcerts\fR parameter. +.PP +If \fB\s-1PKCS7_NOCRL\s0\fR is set and \s-1CRL\s0 checking is enabled in \fIstore\fR then any +CRLs in the message itself are ignored. .PP -If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted -from the content. If the content is not of type \fBtext/plain\fR then an error is +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \f(CW\*(C`text/plain\*(C'\fR are deleted +from the content. If the content is not of type \f(CW\*(C`text/plain\*(C'\fR then an error is returned. .PP If \fB\s-1PKCS7_NOVERIFY\s0\fR is set the signer's certificates are not chain verified. .PP If \fB\s-1PKCS7_NOCHAIN\s0\fR is set then the certificates contained in the message are not used as untrusted CAs. This means that the whole verify chain (apart from -the signer's certificate) must be contained in the trusted store. +the signer's certificates) must be contained in the trusted store. .PP If \fB\s-1PKCS7_NOSIGS\s0\fR is set then the signatures on the data are not checked. .SH "NOTES" .IX Header "NOTES" One application of \fB\s-1PKCS7_NOINTERN\s0\fR is to only accept messages signed by a small number of certificates. The acceptable certificates would be passed -in the \fBcerts\fR parameter. In this case if the signer is not one of the -certificates supplied in \fBcerts\fR then the verify will fail because the +in the \fIcerts\fR parameter. In this case if the signer's certificate is not one +of the certificates supplied in \fIcerts\fR then the verify will fail because the signer cannot be found. .PP Care should be taken when modifying the default verify behaviour, for example -setting \fBPKCS7_NOVERIFY|PKCS7_NOSIGS\fR will totally disable all verification +setting \f(CW\*(C`PKCS7_NOVERIFY|PKCS7_NOSIGS\*(C'\fR will totally disable all verification and any signed message will be considered valid. This combination is however -useful if one merely wishes to write the content to \fBout\fR and its validity +useful if one merely wishes to write the content to \fIout\fR and its validity is not considered important. .PP -Chain verification should arguably be performed using the signing time rather +Chain verification should arguably be performed using the signing time rather than the current time. However, since the signing time is supplied by the signer it cannot be trusted without additional evidence (such as a trusted timestamp). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBPKCS7_verify()\fR returns one for a successful verification and zero -if an error occurs. +\&\fBPKCS7_verify()\fR returns 1 for a successful verification and 0 if an error occurs. .PP -\&\fBPKCS7_get0_signers()\fR returns all signers or \fB\s-1NULL\s0\fR if an error occurred. +\&\fBPKCS7_get0_signers()\fR returns all signers or \s-1NULL\s0 if an error occurred. .PP -The error can be obtained from \fBERR_get_error\fR\|(3) +The error can be obtained from \fBERR_get_error\fR\|(3). .SH "BUGS" .IX Header "BUGS" -The trusted certificate store is not searched for the signers certificate, -this is primarily due to the inadequacies of the current \fBX509_STORE\fR +The trusted certificate store is not searched for the signer's certificates. +This is primarily due to the inadequacies of the current \fBX509_STORE\fR functionality. .PP -The lack of single pass processing and need to hold all data in memory as -mentioned in \fBPKCS7_sign()\fR also applies to \fBPKCS7_verify()\fR. +The lack of single pass processing means that the signed content must all +be held in memory if it is not detached. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBCMS_verify\fR\|(3), \fBPKCS7_add_certificate\fR\|(3), \fBPKCS7_add_crl\fR\|(3), \&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS8_encrypt.3 b/secure/lib/libcrypto/man/man3/PKCS8_encrypt.3 new file mode 100644 index 000000000000..15d01095ab82 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS8_encrypt.3 @@ -0,0 +1,206 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS8_ENCRYPT 3ossl" +.TH PKCS8_ENCRYPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS8_decrypt, PKCS8_decrypt_ex, PKCS8_encrypt, PKCS8_encrypt_ex, +PKCS8_set0_pbe, PKCS8_set0_pbe_ex \- PKCS8 encrypt/decrypt functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509.h> +\& +\& PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, +\& int passlen); +\& PKCS8_PRIV_KEY_INFO *PKCS8_decrypt_ex(const X509_SIG *p8, const char *pass, +\& int passlen, OSSL_LIB_CTX *ctx, +\& const char *propq); +\& X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, +\& const char *pass, int passlen, unsigned char *salt, +\& int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); +\& X509_SIG *PKCS8_encrypt_ex(int pbe_nid, const EVP_CIPHER *cipher, +\& const char *pass, int passlen, unsigned char *salt, +\& int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8, +\& OSSL_LIB_CTX *ctx, const char *propq); +\& X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen, +\& PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe); +\& X509_SIG *PKCS8_set0_pbe_ex(const char *pass, int passlen, +\& PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe, +\& OSSL_LIB_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS8_encrypt()\fR and \fBPKCS8_encrypt_ex()\fR perform encryption of an object \fIp8\fR using +the password \fIpass\fR of length \fIpasslen\fR, salt \fIsalt\fR of length \fIsaltlen\fR +and iteration count \fIiter\fR. +The resulting \fBX509_SIG\fR contains the encoded algorithm parameters and encrypted +key. +.PP +\&\fBPKCS8_decrypt()\fR and \fBPKCS8_decrypt_ex()\fR perform decryption of an \fBX509_SIG\fR in +\&\fIp8\fR using the password \fIpass\fR of length \fIpasslen\fR along with algorithm +parameters obtained from the \fIp8\fR. +.PP +\&\fBPKCS8_set0_pbe()\fR and \fBPKCS8_set0_pbe_ex()\fR perform encryption of the \fIp8inf\fR +using the password \fIpass\fR of length \fIpasslen\fR and parameters \fIpbe\fR. +.PP +Functions ending in \fB_ex()\fR allow for a library context \fIctx\fR and property query +\&\fIpropq\fR to be used to select algorithm implementations. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS8_encrypt()\fR, \fBPKCS8_encrypt_ex()\fR, \fBPKCS8_set0_pbe()\fR and \fBPKCS8_set0_pbe_ex()\fR +return an encrypted key in a \fBX509_SIG\fR structure or \s-1NULL\s0 if an error occurs. +.PP +\&\fBPKCS8_decrypt()\fR and \fBPKCS8_decrypt_ex()\fR return a \fB\s-1PKCS8_PRIV_KEY_INFO\s0\fR or \s-1NULL\s0 +if an error occurs. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1IETF RFC 7292\s0 (<https://tools.ietf.org/html/rfc7292>) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBPKCS8_decrypt_ex()\fR, \fBPKCS8_encrypt_ex()\fR and \fBPKCS8_set0_pbe_ex()\fR were added in +OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/PKCS8_pkey_add1_attr.3 b/secure/lib/libcrypto/man/man3/PKCS8_pkey_add1_attr.3 new file mode 100644 index 000000000000..f81d09b86099 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS8_pkey_add1_attr.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS8_PKEY_ADD1_ATTR 3ossl" +.TH PKCS8_PKEY_ADD1_ATTR 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS8_pkey_get0_attrs, PKCS8_pkey_add1_attr, PKCS8_pkey_add1_attr_by_NID, PKCS8_pkey_add1_attr_by_OBJ \- PKCS8 attribute functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509.h> +\& +\& const STACK_OF(X509_ATTRIBUTE) * +\& PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8); +\& int PKCS8_pkey_add1_attr(PKCS8_PRIV_KEY_INFO *p8, X509_ATTRIBUTE *attr); +\& int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type, +\& const unsigned char *bytes, int len); +\& int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj, +\& int type, const unsigned char *bytes, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS8_pkey_get0_attrs()\fR returns a const \s-1STACK\s0 of X509_ATTRIBUTE present in +the passed const \s-1PKCS8_PRIV_KEY_INFO\s0 structure \fBp8\fR. +.PP +\&\fBPKCS8_pkey_add1_attr()\fR adds a constructed X509_ATTRIBUTE \fBattr\fR to the +existing \s-1PKCS8_PRIV_KEY_INFO\s0 structure \fBp8\fR. +.PP +\&\fBPKCS8_pkey_add1_attr_by_NID()\fR and \fBPKCS8_pkey_add1_attr_by_OBJ()\fR construct a new +X509_ATTRIBUTE from the passed arguments and add it to the existing +\&\s-1PKCS8_PRIV_KEY_INFO\s0 structure \fBp8\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS8_pkey_add1_attr()\fR, \fBPKCS8_pkey_add1_attr_by_NID()\fR, and +\&\fBPKCS8_pkey_add1_attr_by_OBJ()\fR return 1 for success and 0 for failure. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1STACK\s0 of X509_ATTRIBUTE is present in many X509\-related structures and some of +them have the corresponding set of similar functions. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RAND_DRBG_new.3 b/secure/lib/libcrypto/man/man3/RAND_DRBG_new.3 deleted file mode 100644 index 9f27caeb8351..000000000000 --- a/secure/lib/libcrypto/man/man3/RAND_DRBG_new.3 +++ /dev/null @@ -1,247 +0,0 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RAND_DRBG_NEW 3" -.TH RAND_DRBG_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RAND_DRBG_new, RAND_DRBG_secure_new, RAND_DRBG_set, RAND_DRBG_set_defaults, RAND_DRBG_instantiate, RAND_DRBG_uninstantiate, RAND_DRBG_free \&\- initialize and cleanup a RAND_DRBG instance -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/rand_drbg.h> -\& -\& -\& RAND_DRBG *RAND_DRBG_new(int type, -\& unsigned int flags, -\& RAND_DRBG *parent); -\& -\& RAND_DRBG *RAND_DRBG_secure_new(int type, -\& unsigned int flags, -\& RAND_DRBG *parent); -\& -\& int RAND_DRBG_set(RAND_DRBG *drbg, -\& int type, unsigned int flags); -\& -\& int RAND_DRBG_set_defaults(int type, unsigned int flags); -\& -\& int RAND_DRBG_instantiate(RAND_DRBG *drbg, -\& const unsigned char *pers, size_t perslen); -\& -\& int RAND_DRBG_uninstantiate(RAND_DRBG *drbg); -\& -\& void RAND_DRBG_free(RAND_DRBG *drbg); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBRAND_DRBG_new()\fR and \fBRAND_DRBG_secure_new()\fR -create a new \s-1DRBG\s0 instance of the given \fBtype\fR, allocated from the heap resp. -the secure heap -(using \fBOPENSSL_zalloc()\fR resp. \fBOPENSSL_secure_zalloc()\fR). -.PP -\&\fBRAND_DRBG_set()\fR initializes the \fBdrbg\fR with the given \fBtype\fR and \fBflags\fR. -.PP -\&\fBRAND_DRBG_set_defaults()\fR sets the default \fBtype\fR and \fBflags\fR for new \s-1DRBG\s0 -instances. -.PP -Currently, all \s-1DRBG\s0 types are based on AES-CTR, so \fBtype\fR can be one of the -following values: NID_aes_128_ctr, NID_aes_192_ctr, NID_aes_256_ctr. -Before the \s-1DRBG\s0 can be used to generate random bits, it is necessary to set -its type and to instantiate it. -.PP -The optional \fBflags\fR argument specifies a set of bit flags which can be -joined using the | operator. Currently, the only flag is -\&\s-1RAND_DRBG_FLAG_CTR_NO_DF,\s0 which disables the use of the derivation function -ctr_df. For an explanation, see [\s-1NIST SP 800\-90A\s0 Rev. 1]. -.PP -If a \fBparent\fR instance is specified then this will be used instead of -the default entropy source for reseeding the \fBdrbg\fR. It is said that the -\&\fBdrbg\fR is \fIchained\fR to its \fBparent\fR. -For more information, see the \s-1NOTES\s0 section. -.PP -\&\fBRAND_DRBG_instantiate()\fR -seeds the \fBdrbg\fR instance using random input from trusted entropy sources. -Optionally, a personalization string \fBpers\fR of length \fBperslen\fR can be -specified. -To omit the personalization string, set \fBpers\fR=NULL and \fBperslen\fR=0; -.PP -\&\fBRAND_DRBG_uninstantiate()\fR -clears the internal state of the \fBdrbg\fR and puts it back in the -uninstantiated state. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBRAND_DRBG_new()\fR and \fBRAND_DRBG_secure_new()\fR return a pointer to a \s-1DRBG\s0 -instance allocated on the heap, resp. secure heap. -.PP -\&\fBRAND_DRBG_set()\fR, -\&\fBRAND_DRBG_instantiate()\fR, and -\&\fBRAND_DRBG_uninstantiate()\fR -return 1 on success, and 0 on failure. -.PP -\&\fBRAND_DRBG_free()\fR does not return a value. -.SH "NOTES" -.IX Header "NOTES" -The \s-1DRBG\s0 design supports \fIchaining\fR, which means that a \s-1DRBG\s0 instance can -use another \fBparent\fR \s-1DRBG\s0 instance instead of the default entropy source -to obtain fresh random input for reseeding, provided that \fBparent\fR \s-1DRBG\s0 -instance was properly instantiated, either from a trusted entropy source, -or from yet another parent \s-1DRBG\s0 instance. -For a detailed description of the reseeding process, see \s-1\fBRAND_DRBG\s0\fR\|(7). -.PP -The default \s-1DRBG\s0 type and flags are applied only during creation of a \s-1DRBG\s0 -instance. -To ensure that they are applied to the global and thread-local \s-1DRBG\s0 instances -(<master>, resp. <public> and <private>), it is necessary to call -\&\fBRAND_DRBG_set_defaults()\fR before creating any thread and before calling any -cryptographic routines that obtain random data directly or indirectly. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBOPENSSL_zalloc\fR\|(3), -\&\fBOPENSSL_secure_zalloc\fR\|(3), -\&\fBRAND_DRBG_generate\fR\|(3), -\&\s-1\fBRAND_DRBG\s0\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RAND_DRBG_reseed.3 b/secure/lib/libcrypto/man/man3/RAND_DRBG_reseed.3 deleted file mode 100644 index 9f6ab6736073..000000000000 --- a/secure/lib/libcrypto/man/man3/RAND_DRBG_reseed.3 +++ /dev/null @@ -1,239 +0,0 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RAND_DRBG_RESEED 3" -.TH RAND_DRBG_RESEED 3 "2022-07-05" "1.1.1q" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RAND_DRBG_reseed, RAND_DRBG_set_reseed_interval, RAND_DRBG_set_reseed_time_interval, RAND_DRBG_set_reseed_defaults \&\- reseed a RAND_DRBG instance -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/rand_drbg.h> -\& -\& int RAND_DRBG_reseed(RAND_DRBG *drbg, -\& const unsigned char *adin, size_t adinlen, -\& int prediction_resistance); -\& -\& int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, -\& unsigned int interval); -\& -\& int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, -\& time_t interval); -\& -\& int RAND_DRBG_set_reseed_defaults( -\& unsigned int master_reseed_interval, -\& unsigned int slave_reseed_interval, -\& time_t master_reseed_time_interval, -\& time_t slave_reseed_time_interval -\& ); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBRAND_DRBG_reseed()\fR -reseeds the given \fBdrbg\fR, obtaining entropy input from its entropy source -and mixing in the specified additional data provided in the buffer \fBadin\fR -of length \fBadinlen\fR. -The additional data can be omitted by setting \fBadin\fR to \s-1NULL\s0 and \fBadinlen\fR -to 0. -An immediate reseeding from a live entropy source can be requested by setting -the \fBprediction_resistance\fR flag to 1. -This feature is not implemented yet, so reseeding with prediction resistance -requested will always fail. -.PP -\&\fBRAND_DRBG_set_reseed_interval()\fR -sets the reseed interval of the \fBdrbg\fR, which is the maximum allowed number -of generate requests between consecutive reseedings. -If \fBinterval\fR > 0, then the \fBdrbg\fR will reseed automatically whenever the -number of generate requests since its last seeding exceeds the given reseed -interval. -If \fBinterval\fR == 0, then this feature is disabled. -.PP -\&\fBRAND_DRBG_set_reseed_time_interval()\fR -sets the reseed time interval of the \fBdrbg\fR, which is the maximum allowed -number of seconds between consecutive reseedings. -If \fBinterval\fR > 0, then the \fBdrbg\fR will reseed automatically whenever the -elapsed time since its last reseeding exceeds the given reseed time interval. -If \fBinterval\fR == 0, then this feature is disabled. -.PP -\&\fBRAND_DRBG_set_reseed_defaults()\fR sets the default values for the reseed interval -(\fBmaster_reseed_interval\fR and \fBslave_reseed_interval\fR) -and the reseed time interval -(\fBmaster_reseed_time_interval\fR and \fBslave_reseed_tme_interval\fR) -of \s-1DRBG\s0 instances. -The default values are set independently for master \s-1DRBG\s0 instances (which don't -have a parent) and slave \s-1DRBG\s0 instances (which are chained to a parent \s-1DRBG\s0). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBRAND_DRBG_reseed()\fR, -\&\fBRAND_DRBG_set_reseed_interval()\fR, and -\&\fBRAND_DRBG_set_reseed_time_interval()\fR, -return 1 on success, 0 on failure. -.SH "NOTES" -.IX Header "NOTES" -The default OpenSSL random generator is already set up for automatic reseeding, -so in general it is not necessary to reseed it explicitly, or to modify -its reseeding thresholds. -.PP -Normally, the entropy input for seeding a \s-1DRBG\s0 is either obtained from a -trusted os entropy source or from a parent \s-1DRBG\s0 instance, which was seeded -(directly or indirectly) from a trusted os entropy source. -In exceptional cases it is possible to replace the reseeding mechanism entirely -by providing application defined callbacks using \fBRAND_DRBG_set_callbacks()\fR. -.PP -The reseeding default values are applied only during creation of a \s-1DRBG\s0 instance. -To ensure that they are applied to the global and thread-local \s-1DRBG\s0 instances -(<master>, resp. <public> and <private>), it is necessary to call -\&\fBRAND_DRBG_set_reseed_defaults()\fR before creating any thread and before calling any - cryptographic routines that obtain random data directly or indirectly. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBRAND_DRBG_generate\fR\|(3), -\&\fBRAND_DRBG_bytes\fR\|(3), -\&\fBRAND_DRBG_set_callbacks\fR\|(3). -\&\s-1\fBRAND_DRBG\s0\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RAND_DRBG_set_callbacks.3 b/secure/lib/libcrypto/man/man3/RAND_DRBG_set_callbacks.3 deleted file mode 100644 index 6b92c8fd63ed..000000000000 --- a/secure/lib/libcrypto/man/man3/RAND_DRBG_set_callbacks.3 +++ /dev/null @@ -1,268 +0,0 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RAND_DRBG_SET_CALLBACKS 3" -.TH RAND_DRBG_SET_CALLBACKS 3 "2022-07-05" "1.1.1q" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RAND_DRBG_set_callbacks, RAND_DRBG_get_entropy_fn, RAND_DRBG_cleanup_entropy_fn, RAND_DRBG_get_nonce_fn, RAND_DRBG_cleanup_nonce_fn \&\- set callbacks for reseeding -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/rand_drbg.h> -\& -\& -\& int RAND_DRBG_set_callbacks(RAND_DRBG *drbg, -\& RAND_DRBG_get_entropy_fn get_entropy, -\& RAND_DRBG_cleanup_entropy_fn cleanup_entropy, -\& RAND_DRBG_get_nonce_fn get_nonce, -\& RAND_DRBG_cleanup_nonce_fn cleanup_nonce); -.Ve -.SS "Callback Functions" -.IX Subsection "Callback Functions" -.Vb 6 -\& typedef size_t (*RAND_DRBG_get_entropy_fn)( -\& RAND_DRBG *drbg, -\& unsigned char **pout, -\& int entropy, -\& size_t min_len, size_t max_len, -\& int prediction_resistance); -\& -\& typedef void (*RAND_DRBG_cleanup_entropy_fn)( -\& RAND_DRBG *drbg, -\& unsigned char *out, size_t outlen); -\& -\& typedef size_t (*RAND_DRBG_get_nonce_fn)( -\& RAND_DRBG *drbg, -\& unsigned char **pout, -\& int entropy, -\& size_t min_len, size_t max_len); -\& -\& typedef void (*RAND_DRBG_cleanup_nonce_fn)( -\& RAND_DRBG *drbg, -\& unsigned char *out, size_t outlen); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBRAND_DRBG_set_callbacks()\fR sets the callbacks for obtaining fresh entropy and -the nonce when reseeding the given \fBdrbg\fR. -The callback functions are implemented and provided by the caller. -Their parameter lists need to match the function prototypes above. -.PP -Setting the callbacks is allowed only if the \s-1DRBG\s0 has not been initialized yet. -Otherwise, the operation will fail. -To change the settings for one of the three shared DRBGs it is necessary to call -\&\fBRAND_DRBG_uninstantiate()\fR first. -.PP -The \fBget_entropy\fR() callback is called by the \fBdrbg\fR when it requests fresh -random input. -It is expected that the callback allocates and fills a random buffer of size -\&\fBmin_len\fR <= size <= \fBmax_len\fR (in bytes) which contains at least \fBentropy\fR -bits of randomness. -The \fBprediction_resistance\fR flag indicates whether the reseeding was -triggered by a prediction resistance request. -.PP -The buffer's address is to be returned in *\fBpout\fR and the number of collected -randomness bytes as return value. -.PP -If the callback fails to acquire at least \fBentropy\fR bits of randomness, -it must indicate an error by returning a buffer length of 0. -.PP -If \fBprediction_resistance\fR was requested and the random source of the \s-1DRBG\s0 -does not satisfy the conditions requested by [\s-1NIST SP 800\-90C\s0], then -it must also indicate an error by returning a buffer length of 0. -See \s-1NOTES\s0 section for more details. -.PP -The \fBcleanup_entropy\fR() callback is called from the \fBdrbg\fR to clear and -free the buffer allocated previously by \fBget_entropy()\fR. -The values \fBout\fR and \fBoutlen\fR are the random buffer's address and length, -as returned by the \fBget_entropy()\fR callback. -.PP -The \fBget_nonce\fR() and \fBcleanup_nonce\fR() callbacks are used to obtain a nonce -and free it again. A nonce is only required for instantiation (not for reseeding) -and only in the case where the \s-1DRBG\s0 uses a derivation function. -The callbacks are analogous to \fBget_entropy()\fR and \fBcleanup_entropy()\fR, -except for the missing prediction_resistance flag. -.PP -If the derivation function is disabled, then no nonce is used for instantiation, -and the \fBget_nonce\fR() and \fBcleanup_nonce\fR() callbacks can be omitted by -setting them to \s-1NULL.\s0 -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBRAND_DRBG_set_callbacks()\fR return 1 on success, and 0 on failure -.SH "NOTES" -.IX Header "NOTES" -It is important that \fBcleanup_entropy\fR() and \fBcleanup_nonce\fR() clear the buffer -contents safely before freeing it, in order not to leave sensitive information -about the \s-1DRBG\s0's state in memory. -.PP -A request for prediction resistance can only be satisfied by pulling fresh -entropy from one of the approved entropy sources listed in section 5.5.2 of -[\s-1NIST SP 800\-90C\s0]. -Since the default implementation of the get_entropy callback does not have access -to such an approved entropy source, a request for prediction resistance will -always fail. -In other words, prediction resistance is currently not supported yet by the \s-1DRBG.\s0 -.PP -The derivation function is disabled during initialization by calling the -\&\fBRAND_DRBG_set()\fR function with the \s-1RAND_DRBG_FLAG_CTR_NO_DF\s0 flag. -For more information on the derivation function and when it can be omitted, -see [\s-1NIST SP 800\-90A\s0 Rev. 1]. Roughly speaking it can be omitted if the random -source has \*(L"full entropy\*(R", i.e., contains 8 bits of entropy per byte. -.PP -Even if a nonce is required, the \fBget_nonce\fR() and \fBcleanup_nonce\fR() -callbacks can be omitted by setting them to \s-1NULL.\s0 -In this case the \s-1DRBG\s0 will automatically request an extra amount of entropy -(using the \fBget_entropy\fR() and \fBcleanup_entropy\fR() callbacks) which it will -utilize for the nonce, following the recommendations of [\s-1NIST SP 800\-90A\s0 Rev. 1], -section 8.6.7. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBRAND_DRBG_new\fR\|(3), -\&\fBRAND_DRBG_reseed\fR\|(3), -\&\s-1\fBRAND_DRBG\s0\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RAND_add.3 b/secure/lib/libcrypto/man/man3/RAND_add.3 index 1ae89eb702ff..236fd3e9c8b4 100644 --- a/secure/lib/libcrypto/man/man3/RAND_add.3 +++ b/secure/lib/libcrypto/man/man3/RAND_add.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "RAND_ADD 3" -.TH RAND_ADD 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "RAND_ADD 3ossl" +.TH RAND_ADD 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -RAND_add, RAND_poll, RAND_seed, RAND_status, RAND_event, RAND_screen, RAND_keep_random_devices_open \&\- add randomness to the PRNG or get its status +RAND_add, RAND_poll, RAND_seed, RAND_status, RAND_event, RAND_screen, +RAND_keep_random_devices_open +\&\- add randomness to the PRNG or get its status .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -154,13 +154,13 @@ RAND_add, RAND_poll, RAND_seed, RAND_status, RAND_event, RAND_screen, RAND_keep_ \& void RAND_keep_random_devices_open(int keep); .Ve .PP -Deprecated: +The following functions have been deprecated since OpenSSL 1.1.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): .PP -.Vb 4 -\& #if OPENSSL_API_COMPAT < 0x10100000L +.Vb 2 \& int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam); \& void RAND_screen(void); -\& #endif .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -192,6 +192,11 @@ The content of \fBbuf\fR cannot be recovered from subsequent random generator ou Applications that intend to save and restore random state in an external file should consider using \fBRAND_load_file\fR\|(3) instead. .PP +\&\s-1NOTE:\s0 In \s-1FIPS\s0 mode, random data provided by the application is not considered to +be a trusted entropy source. It is mixed into the internal state of the \s-1RNG\s0 as +additional data only and this does not count as a full reseed. +For more details, see \s-1\fBEVP_RAND\s0\fR\|(7). +.PP \&\fBRAND_seed()\fR is equivalent to \fBRAND_add()\fR with \fBrandomness\fR set to \fBnum\fR. .PP \&\fBRAND_keep_random_devices_open()\fR is used to control file descriptor @@ -201,7 +206,8 @@ descriptors by default, which allows such sources to operate in a the \fBkeep\fR argument is zero, this call disables the retention of file descriptors. Conversely, a nonzero argument enables the retention of file descriptors. This function is usually called during initialization -and it takes effect immediately. +and it takes effect immediately. This capability only applies to the default +provider. .PP \&\fBRAND_event()\fR and \fBRAND_screen()\fR are equivalent to \fBRAND_poll()\fR and exist for compatibility reasons only. See \s-1HISTORY\s0 section below. @@ -221,15 +227,16 @@ The other functions do not return values. \&\fBRAND_egd\fR\|(3), \&\fBRAND_load_file\fR\|(3), \&\s-1\fBRAND\s0\fR\|(7) +\&\s-1\fBEVP_RAND\s0\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" \&\fBRAND_event()\fR and \fBRAND_screen()\fR were deprecated in OpenSSL 1.1.0 and should not be used. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RAND_bytes.3 b/secure/lib/libcrypto/man/man3/RAND_bytes.3 index a8e7a37e2611..71be6338964a 100644 --- a/secure/lib/libcrypto/man/man3/RAND_bytes.3 +++ b/secure/lib/libcrypto/man/man3/RAND_bytes.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "RAND_BYTES 3" -.TH RAND_BYTES 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "RAND_BYTES 3ossl" +.TH RAND_BYTES 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -RAND_bytes, RAND_priv_bytes, RAND_pseudo_bytes \- generate random data +RAND_bytes, RAND_priv_bytes, RAND_bytes_ex, RAND_priv_bytes_ex, +RAND_pseudo_bytes \- generate random data .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -147,14 +146,19 @@ RAND_bytes, RAND_priv_bytes, RAND_pseudo_bytes \- generate random data \& \& int RAND_bytes(unsigned char *buf, int num); \& int RAND_priv_bytes(unsigned char *buf, int num); +\& +\& int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num, +\& unsigned int strength); +\& int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num, +\& unsigned int strength); .Ve .PP -Deprecated: +The following function has been deprecated since OpenSSL 1.1.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): .PP -.Vb 3 -\& #if OPENSSL_API_COMPAT < 0x10100000L +.Vb 1 \& int RAND_pseudo_bytes(unsigned char *buf, int num); -\& #endif .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -166,7 +170,18 @@ be used for generating values that should remain private. If using the default \s-1RAND_METHOD,\s0 this function uses a separate \*(L"private\*(R" \s-1PRNG\s0 instance so that a compromise of the \*(L"public\*(R" \s-1PRNG\s0 instance will not affect the secrecy of these private values, as described in \s-1\fBRAND\s0\fR\|(7) -and \s-1\fBRAND_DRBG\s0\fR\|(7). +and \s-1\fBEVP_RAND\s0\fR\|(7). +.PP +\&\fBRAND_bytes_ex()\fR and \fBRAND_priv_bytes_ex()\fR are the same as \fBRAND_bytes()\fR and +\&\fBRAND_priv_bytes()\fR except that they both take additional \fIstrength\fR and +\&\fIctx\fR parameters. The bytes generated will have a security strength of at +least \fIstrength\fR bits. +The \s-1DRBG\s0 used for the operation is the public or private \s-1DRBG\s0 associated with +the specified \fIctx\fR. The parameter can be \s-1NULL,\s0 in which case +the default library context is used (see \s-1\fBOSSL_LIB_CTX\s0\fR\|(3). +If the default \s-1RAND_METHOD\s0 has been changed then for compatibility reasons the +\&\s-1RAND_METHOD\s0 will be used in preference and the \s-1DRBG\s0 of the library context +ignored. .SH "NOTES" .IX Header "NOTES" By default, the OpenSSL \s-1CSPRNG\s0 supports a security level of 256 bits, provided it @@ -198,18 +213,20 @@ obtained by \fBERR_get_error\fR\|(3). \&\fBRAND_priv_bytes\fR\|(3), \&\fBERR_get_error\fR\|(3), \&\s-1\fBRAND\s0\fR\|(7), -\&\s-1\fBRAND_DRBG\s0\fR\|(7) +\&\s-1\fBEVP_RAND\s0\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" .IP "\(bu" 2 \&\fBRAND_pseudo_bytes()\fR was deprecated in OpenSSL 1.1.0; use \fBRAND_bytes()\fR instead. .IP "\(bu" 2 The \fBRAND_priv_bytes()\fR function was added in OpenSSL 1.1.1. +.IP "\(bu" 2 +The \fBRAND_bytes_ex()\fR and \fBRAND_priv_bytes_ex()\fR functions were added in OpenSSL 3.0 .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RAND_cleanup.3 b/secure/lib/libcrypto/man/man3/RAND_cleanup.3 index 06311d8def5c..637a60674c76 100644 --- a/secure/lib/libcrypto/man/man3/RAND_cleanup.3 +++ b/secure/lib/libcrypto/man/man3/RAND_cleanup.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "RAND_CLEANUP 3" -.TH RAND_CLEANUP 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "RAND_CLEANUP 3ossl" +.TH RAND_CLEANUP 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,10 +142,14 @@ RAND_cleanup \- erase the PRNG state .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/rand.h> -\& -\& #if OPENSSL_API_COMPAT < 0x10100000L -\& void RAND_cleanup(void) -\& #endif +.Ve +.PP +The following function has been deprecated since OpenSSL 1.1.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& void RAND_cleanup(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -167,9 +169,9 @@ since no explicit initialisation or de-initialisation is necessary. See See \fBOPENSSL_init_crypto\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RAND_egd.3 b/secure/lib/libcrypto/man/man3/RAND_egd.3 index 02a1ffc0d594..1e488a530aad 100644 --- a/secure/lib/libcrypto/man/man3/RAND_egd.3 +++ b/secure/lib/libcrypto/man/man3/RAND_egd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "RAND_EGD 3" -.TH RAND_EGD 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "RAND_EGD 3ossl" +.TH RAND_EGD 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -187,7 +185,7 @@ success, or \-1 if the connection failed. .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RAND_DRBG_get0_master.3 b/secure/lib/libcrypto/man/man3/RAND_get0_primary.3 index f536cde55b1c..7cf696b32961 100644 --- a/secure/lib/libcrypto/man/man3/RAND_DRBG_get0_master.3 +++ b/secure/lib/libcrypto/man/man3/RAND_get0_primary.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,45 +130,54 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "RAND_DRBG_GET0_MASTER 3" -.TH RAND_DRBG_GET0_MASTER 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "RAND_GET0_PRIMARY 3ossl" +.TH RAND_GET0_PRIMARY 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -RAND_DRBG_get0_master, RAND_DRBG_get0_public, RAND_DRBG_get0_private \&\- get access to the global RAND_DRBG instances +RAND_get0_primary, +RAND_get0_public, +RAND_get0_private +\&\- get access to the global EVP_RAND_CTX instances .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& #include <openssl/rand_drbg.h> +\& #include <openssl/rand.h> \& -\& RAND_DRBG *RAND_DRBG_get0_master(void); -\& RAND_DRBG *RAND_DRBG_get0_public(void); -\& RAND_DRBG *RAND_DRBG_get0_private(void); +\& EVP_RAND_CTX *RAND_get0_primary(OSSL_LIB_CTX *ctx); +\& EVP_RAND_CTX *RAND_get0_public(OSSL_LIB_CTX *ctx); +\& EVP_RAND_CTX *RAND_get0_private(OSSL_LIB_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The default \s-1RAND API\s0 implementation (\fBRAND_OpenSSL()\fR) utilizes three shared \s-1DRBG\s0 instances which are accessed via the \s-1RAND API:\s0 .PP -The <public> and <private> \s-1DRBG\s0 are thread-local instances, which are used +The \fIpublic\fR and \fIprivate\fR \s-1DRBG\s0 are thread-local instances, which are used by \fBRAND_bytes()\fR and \fBRAND_priv_bytes()\fR, respectively. -The <master> \s-1DRBG\s0 is a global instance, which is not intended to be used +The \fIprimary\fR \s-1DRBG\s0 is a global instance, which is not intended to be used directly, but is used internally to reseed the other two instances. .PP These functions here provide access to the shared \s-1DRBG\s0 instances. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBRAND_DRBG_get0_master()\fR returns a pointer to the <master> \s-1DRBG\s0 instance. +\&\fBRAND_get0_primary()\fR returns a pointer to the \fIprimary\fR \s-1DRBG\s0 instance +for the given \s-1OSSL_LIB_CTX\s0 \fBctx\fR. +.PP +\&\fBRAND_get0_public()\fR returns a pointer to the \fIpublic\fR \s-1DRBG\s0 instance +for the given \s-1OSSL_LIB_CTX\s0 \fBctx\fR. .PP -\&\fBRAND_DRBG_get0_public()\fR returns a pointer to the <public> \s-1DRBG\s0 instance. +\&\fBRAND_get0_private()\fR returns a pointer to the \fIprivate\fR \s-1DRBG\s0 instance +for the given \s-1OSSL_LIB_CTX\s0 \fBctx\fR. .PP -\&\fBRAND_DRBG_get0_private()\fR returns a pointer to the <private> \s-1DRBG\s0 instance. +In all the above cases the \fBctx\fR parameter can +be \s-1NULL\s0 in which case the default \s-1OSSL_LIB_CTX\s0 is used. .SH "NOTES" .IX Header "NOTES" -It is not thread-safe to access the <master> \s-1DRBG\s0 instance. -The <public> and <private> \s-1DRBG\s0 instance can be accessed safely, because +It is not thread-safe to access the \fIprimary\fR \s-1DRBG\s0 instance. +The \fIpublic\fR and \fIprivate\fR \s-1DRBG\s0 instance can be accessed safely, because they are thread-local. Note however, that changes to these two instances apply only to the current thread. .PP @@ -182,23 +189,22 @@ at initialization time, before creating additional threads. During initialization, it is possible to change the reseed interval and reseed time interval. It is also possible to exchange the reseeding callbacks entirely. +.PP +To set the type of \s-1DRBG\s0 that will be instantiated, use the +\&\fBRAND_set_DRBG_type\fR\|(3) call before accessing the random number generation +infrastructure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBRAND_DRBG_set_callbacks\fR\|(3), -\&\fBRAND_DRBG_set_reseed_defaults\fR\|(3), -\&\fBRAND_DRBG_set_reseed_interval\fR\|(3), -\&\fBRAND_DRBG_set_reseed_time_interval\fR\|(3), -\&\fBRAND_DRBG_set_callbacks\fR\|(3), -\&\fBRAND_DRBG_generate\fR\|(3), -\&\s-1\fBRAND_DRBG\s0\fR\|(7) +\&\s-1\fBEVP_RAND\s0\fR\|(3), +\&\fBRAND_set_DRBG_type\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. +These functions were added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RAND_load_file.3 b/secure/lib/libcrypto/man/man3/RAND_load_file.3 index 0dd62db4fbc4..c6103105500b 100644 --- a/secure/lib/libcrypto/man/man3/RAND_load_file.3 +++ b/secure/lib/libcrypto/man/man3/RAND_load_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "RAND_LOAD_FILE 3" -.TH RAND_LOAD_FILE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "RAND_LOAD_FILE 3ossl" +.TH RAND_LOAD_FILE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -212,7 +210,7 @@ error. .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RAND_set_DRBG_type.3 b/secure/lib/libcrypto/man/man3/RAND_set_DRBG_type.3 new file mode 100644 index 000000000000..2536b4cdabcc --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RAND_set_DRBG_type.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_SET_DRBG_TYPE 3ossl" +.TH RAND_SET_DRBG_TYPE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_set_DRBG_type, +RAND_set_seed_source_type +\&\- specify the global random number generator types +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/rand.h> +\& +\& int RAND_set_DRBG_type(OSSL_LIB_CTX *ctx, const char *drbg, const char *propq, +\& const char *cipher, const char *digest); +\& int RAND_set_seed_source_type(OSSL_LIB_CTX *ctx, const char *seed, +\& const char *propq); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRAND_set_DRBG_type()\fR specifies the random bit generator that will be +used within the library context \fIctx\fR. A generator of name \fIdrbg\fR +with properties \fIpropq\fR will be fetched. It will be instantiated with +either \fIcipher\fR or \fIdigest\fR as its underlying cryptographic algorithm. +This specifies the type that will be used for the primary, public and +private random instances. +.PP +\&\fBRAND_set_seed_source_type()\fR specifies the seed source that will be used +within the library context \fIctx\fR. The seed source of name \fIseed\fR +with properties \fIpropq\fR will be fetched and used to seed the primary +random big generator. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These function return 1 on success and 0 on failure. +.SH "NOTES" +.IX Header "NOTES" +These functions must be called before the random bit generators are first +created in the library context. They will return an error if the call +is made too late. +.PP +The default \s-1DRBG\s0 is \*(L"CTR-DRBG\*(R" using the \*(L"\s-1AES\-256\-CTR\*(R"\s0 cipher. +.PP +The default seed source is \*(L"SEED-SRC\*(R". +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBEVP_RAND\s0\fR\|(3), +\&\fBRAND_get0_primary\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RAND_set_rand_method.3 b/secure/lib/libcrypto/man/man3/RAND_set_rand_method.3 index 6e8c2a42d1f9..021effacabc4 100644 --- a/secure/lib/libcrypto/man/man3/RAND_set_rand_method.3 +++ b/secure/lib/libcrypto/man/man3/RAND_set_rand_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "RAND_SET_RAND_METHOD 3" -.TH RAND_SET_RAND_METHOD 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "RAND_SET_RAND_METHOD 3ossl" +.TH RAND_SET_RAND_METHOD 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,7 +142,13 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_OpenSSL \- select RAND method .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/rand.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 \& RAND_METHOD *RAND_OpenSSL(void); \& \& int RAND_set_rand_method(const RAND_METHOD *meth); @@ -153,6 +157,10 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_OpenSSL \- select RAND method .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fBRAND_set_DRBG_type\fR\|(3), +\&\s-1\fBEVP_RAND\s0\fR\|(3) and \s-1\fBEVP_RAND\s0\fR\|(7). +.PP A \fB\s-1RAND_METHOD\s0\fR specifies the functions that OpenSSL uses for random number generation. .PP @@ -160,7 +168,8 @@ generation. This implementation ensures that the \s-1PRNG\s0 state is unique for each thread. .PP If an \fB\s-1ENGINE\s0\fR is loaded that provides the \s-1RAND API,\s0 however, it will -be used instead of the method returned by \fBRAND_OpenSSL()\fR. +be used instead of the method returned by \fBRAND_OpenSSL()\fR. This is deprecated +in OpenSSL 3.0. .PP \&\fBRAND_set_rand_method()\fR makes \fBmeth\fR the method for \s-1PRNG\s0 use. If an \&\s-1ENGINE\s0 was providing the method, it will be released first. @@ -190,14 +199,20 @@ Each pointer may be \s-1NULL\s0 if the function is not implemented. methods. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\s-1\fBEVP_RAND\s0\fR\|(3), +\&\fBRAND_set_DRBG_type\fR\|(3), \&\fBRAND_bytes\fR\|(3), \&\fBENGINE_by_id\fR\|(3), +\&\s-1\fBEVP_RAND\s0\fR\|(7), \&\s-1\fBRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RC4_set_key.3 b/secure/lib/libcrypto/man/man3/RC4_set_key.3 index 6d4a5211629b..f259e450a1c5 100644 --- a/secure/lib/libcrypto/man/man3/RC4_set_key.3 +++ b/secure/lib/libcrypto/man/man3/RC4_set_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "RC4_SET_KEY 3" -.TH RC4_SET_KEY 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "RC4_SET_KEY 3ossl" +.TH RC4_SET_KEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,7 +142,13 @@ RC4_set_key, RC4 \- RC4 encryption .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/rc4.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 \& void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); \& \& void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, @@ -152,6 +156,10 @@ RC4_set_key, RC4 \- RC4 encryption .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. Applications should +instead use \fBEVP_EncryptInit_ex\fR\|(3), \fBEVP_EncryptUpdate\fR\|(3) and +\&\fBEVP_EncryptFinal_ex\fR\|(3) or the equivalently named decrypt functions. +.PP This library implements the Alleged \s-1RC4\s0 cipher, which is described for example in \fIApplied Cryptography\fR. It is believed to be compatible with RC4[\s-1TM\s0], a proprietary cipher of \s-1RSA\s0 Security Inc. @@ -187,11 +195,14 @@ multiple encryptions using the same key stream. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_EncryptInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RIPEMD160_Init.3 b/secure/lib/libcrypto/man/man3/RIPEMD160_Init.3 index e1418319aa8a..c01f5773dcf5 100644 --- a/secure/lib/libcrypto/man/man3/RIPEMD160_Init.3 +++ b/secure/lib/libcrypto/man/man3/RIPEMD160_Init.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,26 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "RIPEMD160_INIT 3" -.TH RIPEMD160_INIT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "RIPEMD160_INIT 3ossl" +.TH RIPEMD160_INIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \- RIPEMD\-160 hash function +RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \- +RIPEMD\-160 hash function .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ripemd.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 2 \& unsigned char *RIPEMD160(const unsigned char *d, unsigned long n, \& unsigned char *md); \& @@ -154,6 +159,10 @@ RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \- RIPEMD\-160 hash .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fBEVP_DigestInit_ex\fR\|(3), \fBEVP_DigestUpdate\fR\|(3) +and \fBEVP_DigestFinal_ex\fR\|(3). +.PP \&\s-1RIPEMD\-160\s0 is a cryptographic hash function with a 160 bit output. .PP @@ -190,11 +199,14 @@ functions directly. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_DigestInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RSA_blinding_on.3 b/secure/lib/libcrypto/man/man3/RSA_blinding_on.3 index 27e4b8c0066c..0810dcef54d1 100644 --- a/secure/lib/libcrypto/man/man3/RSA_blinding_on.3 +++ b/secure/lib/libcrypto/man/man3/RSA_blinding_on.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "RSA_BLINDING_ON 3" -.TH RSA_BLINDING_ON 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "RSA_BLINDING_ON 3ossl" +.TH RSA_BLINDING_ON 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,13 +142,21 @@ RSA_blinding_on, RSA_blinding_off \- protect the RSA operation from timing attac .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/rsa.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 \& int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); \& \& void RSA_blinding_off(RSA *rsa); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +.PP \&\s-1RSA\s0 is vulnerable to timing attacks. In a setup where attackers can measure the time of \s-1RSA\s0 decryption or signature operations, blinding must be used to protect the \s-1RSA\s0 operation from that attack. @@ -166,11 +172,14 @@ the blinding factor. \&\fBRSA_blinding_on()\fR returns 1 on success, and 0 if an error occurred. .PP \&\fBRSA_blinding_off()\fR returns no value. +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RSA_check_key.3 b/secure/lib/libcrypto/man/man3/RSA_check_key.3 index b3266ad71a14..323feb882631 100644 --- a/secure/lib/libcrypto/man/man3/RSA_check_key.3 +++ b/secure/lib/libcrypto/man/man3/RSA_check_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "RSA_CHECK_KEY 3" -.TH RSA_CHECK_KEY 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "RSA_CHECK_KEY 3ossl" +.TH RSA_CHECK_KEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,13 +142,23 @@ RSA_check_key_ex, RSA_check_key \- validate private RSA keys .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/rsa.h> +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& int RSA_check_key_ex(const RSA *rsa, BN_GENCB *cb); \& -\& int RSA_check_key_ex(RSA *rsa, BN_GENCB *cb); -\& -\& int RSA_check_key(RSA *rsa); +\& int RSA_check_key(const RSA *rsa); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +Both of the functions described on this page are deprecated. +Applications should instead use \fBEVP_PKEY_public_check\fR\|(3), +\&\fBEVP_PKEY_private_check\fR\|(3) and \fBEVP_PKEY_pairwise_check\fR\|(3). +.PP \&\fBRSA_check_key_ex()\fR function validates \s-1RSA\s0 keys. It checks that \fBp\fR and \fBq\fR are in fact prime, and that \fBn = p*q\fR. @@ -202,12 +210,14 @@ provide their own verifiers. \&\fBERR_get_error\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP \&\fBRSA_check_key_ex()\fR appeared after OpenSSL 1.0.2. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RSA_generate_key.3 b/secure/lib/libcrypto/man/man3/RSA_generate_key.3 index e15d3df7bc0b..cddd181e04de 100644 --- a/secure/lib/libcrypto/man/man3/RSA_generate_key.3 +++ b/secure/lib/libcrypto/man/man3/RSA_generate_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,51 +130,65 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "RSA_GENERATE_KEY 3" -.TH RSA_GENERATE_KEY 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "RSA_GENERATE_KEY 3ossl" +.TH RSA_GENERATE_KEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -RSA_generate_key_ex, RSA_generate_key, RSA_generate_multi_prime_key \- generate RSA key pair +EVP_RSA_gen, +RSA_generate_key_ex, RSA_generate_key, +RSA_generate_multi_prime_key \- generate RSA key pair .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/rsa.h> \& +\& EVP_PKEY *EVP_RSA_gen(unsigned int bits); +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 2 \& int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); \& int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb); .Ve .PP -Deprecated: +The following function has been deprecated since OpenSSL 0.9.8, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): .PP -.Vb 4 -\& #if OPENSSL_API_COMPAT < 0x00908000L +.Vb 2 \& RSA *RSA_generate_key(int bits, unsigned long e, \& void (*callback)(int, int, void *), void *cb_arg); -\& #endif .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +\&\fBEVP_RSA_gen()\fR generates a new \s-1RSA\s0 key pair with modulus size \fIbits\fR. +.PP +All of the functions described below are deprecated. +Applications should instead use \fBEVP_RSA_gen()\fR, \fBEVP_PKEY_Q_keygen\fR\|(3), or +\&\fBEVP_PKEY_keygen_init\fR\|(3) and \fBEVP_PKEY_keygen\fR\|(3). +.PP \&\fBRSA_generate_key_ex()\fR generates a 2\-prime \s-1RSA\s0 key pair and stores it in the -\&\fB\s-1RSA\s0\fR structure provided in \fBrsa\fR. The pseudo-random number generator must -be seeded prior to calling \fBRSA_generate_key_ex()\fR. +\&\fB\s-1RSA\s0\fR structure provided in \fIrsa\fR. .PP \&\fBRSA_generate_multi_prime_key()\fR generates a multi-prime \s-1RSA\s0 key pair and stores -it in the \fB\s-1RSA\s0\fR structure provided in \fBrsa\fR. The number of primes is given by -the \fBprimes\fR parameter. The random number generator must be seeded when -calling \fBRSA_generate_multi_prime_key()\fR. +it in the \fB\s-1RSA\s0\fR structure provided in \fIrsa\fR. The number of primes is given by +the \fIprimes\fR parameter. If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. .PP -The modulus size will be of length \fBbits\fR, the number of primes to form the -modulus will be \fBprimes\fR, and the public exponent will be \fBe\fR. Key sizes -with \fBnum\fR < 1024 should be considered insecure. The exponent is an odd +The modulus size will be of length \fIbits\fR, the number of primes to form the +modulus will be \fIprimes\fR, and the public exponent will be \fIe\fR. Key sizes +with \fInum\fR < 1024 should be considered insecure. The exponent is an odd number, typically 3, 17 or 65537. .PP In order to maintain adequate security level, the maximum number of permitted -\&\fBprimes\fR depends on modulus bit length: +\&\fIprimes\fR depends on modulus bit length: .PP .Vb 3 \& <1024 | >=1024 | >=4096 | >=8192 @@ -185,7 +197,7 @@ In order to maintain adequate security level, the maximum number of permitted .Ve .PP A callback function may be used to provide feedback about the -progress of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it +progress of the key generation. If \fIcb\fR is not \s-1NULL,\s0 it will be called as follows using the \fBBN_GENCB_call()\fR function described on the \fBBN_generate_prime\fR\|(3) page. .PP @@ -197,37 +209,41 @@ While a random prime number is generated, it is called as described in \fBBN_generate_prime\fR\|(3). .IP "\(bu" 2 When the n\-th randomly generated prime is rejected as not -suitable for the key, \fBBN_GENCB_call(cb, 2, n)\fR is called. +suitable for the key, \fIBN_GENCB_call(cb, 2, n)\fR is called. .IP "\(bu" 2 -When a random p has been found with p\-1 relatively prime to \fBe\fR, -it is called as \fBBN_GENCB_call(cb, 3, 0)\fR. +When a random p has been found with p\-1 relatively prime to \fIe\fR, +it is called as \fIBN_GENCB_call(cb, 3, 0)\fR. .PP The process is then repeated for prime q and other primes (if any) -with \fBBN_GENCB_call(cb, 3, i)\fR where \fBi\fR indicates the i\-th prime. +with \fIBN_GENCB_call(cb, 3, i)\fR where \fIi\fR indicates the i\-th prime. .SH "RETURN VALUES" .IX Header "RETURN VALUES" +\&\fBEVP_RSA_gen()\fR returns an \fI\s-1EVP_PKEY\s0\fR or \s-1NULL\s0 on failure. +.PP \&\fBRSA_generate_multi_prime_key()\fR returns 1 on success or 0 on error. \&\fBRSA_generate_key_ex()\fR returns 1 on success or 0 on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). .PP \&\fBRSA_generate_key()\fR returns a pointer to the \s-1RSA\s0 structure or -\&\fB\s-1NULL\s0\fR if the key generation fails. +\&\s-1NULL\s0 if the key generation fails. .SH "BUGS" .IX Header "BUGS" -\&\fBBN_GENCB_call(cb, 2, x)\fR is used with two different meanings. +\&\fIBN_GENCB_call(cb, 2, x)\fR is used with two different meanings. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \fBBN_generate_prime\fR\|(3), -\&\s-1\fBRAND\s0\fR\|(7) +\&\fBEVP_PKEY_Q_keygen\fR\|(3) +\&\fBBN_generate_prime\fR\|(3), \fBERR_get_error\fR\|(3), +\&\fBRAND_bytes\fR\|(3), \s-1\fBRAND\s0\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" -\&\fBRSA_generate_key()\fR was deprecated in OpenSSL 0.9.8; use -\&\fBRSA_generate_key_ex()\fR instead. +\&\fBEVP_RSA_gen()\fR was added in OpenSSL 3.0. +All other functions described here were deprecated in OpenSSL 3.0. +For replacement see \s-1\fBEVP_PKEY\-RSA\s0\fR\|(7). .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RSA_get0_key.3 b/secure/lib/libcrypto/man/man3/RSA_get0_key.3 index 12383d6d3f30..fd99dedcb9f2 100644 --- a/secure/lib/libcrypto/man/man3/RSA_get0_key.3 +++ b/secure/lib/libcrypto/man/man3/RSA_get0_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,33 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "RSA_GET0_KEY 3" -.TH RSA_GET0_KEY 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "RSA_GET0_KEY 3ossl" +.TH RSA_GET0_KEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -RSA_set0_key, RSA_set0_factors, RSA_set0_crt_params, RSA_get0_key, RSA_get0_factors, RSA_get0_crt_params, RSA_get0_n, RSA_get0_e, RSA_get0_d, RSA_get0_p, RSA_get0_q, RSA_get0_dmp1, RSA_get0_dmq1, RSA_get0_iqmp, RSA_get0_pss_params, RSA_clear_flags, RSA_test_flags, RSA_set_flags, RSA_get0_engine, RSA_get_multi_prime_extra_count, RSA_get0_multi_prime_factors, RSA_get0_multi_prime_crt_params, RSA_set0_multi_prime_params, RSA_get_version \&\- Routines for getting and setting data in an RSA object +RSA_set0_key, RSA_set0_factors, RSA_set0_crt_params, RSA_get0_key, +RSA_get0_factors, RSA_get0_crt_params, +RSA_get0_n, RSA_get0_e, RSA_get0_d, RSA_get0_p, RSA_get0_q, +RSA_get0_dmp1, RSA_get0_dmq1, RSA_get0_iqmp, RSA_get0_pss_params, +RSA_clear_flags, +RSA_test_flags, RSA_set_flags, RSA_get0_engine, RSA_get_multi_prime_extra_count, +RSA_get0_multi_prime_factors, RSA_get0_multi_prime_crt_params, +RSA_set0_multi_prime_params, RSA_get_version +\&\- Routines for getting and setting data in an RSA object .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/rsa.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 10 \& int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); \& int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); \& int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); @@ -177,6 +189,10 @@ RSA_set0_key, RSA_set0_factors, RSA_set0_crt_params, RSA_get0_key, RSA_get0_fact .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fBEVP_PKEY_get_bn_param\fR\|(3) for any methods that +return a \fB\s-1BIGNUM\s0\fR. Refer to \s-1\fBEVP_PKEY\-DH\s0\fR\|(7) for more information. +.PP An \s-1RSA\s0 object contains the components for the public and private key, \&\fBn\fR, \fBe\fR, \fBd\fR, \fBp\fR, \fBq\fR, \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR. \fBn\fR is the modulus common to both public and private key, \fBe\fR is the public @@ -266,6 +282,9 @@ triplets in \s-1RSA\s0 object \fBr\fR and assign the new set of triplets into it \&\fBRSA_get0_dmp1()\fR, \fBRSA_get0_dmq1()\fR, and \fBRSA_get0_iqmp()\fR return the respective value. .PP +\&\fBRSA_get0_pss_params()\fR returns a \fB\s-1RSA_PSS_PARAMS\s0\fR pointer, or \s-1NULL\s0 if +there is none. +.PP \&\fBRSA_get0_multi_prime_factors()\fR and \fBRSA_get0_multi_prime_crt_params()\fR return 1 on success or 0 on failure. .PP @@ -293,11 +312,13 @@ The and \fBRSA_get_version()\fR functions were added in OpenSSL 1.1.1. .PP Other functions described here were added in OpenSSL 1.1.0. +.PP +All of these functions were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RSA_meth_new.3 b/secure/lib/libcrypto/man/man3/RSA_meth_new.3 index 33373ed7a4fe..033bc72283f8 100644 --- a/secure/lib/libcrypto/man/man3/RSA_meth_new.3 +++ b/secure/lib/libcrypto/man/man3/RSA_meth_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,37 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "RSA_METH_NEW 3" -.TH RSA_METH_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "RSA_METH_NEW 3ossl" +.TH RSA_METH_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -RSA_meth_get0_app_data, RSA_meth_set0_app_data, RSA_meth_new, RSA_meth_free, RSA_meth_dup, RSA_meth_get0_name, RSA_meth_set1_name, RSA_meth_get_flags, RSA_meth_set_flags, RSA_meth_get_pub_enc, RSA_meth_set_pub_enc, RSA_meth_get_pub_dec, RSA_meth_set_pub_dec, RSA_meth_get_priv_enc, RSA_meth_set_priv_enc, RSA_meth_get_priv_dec, RSA_meth_set_priv_dec, RSA_meth_get_mod_exp, RSA_meth_set_mod_exp, RSA_meth_get_bn_mod_exp, RSA_meth_set_bn_mod_exp, RSA_meth_get_init, RSA_meth_set_init, RSA_meth_get_finish, RSA_meth_set_finish, RSA_meth_get_sign, RSA_meth_set_sign, RSA_meth_get_verify, RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen, RSA_meth_get_multi_prime_keygen, RSA_meth_set_multi_prime_keygen \&\- Routines to build up RSA methods +RSA_meth_get0_app_data, RSA_meth_set0_app_data, +RSA_meth_new, RSA_meth_free, RSA_meth_dup, RSA_meth_get0_name, +RSA_meth_set1_name, RSA_meth_get_flags, RSA_meth_set_flags, +RSA_meth_get_pub_enc, +RSA_meth_set_pub_enc, RSA_meth_get_pub_dec, RSA_meth_set_pub_dec, +RSA_meth_get_priv_enc, RSA_meth_set_priv_enc, RSA_meth_get_priv_dec, +RSA_meth_set_priv_dec, RSA_meth_get_mod_exp, RSA_meth_set_mod_exp, +RSA_meth_get_bn_mod_exp, RSA_meth_set_bn_mod_exp, RSA_meth_get_init, +RSA_meth_set_init, RSA_meth_get_finish, RSA_meth_set_finish, +RSA_meth_get_sign, RSA_meth_set_sign, RSA_meth_get_verify, +RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen, +RSA_meth_get_multi_prime_keygen, RSA_meth_set_multi_prime_keygen +\&\- Routines to build up RSA methods .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/rsa.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 2 \& RSA_METHOD *RSA_meth_new(const char *name, int flags); \& void RSA_meth_free(RSA_METHOD *meth); \& @@ -248,10 +264,12 @@ RSA_meth_get0_app_data, RSA_meth_set0_app_data, RSA_meth_new, RSA_meth_free, RSA .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use the \s-1OSSL_PROVIDER\s0 APIs. +.PP The \fB\s-1RSA_METHOD\s0\fR type is a structure used for the provision of custom \&\s-1RSA\s0 implementations. It provides a set of functions used by OpenSSL -for the implementation of the various \s-1RSA\s0 capabilities. See the rsa -page for more information. +for the implementation of the various \s-1RSA\s0 capabilities. .PP \&\fBRSA_meth_new()\fR creates a new \fB\s-1RSA_METHOD\s0\fR structure. It should be given a unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a @@ -368,15 +386,17 @@ success or 0 on failure. \&\fBRSA_generate_multi_prime_key\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP \&\fBRSA_meth_get_multi_prime_keygen()\fR and \fBRSA_meth_set_multi_prime_keygen()\fR were added in OpenSSL 1.1.1. .PP Other functions described here were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RSA_new.3 b/secure/lib/libcrypto/man/man3/RSA_new.3 index ef808bbbba9a..f7ea910505e1 100644 --- a/secure/lib/libcrypto/man/man3/RSA_new.3 +++ b/secure/lib/libcrypto/man/man3/RSA_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "RSA_NEW 3" -.TH RSA_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "RSA_NEW 3ossl" +.TH RSA_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,7 +142,13 @@ RSA_new, RSA_free \- allocate and free RSA objects .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/rsa.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 \& RSA *RSA_new(void); \& \& void RSA_free(RSA *rsa); @@ -169,11 +173,15 @@ a pointer to the newly allocated structure. \&\fBERR_get_error\fR\|(3), \&\fBRSA_generate_key\fR\|(3), \&\fBRSA_new_method\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All functions described here were deprecated in OpenSSL 3.0. +For replacement see \s-1\fBEVP_PKEY\-RSA\s0\fR\|(7). .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RSA_padding_add_PKCS1_type_1.3 b/secure/lib/libcrypto/man/man3/RSA_padding_add_PKCS1_type_1.3 index 49806a9f9e36..d5ce36b3449b 100644 --- a/secure/lib/libcrypto/man/man3/RSA_padding_add_PKCS1_type_1.3 +++ b/secure/lib/libcrypto/man/man3/RSA_padding_add_PKCS1_type_1.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,30 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "RSA_PADDING_ADD_PKCS1_TYPE_1 3" -.TH RSA_PADDING_ADD_PKCS1_TYPE_1 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "RSA_PADDING_ADD_PKCS1_TYPE_1 3ossl" +.TH RSA_PADDING_ADD_PKCS1_TYPE_1 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2, RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP, RSA_padding_add_PKCS1_OAEP_mgf1, RSA_padding_check_PKCS1_OAEP_mgf1, RSA_padding_add_SSLv23, RSA_padding_check_SSLv23, RSA_padding_add_none, RSA_padding_check_none \- asymmetric encryption padding +RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, +RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2, +RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP, +RSA_padding_add_PKCS1_OAEP_mgf1, RSA_padding_check_PKCS1_OAEP_mgf1, +RSA_padding_add_none, RSA_padding_check_none \- asymmetric encryption +padding .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/rsa.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 2 \& int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, \& const unsigned char *f, int fl); \& @@ -175,12 +184,6 @@ RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, RSA_padding_add_PK \& const unsigned char *p, int pl, \& const EVP_MD *md, const EVP_MD *mgf1md); \& -\& int RSA_padding_add_SSLv23(unsigned char *to, int tlen, -\& const unsigned char *f, int fl); -\& -\& int RSA_padding_check_SSLv23(unsigned char *to, int tlen, -\& const unsigned char *f, int fl, int rsa_len); -\& \& int RSA_padding_add_none(unsigned char *to, int tlen, \& const unsigned char *f, int fl); \& @@ -189,6 +192,9 @@ RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, RSA_padding_add_PK .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use the \s-1EVP PKEY\s0 APIs. +.PP The \fBRSA_padding_xxx_xxx()\fR functions are called from the \s-1RSA\s0 encrypt, decrypt, sign and verify functions. Normally they should not be called from application programs. @@ -213,9 +219,6 @@ The following encoding methods are implemented: .IP "\s-1PKCS1_OAEP\s0" 4 .IX Item "PKCS1_OAEP" \&\s-1PKCS\s0 #1 v2.0 EME-OAEP -.IP "SSLv23" 4 -.IX Item "SSLv23" -\&\s-1PKCS\s0 #1 EME\-PKCS1\-v1_5 with SSL-specific modification .IP "none" 4 .IX Item "none" simply copy the data @@ -266,11 +269,14 @@ including \s-1PKCS1_OAEP.\s0 \&\fBRSA_private_decrypt\fR\|(3), \&\fBRSA_sign\fR\|(3), \fBRSA_verify\fR\|(3), \&\s-1\fBRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RSA_print.3 b/secure/lib/libcrypto/man/man3/RSA_print.3 index ab51230193f8..215e64ab3a0e 100644 --- a/secure/lib/libcrypto/man/man3/RSA_print.3 +++ b/secure/lib/libcrypto/man/man3/RSA_print.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,51 +130,85 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "RSA_PRINT 3" -.TH RSA_PRINT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "RSA_PRINT 3ossl" +.TH RSA_PRINT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -RSA_print, RSA_print_fp, DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp, DHparams_print, DHparams_print_fp \- print cryptographic parameters +RSA_print, RSA_print_fp, +DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp, +DHparams_print, DHparams_print_fp \- print cryptographic parameters .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/rsa.h> -\& -\& int RSA_print(BIO *bp, RSA *x, int offset); -\& int RSA_print_fp(FILE *fp, RSA *x, int offset); +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& int RSA_print(BIO *bp, const RSA *x, int offset); +\& int RSA_print_fp(FILE *fp, const RSA *x, int offset); \& \& #include <openssl/dsa.h> -\& -\& int DSAparams_print(BIO *bp, DSA *x); -\& int DSAparams_print_fp(FILE *fp, DSA *x); -\& int DSA_print(BIO *bp, DSA *x, int offset); -\& int DSA_print_fp(FILE *fp, DSA *x, int offset); +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 4 +\& int DSAparams_print(BIO *bp, const DSA *x); +\& int DSAparams_print_fp(FILE *fp, const DSA *x); +\& int DSA_print(BIO *bp, const DSA *x, int offset); +\& int DSA_print_fp(FILE *fp, const DSA *x, int offset); \& \& #include <openssl/dh.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 2 \& int DHparams_print(BIO *bp, DH *x); -\& int DHparams_print_fp(FILE *fp, DH *x); +\& int DHparams_print_fp(FILE *fp, const DH *x); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fBEVP_PKEY_print_params\fR\|(3) and +\&\fBEVP_PKEY_print_private\fR\|(3). +.PP A human-readable hexadecimal output of the components of the \s-1RSA\s0 key, \s-1DSA\s0 parameters or key or \s-1DH\s0 parameters is printed to \fBbp\fR or \fBfp\fR. .PP The output lines are indented by \fBoffset\fR spaces. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -These functions return 1 on success, 0 on error. +\&\fBDSAparams_print()\fR, \fBDSAparams_print_fp()\fR, \fBDSA_print()\fR, and \fBDSA_print_fp()\fR +return 1 for success and 0 or a negative value for failure. +.PP +\&\fBDHparams_print()\fR and \fBDHparams_print_fp()\fR return 1 on success, 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBBN_bn2bin\fR\|(3) +.Vb 3 +\& L<EVP_PKEY_print_params(3)>, +\& L<EVP_PKEY_print_private(3)>, +\& L<BN_bn2bin(3)> +.Ve +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RSA_private_encrypt.3 b/secure/lib/libcrypto/man/man3/RSA_private_encrypt.3 index 031b8f0e8aee..d4cbc0087959 100644 --- a/secure/lib/libcrypto/man/man3/RSA_private_encrypt.3 +++ b/secure/lib/libcrypto/man/man3/RSA_private_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "RSA_PRIVATE_ENCRYPT 3" -.TH RSA_PRIVATE_ENCRYPT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "RSA_PRIVATE_ENCRYPT 3ossl" +.TH RSA_PRIVATE_ENCRYPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,7 +142,13 @@ RSA_private_encrypt, RSA_public_decrypt \- low\-level signature operations .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/rsa.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 2 \& int RSA_private_encrypt(int flen, unsigned char *from, \& unsigned char *to, RSA *rsa, int padding); \& @@ -153,6 +157,11 @@ RSA_private_encrypt, RSA_public_decrypt \- low\-level signature operations .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +Both of the functions described on this page are deprecated. +Applications should instead use \fBEVP_PKEY_sign_init_ex\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), \fBEVP_PKEY_verify_recover_init\fR\|(3), and +\&\fBEVP_PKEY_verify_recover\fR\|(3). +.PP These functions handle \s-1RSA\s0 signatures at a low-level. .PP \&\fBRSA_private_encrypt()\fR signs the \fBflen\fR bytes at \fBfrom\fR (usually a @@ -189,12 +198,16 @@ obtained by \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), -\&\fBRSA_sign\fR\|(3), \fBRSA_verify\fR\|(3) +\&\fBRSA_sign\fR\|(3), \fBRSA_verify\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), \fBEVP_PKEY_verify_recover\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +Both of these functions were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RSA_public_encrypt.3 b/secure/lib/libcrypto/man/man3/RSA_public_encrypt.3 index 2afb373fbd87..1d2c5c0a8b53 100644 --- a/secure/lib/libcrypto/man/man3/RSA_public_encrypt.3 +++ b/secure/lib/libcrypto/man/man3/RSA_public_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "RSA_PUBLIC_ENCRYPT 3" -.TH RSA_PUBLIC_ENCRYPT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "RSA_PUBLIC_ENCRYPT 3ossl" +.TH RSA_PUBLIC_ENCRYPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,7 +142,13 @@ RSA_public_encrypt, RSA_private_decrypt \- RSA public key cryptography .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/rsa.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 2 \& int RSA_public_encrypt(int flen, const unsigned char *from, \& unsigned char *to, RSA *rsa, int padding); \& @@ -153,6 +157,11 @@ RSA_public_encrypt, RSA_private_decrypt \- RSA public key cryptography .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +Both of the functions described on this page are deprecated. +Applications should instead use \fBEVP_PKEY_encrypt_init_ex\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), \fBEVP_PKEY_decrypt_init_ex\fR\|(3) and +\&\fBEVP_PKEY_decrypt\fR\|(3). +.PP \&\fBRSA_public_encrypt()\fR encrypts the \fBflen\fR bytes at \fBfrom\fR (usually a session key) using the public key \fBrsa\fR and stores the ciphertext in \&\fBto\fR. \fBto\fR must point to RSA_size(\fBrsa\fR) bytes of memory. @@ -167,10 +176,6 @@ new applications. \s-1SEE WARNING BELOW.\s0 .IX Item "RSA_PKCS1_OAEP_PADDING" EME-OAEP as defined in \s-1PKCS\s0 #1 v2.0 with \s-1SHA\-1, MGF1\s0 and an empty encoding parameter. This mode is recommended for all new applications. -.IP "\s-1RSA_SSLV23_PADDING\s0" 4 -.IX Item "RSA_SSLV23_PADDING" -\&\s-1PKCS\s0 #1 v1.5 padding with an SSL-specific modification that denotes -that the server is \s-1SSL3\s0 capable. .IP "\s-1RSA_NO_PADDING\s0" 4 .IX Item "RSA_NO_PADDING" Raw \s-1RSA\s0 encryption. This mode should \fIonly\fR be used to implement @@ -221,11 +226,14 @@ design. Prefer \s-1RSA_PKCS1_OAEP_PADDING.\s0 .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \&\fBRSA_size\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +Both of these functions were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RSA_set_method.3 b/secure/lib/libcrypto/man/man3/RSA_set_method.3 index 9bf048b73b84..80288950d214 100644 --- a/secure/lib/libcrypto/man/man3/RSA_set_method.3 +++ b/secure/lib/libcrypto/man/man3/RSA_set_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,28 +130,36 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "RSA_SET_METHOD 3" -.TH RSA_SET_METHOD 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "RSA_SET_METHOD 3ossl" +.TH RSA_SET_METHOD 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -RSA_set_default_method, RSA_get_default_method, RSA_set_method, RSA_get_method, RSA_PKCS1_OpenSSL, RSA_flags, RSA_new_method \- select RSA method +RSA_set_default_method, RSA_get_default_method, RSA_set_method, +RSA_get_method, RSA_PKCS1_OpenSSL, RSA_flags, +RSA_new_method \- select RSA method .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/rsa.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 \& void RSA_set_default_method(const RSA_METHOD *meth); \& -\& RSA_METHOD *RSA_get_default_method(void); +\& const RSA_METHOD *RSA_get_default_method(void); \& \& int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); \& -\& RSA_METHOD *RSA_get_method(const RSA *rsa); +\& const RSA_METHOD *RSA_get_method(const RSA *rsa); \& -\& RSA_METHOD *RSA_PKCS1_OpenSSL(void); +\& const RSA_METHOD *RSA_PKCS1_OpenSSL(void); \& \& int RSA_flags(const RSA *rsa); \& @@ -161,6 +167,9 @@ RSA_set_default_method, RSA_get_default_method, RSA_set_method, RSA_get_method, .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use the \s-1OSSL_PROVIDER\s0 APIs. +.PP An \fB\s-1RSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1RSA\s0 operations. By modifying the method, alternative implementations such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for @@ -264,7 +273,7 @@ the default method is used. \& const unsigned char *m, unsigned int m_length, \& const unsigned char *sigbuf, unsigned int siglen, \& const RSA *rsa); -\& /* keygen. If NULL builtin RSA key generation will be used */ +\& /* keygen. If NULL built\-in RSA key generation will be used */ \& int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); \& \& } RSA_METHOD; @@ -303,13 +312,15 @@ not currently exist). \&\fBRSA_new\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP The \fBRSA_null_method()\fR, which was a partial attempt to avoid patent issues, was replaced to always return \s-1NULL\s0 in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RSA_sign.3 b/secure/lib/libcrypto/man/man3/RSA_sign.3 index a409ef1da85d..2f2217b2a02a 100644 --- a/secure/lib/libcrypto/man/man3/RSA_sign.3 +++ b/secure/lib/libcrypto/man/man3/RSA_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "RSA_SIGN 3" -.TH RSA_SIGN 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "RSA_SIGN 3ossl" +.TH RSA_SIGN 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,7 +142,13 @@ RSA_sign, RSA_verify \- RSA signatures .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/rsa.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 2 \& int RSA_sign(int type, const unsigned char *m, unsigned int m_len, \& unsigned char *sigret, unsigned int *siglen, RSA *rsa); \& @@ -153,6 +157,10 @@ RSA_sign, RSA_verify \- RSA signatures .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fBEVP_PKEY_sign_init\fR\|(3), \fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify_init\fR\|(3) and \fBEVP_PKEY_verify\fR\|(3). +.PP \&\fBRSA_sign()\fR signs the message digest \fBm\fR of size \fBm_len\fR using the private key \fBrsa\fR using RSASSA\-PKCS1\-v1_5 as specified in \s-1RFC 3447.\s0 It stores the signature in \fBsigret\fR and the signature size in \fBsiglen\fR. @@ -174,8 +182,8 @@ the message digest algorithm that was used to generate the signature. \&\fBrsa\fR is the signer's public key. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBRSA_sign()\fR returns 1 on success. -\&\fBRSA_verify()\fR returns 1 on successful verification. +\&\fBRSA_sign()\fR returns 1 on success and 0 for failure. +\&\fBRSA_verify()\fR returns 1 on successful verification and 0 for failure. .PP The error codes can be obtained by \fBERR_get_error\fR\|(3). .SH "CONFORMING TO" @@ -186,11 +194,14 @@ The error codes can be obtained by \fBERR_get_error\fR\|(3). \&\fBERR_get_error\fR\|(3), \&\fBRSA_private_encrypt\fR\|(3), \&\fBRSA_public_decrypt\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RSA_sign_ASN1_OCTET_STRING.3 b/secure/lib/libcrypto/man/man3/RSA_sign_ASN1_OCTET_STRING.3 index 65a940ca9674..75bad29fde8d 100644 --- a/secure/lib/libcrypto/man/man3/RSA_sign_ASN1_OCTET_STRING.3 +++ b/secure/lib/libcrypto/man/man3/RSA_sign_ASN1_OCTET_STRING.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "RSA_SIGN_ASN1_OCTET_STRING 3" -.TH RSA_SIGN_ASN1_OCTET_STRING 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "RSA_SIGN_ASN1_OCTET_STRING 3ossl" +.TH RSA_SIGN_ASN1_OCTET_STRING 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -144,7 +142,13 @@ RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING \- RSA signatures .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/rsa.h> -\& +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 3 \& int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m, \& unsigned int m_len, unsigned char *sigret, \& unsigned int *siglen, RSA *rsa); @@ -155,6 +159,9 @@ RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING \- RSA signatures .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \s-1EVP PKEY\s0 APIs. +.PP \&\fBRSA_sign_ASN1_OCTET_STRING()\fR signs the octet string \fBm\fR of size \&\fBm_len\fR using the private key \fBrsa\fR represented in \s-1DER\s0 using \s-1PKCS\s0 #1 padding. It stores the signature in \fBsigret\fR and the signature size @@ -188,11 +195,14 @@ These functions serve no recognizable purpose. \&\fBRAND_bytes\fR\|(3), \fBRSA_sign\fR\|(3), \&\fBRSA_verify\fR\|(3), \&\s-1\fBRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RSA_size.3 b/secure/lib/libcrypto/man/man3/RSA_size.3 index 71dd8483782f..ee5d899ff5d0 100644 --- a/secure/lib/libcrypto/man/man3/RSA_size.3 +++ b/secure/lib/libcrypto/man/man3/RSA_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "RSA_SIZE 3" -.TH RSA_SIZE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "RSA_SIZE 3ossl" +.TH RSA_SIZE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,29 +143,39 @@ RSA_size, RSA_bits, RSA_security_bits \- get RSA modulus size or security bits .Vb 1 \& #include <openssl/rsa.h> \& -\& int RSA_size(const RSA *rsa); -\& \& int RSA_bits(const RSA *rsa); +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& int RSA_size(const RSA *rsa); \& -\& int RSA_security_bits(const RSA *rsa) +\& int RSA_security_bits(const RSA *rsa); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBRSA_size()\fR returns the \s-1RSA\s0 modulus size in bytes. It can be used to -determine how much memory must be allocated for an \s-1RSA\s0 encrypted -value. -.PP \&\fBRSA_bits()\fR returns the number of significant bits. .PP \&\fBrsa\fR and \fBrsa\->n\fR must not be \fB\s-1NULL\s0\fR. .PP +The remaining functions described on this page are deprecated. +Applications should instead use \fBEVP_PKEY_get_size\fR\|(3), \fBEVP_PKEY_get_bits\fR\|(3) +and \fBEVP_PKEY_get_security_bits\fR\|(3). +.PP +\&\fBRSA_size()\fR returns the \s-1RSA\s0 modulus size in bytes. It can be used to +determine how much memory must be allocated for an \s-1RSA\s0 encrypted +value. +.PP \&\fBRSA_security_bits()\fR returns the number of security bits of the given \fBrsa\fR key. See \fBBN_security_bits\fR\|(3). .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBRSA_size()\fR returns the size of modulus in bytes. +\&\fBRSA_bits()\fR returns the number of bits in the key. .PP -\&\fBDSA_bits()\fR returns the number of bits in the key. +\&\fBRSA_size()\fR returns the size of modulus in bytes. .PP \&\fBRSA_security_bits()\fR returns the number of security bits. .SH "SEE ALSO" @@ -175,12 +183,14 @@ key. See \fBBN_security_bits\fR\|(3). \&\fBBN_num_bits\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" +The \fBRSA_size()\fR and \fBRSA_security_bits()\fR functions were deprecated in OpenSSL 3.0. +.PP The \fBRSA_bits()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SCT_new.3 b/secure/lib/libcrypto/man/man3/SCT_new.3 index f30085e04b2f..7b4f533ccb46 100644 --- a/secure/lib/libcrypto/man/man3/SCT_new.3 +++ b/secure/lib/libcrypto/man/man3/SCT_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,23 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SCT_NEW 3" -.TH SCT_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SCT_NEW 3ossl" +.TH SCT_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SCT_new, SCT_new_from_base64, SCT_free, SCT_LIST_free, SCT_get_version, SCT_set_version, SCT_get_log_entry_type, SCT_set_log_entry_type, SCT_get0_log_id, SCT_set0_log_id, SCT_set1_log_id, SCT_get_timestamp, SCT_set_timestamp, SCT_get_signature_nid, SCT_set_signature_nid, SCT_get0_signature, SCT_set0_signature, SCT_set1_signature, SCT_get0_extensions, SCT_set0_extensions, SCT_set1_extensions, SCT_get_source, SCT_set_source \&\- A Certificate Transparency Signed Certificate Timestamp +SCT_new, SCT_new_from_base64, SCT_free, SCT_LIST_free, +SCT_get_version, SCT_set_version, +SCT_get_log_entry_type, SCT_set_log_entry_type, +SCT_get0_log_id, SCT_set0_log_id, SCT_set1_log_id, +SCT_get_timestamp, SCT_set_timestamp, +SCT_get_signature_nid, SCT_set_signature_nid, +SCT_get0_signature, SCT_set0_signature, SCT_set1_signature, +SCT_get0_extensions, SCT_set0_extensions, SCT_set1_extensions, +SCT_get_source, SCT_set_source +\&\- A Certificate Transparency Signed Certificate Timestamp .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -226,7 +233,8 @@ Only \s-1SCT_VERSION_V1\s0 is currently supported. The former takes ownership, whereas the latter makes a copy. See \s-1RFC 6962,\s0 Section 3.2 for the definition of LogID. .IP "\(bu" 2 -\&\fBSCT_set_timestamp()\fR to set the time the \s-1SCT\s0 was issued (epoch time in milliseconds). +\&\fBSCT_set_timestamp()\fR to set the time the \s-1SCT\s0 was issued (time in milliseconds +since the Unix Epoch). .IP "\(bu" 2 \&\fBSCT_set_signature_nid()\fR to set the \s-1NID\s0 of the signature. .IP "\(bu" 2 @@ -249,7 +257,7 @@ The type of certificate the \s-1SCT\s0 was issued for: \&\fB\s-1CT_LOG_ENTRY_TYPE_X509\s0\fR for a normal certificate. \&\fB\s-1CT_LOG_ENTRY_TYPE_PRECERT\s0\fR for a pre-certificate. .IP "\(bu" 2 -The time that the \s-1SCT\s0 was issued (epoch time in milliseconds). +The time that the \s-1SCT\s0 was issued (time in milliseconds since the Unix Epoch). .IP "\(bu" 2 The \s-1SCT\s0 extensions, base64 encoded. .IP "\(bu" 2 @@ -300,7 +308,7 @@ These functions were added in OpenSSL 1.1.0. .IX Header "COPYRIGHT" Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SCT_print.3 b/secure/lib/libcrypto/man/man3/SCT_print.3 index bff184299371..647bb23bf9c7 100644 --- a/secure/lib/libcrypto/man/man3/SCT_print.3 +++ b/secure/lib/libcrypto/man/man3/SCT_print.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SCT_PRINT 3" -.TH SCT_PRINT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SCT_PRINT 3ossl" +.TH SCT_PRINT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SCT_print, SCT_LIST_print, SCT_validation_status_string \- Prints Signed Certificate Timestamps in a human\-readable way +SCT_print, SCT_LIST_print, SCT_validation_status_string \- +Prints Signed Certificate Timestamps in a human\-readable way .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -152,7 +151,7 @@ SCT_print, SCT_LIST_print, SCT_validation_status_string \- Prints Signed Certifi .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBSCT_print()\fR prints a single Signed Certificate Timestamp (\s-1SCT\s0) to a bio in +\&\fBSCT_print()\fR prints a single Signed Certificate Timestamp (\s-1SCT\s0) to a \fB\s-1BIO\s0\fR in a human-readable format. \fBSCT_LIST_print()\fR prints an entire list of SCTs in a similar way. A separator can be specified to delimit each \s-1SCT\s0 in the output. .PP @@ -166,7 +165,7 @@ a human-readable string. Call \fBSCT_validate()\fR or \fBSCT_LIST_validate()\fR beforehand in order to set the validation status of an \s-1SCT\s0 first. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSCT_validation_status_string()\fR returns a null-terminated string representing +\&\fBSCT_validation_status_string()\fR returns a NUL-terminated string representing the validation status of an \fB\s-1SCT\s0\fR object. .SH "SEE ALSO" .IX Header "SEE ALSO" @@ -179,9 +178,9 @@ the validation status of an \fB\s-1SCT\s0\fR object. These functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SCT_validate.3 b/secure/lib/libcrypto/man/man3/SCT_validate.3 index c6e9a32914cf..f0a1f076902b 100644 --- a/secure/lib/libcrypto/man/man3/SCT_validate.3 +++ b/secure/lib/libcrypto/man/man3/SCT_validate.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SCT_VALIDATE 3" -.TH SCT_VALIDATE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SCT_VALIDATE 3ossl" +.TH SCT_VALIDATE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SCT_validate, SCT_LIST_validate, SCT_get_validation_status \- checks Signed Certificate Timestamps (SCTs) are valid +SCT_validate, SCT_LIST_validate, SCT_get_validation_status \- +checks Signed Certificate Timestamps (SCTs) are valid .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -217,7 +216,7 @@ These functions were added in OpenSSL 1.1.0. .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SHA256_Init.3 b/secure/lib/libcrypto/man/man3/SHA256_Init.3 index f67bc4ee0b09..98dd053ff6a1 100644 --- a/secure/lib/libcrypto/man/man3/SHA256_Init.3 +++ b/secure/lib/libcrypto/man/man3/SHA256_Init.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,54 +130,66 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SHA256_INIT 3" -.TH SHA256_INIT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SHA256_INIT 3ossl" +.TH SHA256_INIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SHA1, SHA1_Init, SHA1_Update, SHA1_Final, SHA224, SHA224_Init, SHA224_Update, SHA224_Final, SHA256, SHA256_Init, SHA256_Update, SHA256_Final, SHA384, SHA384_Init, SHA384_Update, SHA384_Final, SHA512, SHA512_Init, SHA512_Update, SHA512_Final \- Secure Hash Algorithm +SHA1, SHA1_Init, SHA1_Update, SHA1_Final, SHA224, SHA224_Init, SHA224_Update, +SHA224_Final, SHA256, SHA256_Init, SHA256_Update, SHA256_Final, SHA384, +SHA384_Init, SHA384_Update, SHA384_Final, SHA512, SHA512_Init, SHA512_Update, +SHA512_Final \- Secure Hash Algorithm .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/sha.h> \& +\& unsigned char *SHA1(const unsigned char *data, size_t count, unsigned char *md_buf); +\& unsigned char *SHA224(const unsigned char *data, size_t count, unsigned char *md_buf); +\& unsigned char *SHA256(const unsigned char *data, size_t count, unsigned char *md_buf); +\& unsigned char *SHA384(const unsigned char *data, size_t count, unsigned char *md_buf); +\& unsigned char *SHA512(const unsigned char *data, size_t count, unsigned char *md_buf); +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 3 \& int SHA1_Init(SHA_CTX *c); \& int SHA1_Update(SHA_CTX *c, const void *data, size_t len); \& int SHA1_Final(unsigned char *md, SHA_CTX *c); -\& unsigned char *SHA1(const unsigned char *d, size_t n, -\& unsigned char *md); \& \& int SHA224_Init(SHA256_CTX *c); \& int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); \& int SHA224_Final(unsigned char *md, SHA256_CTX *c); -\& unsigned char *SHA224(const unsigned char *d, size_t n, -\& unsigned char *md); \& \& int SHA256_Init(SHA256_CTX *c); \& int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); \& int SHA256_Final(unsigned char *md, SHA256_CTX *c); -\& unsigned char *SHA256(const unsigned char *d, size_t n, -\& unsigned char *md); \& \& int SHA384_Init(SHA512_CTX *c); \& int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); \& int SHA384_Final(unsigned char *md, SHA512_CTX *c); -\& unsigned char *SHA384(const unsigned char *d, size_t n, -\& unsigned char *md); \& \& int SHA512_Init(SHA512_CTX *c); \& int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); \& int SHA512_Final(unsigned char *md, SHA512_CTX *c); -\& unsigned char *SHA512(const unsigned char *d, size_t n, -\& unsigned char *md); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -Applications should use the higher level functions -\&\fBEVP_DigestInit\fR\|(3) etc. instead of calling the hash -functions directly. +All of the functions described on this page +except for \s-1\fBSHA1\s0()\fR, \s-1\fBSHA224\s0()\fR, \s-1\fBSHA256\s0()\fR, \s-1\fBSHA384\s0()\fR and \s-1\fBSHA512\s0()\fR are deprecated. +Applications should instead use \fBEVP_DigestInit_ex\fR\|(3), \fBEVP_DigestUpdate\fR\|(3) +and \fBEVP_DigestFinal_ex\fR\|(3), or the quick one-shot function \fBEVP_Q_digest\fR\|(3). +\&\s-1\fBSHA1\s0()\fR, \s-1\fBSHA224\s0()\fR, \s-1\fBSHA256\s0()\fR, \s-1\fBSHA384\s0()\fR, and \s-1\fBSHA256\s0()\fR +can continue to be used. They can also be replaced by, e.g., +.PP +.Vb 1 +\& (EVP_Q_digest(d, n, md, NULL, NULL, "SHA256", NULL) ? md : NULL) +.Ve .PP \&\s-1SHA\-1\s0 (Secure Hash Algorithm) is a cryptographic hash function with a 160 bit output. @@ -222,12 +232,16 @@ Standard), \&\s-1ANSI X9.30\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBEVP_Q_digest\fR\|(3), \&\fBEVP_DigestInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions except SHA*() were deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RAND_DRBG_generate.3 b/secure/lib/libcrypto/man/man3/SMIME_read_ASN1.3 index fe94527680a7..72749260e175 100644 --- a/secure/lib/libcrypto/man/man3/RAND_DRBG_generate.3 +++ b/secure/lib/libcrypto/man/man3/SMIME_read_ASN1.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,83 +130,84 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "RAND_DRBG_GENERATE 3" -.TH RAND_DRBG_GENERATE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SMIME_READ_ASN1 3ossl" +.TH SMIME_READ_ASN1 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -RAND_DRBG_generate, RAND_DRBG_bytes \&\- generate random bytes using the given drbg instance +SMIME_read_ASN1_ex, SMIME_read_ASN1 +\&\- parse S/MIME message .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& #include <openssl/rand_drbg.h> -\& -\& int RAND_DRBG_generate(RAND_DRBG *drbg, -\& unsigned char *out, size_t outlen, -\& int prediction_resistance, -\& const unsigned char *adin, size_t adinlen); +\& #include <openssl/asn1.h> \& -\& int RAND_DRBG_bytes(RAND_DRBG *drbg, -\& unsigned char *out, size_t outlen); +\& ASN1_VALUE *SMIME_read_ASN1_ex(BIO *in, int flags, BIO **bcont, +\& const ASN1_ITEM *it, ASN1_VALUE **x, +\& OSSL_LIB_CTX *libctx, const char *propq); +\& ASN1_VALUE *SMIME_read_ASN1(BIO *in, BIO **bcont, const ASN1_ITEM *it); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBRAND_DRBG_generate()\fR generates \fBoutlen\fR random bytes using the given -\&\s-1DRBG\s0 instance \fBdrbg\fR and stores them in the buffer at \fBout\fR. +\&\fBSMIME_read_ASN1_ex()\fR parses a message in S/MIME format. .PP -Before generating the output, the \s-1DRBG\s0 instance checks whether the maximum -number of generate requests (\fIreseed interval\fR) or the maximum timespan -(\fIreseed time interval\fR) since its last seeding have been reached. -If this is the case, the \s-1DRBG\s0 reseeds automatically. -Additionally, an immediate reseeding can be requested by setting the -\&\fBprediction_resistance\fR flag to 1. See \s-1NOTES\s0 section for more details. +\&\fIin\fR is a \s-1BIO\s0 to read the message from. +If the \fIflags\fR argument contains \fB\s-1CMS_BINARY\s0\fR then the input is assumed to be +in binary format and is not translated to canonical form. +If in addition \fB\s-1SMIME_ASCIICRLF\s0\fR is set then the binary input is assumed +to be followed by \fB\s-1CR\s0\fR and \fB\s-1LF\s0\fR characters, else only by an \fB\s-1LF\s0\fR character. +\&\fIx\fR can be used to optionally supply +a previously created \fIit\fR \s-1ASN1_VALUE\s0 object (such as CMS_ContentInfo or \s-1PKCS7\s0), +it can be set to \s-1NULL.\s0 Valid values that can be used by \s-1ASN.1\s0 structure \fIit\fR +are ASN1_ITEM_rptr(\s-1PKCS7\s0) or ASN1_ITEM_rptr(CMS_ContentInfo). Any algorithm +fetches that occur during the operation will use the \fB\s-1OSSL_LIB_CTX\s0\fR supplied in +the \fIlibctx\fR parameter, and use the property query string \fIpropq\fR See +\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further details about algorithm fetching. .PP -The caller can optionally provide additional data to be used for reseeding -by passing a pointer \fBadin\fR to a buffer of length \fBadinlen\fR. -This additional data is mixed into the internal state of the random -generator but does not contribute to the entropy count. -The additional data can be omitted by setting \fBadin\fR to \s-1NULL\s0 and -\&\fBadinlen\fR to 0; +If cleartext signing is used then the content is saved in a memory bio which is +written to \fI*bcont\fR, otherwise \fI*bcont\fR is set to \s-1NULL.\s0 .PP -\&\fBRAND_DRBG_bytes()\fR generates \fBoutlen\fR random bytes using the given -\&\s-1DRBG\s0 instance \fBdrbg\fR and stores them in the buffer at \fBout\fR. -This function is a wrapper around the \fBRAND_DRBG_generate()\fR call, -which collects some additional data from low entropy sources -(e.g., a high resolution timer) and calls -RAND_DRBG_generate(drbg, out, outlen, 0, adin, adinlen). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBRAND_DRBG_generate()\fR and \fBRAND_DRBG_bytes()\fR return 1 on success, -and 0 on failure. +The parsed \s-1ASN1_VALUE\s0 structure is returned or \s-1NULL\s0 if an error occurred. +.PP +\&\fBSMIME_read_ASN1()\fR is similar to \fBSMIME_read_ASN1_ex()\fR but sets the value of \fIx\fR +to \s-1NULL\s0 and the value of \fIflags\fR to 0. .SH "NOTES" .IX Header "NOTES" -The \fIreseed interval\fR and \fIreseed time interval\fR of the \fBdrbg\fR are set to -reasonable default values, which in general do not have to be adjusted. -If necessary, they can be changed using \fBRAND_DRBG_set_reseed_interval\fR\|(3) -and \fBRAND_DRBG_set_reseed_time_interval\fR\|(3), respectively. +The higher level functions \fBSMIME_read_CMS_ex\fR\|(3) and +\&\fBSMIME_read_PKCS7_ex\fR\|(3) should be used instead of \fBSMIME_read_ASN1_ex()\fR. +.PP +To support future functionality if \fIbcont\fR is not \s-1NULL\s0 \fI*bcont\fR should be +initialized to \s-1NULL.\s0 +.SH "BUGS" +.IX Header "BUGS" +The \s-1MIME\s0 parser used by \fBSMIME_read_ASN1_ex()\fR is somewhat primitive. While it will +handle most S/MIME messages more complex compound formats may not work. .PP -A request for prediction resistance can only be satisfied by pulling fresh -entropy from one of the approved entropy sources listed in section 5.5.2 of -[\s-1NIST SP 800\-90C\s0]. -Since the default \s-1DRBG\s0 implementation does not have access to such an approved -entropy source, a request for prediction resistance will always fail. -In other words, prediction resistance is currently not supported yet by the \s-1DRBG.\s0 +The use of a memory \s-1BIO\s0 to hold the signed content limits the size of message +which can be processed due to memory restraints: a streaming single pass option +should be available. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSMIME_read_ASN1_ex()\fR and \fBSMIME_read_ASN1()\fR return a valid \fB\s-1ASN1_VALUE\s0\fR +structure or \fB\s-1NULL\s0\fR if an error occurred. The error can be obtained from +\&\fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBRAND_bytes\fR\|(3), -\&\fBRAND_DRBG_set_reseed_interval\fR\|(3), -\&\fBRAND_DRBG_set_reseed_time_interval\fR\|(3), -\&\s-1\fBRAND_DRBG\s0\fR\|(7) +\&\fBERR_get_error\fR\|(3), +\&\fBSMIME_read_CMS_ex\fR\|(3), +\&\fBSMIME_read_PKCS7_ex\fR\|(3), +\&\fBSMIME_write_ASN1\fR\|(3), +\&\fBSMIME_write_ASN1_ex\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. +The function \fBSMIME_read_ASN1_ex()\fR was added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SMIME_read_CMS.3 b/secure/lib/libcrypto/man/man3/SMIME_read_CMS.3 index b56fffd858be..d0779e4eb1da 100644 --- a/secure/lib/libcrypto/man/man3/SMIME_read_CMS.3 +++ b/secure/lib/libcrypto/man/man3/SMIME_read_CMS.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,21 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SMIME_READ_CMS 3" -.TH SMIME_READ_CMS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SMIME_READ_CMS 3ossl" +.TH SMIME_READ_CMS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SMIME_read_CMS \- parse S/MIME message +SMIME_read_CMS_ex, SMIME_read_CMS \- parse S/MIME message .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/cms.h> \& +\& CMS_ContentInfo *SMIME_read_CMS_ex(BIO *bio, int flags, BIO **bcont, +\& CMS_ContentInfo **cms); \& CMS_ContentInfo *SMIME_read_CMS(BIO *in, BIO **bcont); .Ve .SH "DESCRIPTION" @@ -158,6 +158,15 @@ written to \fB*bcont\fR, otherwise \fB*bcont\fR is set to \s-1NULL.\s0 .PP The parsed CMS_ContentInfo structure is returned or \s-1NULL\s0 if an error occurred. +.PP +\&\fBSMIME_read_CMS_ex()\fR is similar to \fBSMIME_read_CMS()\fR but optionally a previously +created \fIcms\fR CMS_ContentInfo object can be supplied as well as some \fIflags\fR. +To create a \fIcms\fR object use \fBCMS_ContentInfo_new_ex\fR\|(3). +If the \fIflags\fR argument contains \fB\s-1CMS_BINARY\s0\fR then the input is assumed to be +in binary format and is not translated to canonical form. +If in addition \fB\s-1SMIME_ASCIICRLF\s0\fR is set then the binary input is assumed +to be followed by \fB\s-1CR\s0\fR and \fB\s-1LF\s0\fR characters, else only by an \fB\s-1LF\s0\fR character. +If \fIflags\fR is 0 and \fIcms\fR is \s-1NULL\s0 then it is identical to \fBSMIME_read_CMS()\fR. .SH "NOTES" .IX Header "NOTES" If \fB*bcont\fR is not \s-1NULL\s0 then the message is clear text signed. \fB*bcont\fR can @@ -189,19 +198,24 @@ which can be processed due to memory restraints: a streaming single pass option should be available. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSMIME_read_CMS()\fR returns a valid \fBCMS_ContentInfo\fR structure or \fB\s-1NULL\s0\fR -if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +\&\fBSMIME_read_CMS_ex()\fR and \fBSMIME_read_CMS()\fR return a valid \fBCMS_ContentInfo\fR +structure or \fB\s-1NULL\s0\fR if an error occurred. The error can be obtained from +\&\fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBCMS_type\fR\|(3), -\&\fBSMIME_read_CMS\fR\|(3), \fBCMS_sign\fR\|(3), -\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBCMS_sign\fR\|(3), +\&\fBCMS_verify\fR\|(3), +\&\fBCMS_encrypt\fR\|(3), \&\fBCMS_decrypt\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The function \fBSMIME_read_CMS_ex()\fR was added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SMIME_read_PKCS7.3 b/secure/lib/libcrypto/man/man3/SMIME_read_PKCS7.3 index aee21123b7b3..69bbb52123ef 100644 --- a/secure/lib/libcrypto/man/man3/SMIME_read_PKCS7.3 +++ b/secure/lib/libcrypto/man/man3/SMIME_read_PKCS7.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,20 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SMIME_READ_PKCS7 3" -.TH SMIME_READ_PKCS7 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SMIME_READ_PKCS7 3ossl" +.TH SMIME_READ_PKCS7 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SMIME_read_PKCS7 \- parse S/MIME message +SMIME_read_PKCS7_ex, SMIME_read_PKCS7 \- parse S/MIME message .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/pkcs7.h> \& +\& PKCS7 *SMIME_read_PKCS7_ex(BIO *bio, BIO **bcont, PKCS7 **p7); \& PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont); .Ve .SH "DESCRIPTION" @@ -159,6 +158,11 @@ a memory bio which is written to \fB*bcont\fR, otherwise .PP The parsed PKCS#7 structure is returned or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBSMIME_read_PKCS7_ex()\fR is similar to \fBSMIME_read_PKCS7()\fR but can optionally supply +a previously created \fIp7\fR PKCS#7 object. If \fIp7\fR is \s-1NULL\s0 then it is identical +to \fBSMIME_read_PKCS7()\fR. +To create a \fIp7\fR object use \fBPKCS7_new_ex\fR\|(3). .SH "NOTES" .IX Header "NOTES" If \fB*bcont\fR is not \fB\s-1NULL\s0\fR then the message is clear text @@ -192,19 +196,22 @@ of message which can be processed due to memory restraints: a streaming single pass option should be available. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSMIME_read_PKCS7()\fR returns a valid \fB\s-1PKCS7\s0\fR structure or \fB\s-1NULL\s0\fR -if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +\&\fBSMIME_read_PKCS7_ex()\fR and \fBSMIME_read_PKCS7()\fR return a valid \fB\s-1PKCS7\s0\fR structure +or \fB\s-1NULL\s0\fR if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3), \&\fBSMIME_read_PKCS7\fR\|(3), \fBPKCS7_sign\fR\|(3), \&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) \&\fBPKCS7_decrypt\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The function \fBSMIME_read_PKCS7_ex()\fR was added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SMIME_write_ASN1.3 b/secure/lib/libcrypto/man/man3/SMIME_write_ASN1.3 new file mode 100644 index 000000000000..e64854c9213b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SMIME_write_ASN1.3 @@ -0,0 +1,211 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SMIME_WRITE_ASN1 3ossl" +.TH SMIME_WRITE_ASN1 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SMIME_write_ASN1_ex, SMIME_write_ASN1 +\&\- convert structure to S/MIME format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/asn1.h> +\& +\& int SMIME_write_ASN1_ex(BIO *out, ASN1_VALUE *val, BIO *data, int flags, +\& int ctype_nid, int econt_nid, +\& STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it, +\& OSSL_LIB_CTX *libctx, const char *propq); +\& +\& int SMIME_write_ASN1(BIO *out, +\& ASN1_VALUE *val, BIO *data, int flags, int ctype_nid, int econt_nid, +\& STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSMIME_write_ASN1_ex()\fR adds the appropriate \s-1MIME\s0 headers to an object +structure to produce an S/MIME message. +.PP +\&\fIout\fR is the \s-1BIO\s0 to write the data to. \fIvalue\fR is the appropriate \s-1ASN1_VALUE\s0 +structure (either CMS_ContentInfo or \s-1PKCS7\s0). If streaming is enabled then the +content must be supplied via \fIdata\fR. +\&\fIflags\fR is an optional set of flags. \fIctype_nid\fR is the \s-1NID\s0 of the content +type, \fIecont_nid\fR is the \s-1NID\s0 of the embedded content type and \fImdalgs\fR is a +list of signed data digestAlgorithms. Valid values that can be used by the +\&\s-1ASN.1\s0 structure \fIit\fR are ASN1_ITEM_rptr(\s-1PKCS7\s0) or ASN1_ITEM_rptr(CMS_ContentInfo). +The library context \fIlibctx\fR and the property query \fIpropq\fR are used when +retrieving algorithms from providers. +.SH "NOTES" +.IX Header "NOTES" +The higher level functions \fBSMIME_write_CMS\fR\|(3) and +\&\fBSMIME_write_PKCS7\fR\|(3) should be used instead of \fBSMIME_write_ASN1()\fR. +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If \fB\s-1CMS_DETACHED\s0\fR is set then cleartext signing will be used, this option only +makes sense for SignedData where \fB\s-1CMS_DETACHED\s0\fR is also set when the \fBsign()\fR +method is called. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are added to +the content, this only makes sense if \fB\s-1CMS_DETACHED\s0\fR is also set. +.PP +If the \fB\s-1CMS_STREAM\s0\fR flag is set streaming is performed. This flag should only +be set if \fB\s-1CMS_STREAM\s0\fR was also set in the previous call to a CMS_ContentInfo +or \s-1PKCS7\s0 creation function. +.PP +If cleartext signing is being used and \fB\s-1CMS_STREAM\s0\fR not set then the data must +be read twice: once to compute the signature in sign method and once to output +the S/MIME message. +.PP +If streaming is performed the content is output in \s-1BER\s0 format using indefinite +length constructed encoding except in the case of signed data with detached +content where the content is absent and \s-1DER\s0 format is used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSMIME_write_ASN1_ex()\fR and \fBSMIME_write_ASN1()\fR return 1 for success or +0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBSMIME_write_CMS\fR\|(3), +\&\fBSMIME_write_PKCS7\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SMIME_write_CMS.3 b/secure/lib/libcrypto/man/man3/SMIME_write_CMS.3 index a339ec854ef8..d7a2cb129254 100644 --- a/secure/lib/libcrypto/man/man3/SMIME_write_CMS.3 +++ b/secure/lib/libcrypto/man/man3/SMIME_write_CMS.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SMIME_WRITE_CMS 3" -.TH SMIME_WRITE_CMS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SMIME_WRITE_CMS 3ossl" +.TH SMIME_WRITE_CMS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -193,7 +191,7 @@ option to disable this. .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SMIME_write_PKCS7.3 b/secure/lib/libcrypto/man/man3/SMIME_write_PKCS7.3 index fe950366a591..8e273d31f44d 100644 --- a/secure/lib/libcrypto/man/man3/SMIME_write_PKCS7.3 +++ b/secure/lib/libcrypto/man/man3/SMIME_write_PKCS7.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SMIME_WRITE_PKCS7 3" -.TH SMIME_WRITE_PKCS7 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SMIME_WRITE_PKCS7 3ossl" +.TH SMIME_WRITE_PKCS7 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -194,7 +192,7 @@ should be an option to disable this. .IX Header "COPYRIGHT" Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SRP_Calc_B.3 b/secure/lib/libcrypto/man/man3/SRP_Calc_B.3 new file mode 100644 index 000000000000..ebf3516b3f7f --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SRP_Calc_B.3 @@ -0,0 +1,231 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SRP_CALC_B 3ossl" +.TH SRP_CALC_B 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SRP_Calc_server_key, +SRP_Calc_A, +SRP_Calc_B_ex, +SRP_Calc_B, +SRP_Calc_u_ex, +SRP_Calc_u, +SRP_Calc_x_ex, +SRP_Calc_x, +SRP_Calc_client_key_ex, +SRP_Calc_client_key +\&\- SRP authentication primitives +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/srp.h> +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 7 +\& /* server side .... */ +\& BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u, +\& const BIGNUM *b, const BIGNUM *N); +\& BIGNUM *SRP_Calc_B_ex(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, +\& const BIGNUM *v, OSSL_LIB_CTX *libctx, const char *propq); +\& BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, +\& const BIGNUM *v); +\& +\& BIGNUM *SRP_Calc_u_ex(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N, +\& OSSL_LIB_CTX *libctx, const char *propq); +\& BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N); +\& +\& /* client side .... */ +\& BIGNUM *SRP_Calc_client_key_ex(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, +\& const BIGNUM *x, const BIGNUM *a, const BIGNUM *u, +\& OSSL_LIB_CTX *libctx, const char *propq); +\& BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, +\& const BIGNUM *x, const BIGNUM *a, const BIGNUM *u); +\& BIGNUM *SRP_Calc_x_ex(const BIGNUM *s, const char *user, const char *pass, +\& OSSL_LIB_CTX *libctx, const char *propq); +\& BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass); +\& BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. There are no +available replacement functions at this time. +.PP +The \s-1SRP\s0 functions described on this page are used to calculate various +parameters and keys used by \s-1SRP\s0 as defined in \s-1RFC2945.\s0 The server key and \fIB\fR +and \fIu\fR parameters are used on the server side and are calculated via +\&\fBSRP_Calc_server_key()\fR, \fBSRP_Calc_B_ex()\fR, \fBSRP_Calc_B()\fR, \fBSRP_Calc_u_ex()\fR and +\&\fBSRP_Calc_u()\fR. The client key and \fBx\fR and \fBA\fR parameters are used on the +client side and are calculated via the functions \fBSRP_Calc_client_key_ex()\fR, +\&\fBSRP_Calc_client_key()\fR, \fBSRP_Calc_x_ex()\fR, \fBSRP_Calc_x()\fR and \fBSRP_Calc_A()\fR. See +\&\s-1RFC2945\s0 for a detailed description of their usage and the meaning of the various +\&\s-1BIGNUM\s0 parameters to these functions. +.PP +Most of these functions come in two forms. Those that take a \fIlibctx\fR and +\&\fIpropq\fR parameter, and those that don't. Any cryptogrpahic functions that +are fetched and used during the calculation use the provided \fIlibctx\fR and +\&\fIpropq\fR. See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for more details. The variants +that do not take a \fIlibctx\fR and \fIpropq\fR parameter use the default library +context and property query string. The \fBSRP_Calc_server_key()\fR and \fBSRP_Calc_A()\fR +functions do not have a form that takes \fIlibctx\fR or \fIpropq\fR parameters because +they do not need to fetch any cryptographic algorithms. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return the calculated key or parameter, or \s-1NULL\s0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBopenssl\-srp\fR\|(1), +\&\fBSRP_VBASE_new\fR\|(3), +\&\fBSRP_user_pwd_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +SRP_Calc_B_ex, SRP_Calc_u_ex, SRP_Calc_client_key_ex and SRP_Calc_x_ex were +introduced in OpenSSL 3.0. +.PP +All of the other functions were added in OpenSSL 1.0.1. +.PP +All of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SRP_VBASE_new.3 b/secure/lib/libcrypto/man/man3/SRP_VBASE_new.3 new file mode 100644 index 000000000000..3f467a6b9c3d --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SRP_VBASE_new.3 @@ -0,0 +1,239 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SRP_VBASE_NEW 3ossl" +.TH SRP_VBASE_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SRP_VBASE_new, +SRP_VBASE_free, +SRP_VBASE_init, +SRP_VBASE_add0_user, +SRP_VBASE_get1_by_user, +SRP_VBASE_get_by_user +\&\- Functions to create and manage a stack of SRP user verifier information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/srp.h> +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& SRP_VBASE *SRP_VBASE_new(char *seed_key); +\& void SRP_VBASE_free(SRP_VBASE *vb); +\& +\& int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file); +\& +\& int SRP_VBASE_add0_user(SRP_VBASE *vb, SRP_user_pwd *user_pwd); +\& SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username); +\& SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. There are no +available replacement functions at this time. +.PP +The \fBSRP_VBASE_new()\fR function allocates a structure to store server side \s-1SRP\s0 +verifier information. +If \fBseed_key\fR is not \s-1NULL\s0 a copy is stored and used to generate dummy parameters +for users that are not found by \fBSRP_VBASE_get1_by_user()\fR. This allows the server +to hide the fact that it doesn't have a verifier for a particular username, +as described in section 2.5.1.3 'Unknown \s-1SRP\s0' of \s-1RFC 5054.\s0 +The seed string should contain random \s-1NUL\s0 terminated binary data (therefore +the random data should not contain \s-1NUL\s0 bytes!). +.PP +The \fBSRP_VBASE_free()\fR function frees up the \fBvb\fR structure. +If \fBvb\fR is \s-1NULL,\s0 nothing is done. +.PP +The \fBSRP_VBASE_init()\fR function parses the information in a verifier file and +populates the \fBvb\fR structure. +The verifier file is a text file containing multiple entries, whose format is: +flag base64(verifier) base64(salt) username gNid userinfo(optional) +where the flag can be 'V' (valid) or 'R' (revoked). +Note that the base64 encoding used here is non-standard so it is recommended +to use \fBopenssl\-srp\fR\|(1) to generate this file. +.PP +The \fBSRP_VBASE_add0_user()\fR function adds the \fBuser_pwd\fR verifier information +to the \fBvb\fR structure. See \fBSRP_user_pwd_new\fR\|(3) to create and populate this +record. +The library takes ownership of \fBuser_pwd\fR, it should not be freed by the caller. +.PP +The \fBSRP_VBASE_get1_by_user()\fR function returns the password info for the user +whose username matches \fBusername\fR. It replaces the deprecated +\&\fBSRP_VBASE_get_by_user()\fR. +If no matching user is found but a seed_key and default gN parameters have been +set, dummy authentication information is generated from the seed_key, allowing +the server to hide the fact that it doesn't have a verifier for a particular +username. When using \s-1SRP\s0 as a \s-1TLS\s0 authentication mechanism, this will cause +the handshake to proceed normally but the first client will be rejected with +a \*(L"bad_record_mac\*(R" alert, as if the password was incorrect. +If no matching user is found and the seed_key is not set, \s-1NULL\s0 is returned. +Ownership of the returned pointer is released to the caller, it must be freed +with \fBSRP_user_pwd_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSRP_VBASE_init()\fR returns \fB\s-1SRP_NO_ERROR\s0\fR (0) on success and a positive value +on failure. +The error codes are \fB\s-1SRP_ERR_OPEN_FILE\s0\fR if the file could not be opened, +\&\fB\s-1SRP_ERR_VBASE_INCOMPLETE_FILE\s0\fR if the file could not be parsed, +\&\fB\s-1SRP_ERR_MEMORY\s0\fR on memory allocation failure and \fB\s-1SRP_ERR_VBASE_BN_LIB\s0\fR +for invalid decoded parameter values. +.PP +\&\fBSRP_VBASE_add0_user()\fR returns 1 on success and 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBopenssl\-srp\fR\|(1), +\&\fBSRP_create_verifier\fR\|(3), +\&\fBSRP_user_pwd_new\fR\|(3), +\&\fBSSL_CTX_set_srp_password\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSRP_VBASE_add0_user()\fR function was added in OpenSSL 3.0. +.PP +All other functions were added in OpenSSL 1.0.1. +.PP +All of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SRP_create_verifier.3 b/secure/lib/libcrypto/man/man3/SRP_create_verifier.3 new file mode 100644 index 000000000000..1cd0888d1bfb --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SRP_create_verifier.3 @@ -0,0 +1,271 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SRP_CREATE_VERIFIER 3ossl" +.TH SRP_CREATE_VERIFIER 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SRP_create_verifier_ex, +SRP_create_verifier, +SRP_create_verifier_BN_ex, +SRP_create_verifier_BN, +SRP_check_known_gN_param, +SRP_get_default_gN +\&\- SRP authentication primitives +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/srp.h> +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 11 +\& int SRP_create_verifier_BN_ex(const char *user, const char *pass, BIGNUM **salt, +\& BIGNUM **verifier, const BIGNUM *N, +\& const BIGNUM *g, OSSL_LIB_CTX *libctx, +\& const char *propq); +\& char *SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, +\& BIGNUM **verifier, const BIGNUM *N, const BIGNUM *g); +\& char *SRP_create_verifier_ex(const char *user, const char *pass, char **salt, +\& char **verifier, const char *N, const char *g, +\& OSSL_LIB_CTX *libctx, const char *propq); +\& char *SRP_create_verifier(const char *user, const char *pass, char **salt, +\& char **verifier, const char *N, const char *g); +\& +\& char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N); +\& SRP_gN *SRP_get_default_gN(const char *id); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. There are no +available replacement functions at this time. +.PP +The \fBSRP_create_verifier_BN_ex()\fR function creates an \s-1SRP\s0 password verifier from +the supplied parameters as defined in section 2.4 of \s-1RFC 5054\s0 using the library +context \fIlibctx\fR and property query string \fIpropq\fR. Any cryptographic +algorithms that need to be fetched will use the \fIlibctx\fR and \fIpropq\fR. See +\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7). +.PP +\&\fBSRP_create_verifier_BN()\fR is the same as \fBSRP_create_verifier_BN_ex()\fR except the +default library context and property query string is used. +.PP +On successful exit \fI*verifier\fR will point to a newly allocated \s-1BIGNUM\s0 containing +the verifier and (if a salt was not provided) \fI*salt\fR will be populated with a +newly allocated \s-1BIGNUM\s0 containing a random salt. If \fI*salt\fR is not \s-1NULL\s0 then +the provided salt is used instead. +The caller is responsible for freeing the allocated \fI*salt\fR and \fI*verifier\fR +\&\s-1BIGNUMS\s0 (use \fBBN_free\fR\|(3)). +.PP +The \fBSRP_create_verifier()\fR function is similar to \fBSRP_create_verifier_BN()\fR but +all numeric parameters are in a non-standard base64 encoding originally designed +for compatibility with libsrp. This is mainly present for historical compatibility +and its use is discouraged. +It is possible to pass \s-1NULL\s0 as \fIN\fR and an \s-1SRP\s0 group id as \fIg\fR instead to +load the appropriate gN values (see \fBSRP_get_default_gN()\fR). +If both \fIN\fR and \fIg\fR are \s-1NULL\s0 the 8192\-bit \s-1SRP\s0 group parameters are used. +The caller is responsible for freeing the allocated \fI*salt\fR and \fI*verifier\fR +(use \fBOPENSSL_free\fR\|(3)). +.PP +The \fBSRP_check_known_gN_param()\fR function checks that \fIg\fR and \fIN\fR are valid +\&\s-1SRP\s0 group parameters from \s-1RFC 5054\s0 appendix A. +.PP +The \fBSRP_get_default_gN()\fR function returns the gN parameters for the \s-1RFC 5054\s0 \fIid\fR +\&\s-1SRP\s0 group size. +The known ids are \*(L"1024\*(R", \*(L"1536\*(R", \*(L"2048\*(R", \*(L"3072\*(R", \*(L"4096\*(R", \*(L"6144\*(R" and \*(L"8192\*(R". +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSRP_create_verifier_BN_ex()\fR and \fBSRP_create_verifier_BN()\fR return 1 on success and +0 on failure. +.PP +\&\fBSRP_create_verifier_ex()\fR and \fBSRP_create_verifier()\fR return \s-1NULL\s0 on failure and a +non-NULL value on success: +\&\*(L"*\*(R" if \fIN\fR is not \s-1NULL,\s0 the selected group id otherwise. This value should +not be freed. +.PP +\&\fBSRP_check_known_gN_param()\fR returns the text representation of the group id +(i.e. the prime bit size) or \s-1NULL\s0 if the arguments are not valid \s-1SRP\s0 group parameters. +This value should not be freed. +.PP +\&\fBSRP_get_default_gN()\fR returns \s-1NULL\s0 if \fIid\fR is not a valid group size, +or the 8192\-bit group parameters if \fIid\fR is \s-1NULL.\s0 +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Generate and store a 8192 bit password verifier (error handling +omitted for clarity): +.PP +.Vb 2 +\& #include <openssl/bn.h> +\& #include <openssl/srp.h> +\& +\& const char *username = "username"; +\& const char *password = "password"; +\& +\& SRP_VBASE *srpData = SRP_VBASE_new(NULL); +\& +\& SRP_gN *gN = SRP_get_default_gN("8192"); +\& +\& BIGNUM *salt = NULL, *verifier = NULL; +\& SRP_create_verifier_BN_ex(username, password, &salt, &verifier, gN\->N, gN\->g, +\& NULL, NULL); +\& +\& SRP_user_pwd *pwd = SRP_user_pwd_new(); +\& SRP_user_pwd_set1_ids(pwd, username, NULL); +\& SRP_user_pwd_set0_sv(pwd, salt, verifier); +\& SRP_user_pwd_set_gN(pwd, gN\->g, gN\->N); +\& +\& SRP_VBASE_add0_user(srpData, pwd); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBopenssl\-srp\fR\|(1), +\&\fBSRP_VBASE_new\fR\|(3), +\&\fBSRP_user_pwd_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBSRP_create_verifier_BN_ex()\fR and \fBSRP_create_verifier_ex()\fR were introduced in +OpenSSL 3.0. All other functions were added in OpenSSL 1.0.1. +.PP +All of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SRP_user_pwd_new.3 b/secure/lib/libcrypto/man/man3/SRP_user_pwd_new.3 new file mode 100644 index 000000000000..be454fcc771f --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SRP_user_pwd_new.3 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SRP_USER_PWD_NEW 3ossl" +.TH SRP_USER_PWD_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SRP_user_pwd_new, +SRP_user_pwd_free, +SRP_user_pwd_set1_ids, +SRP_user_pwd_set_gN, +SRP_user_pwd_set0_sv +\&\- Functions to create a record of SRP user verifier information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/srp.h> +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& SRP_user_pwd *SRP_user_pwd_new(void); +\& void SRP_user_pwd_free(SRP_user_pwd *user_pwd); +\& +\& int SRP_user_pwd_set1_ids(SRP_user_pwd *user_pwd, const char *id, const char *info); +\& void SRP_user_pwd_set_gN(SRP_user_pwd *user_pwd, const BIGNUM *g, const BIGNUM *N); +\& int SRP_user_pwd_set0_sv(SRP_user_pwd *user_pwd, BIGNUM *s, BIGNUM *v); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. There are no +available replacement functions at this time. +.PP +The \fBSRP_user_pwd_new()\fR function allocates a structure to store a user verifier +record. +.PP +The \fBSRP_user_pwd_free()\fR function frees up the \fBuser_pwd\fR structure. +If \fBuser_pwd\fR is \s-1NULL,\s0 nothing is done. +.PP +The \fBSRP_user_pwd_set1_ids()\fR function sets the username to \fBid\fR and the optional +user info to \fBinfo\fR for \fBuser_pwd\fR. +The library allocates new copies of \fBid\fR and \fBinfo\fR, the caller still +owns the original memory. +.PP +The \fBSRP_user_pwd_set0_sv()\fR function sets the user salt to \fBs\fR and the verifier +to \fBv\fR for \fBuser_pwd\fR. +The library takes ownership of the values, they should not be freed by the caller. +.PP +The \fBSRP_user_pwd_set_gN()\fR function sets the \s-1SRP\s0 group parameters for \fBuser_pwd\fR. +The memory is not freed by \fBSRP_user_pwd_free()\fR, the caller must make sure it is +freed once it is no longer used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSRP_user_pwd_set1_ids()\fR returns 1 on success and 0 on failure or if \fBid\fR was \s-1NULL.\s0 +.PP +\&\fBSRP_user_pwd_set0_sv()\fR returns 1 if both \fBs\fR and \fBv\fR are not \s-1NULL, 0\s0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBopenssl\-srp\fR\|(1), +\&\fBSRP_create_verifier\fR\|(3), +\&\fBSRP_VBASE_new\fR\|(3), +\&\fBSSL_CTX_set_srp_password\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were made public in OpenSSL 3.0 and are deprecated. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CIPHER_get_name.3 b/secure/lib/libcrypto/man/man3/SSL_CIPHER_get_name.3 index 375c3a88a79b..f3f4c66837c9 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CIPHER_get_name.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CIPHER_get_name.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,29 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CIPHER_GET_NAME 3" -.TH SSL_CIPHER_GET_NAME 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CIPHER_GET_NAME 3ossl" +.TH SSL_CIPHER_GET_NAME 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CIPHER_get_name, SSL_CIPHER_standard_name, OPENSSL_cipher_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description, SSL_CIPHER_get_cipher_nid, SSL_CIPHER_get_digest_nid, SSL_CIPHER_get_handshake_digest, SSL_CIPHER_get_kx_nid, SSL_CIPHER_get_auth_nid, SSL_CIPHER_is_aead, SSL_CIPHER_find, SSL_CIPHER_get_id, SSL_CIPHER_get_protocol_id \&\- get SSL_CIPHER properties +SSL_CIPHER_get_name, +SSL_CIPHER_standard_name, +OPENSSL_cipher_name, +SSL_CIPHER_get_bits, +SSL_CIPHER_get_version, +SSL_CIPHER_description, +SSL_CIPHER_get_cipher_nid, +SSL_CIPHER_get_digest_nid, +SSL_CIPHER_get_handshake_digest, +SSL_CIPHER_get_kx_nid, +SSL_CIPHER_get_auth_nid, +SSL_CIPHER_is_aead, +SSL_CIPHER_find, +SSL_CIPHER_get_id, +SSL_CIPHER_get_protocol_id +\&\- get SSL_CIPHER properties .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -149,7 +162,7 @@ SSL_CIPHER_get_name, SSL_CIPHER_standard_name, OPENSSL_cipher_name, SSL_CIPHER_g \& const char *SSL_CIPHER_standard_name(const SSL_CIPHER *cipher); \& const char *OPENSSL_cipher_name(const char *stdname); \& int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits); -\& char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher); +\& const char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher); \& char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size); \& int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); \& int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); @@ -274,7 +287,7 @@ Some examples for the output of \fBSSL_CIPHER_description()\fR: .IX Header "RETURN VALUES" \&\fBSSL_CIPHER_get_name()\fR, \fBSSL_CIPHER_standard_name()\fR, \fBOPENSSL_cipher_name()\fR, \&\fBSSL_CIPHER_get_version()\fR and \fBSSL_CIPHER_description()\fR return the corresponding -value in a null-terminated string for a specific cipher or \*(L"(\s-1NONE\s0)\*(R" +value in a NUL-terminated string for a specific cipher or \*(L"(\s-1NONE\s0)\*(R" if the cipher is not found. .PP \&\fBSSL_CIPHER_get_bits()\fR returns a positive integer representing the number of @@ -299,7 +312,7 @@ protocol-specific \s-1ID.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_get_current_cipher\fR\|(3), -\&\fBSSL_get_ciphers\fR\|(3), \fBciphers\fR\|(1) +\&\fBSSL_get_ciphers\fR\|(3), \fBopenssl\-ciphers\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_CIPHER_get_version()\fR function was updated to always return the @@ -317,9 +330,9 @@ required to enable this function. The \fBOPENSSL_cipher_name()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_COMP_add_compression_method.3 b/secure/lib/libcrypto/man/man3/SSL_COMP_add_compression_method.3 index 6c1a35adc1c5..9648892a1d6c 100644 --- a/secure/lib/libcrypto/man/man3/SSL_COMP_add_compression_method.3 +++ b/secure/lib/libcrypto/man/man3/SSL_COMP_add_compression_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_COMP_ADD_COMPRESSION_METHOD 3" -.TH SSL_COMP_ADD_COMPRESSION_METHOD 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_COMP_ADD_COMPRESSION_METHOD 3ossl" +.TH SSL_COMP_ADD_COMPRESSION_METHOD 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_COMP_add_compression_method, SSL_COMP_get_compression_methods, SSL_COMP_get0_name, SSL_COMP_get_id, SSL_COMP_free_compression_methods \&\- handle SSL/TLS integrated compression methods +SSL_COMP_add_compression_method, SSL_COMP_get_compression_methods, +SSL_COMP_get0_name, SSL_COMP_get_id, SSL_COMP_free_compression_methods +\&\- handle SSL/TLS integrated compression methods .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -151,12 +151,12 @@ SSL_COMP_add_compression_method, SSL_COMP_get_compression_methods, SSL_COMP_get0 \& int SSL_COMP_get_id(const SSL_COMP *comp); .Ve .PP -Deprecated: +The following function has been deprecated since OpenSSL 1.1.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): .PP -.Vb 3 -\& #if OPENSSL_API_COMPAT < 0x10100000L -\& void SSL_COMP_free_compression_methods(void) -\& #endif +.Vb 1 +\& void SSL_COMP_free_compression_methods(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -221,9 +221,9 @@ The \fBSSL_COMP_free_compression_methods()\fR function was deprecated in OpenSSL The \fBSSL_COMP_get0_name()\fR and \fBSSL_comp_get_id()\fR functions were added in OpenSSL 1.1.0d. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_new.3 b/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_new.3 index 253d96acd8d6..dbe39aa22b4e 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_new.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CONF_CTX_NEW 3" -.TH SSL_CONF_CTX_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CONF_CTX_NEW 3ossl" +.TH SSL_CONF_CTX_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -163,6 +161,7 @@ or \fB\s-1NULL\s0\fR if an error occurs. \&\fBSSL_CONF_CTX_free()\fR does not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \&\fBSSL_CONF_CTX_set_flags\fR\|(3), \&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), \&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), @@ -175,7 +174,7 @@ These functions were added in OpenSSL 1.0.2. .IX Header "COPYRIGHT" Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set1_prefix.3 b/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set1_prefix.3 index 6e1d69ed2e54..cb0edee1f821 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set1_prefix.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set1_prefix.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CONF_CTX_SET1_PREFIX 3" -.TH SSL_CONF_CTX_SET1_PREFIX 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CONF_CTX_SET1_PREFIX 3ossl" +.TH SSL_CONF_CTX_SET1_PREFIX 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -170,6 +168,7 @@ insensitive and no prefix is the default. \&\fBSSL_CONF_CTX_set1_prefix()\fR returns 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \&\fBSSL_CONF_CTX_new\fR\|(3), \&\fBSSL_CONF_CTX_set_flags\fR\|(3), \&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), @@ -182,7 +181,7 @@ These functions were added in OpenSSL 1.0.2. .IX Header "COPYRIGHT" Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_flags.3 b/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_flags.3 index b5c8ded47dc0..704a736b1f5b 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_flags.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_flags.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CONF_CTX_SET_FLAGS 3" -.TH SSL_CONF_CTX_SET_FLAGS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CONF_CTX_SET_FLAGS 3ossl" +.TH SSL_CONF_CTX_SET_FLAGS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -187,6 +185,7 @@ in the return values of \fBSSL_CONF_set_cmd()\fR or \fBSSL_CONF_set_argv()\fR value after setting or clearing flags. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \&\fBSSL_CONF_CTX_new\fR\|(3), \&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), \&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), @@ -199,7 +198,7 @@ These functions were added in OpenSSL 1.0.2. .IX Header "COPYRIGHT" Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 b/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 index cc0d0b90aa75..16148ecdce78 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CONF_CTX_SET_SSL_CTX 3" -.TH SSL_CONF_CTX_SET_SSL_CTX 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CONF_CTX_SET_SSL_CTX 3ossl" +.TH SSL_CONF_CTX_SET_SSL_CTX 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -168,6 +166,7 @@ syntax checking of commands is performed, where possible. \&\fBSSL_CONF_CTX_set_ssl_ctx()\fR and \fBSSL_CTX_set_ssl()\fR do not return a value. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \&\fBSSL_CONF_CTX_new\fR\|(3), \&\fBSSL_CONF_CTX_set_flags\fR\|(3), \&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), @@ -180,7 +179,7 @@ These functions were added in OpenSSL 1.0.2. .IX Header "COPYRIGHT" Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CONF_cmd.3 b/secure/lib/libcrypto/man/man3/SSL_CONF_cmd.3 index 8ecbf6bf059f..1624309e7b42 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CONF_cmd.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CONF_cmd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,171 +130,52 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CONF_CMD 3" -.TH SSL_CONF_CMD 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CONF_CMD 3ossl" +.TH SSL_CONF_CMD 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CONF_cmd_value_type, SSL_CONF_cmd \- send configuration command +SSL_CONF_cmd_value_type, +SSL_CONF_cmd \- send configuration command .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> \& -\& int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); -\& int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); +\& int SSL_CONF_cmd(SSL_CONF_CTX *ctx, const char *option, const char *value); +\& int SSL_CONF_cmd_value_type(SSL_CONF_CTX *ctx, const char *option); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The function \fBSSL_CONF_cmd()\fR performs configuration operation \fBcmd\fR with +The function \fBSSL_CONF_cmd()\fR performs configuration operation \fBoption\fR with optional parameter \fBvalue\fR on \fBctx\fR. Its purpose is to simplify application configuration of \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structures by providing a common framework for command line options or configuration files. .PP -\&\fBSSL_CONF_cmd_value_type()\fR returns the type of value that \fBcmd\fR refers to. +\&\fBSSL_CONF_cmd_value_type()\fR returns the type of value that \fBoption\fR refers to. .SH "SUPPORTED COMMAND LINE COMMANDS" .IX Header "SUPPORTED COMMAND LINE COMMANDS" -Currently supported \fBcmd\fR names for command lines (i.e. when the -flag \fB\s-1SSL_CONF_CMDLINE\s0\fR is set) are listed below. Note: all \fBcmd\fR names -are case sensitive. Unless otherwise stated commands can be used by +Currently supported \fBoption\fR names for command lines (i.e. when the +flag \fB\s-1SSL_CONF_FLAG_CMDLINE\s0\fR is set) are listed below. Note: all \fBoption\fR +names are case sensitive. Unless otherwise stated commands can be used by both clients and servers and the \fBvalue\fR parameter is not used. The default prefix for command line commands is \fB\-\fR and that is reflected below. -.IP "\fB\-sigalgs\fR" 4 -.IX Item "-sigalgs" -This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. -For clients this -value is used directly for the supported signature algorithms extension. For -servers it is used to determine which signature algorithms to support. -.Sp -The \fBvalue\fR argument should be a colon separated list of signature algorithms -in order of decreasing preference of the form \fBalgorithm+hash\fR or -\&\fBsignature_scheme\fR. \fBalgorithm\fR -is one of \fB\s-1RSA\s0\fR, \fB\s-1DSA\s0\fR or \fB\s-1ECDSA\s0\fR and \fBhash\fR is a supported algorithm -\&\s-1OID\s0 short name such as \fB\s-1SHA1\s0\fR, \fB\s-1SHA224\s0\fR, \fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR of \fB\s-1SHA512\s0\fR. -Note: algorithm and hash names are case sensitive. -\&\fBsignature_scheme\fR is one of the signature schemes defined in TLSv1.3, -specified using the \s-1IETF\s0 name, e.g., \fBecdsa_secp256r1_sha256\fR, \fBed25519\fR, -or \fBrsa_pss_pss_sha256\fR. -.Sp -If this option is not set then all signature algorithms supported by the -OpenSSL library are permissible. -.Sp -Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by -using \fB\s-1RSA\s0\fR as the \fBalgorithm\fR or by using one of the \fBrsa_pkcs1_*\fR -identifiers) are ignored in TLSv1.3 and will not be negotiated. -.IP "\fB\-client_sigalgs\fR" 4 -.IX Item "-client_sigalgs" -This sets the supported signature algorithms associated with client -authentication for TLSv1.2 and TLSv1.3. -For servers the value is used in the -\&\fBsignature_algorithms\fR field of a \fBCertificateRequest\fR message. -For clients it is -used to determine which signature algorithm to use with the client certificate. -If a server does not request a certificate this option has no effect. -.Sp -The syntax of \fBvalue\fR is identical to \fB\-sigalgs\fR. If not set then -the value set for \fB\-sigalgs\fR will be used instead. -.IP "\fB\-groups\fR" 4 -.IX Item "-groups" -This sets the supported groups. For clients, the groups are -sent using the supported groups extension. For servers, it is used -to determine which group to use. This setting affects groups used for -signatures (in TLSv1.2 and earlier) and key exchange. The first group listed -will also be used for the \fBkey_share\fR sent by a client in a TLSv1.3 -\&\fBClientHello\fR. -.Sp -The \fBvalue\fR argument is a colon separated list of groups. The group can be -either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR), some other commonly used name where -applicable (e.g. \fBX25519\fR) or an OpenSSL \s-1OID\s0 name (e.g. \fBprime256v1\fR). Group -names are case sensitive. The list should be in order of preference with the -most preferred group first. -.IP "\fB\-curves\fR" 4 -.IX Item "-curves" -This is a synonym for the \*(L"\-groups\*(R" command. -.IP "\fB\-named_curve\fR" 4 -.IX Item "-named_curve" -This sets the temporary curve used for ephemeral \s-1ECDH\s0 modes. Only used by -servers -.Sp -The \fBvalue\fR argument is a curve name or the special value \fBauto\fR which -picks an appropriate curve based on client and server preferences. The curve -can be either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR) or an OpenSSL \s-1OID\s0 name -(e.g. \fBprime256v1\fR). Curve names are case sensitive. -.IP "\fB\-cipher\fR" 4 -.IX Item "-cipher" -Sets the TLSv1.2 and below ciphersuite list to \fBvalue\fR. This list will be -combined with any configured TLSv1.3 ciphersuites. Note: syntax checking -of \fBvalue\fR is currently not performed unless a \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR structure is -associated with \fBcctx\fR. -.IP "\fB\-ciphersuites\fR" 4 -.IX Item "-ciphersuites" -Sets the available ciphersuites for TLSv1.3 to value. This is a simple colon -(\*(L":\*(R") separated list of TLSv1.3 ciphersuite names in order of preference. This -list will be combined any configured TLSv1.2 and below ciphersuites. -See \fBciphers\fR\|(1) for more information. -.IP "\fB\-cert\fR" 4 -.IX Item "-cert" -Attempts to use the file \fBvalue\fR as the certificate for the appropriate -context. It currently uses \fBSSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR -structure is set or \fBSSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR -structure is set. This option is only supported if certificate operations -are permitted. -.IP "\fB\-key\fR" 4 -.IX Item "-key" -Attempts to use the file \fBvalue\fR as the private key for the appropriate -context. This option is only supported if certificate operations -are permitted. Note: if no \fB\-key\fR option is set then a private key is -not loaded unless the flag \fB\s-1SSL_CONF_FLAG_REQUIRE_PRIVATE\s0\fR is set. -.IP "\fB\-dhparam\fR" 4 -.IX Item "-dhparam" -Attempts to use the file \fBvalue\fR as the set of temporary \s-1DH\s0 parameters for -the appropriate context. This option is only supported if certificate -operations are permitted. -.IP "\fB\-record_padding\fR" 4 -.IX Item "-record_padding" -Attempts to pad TLSv1.3 records so that they are a multiple of \fBvalue\fR in -length on send. A \fBvalue\fR of 0 or 1 turns off padding. Otherwise, the -\&\fBvalue\fR must be >1 or <=16384. -.IP "\fB\-no_renegotiation\fR" 4 -.IX Item "-no_renegotiation" -Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting -\&\fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR. -.IP "\fB\-min_protocol\fR, \fB\-max_protocol\fR" 4 -.IX Item "-min_protocol, -max_protocol" -Sets the minimum and maximum supported protocol. -Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, -\&\fBTLSv1.2\fR, \fBTLSv1.3\fR for \s-1TLS\s0; \fBDTLSv1\fR, \fBDTLSv1.2\fR for \s-1DTLS,\s0 and \fBNone\fR -for no limit. -If either the lower or upper bound is not specified then only the other bound -applies, if specified. -If your application supports both \s-1TLS\s0 and \s-1DTLS\s0 you can specify any of these -options twice, once with a bound for \s-1TLS\s0 and again with an appropriate bound -for \s-1DTLS.\s0 -To restrict the supported protocol versions use these commands rather than the -deprecated alternative commands below. -.IP "\fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR" 4 -.IX Item "-no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3" -Disables protocol support for SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 by -setting the corresponding options \fBSSL_OP_NO_SSLv3\fR, \fBSSL_OP_NO_TLSv1\fR, -\&\fBSSL_OP_NO_TLSv1_1\fR, \fBSSL_OP_NO_TLSv1_2\fR and \fBSSL_OP_NO_TLSv1_3\fR -respectively. These options are deprecated, instead use \fB\-min_protocol\fR and -\&\fB\-max_protocol\fR. .IP "\fB\-bugs\fR" 4 .IX Item "-bugs" Various bug workarounds are set, same as setting \fB\s-1SSL_OP_ALL\s0\fR. +.IP "\fB\-no_comp\fR" 4 +.IX Item "-no_comp" +Disables support for \s-1SSL/TLS\s0 compression, same as setting +\&\fB\s-1SSL_OP_NO_COMPRESSION\s0\fR. +As of OpenSSL 1.1.0, compression is off by default. .IP "\fB\-comp\fR" 4 .IX Item "-comp" Enables support for \s-1SSL/TLS\s0 compression, same as clearing \&\fB\s-1SSL_OP_NO_COMPRESSION\s0\fR. This command was introduced in OpenSSL 1.1.0. As of OpenSSL 1.1.0, compression is off by default. -.IP "\fB\-no_comp\fR" 4 -.IX Item "-no_comp" -Disables support for \s-1SSL/TLS\s0 compression, same as setting -\&\fB\s-1SSL_OP_NO_COMPRESSION\s0\fR. -As of OpenSSL 1.1.0, compression is off by default. .IP "\fB\-no_ticket\fR" 4 .IX Item "-no_ticket" Disables support for session tickets, same as setting \fB\s-1SSL_OP_NO_TICKET\s0\fR. @@ -305,32 +184,167 @@ Disables support for session tickets, same as setting \fB\s-1SSL_OP_NO_TICKET\s0 Use server and not client preference order when determining which cipher suite, signature algorithm or elliptic curve to use for an incoming connection. Equivalent to \fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. Only used by servers. +.IP "\fB\-client_renegotiation\fR" 4 +.IX Item "-client_renegotiation" +Allows servers to accept client-initiated renegotiation. Equivalent to +setting \fB\s-1SSL_OP_ALLOW_CLIENT_RENEGOTIATION\s0\fR. +Only used by servers. +.IP "\fB\-legacy_renegotiation\fR" 4 +.IX Item "-legacy_renegotiation" +Permits the use of unsafe legacy renegotiation. Equivalent to setting +\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR. +.IP "\fB\-no_renegotiation\fR" 4 +.IX Item "-no_renegotiation" +Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting +\&\fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR. +.IP "\fB\-no_resumption_on_reneg\fR" 4 +.IX Item "-no_resumption_on_reneg" +Sets \fB\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0\fR. Only used by servers. +.IP "\fB\-legacy_server_connect\fR, \fB\-no_legacy_server_connect\fR" 4 +.IX Item "-legacy_server_connect, -no_legacy_server_connect" +Permits or prohibits the use of unsafe legacy renegotiation for OpenSSL +clients only. Equivalent to setting or clearing \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR. .IP "\fB\-prioritize_chacha\fR" 4 .IX Item "-prioritize_chacha" Prioritize ChaCha ciphers when the client has a ChaCha20 cipher at the top of its preference list. This usually indicates a client without \s-1AES\s0 hardware acceleration (e.g. mobile) is in use. Equivalent to \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR. Only used by servers. Requires \fB\-serverpref\fR. -.IP "\fB\-no_resumption_on_reneg\fR" 4 -.IX Item "-no_resumption_on_reneg" -set \s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0 flag. Only used by servers. -.IP "\fB\-legacyrenegotiation\fR" 4 -.IX Item "-legacyrenegotiation" -permits the use of unsafe legacy renegotiation. Equivalent to setting -\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR. -.IP "\fB\-legacy_server_connect\fR, \fB\-no_legacy_server_connect\fR" 4 -.IX Item "-legacy_server_connect, -no_legacy_server_connect" -permits or prohibits the use of unsafe legacy renegotiation for OpenSSL -clients only. Equivalent to setting or clearing \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR. -Set by default. .IP "\fB\-allow_no_dhe_kex\fR" 4 .IX Item "-allow_no_dhe_kex" In TLSv1.3 allow a non\-(ec)dhe based key exchange mode on resumption. This means that there will be no forward secrecy for the resumed session. .IP "\fB\-strict\fR" 4 .IX Item "-strict" -enables strict mode protocol handling. Equivalent to setting +Enables strict mode protocol handling. Equivalent to setting \&\fB\s-1SSL_CERT_FLAG_TLS_STRICT\s0\fR. +.IP "\fB\-sigalgs\fR \fIalgs\fR" 4 +.IX Item "-sigalgs algs" +This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. +For clients this value is used directly for the supported signature +algorithms extension. For servers it is used to determine which signature +algorithms to support. +.Sp +The \fBalgs\fR argument should be a colon separated list of signature +algorithms in order of decreasing preference of the form \fBalgorithm+hash\fR +or \fBsignature_scheme\fR. \fBalgorithm\fR is one of \fB\s-1RSA\s0\fR, \fB\s-1DSA\s0\fR or \fB\s-1ECDSA\s0\fR and +\&\fBhash\fR is a supported algorithm \s-1OID\s0 short name such as \fB\s-1SHA1\s0\fR, \fB\s-1SHA224\s0\fR, +\&\fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR of \fB\s-1SHA512\s0\fR. Note: algorithm and hash names are case +sensitive. \fBsignature_scheme\fR is one of the signature schemes defined in +TLSv1.3, specified using the \s-1IETF\s0 name, e.g., \fBecdsa_secp256r1_sha256\fR, +\&\fBed25519\fR, or \fBrsa_pss_pss_sha256\fR. +.Sp +If this option is not set then all signature algorithms supported by the +OpenSSL library are permissible. +.Sp +Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by +using \fB\s-1RSA\s0\fR as the \fBalgorithm\fR or by using one of the \fBrsa_pkcs1_*\fR +identifiers) are ignored in TLSv1.3 and will not be negotiated. +.IP "\fB\-client_sigalgs\fR \fIalgs\fR" 4 +.IX Item "-client_sigalgs algs" +This sets the supported signature algorithms associated with client +authentication for TLSv1.2 and TLSv1.3. For servers the \fBalgs\fR is used +in the \fBsignature_algorithms\fR field of a \fBCertificateRequest\fR message. +For clients it is used to determine which signature algorithm to use with +the client certificate. If a server does not request a certificate this +option has no effect. +.Sp +The syntax of \fBalgs\fR is identical to \fB\-sigalgs\fR. If not set, then the +value set for \fB\-sigalgs\fR will be used instead. +.IP "\fB\-groups\fR \fIgroups\fR" 4 +.IX Item "-groups groups" +This sets the supported groups. For clients, the groups are sent using +the supported groups extension. For servers, it is used to determine which +group to use. This setting affects groups used for signatures (in TLSv1.2 +and earlier) and key exchange. The first group listed will also be used +for the \fBkey_share\fR sent by a client in a TLSv1.3 \fBClientHello\fR. +.Sp +The \fBgroups\fR argument is a colon separated list of groups. The group can +be either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR), some other commonly used name +where applicable (e.g. \fBX25519\fR, \fBffdhe2048\fR) or an OpenSSL \s-1OID\s0 name +(e.g. \fBprime256v1\fR). Group names are case sensitive. The list should be +in order of preference with the most preferred group first. +.Sp +Currently supported groups for \fBTLSv1.3\fR are \fBP\-256\fR, \fBP\-384\fR, \fBP\-521\fR, +\&\fBX25519\fR, \fBX448\fR, \fBffdhe2048\fR, \fBffdhe3072\fR, \fBffdhe4096\fR, \fBffdhe6144\fR, +\&\fBffdhe8192\fR. +.IP "\fB\-curves\fR \fIgroups\fR" 4 +.IX Item "-curves groups" +This is a synonym for the \fB\-groups\fR command. +.IP "\fB\-named_curve\fR \fIcurve\fR" 4 +.IX Item "-named_curve curve" +This sets the temporary curve used for ephemeral \s-1ECDH\s0 modes. Only used +by servers. +.Sp +The \fBgroups\fR argument is a curve name or the special value \fBauto\fR which +picks an appropriate curve based on client and server preferences. The +curve can be either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR) or an OpenSSL \s-1OID\s0 name +(e.g. \fBprime256v1\fR). Curve names are case sensitive. +.IP "\fB\-cipher\fR \fIciphers\fR" 4 +.IX Item "-cipher ciphers" +Sets the TLSv1.2 and below ciphersuite list to \fBciphers\fR. This list will be +combined with any configured TLSv1.3 ciphersuites. Note: syntax checking +of \fBciphers\fR is currently not performed unless a \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR +structure is associated with \fBctx\fR. +.IP "\fB\-ciphersuites\fR \fI1.3ciphers\fR" 4 +.IX Item "-ciphersuites 1.3ciphers" +Sets the available ciphersuites for TLSv1.3 to value. This is a +colon-separated list of TLSv1.3 ciphersuite names in order of preference. This +list will be combined any configured TLSv1.2 and below ciphersuites. +See \fBopenssl\-ciphers\fR\|(1) for more information. +.IP "\fB\-min_protocol\fR \fIminprot\fR, \fB\-max_protocol\fR \fImaxprot\fR" 4 +.IX Item "-min_protocol minprot, -max_protocol maxprot" +Sets the minimum and maximum supported protocol. +Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, +\&\fBTLSv1.2\fR, \fBTLSv1.3\fR for \s-1TLS\s0; \fBDTLSv1\fR, \fBDTLSv1.2\fR for \s-1DTLS,\s0 and \fBNone\fR +for no limit. +If either the lower or upper bound is not specified then only the other bound +applies, if specified. +If your application supports both \s-1TLS\s0 and \s-1DTLS\s0 you can specify any of these +options twice, once with a bound for \s-1TLS\s0 and again with an appropriate bound +for \s-1DTLS.\s0 +To restrict the supported protocol versions use these commands rather than the +deprecated alternative commands below. +.IP "\fB\-record_padding\fR \fIpadding\fR" 4 +.IX Item "-record_padding padding" +Attempts to pad TLSv1.3 records so that they are a multiple of \fBpadding\fR +in length on send. A \fBpadding\fR of 0 or 1 turns off padding. Otherwise, +the \fBpadding\fR must be >1 or <=16384. +.IP "\fB\-debug_broken_protocol\fR" 4 +.IX Item "-debug_broken_protocol" +Ignored. +.IP "\fB\-no_middlebox\fR" 4 +.IX Item "-no_middlebox" +Turn off \*(L"middlebox compatibility\*(R", as described below. +.SS "Additional Options" +.IX Subsection "Additional Options" +The following options are accepted by \fBSSL_CONF_cmd()\fR, but are not +processed by the OpenSSL commands. +.IP "\fB\-cert\fR \fIfile\fR" 4 +.IX Item "-cert file" +Attempts to use \fBfile\fR as the certificate for the appropriate context. It +currently uses \fBSSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR +structure is set or \fBSSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an +\&\fB\s-1SSL\s0\fR structure is set. This option is only supported if certificate +operations are permitted. +.IP "\fB\-key\fR \fIfile\fR" 4 +.IX Item "-key file" +Attempts to use \fBfile\fR as the private key for the appropriate context. This +option is only supported if certificate operations are permitted. Note: +if no \fB\-key\fR option is set then a private key is not loaded unless the +flag \fB\s-1SSL_CONF_FLAG_REQUIRE_PRIVATE\s0\fR is set. +.IP "\fB\-dhparam\fR \fIfile\fR" 4 +.IX Item "-dhparam file" +Attempts to use \fBfile\fR as the set of temporary \s-1DH\s0 parameters for +the appropriate context. This option is only supported if certificate +operations are permitted. +.IP "\fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR" 4 +.IX Item "-no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3" +Disables protocol support for SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 by +setting the corresponding options \fBSSL_OP_NO_SSLv3\fR, \fBSSL_OP_NO_TLSv1\fR, +\&\fBSSL_OP_NO_TLSv1_1\fR, \fBSSL_OP_NO_TLSv1_2\fR and \fBSSL_OP_NO_TLSv1_3\fR +respectively. These options are deprecated, use \fB\-min_protocol\fR and +\&\fB\-max_protocol\fR instead. .IP "\fB\-anti_replay\fR, \fB\-no_anti_replay\fR" 4 .IX Item "-anti_replay, -no_anti_replay" Switches replay protection, on or off respectively. With replay protection on, @@ -344,25 +358,25 @@ risks in other ways and in such cases the built-in OpenSSL functionality is not required. Switching off anti-replay is equivalent to \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR. .SH "SUPPORTED CONFIGURATION FILE COMMANDS" .IX Header "SUPPORTED CONFIGURATION FILE COMMANDS" -Currently supported \fBcmd\fR names for configuration files (i.e. when the +Currently supported \fBoption\fR names for configuration files (i.e., when the flag \fB\s-1SSL_CONF_FLAG_FILE\s0\fR is set) are listed below. All configuration file -\&\fBcmd\fR names are case insensitive so \fBsignaturealgorithms\fR is recognised +\&\fBoption\fR names are case insensitive so \fBsignaturealgorithms\fR is recognised as well as \fBSignatureAlgorithms\fR. Unless otherwise stated the \fBvalue\fR names are also case insensitive. .PP -Note: the command prefix (if set) alters the recognised \fBcmd\fR values. +Note: the command prefix (if set) alters the recognised \fBoption\fR values. .IP "\fBCipherString\fR" 4 .IX Item "CipherString" Sets the ciphersuite list for TLSv1.2 and below to \fBvalue\fR. This list will be combined with any configured TLSv1.3 ciphersuites. Note: syntax checking of \fBvalue\fR is currently not performed unless an \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR -structure is associated with \fBcctx\fR. +structure is associated with \fBctx\fR. .IP "\fBCiphersuites\fR" 4 .IX Item "Ciphersuites" -Sets the available ciphersuites for TLSv1.3 to \fBvalue\fR. This is a simple colon -(\*(L":\*(R") separated list of TLSv1.3 ciphersuite names in order of preference. This +Sets the available ciphersuites for TLSv1.3 to \fBvalue\fR. This is a +colon-separated list of TLSv1.3 ciphersuite names in order of preference. This list will be combined any configured TLSv1.2 and below ciphersuites. -See \fBciphers\fR\|(1) for more information. +See \fBopenssl\-ciphers\fR\|(1) for more information. .IP "\fBCertificate\fR" 4 .IX Item "Certificate" Attempts to use the file \fBvalue\fR as the certificate for the appropriate @@ -448,9 +462,13 @@ will also be used for the \fBkey_share\fR sent by a client in a TLSv1.3 .Sp The \fBvalue\fR argument is a colon separated list of groups. The group can be either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR), some other commonly used name where -applicable (e.g. \fBX25519\fR) or an OpenSSL \s-1OID\s0 name (e.g. \fBprime256v1\fR). Group -names are case sensitive. The list should be in order of preference with the -most preferred group first. +applicable (e.g. \fBX25519\fR, \fBffdhe2048\fR) or an OpenSSL \s-1OID\s0 name +(e.g. \fBprime256v1\fR). Group names are case sensitive. The list should be in +order of preference with the most preferred group first. +.Sp +Currently supported groups for \fBTLSv1.3\fR are \fBP\-256\fR, \fBP\-384\fR, \fBP\-521\fR, +\&\fBX25519\fR, \fBX448\fR, \fBffdhe2048\fR, \fBffdhe3072\fR, \fBffdhe4096\fR, \fBffdhe6144\fR, +\&\fBffdhe8192\fR. .IP "\fBCurves\fR" 4 .IX Item "Curves" This is a synonym for the \*(L"Groups\*(R" command. @@ -554,7 +572,6 @@ Equivalent to \fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR. .Sp \&\fBUnsafeLegacyServerConnect\fR: permits the use of unsafe legacy renegotiation for OpenSSL clients only. Equivalent to \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR. -Set by default. .Sp \&\fBEncryptThenMac\fR: use encrypt-then-mac extension, enabled by default. Inverse of \fB\s-1SSL_OP_NO_ENCRYPT_THEN_MAC\s0\fR: that is, @@ -579,6 +596,14 @@ specification. Some applications may be able to mitigate the replay risks in other ways and in such cases the built-in OpenSSL functionality is not required. Disabling anti-replay is equivalent to setting \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR. .Sp +\&\fBExtendedMasterSecret\fR: use extended master secret extension, enabled by +default. Inverse of \fB\s-1SSL_OP_NO_EXTENDED_MASTER_SECRET\s0\fR: that is, +\&\fB\-ExtendedMasterSecret\fR is the same as setting \fB\s-1SSL_OP_NO_EXTENDED_MASTER_SECRET\s0\fR. +.Sp +\&\fBCANames\fR: use \s-1CA\s0 names extension, enabled by +default. Inverse of \fB\s-1SSL_OP_DISABLE_TLSEXT_CA_NAMES\s0\fR: that is, +\&\fB\-CANames\fR is the same as setting \fB\s-1SSL_OP_DISABLE_TLSEXT_CA_NAMES\s0\fR. +.Sp \&\fB\s-1KTLS\s0\fR: Enables kernel \s-1TLS\s0 if support has been compiled in, and it is supported by the negotiated ciphersuites and extensions. Equivalent to \&\fB\s-1SSL_OP_ENABLE_KTLS\s0\fR. @@ -619,7 +644,7 @@ The function \fBSSL_CONF_cmd_value_type()\fR currently returns one of the follow types: .IP "\fB\s-1SSL_CONF_TYPE_UNKNOWN\s0\fR" 4 .IX Item "SSL_CONF_TYPE_UNKNOWN" -The \fBcmd\fR string is unrecognised, this return value can be use to flag +The \fBoption\fR string is unrecognised, this return value can be use to flag syntax errors. .IP "\fB\s-1SSL_CONF_TYPE_STRING\s0\fR" 4 .IX Item "SSL_CONF_TYPE_STRING" @@ -656,7 +681,7 @@ SSLv3 is \fBalways\fR disabled and attempt to override this by the user are ignored. .PP By checking the return code of \fBSSL_CONF_cmd()\fR it is possible to query if a -given \fBcmd\fR is recognised, this is useful if \fBSSL_CONF_cmd()\fR values are +given \fBoption\fR is recognised, this is useful if \fBSSL_CONF_cmd()\fR values are mixed with additional application specific operations. .PP For example an application might call \fBSSL_CONF_cmd()\fR and if it returns @@ -666,12 +691,12 @@ commands. Applications can also use \fBSSL_CONF_cmd()\fR to process command lines though the utility function \fBSSL_CONF_cmd_argv()\fR is normally used instead. One way to do this is to set the prefix to an appropriate value using -\&\fBSSL_CONF_CTX_set1_prefix()\fR, pass the current argument to \fBcmd\fR and the +\&\fBSSL_CONF_CTX_set1_prefix()\fR, pass the current argument to \fBoption\fR and the following argument to \fBvalue\fR (which may be \s-1NULL\s0). .PP In this case if the return value is positive then it is used to skip that number of arguments as they have been processed by \fBSSL_CONF_cmd()\fR. If \-2 is -returned then \fBcmd\fR is not recognised and application specific arguments +returned then \fBoption\fR is not recognised and application specific arguments can be checked instead. If \-3 is returned a required argument is missing and an error is indicated. If 0 is returned some other error occurred and this can be reported back to the user. @@ -683,17 +708,17 @@ value is \fB\s-1SSL_CONF_TYPE_FILE\s0\fR an application could translate a relati pathname to an absolute pathname. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSSL_CONF_cmd()\fR returns 1 if the value of \fBcmd\fR is recognised and \fBvalue\fR is -\&\fB\s-1NOT\s0\fR used and 2 if both \fBcmd\fR and \fBvalue\fR are used. In other words it +\&\fBSSL_CONF_cmd()\fR returns 1 if the value of \fBoption\fR is recognised and \fBvalue\fR is +\&\fB\s-1NOT\s0\fR used and 2 if both \fBoption\fR and \fBvalue\fR are used. In other words it returns the number of arguments processed. This is useful when processing command lines. .PP -A return value of \-2 means \fBcmd\fR is not recognised. +A return value of \-2 means \fBoption\fR is not recognised. .PP -A return value of \-3 means \fBcmd\fR is recognised and the command requires a +A return value of \-3 means \fBoption\fR is recognised and the command requires a value but \fBvalue\fR is \s-1NULL.\s0 .PP -A return code of 0 indicates that both \fBcmd\fR and \fBvalue\fR are valid but an +A return code of 0 indicates that both \fBoption\fR and \fBvalue\fR are valid but an error occurred attempting to perform the operation: for example due to an error in the syntax of \fBvalue\fR in this case the error queue may provide additional information. @@ -762,6 +787,7 @@ Set supported curves to P\-256, P\-384: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \&\fBSSL_CONF_CTX_new\fR\|(3), \&\fBSSL_CONF_CTX_set_flags\fR\|(3), \&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), @@ -782,11 +808,14 @@ OpenSSL passing a command which didn't take an argument would return \&\fBMinProtocol\fR and \fBMaxProtocol\fR where added in OpenSSL 1.1.0. .PP \&\fBAllowNoDHEKEX\fR and \fBPrioritizeChaCha\fR were added in OpenSSL 1.1.1. +.PP +The \fBUnsafeLegacyServerConnect\fR option is no longer set by default from +OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2012\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CONF_cmd_argv.3 b/secure/lib/libcrypto/man/man3/SSL_CONF_cmd_argv.3 index 700d5b6dbce7..537f5e5563e7 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CONF_cmd_argv.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CONF_cmd_argv.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CONF_CMD_ARGV 3" -.TH SSL_CONF_CMD_ARGV 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CONF_CMD_ARGV 3ossl" +.TH SSL_CONF_CMD_ARGV 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -164,6 +162,7 @@ If \-1 is returned the command is recognised but couldn't be processed due to an error: for example a syntax error in the argument. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \&\fBSSL_CONF_CTX_new\fR\|(3), \&\fBSSL_CONF_CTX_set_flags\fR\|(3), \&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), @@ -176,7 +175,7 @@ These functions were added in OpenSSL 1.0.2. .IX Header "COPYRIGHT" Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_add1_chain_cert.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_add1_chain_cert.3 index 67cf5e8dcdf9..d36ad9265fcf 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_add1_chain_cert.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_add1_chain_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,20 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_ADD1_CHAIN_CERT 3" -.TH SSL_CTX_ADD1_CHAIN_CERT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_ADD1_CHAIN_CERT 3ossl" +.TH SSL_CTX_ADD1_CHAIN_CERT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set0_chain, SSL_CTX_set1_chain, SSL_CTX_add0_chain_cert, SSL_CTX_add1_chain_cert, SSL_CTX_get0_chain_certs, SSL_CTX_clear_chain_certs, SSL_set0_chain, SSL_set1_chain, SSL_add0_chain_cert, SSL_add1_chain_cert, SSL_get0_chain_certs, SSL_clear_chain_certs, SSL_CTX_build_cert_chain, SSL_build_cert_chain, SSL_CTX_select_current_cert, SSL_select_current_cert, SSL_CTX_set_current_cert, SSL_set_current_cert \- extra chain certificate processing +SSL_CTX_set0_chain, SSL_CTX_set1_chain, SSL_CTX_add0_chain_cert, +SSL_CTX_add1_chain_cert, SSL_CTX_get0_chain_certs, SSL_CTX_clear_chain_certs, +SSL_set0_chain, SSL_set1_chain, SSL_add0_chain_cert, SSL_add1_chain_cert, +SSL_get0_chain_certs, SSL_clear_chain_certs, SSL_CTX_build_cert_chain, +SSL_build_cert_chain, SSL_CTX_select_current_cert, +SSL_select_current_cert, SSL_CTX_set_current_cert, SSL_set_current_cert \- extra +chain certificate processing .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -183,8 +187,9 @@ certificate of \fBctx\fR. current certificate of \fBctx\fR. (This is implemented by calling \&\fBSSL_CTX_set0_chain()\fR with \fBsk\fR set to \fB\s-1NULL\s0\fR). .PP -\&\fBSSL_CTX_build_cert_chain()\fR builds the certificate chain for \fBctx\fR normally -this uses the chain store or the verify store if the chain store is not set. +\&\fBSSL_CTX_build_cert_chain()\fR builds the certificate chain for \fBctx\fR. +Normally this uses the chain store +or the verify store if the chain store is not set. If the function is successful the built chain will replace any existing chain. The \fBflags\fR parameter can be set to \fB\s-1SSL_BUILD_CHAIN_FLAG_UNTRUSTED\s0\fR to use existing chain certificates as untrusted CAs, \fB\s-1SSL_BUILD_CHAIN_FLAG_NO_ROOT\s0\fR @@ -194,6 +199,8 @@ sanity checking and rearranging them if necessary), the flag \&\fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR\s0\fR ignores any errors during verification: if flag \fB\s-1SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR\s0\fR is also set verification errors are cleared from the error queue. +Details of the chain building process are described in +\&\*(L"Certification Path Building\*(R" in \fBopenssl\-verification\-options\fR\|(1). .PP Each of these functions operates on the \fIcurrent\fR end entity (i.e. server or client) certificate. This is the last certificate loaded or @@ -268,15 +275,16 @@ a verification error occurs then 2 is returned. All other functions return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.0.2. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2013\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_add_extra_chain_cert.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_add_extra_chain_cert.3 index 291ecf2551c2..ddf23520472c 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_add_extra_chain_cert.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_add_extra_chain_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,20 +130,26 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_ADD_EXTRA_CHAIN_CERT 3" -.TH SSL_CTX_ADD_EXTRA_CHAIN_CERT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_ADD_EXTRA_CHAIN_CERT 3ossl" +.TH SSL_CTX_ADD_EXTRA_CHAIN_CERT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs \- add or clear extra chain certificates +SSL_CTX_add_extra_chain_cert, +SSL_CTX_get_extra_chain_certs, +SSL_CTX_get_extra_chain_certs_only, +SSL_CTX_clear_extra_chain_certs +\&\- add, get or clear extra chain certificates .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> \& \& long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509); +\& long SSL_CTX_get_extra_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk); +\& long SSL_CTX_get_extra_chain_certs_only(SSL_CTX *ctx, STACK_OF(X509) **sk); \& long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx); .Ve .SH "DESCRIPTION" @@ -154,6 +158,15 @@ SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs \- add or clear ex certificates associated with \fBctx\fR. Several certificates can be added one after another. .PP +\&\fBSSL_CTX_get_extra_chain_certs()\fR retrieves the extra chain certificates +associated with \fBctx\fR, or the chain associated with the current certificate +of \fBctx\fR if the extra chain is empty. +The returned stack should not be freed by the caller. +.PP +\&\fBSSL_CTX_get_extra_chain_certs_only()\fR retrieves the extra chain certificates +associated with \fBctx\fR. +The returned stack should not be freed by the caller. +.PP \&\fBSSL_CTX_clear_extra_chain_certs()\fR clears all extra chain certificates associated with \fBctx\fR. .PP @@ -201,9 +214,9 @@ reason for failure. \&\fBSSL_build_cert_chain\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_add_session.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_add_session.3 index e2c46cd9817a..b1717f254f4c 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_add_session.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_add_session.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_ADD_SESSION 3" -.TH SSL_CTX_ADD_SESSION 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_ADD_SESSION 3ossl" +.TH SSL_CTX_ADD_SESSION 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -194,7 +192,7 @@ The operation succeeded. .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_config.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_config.3 index f54f3ca7e2e2..ad478c42f691 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_config.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_config.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_CONFIG 3" -.TH SSL_CTX_CONFIG 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_CONFIG 3ossl" +.TH SSL_CTX_CONFIG 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,8 +150,7 @@ SSL_CTX_config, SSL_config \- configure SSL_CTX or SSL structure .IX Header "DESCRIPTION" The functions \fBSSL_CTX_config()\fR and \fBSSL_config()\fR configure an \fB\s-1SSL_CTX\s0\fR or \&\fB\s-1SSL\s0\fR structure using the configuration \fBname\fR. -.SH "NOTES" -.IX Header "NOTES" +.PP By calling \fBSSL_CTX_config()\fR or \fBSSL_config()\fR an application can perform many complex tasks based on the contents of the configuration file: greatly simplifying application configuration code. A degree of future proofing @@ -208,6 +205,7 @@ In this example two certificates and the cipher list are configured without the need for any additional application code. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \&\fBconfig\fR\|(5), \&\fBSSL_CONF_cmd\fR\|(3), \&\fBCONF_modules_load_file\fR\|(3) @@ -216,9 +214,9 @@ the need for any additional application code. The \fBSSL_CTX_config()\fR and \fBSSL_config()\fR functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_ctrl.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_ctrl.3 index 61354d642340..e615f392c782 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_ctrl.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_ctrl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_CTRL 3" -.TH SSL_CTX_CTRL 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_CTRL 3ossl" +.TH SSL_CTX_CTRL 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -169,7 +167,7 @@ supplied via the \fBcmd\fR parameter. .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_dane_enable.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_dane_enable.3 index aef8fe25f375..5f612d9bcbf5 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_dane_enable.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_dane_enable.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,19 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_DANE_ENABLE 3" -.TH SSL_CTX_DANE_ENABLE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_DANE_ENABLE 3ossl" +.TH SSL_CTX_DANE_ENABLE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_dane_enable, SSL_CTX_dane_mtype_set, SSL_dane_enable, SSL_dane_tlsa_add, SSL_get0_dane_authority, SSL_get0_dane_tlsa, SSL_CTX_dane_set_flags, SSL_CTX_dane_clear_flags, SSL_dane_set_flags, SSL_dane_clear_flags \&\- enable DANE TLS authentication of the remote TLS server in the local TLS client +SSL_CTX_dane_enable, SSL_CTX_dane_mtype_set, SSL_dane_enable, +SSL_dane_tlsa_add, SSL_get0_dane_authority, SSL_get0_dane_tlsa, +SSL_CTX_dane_set_flags, SSL_CTX_dane_clear_flags, +SSL_dane_set_flags, SSL_dane_clear_flags +\&\- enable DANE TLS authentication of the remote TLS server in the local +TLS client .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -150,10 +153,10 @@ SSL_CTX_dane_enable, SSL_CTX_dane_mtype_set, SSL_dane_enable, SSL_dane_tlsa_add, \& uint8_t mtype, uint8_t ord); \& int SSL_dane_enable(SSL *s, const char *basedomain); \& int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, -\& uint8_t mtype, unsigned const char *data, size_t dlen); +\& uint8_t mtype, const unsigned char *data, size_t dlen); \& int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); \& int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, -\& uint8_t *mtype, unsigned const char **data, +\& uint8_t *mtype, const unsigned char **data, \& size_t *dlen); \& unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags); \& unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags); @@ -268,7 +271,7 @@ Applications that need long-term access to this field need to copy the content. optional \s-1DANE\s0 verification features. \&\fBSSL_CTX_dane_clear_flags()\fR and \fBSSL_dane_clear_flags()\fR can be used to disable the same features. -The \fBflags\fR argument is a bit mask of the features to enable or disable. +The \fBflags\fR argument is a bit-mask of the features to enable or disable. The \fBflags\fR set for an \fB\s-1SSL_CTX\s0\fR context are copied to each \fB\s-1SSL\s0\fR handle associated with that context at the time the handle is created. Subsequent changes in the context's \fBflags\fR have no effect on the \fBflags\fR set @@ -478,6 +481,7 @@ or unsupported parameters) disable peer authentication by calling \&\fBSSL_set_verify\fR\|(3) with \fBmode\fR equal to \fB\s-1SSL_VERIFY_NONE\s0\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \&\fBSSL_new\fR\|(3), \&\fBSSL_add1_host\fR\|(3), \&\fBSSL_set_hostflags\fR\|(3), @@ -500,9 +504,9 @@ or unsupported parameters) disable peer authentication by calling These functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_flush_sessions.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_flush_sessions.3 index 334c40304355..1b59294f251d 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_flush_sessions.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_flush_sessions.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_FLUSH_SESSIONS 3" -.TH SSL_CTX_FLUSH_SESSIONS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_FLUSH_SESSIONS 3ossl" +.TH SSL_CTX_FLUSH_SESSIONS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -182,7 +180,7 @@ called to synchronize with the external cache (see .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_free.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_free.3 index a1bd1ed53c4c..3d0e2f58c08d 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_free.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_free.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_FREE 3" -.TH SSL_CTX_FREE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_FREE 3ossl" +.TH SSL_CTX_FREE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -176,7 +174,7 @@ SSL_CTX_sess_set_remove_cb(\fBctx\fR, \s-1NULL\s0) prior to calling \fBSSL_CTX_f .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_get0_param.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_get0_param.3 index 958f3c25146e..352e44ccf1c7 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_get0_param.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_get0_param.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,23 +130,31 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_GET0_PARAM 3" -.TH SSL_CTX_GET0_PARAM 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_GET0_PARAM 3ossl" +.TH SSL_CTX_GET0_PARAM 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_param \- get and set verification parameters +SSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_param, +SSL_CTX_set_purpose, SSL_CTX_set_trust, SSL_set_purpose, SSL_set_trust \- +get and set verification parameters .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> \& -\& X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) -\& X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) -\& int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) -\& int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) +\& X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); +\& X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); +\& int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); +\& int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); +\& +\& int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose); +\& int SSL_set_purpose(SSL *ssl, int purpose); +\& +\& int SSL_CTX_set_trust(SSL_CTX *ctx, int trust); +\& int SSL_set_trust(SSL *ssl, int trust); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -158,6 +164,14 @@ pointer must not be freed by the calling application. .PP \&\fBSSL_CTX_set1_param()\fR and \fBSSL_set1_param()\fR set the verification parameters to \fBvpm\fR for \fBctx\fR or \fBssl\fR. +.PP +The functions \fBSSL_CTX_set_purpose()\fR and \fBSSL_set_purpose()\fR are shorthands which +set the purpose parameter on the verification parameters object. These functions +are equivalent to calling \fBX509_VERIFY_PARAM_set_purpose()\fR directly. +.PP +The functions \fBSSL_CTX_set_trust()\fR and \fBSSL_set_trust()\fR are similarly shorthands +which set the trust parameter on the verification parameters object. These +functions are equivalent to calling \fBX509_VERIFY_PARAM_set_trust()\fR directly. .SH "NOTES" .IX Header "NOTES" Typically parameters are retrieved from an \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structure @@ -168,8 +182,9 @@ them to suit its needs: for example to add a hostname check. \&\fBSSL_CTX_get0_param()\fR and \fBSSL_get0_param()\fR return a pointer to an \&\fBX509_VERIFY_PARAM\fR structure. .PP -\&\fBSSL_CTX_set1_param()\fR and \fBSSL_set1_param()\fR return 1 for success and 0 -for failure. +\&\fBSSL_CTX_set1_param()\fR, \fBSSL_set1_param()\fR, \fBSSL_CTX_set_purpose()\fR, +\&\fBSSL_set_purpose()\fR, \fBSSL_CTX_set_trust()\fR and \fBSSL_set_trust()\fR return 1 for success +and 0 for failure. .SH "EXAMPLES" .IX Header "EXAMPLES" Check hostname matches \*(L"www.foo.com\*(R" in peer certificate: @@ -180,15 +195,16 @@ Check hostname matches \*(L"www.foo.com\*(R" in peer certificate: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \&\fBX509_VERIFY_PARAM_set_flags\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.0.2. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_get_verify_mode.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_get_verify_mode.3 index 197d16e36bc9..0daf811df802 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_get_verify_mode.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_get_verify_mode.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_GET_VERIFY_MODE 3" -.TH SSL_CTX_GET_VERIFY_MODE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_GET_VERIFY_MODE 3ossl" +.TH SSL_CTX_GET_VERIFY_MODE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -185,7 +183,7 @@ See \s-1DESCRIPTION\s0 .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_has_client_custom_ext.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_has_client_custom_ext.3 index 374277fb66e0..ab0db5f99e96 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_has_client_custom_ext.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_has_client_custom_ext.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3" -.TH SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3ossl" +.TH SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_has_client_custom_ext \- check whether a handler exists for a particular client extension type +SSL_CTX_has_client_custom_ext \- check whether a handler exists for a particular +client extension type .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -162,7 +161,7 @@ Returns 1 if a handler has been set, 0 otherwise. .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_load_verify_locations.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_load_verify_locations.3 index 6a72bcfc55d3..5c196b6bcdc2 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_load_verify_locations.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_load_verify_locations.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,41 +130,58 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_LOAD_VERIFY_LOCATIONS 3" -.TH SSL_CTX_LOAD_VERIFY_LOCATIONS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_LOAD_VERIFY_LOCATIONS 3ossl" +.TH SSL_CTX_LOAD_VERIFY_LOCATIONS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_load_verify_locations, SSL_CTX_set_default_verify_paths, SSL_CTX_set_default_verify_dir, SSL_CTX_set_default_verify_file \- set default locations for trusted CA certificates +SSL_CTX_load_verify_dir, SSL_CTX_load_verify_file, +SSL_CTX_load_verify_store, SSL_CTX_set_default_verify_paths, +SSL_CTX_set_default_verify_dir, SSL_CTX_set_default_verify_file, +SSL_CTX_set_default_verify_store, SSL_CTX_load_verify_locations +\&\- set default locations for trusted CA certificates .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> \& -\& int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, -\& const char *CApath); +\& int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath); +\& int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile); +\& int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore); \& \& int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); \& \& int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); -\& \& int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); +\& int SSL_CTX_set_default_verify_store(SSL_CTX *ctx); +\& +\& int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, +\& const char *CApath); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBSSL_CTX_load_verify_locations()\fR specifies the locations for \fBctx\fR, at -which \s-1CA\s0 certificates for verification purposes are located. The certificates -available via \fBCAfile\fR and \fBCApath\fR are trusted. +\&\fBSSL_CTX_load_verify_locations()\fR, \fBSSL_CTX_load_verify_dir()\fR, +\&\fBSSL_CTX_load_verify_file()\fR, \fBSSL_CTX_load_verify_store()\fR specifies the +locations for \fBctx\fR, at which \s-1CA\s0 certificates for verification purposes +are located. The certificates available via \fBCAfile\fR, \fBCApath\fR and +\&\fBCAstore\fR are trusted. +.PP +Details of the certificate verification and chain checking process are +described in \*(L"Certification Path Validation\*(R" in \fBopenssl\-verification\-options\fR\|(1). .PP \&\fBSSL_CTX_set_default_verify_paths()\fR specifies that the default locations from -which \s-1CA\s0 certificates are loaded should be used. There is one default directory -and one default file. The default \s-1CA\s0 certificates directory is called \*(L"certs\*(R" in -the default OpenSSL directory. Alternatively the \s-1SSL_CERT_DIR\s0 environment -variable can be defined to override this location. The default \s-1CA\s0 certificates -file is called \*(L"cert.pem\*(R" in the default OpenSSL directory. Alternatively the -\&\s-1SSL_CERT_FILE\s0 environment variable can be defined to override this location. +which \s-1CA\s0 certificates are loaded should be used. There is one default directory, +one default file and one default store. +The default \s-1CA\s0 certificates directory is called \fIcerts\fR in the default OpenSSL +directory, and this is also the default store. +Alternatively the \fB\s-1SSL_CERT_DIR\s0\fR environment variable can be defined to +override this location. +The default \s-1CA\s0 certificates file is called \fIcert.pem\fR in the default +OpenSSL directory. +Alternatively the \fB\s-1SSL_CERT_FILE\s0\fR environment variable can be defined to +override this location. .PP \&\fBSSL_CTX_set_default_verify_dir()\fR is similar to \&\fBSSL_CTX_set_default_verify_paths()\fR except that just the default directory is @@ -175,6 +190,10 @@ used. \&\fBSSL_CTX_set_default_verify_file()\fR is similar to \&\fBSSL_CTX_set_default_verify_paths()\fR except that just the default file is used. +.PP +\&\fBSSL_CTX_set_default_verify_store()\fR is similar to +\&\fBSSL_CTX_set_default_verify_paths()\fR except that just the default store is +used. .SH "NOTES" .IX Header "NOTES" If \fBCAfile\fR is not \s-1NULL,\s0 it points to a file of \s-1CA\s0 certificates in \s-1PEM\s0 @@ -205,14 +224,15 @@ The certificates in \fBCApath\fR are only looked up when required, e.g. when building the certificate chain or when actually performing the verification of a peer certificate. .PP -When looking up \s-1CA\s0 certificates, the OpenSSL library will first search the -certificates in \fBCAfile\fR, then those in \fBCApath\fR. Certificate matching -is done based on the subject name, the key identifier (if present), and the -serial number as taken from the certificate to be verified. If these data -do not match, the next certificate will be tried. If a first certificate -matching the parameters is found, the verification process will be performed; -no other certificates for the same parameters will be searched in case of -failure. +When looking up \s-1CA\s0 certificates for chain building, the OpenSSL library +will search for suitable certificates first in \fBCAfile\fR, then in \fBCApath\fR. +Details of the chain building process are described in +\&\*(L"Certification Path Building\*(R" in \fBopenssl\-verification\-options\fR\|(1). +.PP +If \fBCAstore\fR is not \s-1NULL,\s0 it's a \s-1URI\s0 for to a store, which may +represent a single container or a whole catalogue of containers. +Apart from the \fBCAstore\fR not necessarily being a local file or +directory, it's generally treated the same way as a \fBCApath\fR. .PP In server mode, when requesting a client certificate, the server must send the list of CAs of which it will accept client certificates. This list @@ -279,9 +299,9 @@ for use as \fBCApath\fR: \&\fBSSL_CTX_set_client_CA_list\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_new.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_new.3 index a890e0827e57..a293178b5785 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_new.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,31 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_NEW 3" -.TH SSL_CTX_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_NEW 3ossl" +.TH SSL_CTX_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method, SSL_CTX_new, SSL_CTX_up_ref, SSLv3_method, SSLv3_server_method, SSLv3_client_method, TLSv1_method, TLSv1_server_method, TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, TLS_method, TLS_server_method, TLS_client_method, SSLv23_method, SSLv23_server_method, SSLv23_client_method, DTLS_method, DTLS_server_method, DTLS_client_method, DTLSv1_method, DTLSv1_server_method, DTLSv1_client_method, DTLSv1_2_method, DTLSv1_2_server_method, DTLSv1_2_client_method \&\- create a new SSL_CTX object as framework for TLS/SSL or DTLS enabled functions +TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method, +SSL_CTX_new, SSL_CTX_new_ex, SSL_CTX_up_ref, SSLv3_method, +SSLv3_server_method, SSLv3_client_method, TLSv1_method, TLSv1_server_method, +TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method, +TLSv1_1_client_method, TLS_method, TLS_server_method, TLS_client_method, +SSLv23_method, SSLv23_server_method, SSLv23_client_method, DTLS_method, +DTLS_server_method, DTLS_client_method, DTLSv1_method, DTLSv1_server_method, +DTLSv1_client_method, DTLSv1_2_method, DTLSv1_2_server_method, +DTLSv1_2_client_method +\&\- create a new SSL_CTX object as framework for TLS/SSL or DTLS enabled +functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> \& +\& SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, +\& const SSL_METHOD *method); \& SSL_CTX *SSL_CTX_new(const SSL_METHOD *method); \& int SSL_CTX_up_ref(SSL_CTX *ctx); \& @@ -198,19 +208,47 @@ TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method, SSL_CTX_new, SSL_C .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBSSL_CTX_new()\fR creates a new \fB\s-1SSL_CTX\s0\fR object as framework to -establish \s-1TLS/SSL\s0 or \s-1DTLS\s0 enabled connections. An \fB\s-1SSL_CTX\s0\fR object is -reference counted. Creating an \fB\s-1SSL_CTX\s0\fR object for the first time increments -the reference count. Freeing it (using SSL_CTX_free) decrements it. When the -reference count drops to zero, any memory or resources allocated to the -\&\fB\s-1SSL_CTX\s0\fR object are freed. \fBSSL_CTX_up_ref()\fR increments the reference count for -an existing \fB\s-1SSL_CTX\s0\fR structure. +\&\fBSSL_CTX_new_ex()\fR creates a new \fB\s-1SSL_CTX\s0\fR object, which holds various +configuration and data relevant to \s-1SSL/TLS\s0 or \s-1DTLS\s0 session establishment. +These are later inherited by the \fB\s-1SSL\s0\fR object representing an active session. +The \fImethod\fR parameter specifies whether the context will be used for the +client or server side or both \- for details see the \*(L"\s-1NOTES\*(R"\s0 below. +The library context \fIlibctx\fR (see \s-1\fBOSSL_LIB_CTX\s0\fR\|(3)) is used to provide the +cryptographic algorithms needed for the session. Any cryptographic algorithms +that are used by any \fB\s-1SSL\s0\fR objects created from this \fB\s-1SSL_CTX\s0\fR will be fetched +from the \fIlibctx\fR using the property query string \fIpropq\fR (see +\&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7). Either or both the \fIlibctx\fR or \fIpropq\fR +parameters may be \s-1NULL.\s0 +.PP +\&\fBSSL_CTX_new()\fR does the same as \fBSSL_CTX_new_ex()\fR except that the default +library context is used and no property query string is specified. +.PP +An \fB\s-1SSL_CTX\s0\fR object is reference counted. Creating an \fB\s-1SSL_CTX\s0\fR object for the +first time increments the reference count. Freeing the \fB\s-1SSL_CTX\s0\fR (using +SSL_CTX_free) decrements it. When the reference count drops to zero, any memory +or resources allocated to the \fB\s-1SSL_CTX\s0\fR object are freed. \fBSSL_CTX_up_ref()\fR +increments the reference count for an existing \fB\s-1SSL_CTX\s0\fR structure. +.PP +An \fB\s-1SSL_CTX\s0\fR object should not be changed after it is used to create any \fB\s-1SSL\s0\fR +objects or from multiple threads concurrently, since the implementation does not +provide serialization of access for these cases. .SH "NOTES" .IX Header "NOTES" -The \s-1SSL_CTX\s0 object uses \fBmethod\fR as connection method. -The methods exist in a generic type (for client and server use), a server only -type, and a client only type. -\&\fBmethod\fR can be of the following types: +On session establishment, by default, no peer credentials verification is done. +This must be explicitly requested, typically using \fBSSL_CTX_set_verify\fR\|(3). +For verifying peer certificates many options can be set using various functions +such as \fBSSL_CTX_load_verify_locations\fR\|(3) and \fBSSL_CTX_set1_param\fR\|(3). +The \fBX509_VERIFY_PARAM_set_purpose\fR\|(3) function can be used, also in conjunction +with \fBSSL_CTX_get0_param\fR\|(3), to set the intended purpose of the session. +The default is \fBX509_PURPOSE_SSL_SERVER\fR on the client side +and \fBX509_PURPOSE_SSL_CLIENT\fR on the server side. +.PP +The \s-1SSL_CTX\s0 object uses \fImethod\fR as the connection method. +Three method variants are available: a generic method (for either client or +server use), a server-only method, and a client-only method. +.PP +The \fImethod\fR parameter of \fBSSL_CTX_new_ex()\fR and \fBSSL_CTX_new()\fR +can be one of the following: .IP "\fBTLS_method()\fR, \fBTLS_server_method()\fR, \fBTLS_client_method()\fR" 4 .IX Item "TLS_method(), TLS_server_method(), TLS_client_method()" These are the general-purpose \fIversion-flexible\fR \s-1SSL/TLS\s0 methods. @@ -303,7 +341,9 @@ The return value points to an allocated \s-1SSL_CTX\s0 object. \&\fBSSL_CTX_up_ref()\fR returns 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBSSL_CTX_set_options\fR\|(3), \fBSSL_CTX_free\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBSSL_CTX_set_options\fR\|(3), \fBSSL_CTX_free\fR\|(3), +\&\fBSSL_CTX_set_verify\fR\|(3), \fBSSL_CTX_set1_param\fR\|(3), \fBSSL_CTX_get0_param\fR\|(3), +\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3), \&\fBSSL_CTX_set_min_proto_version\fR\|(3), \fBssl\fR\|(7), \fBSSL_set_connect_state\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" @@ -316,11 +356,13 @@ were deprecated and the preferred \fBTLS_method()\fR, \fBTLS_server_method()\fR and \fBTLS_client_method()\fR functions were added in OpenSSL 1.1.0. .PP All version-specific methods were deprecated in OpenSSL 1.1.0. +.PP +\&\fBSSL_CTX_new_ex()\fR was added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_sess_number.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_sess_number.3 index a079bbdd89b1..1bdd399b4a1f 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_sess_number.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_sess_number.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SESS_NUMBER 3" -.TH SSL_CTX_SESS_NUMBER 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SESS_NUMBER 3ossl" +.TH SSL_CTX_SESS_NUMBER 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -211,7 +209,7 @@ The functions return the values indicated in the \s-1DESCRIPTION\s0 section. .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_cache_size.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_cache_size.3 index 5bd334843e92..48aeb284f7a5 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_cache_size.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_cache_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SESS_SET_CACHE_SIZE 3" -.TH SSL_CTX_SESS_SET_CACHE_SIZE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SESS_SET_CACHE_SIZE 3ossl" +.TH SSL_CTX_SESS_SET_CACHE_SIZE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -187,7 +185,7 @@ expiration of sessions. .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_get_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_get_cb.3 index b661265dc4db..b4f578264ebf 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_get_cb.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_get_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SESS_SET_GET_CB 3" -.TH SSL_CTX_SESS_SET_GET_CB 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SESS_SET_GET_CB 3ossl" +.TH SSL_CTX_SESS_SET_GET_CB 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -248,7 +246,7 @@ return different callback function pointers respectively. .IX Header "COPYRIGHT" Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_sessions.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_sessions.3 index faf648774113..be7e573bf492 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_sessions.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_sessions.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SESSIONS 3" -.TH SSL_CTX_SESSIONS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SESSIONS 3ossl" +.TH SSL_CTX_SESSIONS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,7 +143,7 @@ SSL_CTX_sessions \- access internal session cache .Vb 1 \& #include <openssl/ssl.h> \& -\& struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); +\& LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -170,9 +168,9 @@ modified directly but by using the \&\fBSSL_CTX_set_session_cache_mode\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set0_CA_list.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set0_CA_list.3 index da1ea9d09189..f4c6e55383c7 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set0_CA_list.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set0_CA_list.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,27 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET0_CA_LIST 3" -.TH SSL_CTX_SET0_CA_LIST 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET0_CA_LIST 3ossl" +.TH SSL_CTX_SET0_CA_LIST 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_get_client_CA_list, SSL_CTX_get_client_CA_list, SSL_CTX_add_client_CA, SSL_add_client_CA, SSL_set0_CA_list, SSL_CTX_set0_CA_list, SSL_get0_CA_list, SSL_CTX_get0_CA_list, SSL_add1_to_CA_list, SSL_CTX_add1_to_CA_list, SSL_get0_peer_CA_list \&\- get or set CA list +SSL_CTX_set_client_CA_list, +SSL_set_client_CA_list, +SSL_get_client_CA_list, +SSL_CTX_get_client_CA_list, +SSL_CTX_add_client_CA, +SSL_add_client_CA, +SSL_set0_CA_list, +SSL_CTX_set0_CA_list, +SSL_get0_CA_list, +SSL_CTX_get0_CA_list, +SSL_add1_to_CA_list, +SSL_CTX_add1_to_CA_list, +SSL_get0_peer_CA_list +\&\- get or set CA list .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -299,9 +310,9 @@ Scan all certificates in \fBCAfile\fR and list them as acceptable CAs: \&\fBSSL_CTX_load_verify_locations\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set1_curves.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set1_curves.3 index 8b89bbd663f7..939a1585f14d 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set1_curves.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set1_curves.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,18 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET1_CURVES 3" -.TH SSL_CTX_SET1_CURVES 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET1_CURVES 3ossl" +.TH SSL_CTX_SET1_CURVES 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups, SSL_set1_groups_list, SSL_get1_groups, SSL_get_shared_group, SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves, SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve \&\- EC supported curve functions +SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups, +SSL_set1_groups_list, SSL_get1_groups, SSL_get_shared_group, +SSL_get_negotiated_group, SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, +SSL_set1_curves, SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve +\&\- EC supported curve functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -153,6 +155,7 @@ SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups, SSL_set1_groups_ \& \& int SSL_get1_groups(SSL *ssl, int *groups); \& int SSL_get_shared_group(SSL *s, int n); +\& int SSL_get_negotiated_group(SSL *s); \& \& int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen); \& int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list); @@ -166,17 +169,27 @@ SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups, SSL_set1_groups_ .SH "DESCRIPTION" .IX Header "DESCRIPTION" For all of the functions below that set the supported groups there must be at -least one group in the list. +least one group in the list. A number of these functions identify groups via a +unique integer \s-1NID\s0 value. However, support for some groups may be added by +external providers. In this case there will be no \s-1NID\s0 assigned for the group. +When setting such groups applications should use the \*(L"list\*(R" form of these +functions (i.e. \fBSSL_CTX_set1_groups_list()\fR and SSL_set1_groups_list). .PP \&\fBSSL_CTX_set1_groups()\fR sets the supported groups for \fBctx\fR to \fBglistlen\fR groups in the array \fBglist\fR. The array consist of all NIDs of groups in preference order. For a \s-1TLS\s0 client the groups are used directly in the supported groups extension. For a \s-1TLS\s0 server the groups are used to -determine the set of shared groups. +determine the set of shared groups. Currently supported groups for +\&\fBTLSv1.3\fR are \fBNID_X9_62_prime256v1\fR, \fBNID_secp384r1\fR, \fBNID_secp521r1\fR, +\&\fB\s-1NID_X25519\s0\fR, \fB\s-1NID_X448\s0\fR, \fBNID_ffdhe2048\fR, \fBNID_ffdhe3072\fR, +\&\fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR and \fBNID_ffdhe8192\fR. .PP \&\fBSSL_CTX_set1_groups_list()\fR sets the supported groups for \fBctx\fR to string \fBlist\fR. The string is a colon separated list of group NIDs or -names, for example \*(L"P\-521:P\-384:P\-256\*(R". +names, for example \*(L"P\-521:P\-384:P\-256:X25519:ffdhe2048\*(R". Currently supported +groups for \fBTLSv1.3\fR are \fBP\-256\fR, \fBP\-384\fR, \fBP\-521\fR, \fBX25519\fR, \fBX448\fR, +\&\fBffdhe2048\fR, \fBffdhe3072\fR, \fBffdhe4096\fR, \fBffdhe6144\fR, \fBffdhe8192\fR. Support +for other groups may be added by external providers. .PP \&\fBSSL_set1_groups()\fR and \fBSSL_set1_groups_list()\fR are similar except they set supported groups for the \s-1SSL\s0 structure \fBssl\fR. @@ -187,14 +200,27 @@ supported groups. The \fBgroups\fR parameter can be \fB\s-1NULL\s0\fR to simply return the number of groups for memory allocation purposes. The \&\fBgroups\fR array is in the form of a set of group NIDs in preference order. It can return zero if the client did not send a supported groups -extension. +extension. If a supported group \s-1NID\s0 is unknown then the value is set to the +bitwise \s-1OR\s0 of TLSEXT_nid_unknown (0x1000000) and the id of the group. .PP -\&\fBSSL_get_shared_group()\fR returns shared group \fBn\fR for a server-side -\&\s-1SSL\s0 \fBssl\fR. If \fBn\fR is \-1 then the total number of shared groups is +\&\fBSSL_get_shared_group()\fR returns the \s-1NID\s0 of the shared group \fBn\fR for a +server-side \s-1SSL\s0 \fBssl\fR. If \fBn\fR is \-1 then the total number of shared groups is returned, which may be zero. Other than for diagnostic purposes, most applications will only be interested in the first shared group so \fBn\fR is normally set to zero. If the value \fBn\fR is out of range, -NID_undef is returned. +NID_undef is returned. If the \s-1NID\s0 for the shared group is unknown then the value +is set to the bitwise \s-1OR\s0 of TLSEXT_nid_unknown (0x1000000) and the id of the +group. +.PP +\&\fBSSL_get_negotiated_group()\fR returns the \s-1NID\s0 of the negotiated group used for +the handshake key exchange process. For TLSv1.3 connections this typically +reflects the state of the current connection, though in the case of PSK-only +resumption, the returned value will be from a previous connection. For earlier +\&\s-1TLS\s0 versions, when a session has been resumed, it always reflects the group +used for key exchange during the initial handshake (otherwise it is from the +current, non-resumption, connection). This can be called by either client or +server. If the \s-1NID\s0 for the shared group is unknown then the value is set to the +bitwise \s-1OR\s0 of TLSEXT_nid_unknown (0x1000000) and the id of the group. .PP All these functions are implemented as macros. .PP @@ -221,18 +247,23 @@ is \-1. .PP When called on a client \fBssl\fR, \fBSSL_get_shared_group()\fR has no meaning and returns \-1. +.PP +\&\fBSSL_get_negotiated_group()\fR returns the \s-1NID\s0 of the negotiated group used for +key exchange, or NID_undef if there was no negotiated group. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The curve functions were added in OpenSSL 1.0.2. The equivalent group -functions were added in OpenSSL 1.1.1. +functions were added in OpenSSL 1.1.1. The \fBSSL_get_negotiated_group()\fR function +was added in OpenSSL 3.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set1_sigalgs.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set1_sigalgs.3 index 1e7eba941a8a..e5c1b89b2b78 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set1_sigalgs.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set1_sigalgs.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,17 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET1_SIGALGS 3" -.TH SSL_CTX_SET1_SIGALGS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET1_SIGALGS 3ossl" +.TH SSL_CTX_SET1_SIGALGS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set1_sigalgs, SSL_set1_sigalgs, SSL_CTX_set1_sigalgs_list, SSL_set1_sigalgs_list, SSL_CTX_set1_client_sigalgs, SSL_set1_client_sigalgs, SSL_CTX_set1_client_sigalgs_list, SSL_set1_client_sigalgs_list \- set supported signature algorithms +SSL_CTX_set1_sigalgs, SSL_set1_sigalgs, SSL_CTX_set1_sigalgs_list, +SSL_set1_sigalgs_list, SSL_CTX_set1_client_sigalgs, +SSL_set1_client_sigalgs, SSL_CTX_set1_client_sigalgs_list, +SSL_set1_client_sigalgs_list \- set supported signature algorithms .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -241,9 +242,9 @@ using a string: \&\fBSSL_CONF_CTX_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set1_verify_cert_store.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set1_verify_cert_store.3 index b68711167128..230d33acb071 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set1_verify_cert_store.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set1_verify_cert_store.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,20 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET1_VERIFY_CERT_STORE 3" -.TH SSL_CTX_SET1_VERIFY_CERT_STORE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET1_VERIFY_CERT_STORE 3ossl" +.TH SSL_CTX_SET1_VERIFY_CERT_STORE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, SSL_set0_chain_cert_store, SSL_set1_chain_cert_store, SSL_CTX_get0_verify_cert_store, SSL_CTX_get0_chain_cert_store, SSL_get0_verify_cert_store, SSL_get0_chain_cert_store \- set certificate verification or chain store +SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, +SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, +SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, +SSL_set0_chain_cert_store, SSL_set1_chain_cert_store, +SSL_CTX_get0_verify_cert_store, SSL_CTX_get0_chain_cert_store, +SSL_get0_verify_cert_store, SSL_get0_chain_cert_store \- set certificate +verification or chain store .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -193,6 +197,9 @@ the server's certificate chain and a \s-1SSL/TLS\s0 server will use it to verify any client certificate chain. .PP The chain store is used to build the certificate chain. +Details of the chain building and checking process are described in +\&\*(L"Certification Path Building\*(R" in \fBopenssl\-verification\-options\fR\|(1) and +\&\*(L"Certification Path Validation\*(R" in \fBopenssl\-verification\-options\fR\|(1). .PP If the mode \fB\s-1SSL_MODE_NO_AUTO_CHAIN\s0\fR is set or a certificate chain is configured already (for example using the functions such as @@ -211,6 +218,7 @@ versions of OpenSSL. All these functions return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) \&\fBSSL_CTX_set0_chain\fR\|(3) \&\fBSSL_CTX_set1_chain\fR\|(3) @@ -229,7 +237,7 @@ These functions were added in OpenSSL 1.0.2. .IX Header "COPYRIGHT" Copyright 2013\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_alpn_select_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_alpn_select_cb.3 index 877ded429910..ecd9d31eecf6 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_alpn_select_cb.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_alpn_select_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,17 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_ALPN_SELECT_CB 3" -.TH SSL_CTX_SET_ALPN_SELECT_CB 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_ALPN_SELECT_CB 3ossl" +.TH SSL_CTX_SET_ALPN_SELECT_CB 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set_alpn_protos, SSL_set_alpn_protos, SSL_CTX_set_alpn_select_cb, SSL_CTX_set_next_proto_select_cb, SSL_CTX_set_next_protos_advertised_cb, SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated \&\- handle application layer protocol negotiation (ALPN) +SSL_CTX_set_alpn_protos, SSL_set_alpn_protos, SSL_CTX_set_alpn_select_cb, +SSL_CTX_set_next_proto_select_cb, SSL_CTX_set_next_protos_advertised_cb, +SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated +\&\- handle application layer protocol negotiation (ALPN) .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -177,7 +178,7 @@ SSL_CTX_set_alpn_protos, SSL_set_alpn_protos, SSL_CTX_set_alpn_select_cb, SSL_CT \& const unsigned char *server, \& unsigned int server_len, \& const unsigned char *client, -\& unsigned int client_len) +\& unsigned int client_len); \& void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, \& unsigned *len); .Ve @@ -308,7 +309,7 @@ will be included in the ServerHello. .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_cb.3 index a29ea7706f23..3c8650b43fd9 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_cb.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_CERT_CB 3" -.TH SSL_CTX_SET_CERT_CB 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_CERT_CB 3ossl" +.TH SSL_CTX_SET_CERT_CB 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,27 +146,25 @@ SSL_CTX_set_cert_cb, SSL_set_cert_cb \- handle certificate callback function \& void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cert_cb)(SSL *ssl, void *arg), \& void *arg); \& void SSL_set_cert_cb(SSL *s, int (*cert_cb)(SSL *ssl, void *arg), void *arg); -\& -\& int (*cert_cb)(SSL *ssl, void *arg); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_cert_cb()\fR and \fBSSL_set_cert_cb()\fR sets the \fBcert_cb()\fR callback, -\&\fBarg\fR value is pointer which is passed to the application callback. +\&\fBSSL_CTX_set_cert_cb()\fR and \fBSSL_set_cert_cb()\fR sets the \fIcert_cb\fR callback, +\&\fIarg\fR value is pointer which is passed to the application callback. .PP -When \fBcert_cb()\fR is \s-1NULL,\s0 no callback function is used. +When \fIcert_cb\fR is \s-1NULL,\s0 no callback function is used. .PP -\&\fBcert_cb()\fR is the application defined callback. It is called before a +\&\fIcert_cb\fR is the application defined callback. It is called before a certificate will be used by a client or server. The callback can then inspect -the passed \fBssl\fR structure and set or clear any appropriate certificates. If +the passed \fIssl\fR structure and set or clear any appropriate certificates. If the callback is successful it \fB\s-1MUST\s0\fR return 1 even if no certificates have been set. A zero is returned on error which will abort the handshake with a fatal internal error alert. A negative return value will suspend the handshake and the handshake function will return immediately. \&\fBSSL_get_error\fR\|(3) will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to indicate, that the handshake was suspended. The next call to the handshake -function will again lead to the call of \fBcert_cb()\fR. It is the job of the -\&\fBcert_cb()\fR to store information about the state of the last call, +function will again lead to the call of \fIcert_cb\fR. It is the job of the +\&\fIcert_cb\fR to store information about the state of the last call, if required to continue. .SH "NOTES" .IX Header "NOTES" @@ -205,9 +201,9 @@ support it will \fBnot\fR be used. \&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2014\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_store.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_store.3 index 66327d0c3892..3ebf42816b54 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_store.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_store.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_CERT_STORE 3" -.TH SSL_CTX_SET_CERT_STORE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_CERT_STORE 3ossl" +.TH SSL_CTX_SET_CERT_STORE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -213,7 +211,7 @@ functions such as \fBSSL_CTX_set1_verify_cert_store()\fR instead. .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_verify_callback.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_verify_callback.3 index 5b7bfb5750c6..bb51149e3561 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_verify_callback.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_verify_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_CERT_VERIFY_CALLBACK 3" -.TH SSL_CTX_SET_CERT_VERIFY_CALLBACK 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_CERT_VERIFY_CALLBACK 3ossl" +.TH SSL_CTX_SET_CERT_VERIFY_CALLBACK 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,24 +154,48 @@ SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure the time when \fBSSL_new\fR\|(3) is called. .SH "NOTES" .IX Header "NOTES" -Whenever a certificate is verified during a \s-1SSL/TLS\s0 handshake, a verification -function is called. If the application does not explicitly specify a -verification callback function, the built-in verification function is used. +When a peer certificate has been received during a \s-1SSL/TLS\s0 handshake, +a verification function is called regardless of the verification mode. +If the application does not explicitly specify a verification callback function, +the built-in verification function is used. If a verification callback \fIcallback\fR is specified via \&\fBSSL_CTX_set_cert_verify_callback()\fR, the supplied callback function is called -instead. By setting \fIcallback\fR to \s-1NULL,\s0 the default behaviour is restored. +instead with the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). +The argument \fIarg\fR is specified by the application when setting \fIcallback\fR. +By setting \fIcallback\fR to \s-1NULL,\s0 the default behaviour is restored. +.PP +\&\fIcallback\fR should return 1 to indicate verification success +and 0 to indicate verification failure. +In server mode, a return value of 0 leads to handshake failure. +In client mode, the behaviour is as follows. +All values, including 0, are ignored +if the verification mode is \fB\s-1SSL_VERIFY_NONE\s0\fR. +Otherwise, when the return value is less than or equal to 0, the handshake will +fail. .PP -When the verification must be performed, \fIcallback\fR will be called with -the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The -argument \fIarg\fR is specified by the application when setting \fIcallback\fR. +In client mode \fIcallback\fR may also call the \fBSSL_set_retry_verify\fR\|(3) +function on the \fB\s-1SSL\s0\fR object set in the \fIx509_store_ctx\fR ex data (see +\&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3)) and return 1. This would be +typically done in case the certificate verification was not yet able +to succeed. This makes the handshake suspend and return control to the +calling application with \fB\s-1SSL_ERROR_WANT_RETRY_VERIFY\s0\fR. The app can for +instance fetch further certificates or cert status information needed for +the verification. Calling \fBSSL_connect\fR\|(3) again resumes the connection +attempt by retrying the server certificate verification step. +This process may even be repeated if need be. .PP -\&\fIcallback\fR should return 1 to indicate verification success and 0 to -indicate verification failure. If \s-1SSL_VERIFY_PEER\s0 is set and \fIcallback\fR -returns 0, the handshake will fail. As the verification procedure may -allow the connection to continue in the case of failure (by always -returning 1) the verification result must be set in any case using the -\&\fBerror\fR member of \fIx509_store_ctx\fR so that the calling application -will be informed about the detailed result of the verification procedure! +In any case a viable verification result value must be reflected +in the \fBerror\fR member of \fIx509_store_ctx\fR, +which can be done using \fBX509_STORE_CTX_set_error\fR\|(3). +This is particularly important in case +the \fIcallback\fR allows the connection to continue (by returning 1). +Note that the verification status in the store context is a possibly durable +indication of the chain's validity! +This gets recorded in the \s-1SSL\s0 session (and thus also in session tickets) +and the validity of the originally presented chain is then visible +on resumption, even though no chain is presented int that case. +Moreover, the calling application will be informed about the detailed result of +the verification procedure and may elect to base further decisions on it. .PP Within \fIx509_store_ctx\fR, \fIcallback\fR has access to the \fIverify_callback\fR function set using \fBSSL_CTX_set_verify\fR\|(3). @@ -197,13 +219,15 @@ the \fBverify_callback\fR function. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_CTX_set_verify\fR\|(3), +\&\fBX509_STORE_CTX_set_error\fR\|(3), \&\fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_set_retry_verify\fR\|(3), \&\fBSSL_CTX_load_verify_locations\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_cipher_list.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_cipher_list.3 index 64fa07319b3f..22c8dd1bec5f 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_cipher_list.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_cipher_list.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,20 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_CIPHER_LIST 3" -.TH SSL_CTX_SET_CIPHER_LIST 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_CIPHER_LIST 3ossl" +.TH SSL_CTX_SET_CIPHER_LIST 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set_cipher_list, SSL_set_cipher_list, SSL_CTX_set_ciphersuites, SSL_set_ciphersuites \&\- choose list of available SSL_CIPHERs +SSL_CTX_set_cipher_list, +SSL_set_cipher_list, +SSL_CTX_set_ciphersuites, +SSL_set_ciphersuites, +OSSL_default_cipher_list, +OSSL_default_ciphersuites +\&\- choose list of available SSL_CIPHERs .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -150,12 +154,15 @@ SSL_CTX_set_cipher_list, SSL_set_cipher_list, SSL_CTX_set_ciphersuites, SSL_set_ \& \& int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str); \& int SSL_set_ciphersuites(SSL *s, const char *str); +\& +\& const char *OSSL_default_cipher_list(void); +\& const char *OSSL_default_ciphersuites(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_cipher_list()\fR sets the list of available ciphers (TLSv1.2 and below) for \fBctx\fR using the control string \fBstr\fR. The format of the string is described -in \fBciphers\fR\|(1). The list of ciphers is inherited by all +in \fBopenssl\-ciphers\fR\|(1). The list of ciphers is inherited by all \&\fBssl\fR objects created from \fBctx\fR. This function does not impact TLSv1.3 ciphersuites. Use \fBSSL_CTX_set_ciphersuites()\fR to configure those. .PP @@ -184,13 +191,17 @@ An empty list is permissible. The default value for the this setting is: .PP \&\fBSSL_set_ciphersuites()\fR is the same as \fBSSL_CTX_set_ciphersuites()\fR except it configures the ciphersuites for \fBssl\fR. +.PP +\&\fBOSSL_default_cipher_list()\fR returns the default cipher string for TLSv1.2 +(and earlier) ciphers. \fBOSSL_default_ciphersuites()\fR returns the default +cipher string for TLSv1.3 ciphersuites. .SH "NOTES" .IX Header "NOTES" -The control string \fBstr\fR for \fBSSL_CTX_set_cipher_list()\fR and -\&\fBSSL_set_cipher_list()\fR should be universally usable and not depend -on details of the library configuration (ciphers compiled in). Thus no -syntax checking takes place. Items that are not recognized, because the -corresponding ciphers are not compiled in or because they are mistyped, +The control string \fBstr\fR for \fBSSL_CTX_set_cipher_list()\fR, \fBSSL_set_cipher_list()\fR, +\&\fBSSL_CTX_set_ciphersuites()\fR and \fBSSL_set_ciphersuites()\fR should be universally +usable and not depend on details of the library configuration (ciphers compiled +in). Thus no syntax checking takes place. Items that are not recognized, because +the corresponding ciphers are not compiled in or because they are mistyped, are simply ignored. Failure is only flagged if no ciphers could be collected at all. .PP @@ -201,7 +212,7 @@ additional restrictions apply. All ciphers have additional requirements. \&\s-1ADH\s0 ciphers don't need a certificate, but DH-parameters must have been set. All other ciphers need a corresponding certificate and key. .PP -A \s-1RSA\s0 cipher can only be chosen, when a \s-1RSA\s0 certificate is available. +An \s-1RSA\s0 cipher can only be chosen, when an \s-1RSA\s0 certificate is available. \&\s-1RSA\s0 ciphers using \s-1DHE\s0 need a certificate and key and additional DH-parameters (see \fBSSL_CTX_set_tmp_dh_callback\fR\|(3)). .PP @@ -214,6 +225,10 @@ client only supports export \s-1RSA\s0 ciphers with an asymmetric key length of 512 bits and the server is not configured to use temporary \s-1RSA\s0 keys), the \*(L"no shared cipher\*(R" (\s-1SSL_R_NO_SHARED_CIPHER\s0) error is generated and the handshake will fail. +.PP +\&\fBOSSL_default_cipher_list()\fR and \fBOSSL_default_ciphersuites()\fR replace +\&\s-1SSL_DEFAULT_CIPHER_LIST\s0 and \s-1TLS_DEFAULT_CIPHERSUITES,\s0 respectively. The +cipher list defines are deprecated as of 3.0. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_cipher_list()\fR and \fBSSL_set_cipher_list()\fR return 1 if any cipher @@ -226,12 +241,15 @@ ciphersuite list was configured, and 0 otherwise. \&\fBssl\fR\|(7), \fBSSL_get_ciphers\fR\|(3), \&\fBSSL_CTX_use_certificate\fR\|(3), \&\fBSSL_CTX_set_tmp_dh_callback\fR\|(3), -\&\fBciphers\fR\|(1) +\&\fBopenssl\-ciphers\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBOSSL_default_cipher_list()\fR and \fBOSSL_default_ciphersites()\fR are new in 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_cert_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_cert_cb.3 index 7c0bcbd94b29..20a6f0ee6b99 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_cert_cb.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_cert_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_CLIENT_CERT_CB 3" -.TH SSL_CTX_SET_CLIENT_CERT_CB 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_CLIENT_CERT_CB 3ossl" +.TH SSL_CTX_SET_CLIENT_CERT_CB 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,29 +148,28 @@ SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certific \& EVP_PKEY **pkey)); \& int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, \& EVP_PKEY **pkey); -\& int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_client_cert_cb()\fR sets the \fBclient_cert_cb()\fR callback, that is +\&\fBSSL_CTX_set_client_cert_cb()\fR sets the \fIclient_cert_cb\fR callback, that is called when a client certificate is requested by a server and no certificate was yet set for the \s-1SSL\s0 object. .PP -When \fBclient_cert_cb()\fR is \s-1NULL,\s0 no callback function is used. +When \fIclient_cert_cb\fR is \s-1NULL,\s0 no callback function is used. .PP \&\fBSSL_CTX_get_client_cert_cb()\fR returns a pointer to the currently set callback function. .PP -\&\fBclient_cert_cb()\fR is the application defined callback. If it wants to +\&\fIclient_cert_cb\fR is the application defined callback. If it wants to set a certificate, a certificate/private key combination must be set -using the \fBx509\fR and \fBpkey\fR arguments and \*(L"1\*(R" must be returned. The -certificate will be installed into \fBssl\fR, see the \s-1NOTES\s0 and \s-1BUGS\s0 sections. +using the \fIx509\fR and \fIpkey\fR arguments and \*(L"1\*(R" must be returned. The +certificate will be installed into \fIssl\fR, see the \s-1NOTES\s0 and \s-1BUGS\s0 sections. If no certificate should be set, \*(L"0\*(R" has to be returned and no certificate will be sent. A negative return value will suspend the handshake and the handshake function will return immediately. \fBSSL_get_error\fR\|(3) will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to indicate, that the handshake was suspended. The next call to the handshake function will again lead to the call -of \fBclient_cert_cb()\fR. It is the job of the \fBclient_cert_cb()\fR to store information +of \fIclient_cert_cb\fR. It is the job of the \fIclient_cert_cb\fR to store information about the state of the last call, if required to continue. .SH "NOTES" .IX Header "NOTES" @@ -200,11 +197,11 @@ If the callback returns no certificate, the OpenSSL library will not send a certificate. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSSL_CTX_get_client_cert_cb()\fR returns function pointer of \fBclient_cert_cb()\fR or +\&\fBSSL_CTX_get_client_cert_cb()\fR returns function pointer of \fIclient_cert_cb\fR or \&\s-1NULL\s0 if the callback is not set. .SH "BUGS" .IX Header "BUGS" -The \fBclient_cert_cb()\fR cannot return a complete certificate chain, it can +The \fIclient_cert_cb\fR cannot return a complete certificate chain, it can only return one client certificate. If the chain only has a length of 2, the root \s-1CA\s0 certificate may be omitted according to the \s-1TLS\s0 standard and thus a standard conforming answer can be sent to the server. For a @@ -233,9 +230,9 @@ and create a new one to return to the previous state. \&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_hello_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_hello_cb.3 index 38098b42c523..76c3ceaa529e 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_hello_cb.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_hello_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_CLIENT_HELLO_CB 3" -.TH SSL_CTX_SET_CLIENT_HELLO_CB 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_CLIENT_HELLO_CB 3ossl" +.TH SSL_CTX_SET_CLIENT_HELLO_CB 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,7 +153,7 @@ SSL_CTX_set_client_hello_cb, SSL_client_hello_cb_fn, SSL_client_hello_isv2, SSL_ \& const unsigned char **out); \& int SSL_client_hello_get1_extensions_present(SSL *s, int **out, \& size_t *outlen); -\& int SSL_client_hello_get0_ext(SSL *s, int type, const unsigned char **out, +\& int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out, \& size_t *outlen); .Ve .SH "DESCRIPTION" @@ -163,7 +161,7 @@ SSL_CTX_set_client_hello_cb, SSL_client_hello_cb_fn, SSL_client_hello_isv2, SSL_ \&\fBSSL_CTX_set_client_hello_cb()\fR sets the callback function, which is automatically called during the early stages of ClientHello processing on the server. The argument supplied when setting the callback is passed back to the -callback at runtime. A callback that returns failure (0) will cause the +callback at run time. A callback that returns failure (0) will cause the connection to terminate, and callbacks returning failure should indicate what alert value is to be sent in the \fBal\fR parameter. A callback may also return a negative value to suspend the handshake, and the handshake @@ -244,7 +242,7 @@ should not be assumed to be valid. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_CTX_set_tlsext_servername_callback\fR\|(3), -SSL_bytes_to_cipher_list +\&\fBSSL_bytes_to_cipher_list\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \s-1SSL\s0 ClientHello callback, \fBSSL_client_hello_isv2()\fR, @@ -254,9 +252,9 @@ The \s-1SSL\s0 ClientHello callback, \fBSSL_client_hello_isv2()\fR, were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_ct_validation_callback.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_ct_validation_callback.3 index 65161747a36a..be458dd5d995 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_ct_validation_callback.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_ct_validation_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,18 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_CT_VALIDATION_CALLBACK 3" -.TH SSL_CTX_SET_CT_VALIDATION_CALLBACK 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_CT_VALIDATION_CALLBACK 3ossl" +.TH SSL_CTX_SET_CT_VALIDATION_CALLBACK 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ssl_ct_validation_cb, SSL_enable_ct, SSL_CTX_enable_ct, SSL_disable_ct, SSL_CTX_disable_ct, SSL_set_ct_validation_callback, SSL_CTX_set_ct_validation_callback, SSL_ct_is_enabled, SSL_CTX_ct_is_enabled \- control Certificate Transparency policy +ssl_ct_validation_cb, +SSL_enable_ct, SSL_CTX_enable_ct, SSL_disable_ct, SSL_CTX_disable_ct, +SSL_set_ct_validation_callback, SSL_CTX_set_ct_validation_callback, +SSL_ct_is_enabled, SSL_CTX_ct_is_enabled \- +control Certificate Transparency policy .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -202,7 +204,7 @@ sufficient to allow the connection to continue. The \s-1TLS\s0 handshake is aborted if the verification mode is not \fB\s-1SSL_VERIFY_NONE\s0\fR and the callback returns a non-positive result. .PP -An arbitrary callback context argument, \fBarg\fR, can be passed in when setting +An arbitrary callback data argument, \fBarg\fR, can be passed in when setting the callback. This will be passed to the callback whenever it is invoked. Ownership of this context remains with the caller. @@ -263,9 +265,9 @@ callback) is set. \&\fBSSL_SESSION_get_time\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_ctlog_list_file.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_ctlog_list_file.3 index b3aec0053052..dbfcb74e54d9 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_ctlog_list_file.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_ctlog_list_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_CTLOG_LIST_FILE 3" -.TH SSL_CTX_SET_CTLOG_LIST_FILE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_CTLOG_LIST_FILE 3ossl" +.TH SSL_CTX_SET_CTLOG_LIST_FILE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set_default_ctlog_list_file, SSL_CTX_set_ctlog_list_file \- load a Certificate Transparency log list from a file +SSL_CTX_set_default_ctlog_list_file, SSL_CTX_set_ctlog_list_file \- +load a Certificate Transparency log list from a file .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -159,7 +158,7 @@ See \fBCTLOG_STORE_new\fR\|(3) for the file format. .SH "NOTES" .IX Header "NOTES" These functions will not clear the existing \s-1CT\s0 log list \- it will be appended -to. To replace the existing list, use SSL_CTX_set0_ctlog_store first. +to. To replace the existing list, use \fBSSL_CTX_set0_ctlog_store\fR\|(3) first. .PP If an error occurs whilst parsing a particular log entry in the file, that log entry will be skipped. @@ -175,9 +174,9 @@ the case of an error, the log list may have been partially loaded. \&\fBCTLOG_STORE_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_default_passwd_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_default_passwd_cb.3 index 1da5491eb313..80719028c1c6 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_default_passwd_cb.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_default_passwd_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,18 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_DEFAULT_PASSWD_CB 3" -.TH SSL_CTX_SET_DEFAULT_PASSWD_CB 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_DEFAULT_PASSWD_CB 3ossl" +.TH SSL_CTX_SET_DEFAULT_PASSWD_CB 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata, SSL_CTX_get_default_passwd_cb, SSL_CTX_get_default_passwd_cb_userdata, SSL_set_default_passwd_cb, SSL_set_default_passwd_cb_userdata, SSL_get_default_passwd_cb, SSL_get_default_passwd_cb_userdata \- set or get passwd callback for encrypted PEM file handling +SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata, +SSL_CTX_get_default_passwd_cb, SSL_CTX_get_default_passwd_cb_userdata, +SSL_set_default_passwd_cb, SSL_set_default_passwd_cb_userdata, +SSL_get_default_passwd_cb, SSL_get_default_passwd_cb_userdata \- set or +get passwd callback for encrypted PEM file handling .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -234,7 +236,7 @@ added in OpenSSL 1.1.0. .IX Header "COPYRIGHT" Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_generate_session_id.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_generate_session_id.3 index c3a8c78d2e74..70e169bb1d1c 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_generate_session_id.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_generate_session_id.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_GENERATE_SESSION_ID 3" -.TH SSL_CTX_SET_GENERATE_SESSION_ID 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_GENERATE_SESSION_ID 3ossl" +.TH SSL_CTX_SET_GENERATE_SESSION_ID 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_session_id, GEN_SESSION_CB \&\- manipulate generation of SSL session IDs (server only) +SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, +SSL_has_matching_session_id, GEN_SESSION_CB +\&\- manipulate generation of SSL session IDs (server only) .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -218,10 +218,10 @@ reason and return 1 on success. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_generate_session_id()\fR and \fBSSL_set_generate_session_id()\fR -always return 1. +return 1 on success and 0 for failure. .PP \&\fBSSL_has_matching_session_id()\fR returns 1 if another session with the -same id is already in the cache. +same id is already in the cache, or 0 otherwise. .SH "EXAMPLES" .IX Header "EXAMPLES" The callback function listed will generate a session id with the @@ -261,7 +261,7 @@ server id given, and will fill the rest with pseudo random bytes: .IX Header "COPYRIGHT" Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_info_callback.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_info_callback.3 index 832fbd3cb4b7..5f33015ff07e 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_info_callback.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_info_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,18 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_INFO_CALLBACK 3" -.TH SSL_CTX_SET_INFO_CALLBACK 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_INFO_CALLBACK 3ossl" +.TH SSL_CTX_SET_INFO_CALLBACK 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback \&\- handle information callback for SSL connections +SSL_CTX_set_info_callback, +SSL_CTX_get_info_callback, +SSL_set_info_callback, +SSL_get_info_callback +\&\- handle information callback for SSL connections .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -182,7 +184,7 @@ the callback function was called. If \fBret\fR is 0, an error condition occurred If an alert is handled, \s-1SSL_CB_ALERT\s0 is set and \fBret\fR specifies the alert information. .PP -\&\fBwhere\fR is a bit mask made up of the following bits: +\&\fBwhere\fR is a bit-mask made up of the following bits: .IP "\s-1SSL_CB_LOOP\s0" 4 .IX Item "SSL_CB_LOOP" Callback has been called to indicate state change or some other significant @@ -279,7 +281,7 @@ about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO.\s0 .IX Header "COPYRIGHT" Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_keylog_callback.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_keylog_callback.3 index 7f7fa764a7d5..392f295a0e70 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_keylog_callback.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_keylog_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_KEYLOG_CALLBACK 3" -.TH SSL_CTX_SET_KEYLOG_CALLBACK 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_KEYLOG_CALLBACK 3ossl" +.TH SSL_CTX_SET_KEYLOG_CALLBACK 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set_keylog_callback, SSL_CTX_get_keylog_callback, SSL_CTX_keylog_cb_func \- logging TLS key material +SSL_CTX_set_keylog_callback, SSL_CTX_get_keylog_callback, +SSL_CTX_keylog_cb_func \- logging TLS key material .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -165,7 +164,7 @@ The key logging callback is called with two items: the \fBssl\fR object associat with the connection, and \fBline\fR, a string containing the key material in the format used by \s-1NSS\s0 for its \fB\s-1SSLKEYLOGFILE\s0\fR debugging output. To recreate that file, the key logging callback should log \fBline\fR, followed by a newline. -\&\fBline\fR will always be a NULL-terminated string. +\&\fBline\fR will always be a NUL-terminated string. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_get_keylog_callback()\fR returns a pointer to \fBSSL_CTX_keylog_cb_func\fR or @@ -175,9 +174,9 @@ file, the key logging callback should log \fBline\fR, followed by a newline. \&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_max_cert_list.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_max_cert_list.3 index 3ab6aef9723d..e289950c767d 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_max_cert_list.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_max_cert_list.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_MAX_CERT_LIST 3" -.TH SSL_CTX_SET_MAX_CERT_LIST 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_MAX_CERT_LIST 3ossl" +.TH SSL_CTX_SET_MAX_CERT_LIST 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -207,7 +205,7 @@ set value. .IX Header "COPYRIGHT" Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_min_proto_version.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_min_proto_version.3 index 920f4ee45e31..1018aba5fda4 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_min_proto_version.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_min_proto_version.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,18 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_MIN_PROTO_VERSION 3" -.TH SSL_CTX_SET_MIN_PROTO_VERSION 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_MIN_PROTO_VERSION 3ossl" +.TH SSL_CTX_SET_MIN_PROTO_VERSION 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set_min_proto_version, SSL_CTX_set_max_proto_version, SSL_CTX_get_min_proto_version, SSL_CTX_get_max_proto_version, SSL_set_min_proto_version, SSL_set_max_proto_version, SSL_get_min_proto_version, SSL_get_max_proto_version \- Get and set minimum and maximum supported protocol version +SSL_CTX_set_min_proto_version, SSL_CTX_set_max_proto_version, +SSL_CTX_get_min_proto_version, SSL_CTX_get_max_proto_version, +SSL_set_min_proto_version, SSL_set_max_proto_version, +SSL_get_min_proto_version, SSL_get_max_proto_version \- Get and set minimum +and maximum supported protocol version .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -184,6 +186,7 @@ lowest or highest protocol, respectively. All these functions are implemented using macros. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \&\fBSSL_CTX_set_options\fR\|(3), \fBSSL_CONF_cmd\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" @@ -193,7 +196,7 @@ were added in OpenSSL 1.1.1. .IX Header "COPYRIGHT" Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_mode.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_mode.3 index 9e4686e229db..032e46e2ebd9 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_mode.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_mode.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_MODE 3" -.TH SSL_CTX_SET_MODE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_MODE 3ossl" +.TH SSL_CTX_SET_MODE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,13 +153,13 @@ SSL_CTX_set_mode, SSL_CTX_clear_mode, SSL_set_mode, SSL_clear_mode, SSL_CTX_get_ .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_mode()\fR adds the mode set via bit mask in \fBmode\fR to \fBctx\fR. +\&\fBSSL_CTX_set_mode()\fR adds the mode set via bit-mask in \fBmode\fR to \fBctx\fR. Options already set before are not cleared. -\&\fBSSL_CTX_clear_mode()\fR removes the mode set via bit mask in \fBmode\fR from \fBctx\fR. +\&\fBSSL_CTX_clear_mode()\fR removes the mode set via bit-mask in \fBmode\fR from \fBctx\fR. .PP -\&\fBSSL_set_mode()\fR adds the mode set via bit mask in \fBmode\fR to \fBssl\fR. +\&\fBSSL_set_mode()\fR adds the mode set via bit-mask in \fBmode\fR to \fBssl\fR. Options already set before are not cleared. -\&\fBSSL_clear_mode()\fR removes the mode set via bit mask in \fBmode\fR from \fBssl\fR. +\&\fBSSL_clear_mode()\fR removes the mode set via bit-mask in \fBmode\fR from \fBssl\fR. .PP \&\fBSSL_CTX_get_mode()\fR returns the mode set for \fBctx\fR. .PP @@ -245,10 +243,10 @@ All modes are off by default except for \s-1SSL_MODE_AUTO_RETRY\s0 which is on b default since 1.1.1. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_mode()\fR and \fBSSL_set_mode()\fR return the new mode bit mask +\&\fBSSL_CTX_set_mode()\fR and \fBSSL_set_mode()\fR return the new mode bit-mask after adding \fBmode\fR. .PP -\&\fBSSL_CTX_get_mode()\fR and \fBSSL_get_mode()\fR return the current bit mask. +\&\fBSSL_CTX_get_mode()\fR and \fBSSL_get_mode()\fR return the current bit-mask. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_write_ex\fR\|(3) or @@ -258,9 +256,9 @@ after adding \fBmode\fR. \&\s-1SSL_MODE_ASYNC\s0 was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_msg_callback.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_msg_callback.3 index 2fad25199357..c66e12b8a519 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_msg_callback.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_msg_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,18 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_MSG_CALLBACK 3" -.TH SSL_CTX_SET_MSG_CALLBACK 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_MSG_CALLBACK 3ossl" +.TH SSL_CTX_SET_MSG_CALLBACK 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SSL_set_msg_callback_arg \&\- install callback for observing protocol messages +SSL_CTX_set_msg_callback, +SSL_CTX_set_msg_callback_arg, +SSL_set_msg_callback, +SSL_set_msg_callback_arg +\&\- install callback for observing protocol messages .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -246,7 +248,7 @@ The pseudo content type \fB\s-1SSL3_RT_INNER_CONTENT_TYPE\s0\fR was added in Ope .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_num_tickets.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_num_tickets.3 index a8706c1097e3..048350e830bc 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_num_tickets.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_num_tickets.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,23 +130,29 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_NUM_TICKETS 3" -.TH SSL_CTX_SET_NUM_TICKETS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_NUM_TICKETS 3ossl" +.TH SSL_CTX_SET_NUM_TICKETS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_set_num_tickets, SSL_get_num_tickets, SSL_CTX_set_num_tickets, SSL_CTX_get_num_tickets \&\- control the number of TLSv1.3 session tickets that are issued +SSL_set_num_tickets, +SSL_get_num_tickets, +SSL_CTX_set_num_tickets, +SSL_CTX_get_num_tickets, +SSL_new_session_ticket +\&\- control the number of TLSv1.3 session tickets that are issued .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> \& \& int SSL_set_num_tickets(SSL *s, size_t num_tickets); -\& size_t SSL_get_num_tickets(SSL *s); +\& size_t SSL_get_num_tickets(const SSL *s); \& int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); -\& size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx); +\& size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); +\& int SSL_new_session_ticket(SSL *s); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -173,24 +177,49 @@ handshake then \fBSSL_set_num_tickets()\fR can be called again prior to calling \&\fBSSL_verify_client_post_handshake()\fR to update the number of tickets that will be sent. .PP +To issue tickets after other events (such as application-layer changes), +\&\fBSSL_new_session_ticket()\fR is used by a server application to request that a new +ticket be sent when it is safe to do so. New tickets are only allowed to be +sent in this manner after the initial handshake has completed, and only for +\&\s-1TLS 1.3\s0 connections. By default, the ticket generation and transmission are +delayed until the server is starting a new write operation, so that it is +bundled with other application data being written and properly aligned to a +record boundary. If the connection was at a record boundary when +\&\fBSSL_new_session_ticket()\fR was called, the ticket can be sent immediately +(without waiting for the next application write) by calling +\&\fBSSL_do_handshake()\fR. \fBSSL_new_session_ticket()\fR can be called more than once to +request additional tickets be sent; all such requests are queued and written +together when it is safe to do so and triggered by \fBSSL_write()\fR or +\&\fBSSL_do_handshake()\fR. Note that a successful return from +\&\fBSSL_new_session_ticket()\fR indicates only that the request to send a ticket was +processed, not that the ticket itself was sent. To be notified when the +ticket itself is sent, a new-session callback can be registered with +\&\fBSSL_CTX_sess_set_new_cb\fR\|(3) that will be invoked as the ticket or tickets +are generated. +.PP \&\fBSSL_CTX_get_num_tickets()\fR and \fBSSL_get_num_tickets()\fR return the number of tickets set by a previous call to \fBSSL_CTX_set_num_tickets()\fR or \&\fBSSL_set_num_tickets()\fR, or 2 if no such call has been made. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_num_tickets()\fR and \fBSSL_set_num_tickets()\fR return 1 on success or 0 on -failure. +\&\fBSSL_CTX_set_num_tickets()\fR, \fBSSL_set_num_tickets()\fR, and +\&\fBSSL_new_session_ticket()\fR return 1 on success or 0 on failure. .PP \&\fBSSL_CTX_get_num_tickets()\fR and \fBSSL_get_num_tickets()\fR return the number of tickets that have been previously set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" -These functions were added in OpenSSL 1.1.1. +\&\fBSSL_new_session_ticket()\fR was added in OpenSSL 3.0.0. +\&\fBSSL_set_num_tickets()\fR, \fBSSL_get_num_tickets()\fR, \fBSSL_CTX_set_num_tickets()\fR, and +\&\fBSSL_CTX_get_num_tickets()\fR were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_options.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_options.3 index c20eb2065e42..33b23927973f 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_options.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_options.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,42 +130,44 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_OPTIONS 3" -.TH SSL_CTX_SET_OPTIONS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_OPTIONS 3ossl" +.TH SSL_CTX_SET_OPTIONS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, SSL_clear_options, SSL_CTX_get_options, SSL_get_options, SSL_get_secure_renegotiation_support \- manipulate SSL options +SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, +SSL_clear_options, SSL_CTX_get_options, SSL_get_options, +SSL_get_secure_renegotiation_support \- manipulate SSL options .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> \& -\& long SSL_CTX_set_options(SSL_CTX *ctx, long options); -\& long SSL_set_options(SSL *ssl, long options); +\& uint64_t SSL_CTX_set_options(SSL_CTX *ctx, uint64_t options); +\& uint64_t SSL_set_options(SSL *ssl, uint64_t options); \& -\& long SSL_CTX_clear_options(SSL_CTX *ctx, long options); -\& long SSL_clear_options(SSL *ssl, long options); +\& uint64_t SSL_CTX_clear_options(SSL_CTX *ctx, uint64_t options); +\& uint64_t SSL_clear_options(SSL *ssl, uint64_t options); \& -\& long SSL_CTX_get_options(SSL_CTX *ctx); -\& long SSL_get_options(SSL *ssl); +\& uint64_t SSL_CTX_get_options(const SSL_CTX *ctx); +\& uint64_t SSL_get_options(const SSL *ssl); \& \& long SSL_get_secure_renegotiation_support(SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_options()\fR adds the options set via bit mask in \fBoptions\fR to \fBctx\fR. +\&\fBSSL_CTX_set_options()\fR adds the options set via bit-mask in \fBoptions\fR to \fBctx\fR. Options already set before are not cleared! .PP -\&\fBSSL_set_options()\fR adds the options set via bit mask in \fBoptions\fR to \fBssl\fR. +\&\fBSSL_set_options()\fR adds the options set via bit-mask in \fBoptions\fR to \fBssl\fR. Options already set before are not cleared! .PP -\&\fBSSL_CTX_clear_options()\fR clears the options set via bit mask in \fBoptions\fR +\&\fBSSL_CTX_clear_options()\fR clears the options set via bit-mask in \fBoptions\fR to \fBctx\fR. .PP -\&\fBSSL_clear_options()\fR clears the options set via bit mask in \fBoptions\fR to \fBssl\fR. +\&\fBSSL_clear_options()\fR clears the options set via bit-mask in \fBoptions\fR to \fBssl\fR. .PP \&\fBSSL_CTX_get_options()\fR returns the options set for \fBctx\fR. .PP @@ -179,7 +179,7 @@ Note, this is implemented via a macro. .SH "NOTES" .IX Header "NOTES" The behaviour of the \s-1SSL\s0 library can be changed by setting several options. -The options are coded as bit masks and can be combined by a bitwise \fBor\fR +The options are coded as bit-masks and can be combined by a bitwise \fBor\fR operation (|). .PP \&\fBSSL_CTX_set_options()\fR and \fBSSL_set_options()\fR affect the (external) @@ -193,16 +193,21 @@ option setting is copied. Changes to \fBctx\fR do not affect already created \&\s-1SSL\s0 objects. \fBSSL_clear()\fR does not affect the settings. .PP The following \fBbug workaround\fR options are available: -.IP "\s-1SSL_OP_SAFARI_ECDHE_ECDSA_BUG\s0" 4 -.IX Item "SSL_OP_SAFARI_ECDHE_ECDSA_BUG" -Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on \s-1OS X. -OS X 10.8..10.8.3\s0 has broken support for ECDHE-ECDSA ciphers. +.IP "\s-1SSL_OP_CRYPTOPRO_TLSEXT_BUG\s0" 4 +.IX Item "SSL_OP_CRYPTOPRO_TLSEXT_BUG" +Add server-hello extension from the early version of cryptopro draft +when \s-1GOST\s0 ciphersuite is negotiated. Required for interoperability with CryptoPro +\&\s-1CSP 3\s0.x. .IP "\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0" 4 .IX Item "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS" Disables a countermeasure against a \s-1SSL 3.0/TLS 1.0\s0 protocol vulnerability affecting \s-1CBC\s0 ciphers, which cannot be handled by some broken \s-1SSL\s0 implementations. This option has no effect for connections using other ciphers. +.IP "\s-1SSL_OP_SAFARI_ECDHE_ECDSA_BUG\s0" 4 +.IX Item "SSL_OP_SAFARI_ECDHE_ECDSA_BUG" +Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on \s-1OS X. +OS X 10.8..10.8.3\s0 has broken support for ECDHE-ECDSA ciphers. .IP "\s-1SSL_OP_TLSEXT_PADDING\s0" 4 .IX Item "SSL_OP_TLSEXT_PADDING" Adds a padding extension to ensure the ClientHello size is never between @@ -210,31 +215,144 @@ Adds a padding extension to ensure the ClientHello size is never between implementations. .IP "\s-1SSL_OP_ALL\s0" 4 .IX Item "SSL_OP_ALL" -All of the above bug workarounds plus \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR as -mentioned below. +All of the above bug workarounds. .PP It is usually safe to use \fB\s-1SSL_OP_ALL\s0\fR to enable the bug workaround options if compatibility with somewhat broken implementations is desired. .PP The following \fBmodifying\fR options are available: -.IP "\s-1SSL_OP_TLS_ROLLBACK_BUG\s0" 4 -.IX Item "SSL_OP_TLS_ROLLBACK_BUG" -Disable version rollback attack detection. -.Sp -During the client key exchange, the client must send the same information -about acceptable \s-1SSL/TLS\s0 protocol levels as during the first hello. Some -clients violate this rule by adapting to the server's answer. (Example: -the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server -only understands up to SSLv3. In this case the client must still use the -same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect -to the server's answer and violate the version rollback protection.) +.IP "\s-1SSL_OP_ALLOW_CLIENT_RENEGOTIATION\s0" 4 +.IX Item "SSL_OP_ALLOW_CLIENT_RENEGOTIATION" +Client-initiated renegotiation is disabled by default. Use +this option to enable it. +.IP "\s-1SSL_OP_ALLOW_NO_DHE_KEX\s0" 4 +.IX Item "SSL_OP_ALLOW_NO_DHE_KEX" +In TLSv1.3 allow a non\-(ec)dhe based key exchange mode on resumption. This means +that there will be no forward secrecy for the resumed session. +.IP "\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0" 4 +.IX Item "SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION" +Allow legacy insecure renegotiation between OpenSSL and unpatched clients or +servers. See the \fB\s-1SECURE RENEGOTIATION\s0\fR section for more details. .IP "\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0" 4 .IX Item "SSL_OP_CIPHER_SERVER_PREFERENCE" When choosing a cipher, use the server's preferences instead of the client preferences. When not set, the \s-1SSL\s0 server will always follow the clients preferences. When set, the \s-1SSL/TLS\s0 server will choose following its own preferences. +.IP "\s-1SSL_OP_CISCO_ANYCONNECT\s0" 4 +.IX Item "SSL_OP_CISCO_ANYCONNECT" +Use Cisco's version identifier of \s-1DTLS_BAD_VER\s0 when establishing a DTLSv1 +connection. Only available when using the deprecated \fBDTLSv1_client_method()\fR \s-1API.\s0 +.IP "\s-1SSL_OP_CLEANSE_PLAINTEXT\s0" 4 +.IX Item "SSL_OP_CLEANSE_PLAINTEXT" +By default \s-1TLS\s0 connections keep a copy of received plaintext +application data in a static buffer until it is overwritten by the +next portion of data. When enabling \s-1SSL_OP_CLEANSE_PLAINTEXT\s0 +deciphered application data is cleansed by calling \fBOPENSSL_cleanse\fR\|(3) +after passing data to the application. Data is also cleansed when +releasing the connection (e.g. \fBSSL_free\fR\|(3)). +.Sp +Since OpenSSL only cleanses internal buffers, the application is still +responsible for cleansing all other buffers. Most notably, this +applies to buffers passed to functions like \fBSSL_read\fR\|(3), +\&\fBSSL_peek\fR\|(3) but also like \fBSSL_write\fR\|(3). +.IP "\s-1SSL_OP_COOKIE_EXCHANGE\s0" 4 +.IX Item "SSL_OP_COOKIE_EXCHANGE" +Turn on Cookie Exchange as described in \s-1RFC4347\s0 Section 4.2.1. Only affects +\&\s-1DTLS\s0 connections. +.IP "\s-1SSL_OP_DISABLE_TLSEXT_CA_NAMES\s0" 4 +.IX Item "SSL_OP_DISABLE_TLSEXT_CA_NAMES" +Disable \s-1TLS\s0 Extension \s-1CA\s0 Names. You may want to disable it for security reasons +or for compatibility with some Windows \s-1TLS\s0 implementations crashing when this +extension is larger than 1024 bytes. +.IP "\s-1SSL_OP_ENABLE_KTLS\s0" 4 +.IX Item "SSL_OP_ENABLE_KTLS" +Enable the use of kernel \s-1TLS.\s0 In order to benefit from kernel \s-1TLS\s0 OpenSSL must +have been compiled with support for it, and it must be supported by the +negotiated ciphersuites and extensions. The specific ciphersuites and extensions +that are supported may vary by platform and kernel version. +.Sp +The kernel \s-1TLS\s0 data-path implements the record layer, and the encryption +algorithm. The kernel will utilize the best hardware +available for encryption. Using the kernel data-path should reduce the memory +footprint of OpenSSL because no buffering is required. Also, the throughput +should improve because data copy is avoided when user data is encrypted into +kernel memory instead of the usual encrypt then copy to kernel. +.Sp +Kernel \s-1TLS\s0 might not support all the features of OpenSSL. For instance, +renegotiation, and setting the maximum fragment size is not possible as of +Linux 4.20. +.Sp +Note that with kernel \s-1TLS\s0 enabled some cryptographic operations are performed +by the kernel directly and not via any available OpenSSL Providers. This might +be undesirable if, for example, the application requires all cryptographic +operations to be performed by the \s-1FIPS\s0 provider. +.IP "\s-1SSL_OP_ENABLE_MIDDLEBOX_COMPAT\s0" 4 +.IX Item "SSL_OP_ENABLE_MIDDLEBOX_COMPAT" +If set then dummy Change Cipher Spec (\s-1CCS\s0) messages are sent in TLSv1.3. This +has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that +do not understand TLSv1.3 will not drop the connection. Regardless of whether +this option is set or not \s-1CCS\s0 messages received from the peer will always be +ignored in TLSv1.3. This option is set by default. To switch it off use +\&\fBSSL_clear_options()\fR. A future version of OpenSSL may not set this by default. +.IP "\s-1SSL_OP_IGNORE_UNEXPECTED_EOF\s0" 4 +.IX Item "SSL_OP_IGNORE_UNEXPECTED_EOF" +Some \s-1TLS\s0 implementations do not send the mandatory close_notify alert on +shutdown. If the application tries to wait for the close_notify alert but the +peer closes the connection without sending it, an error is generated. When this +option is enabled the peer does not need to send the close_notify alert and a +closed connection will be treated as if the close_notify alert was received. +.Sp +You should only enable this option if the protocol running over \s-1TLS\s0 +can detect a truncation attack itself, and that the application is checking for +that truncation attack. +.Sp +For more information on shutting down a connection, see \fBSSL_shutdown\fR\|(3). +.IP "\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0" 4 +.IX Item "SSL_OP_LEGACY_SERVER_CONNECT" +Allow legacy insecure renegotiation between OpenSSL and unpatched servers +\&\fBonly\fR. See the \fB\s-1SECURE RENEGOTIATION\s0\fR section for more details. +.IP "\s-1SSL_OP_NO_ANTI_REPLAY\s0" 4 +.IX Item "SSL_OP_NO_ANTI_REPLAY" +By default, when a server is configured for early data (i.e., max_early_data > 0), +OpenSSL will switch on replay protection. See \fBSSL_read_early_data\fR\|(3) for a +description of the replay protection feature. Anti-replay measures are required +to comply with the TLSv1.3 specification. Some applications may be able to +mitigate the replay risks in other ways and in such cases the built in OpenSSL +functionality is not required. Those applications can turn this feature off by +setting this option. This is a server-side option only. It is ignored by +clients. +.IP "\s-1SSL_OP_NO_COMPRESSION\s0" 4 +.IX Item "SSL_OP_NO_COMPRESSION" +Do not use compression even if it is supported. This option is set by default. +To switch it off use \fBSSL_clear_options()\fR. +.IP "\s-1SSL_OP_NO_ENCRYPT_THEN_MAC\s0" 4 +.IX Item "SSL_OP_NO_ENCRYPT_THEN_MAC" +Normally clients and servers will transparently attempt to negotiate the +\&\s-1RFC7366\s0 Encrypt-then-MAC option on \s-1TLS\s0 and \s-1DTLS\s0 connection. +.Sp +If this option is set, Encrypt-then-MAC is disabled. Clients will not +propose, and servers will not accept the extension. +.IP "\s-1SSL_OP_NO_EXTENDED_MASTER_SECRET\s0" 4 +.IX Item "SSL_OP_NO_EXTENDED_MASTER_SECRET" +Normally clients and servers will transparently attempt to negotiate the +\&\s-1RFC7627\s0 Extended Master Secret option on \s-1TLS\s0 and \s-1DTLS\s0 connection. +.Sp +If this option is set, Extended Master Secret is disabled. Clients will +not propose, and servers will not accept the extension. +.IP "\s-1SSL_OP_NO_QUERY_MTU\s0" 4 +.IX Item "SSL_OP_NO_QUERY_MTU" +Do not query the \s-1MTU.\s0 Only affects \s-1DTLS\s0 connections. +.IP "\s-1SSL_OP_NO_RENEGOTIATION\s0" 4 +.IX Item "SSL_OP_NO_RENEGOTIATION" +Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest +messages, and ignore renegotiation requests via ClientHello. +.IP "\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0" 4 +.IX Item "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION" +When performing renegotiation as a server, always start a new session +(i.e., session resumption requests are only accepted in the initial +handshake). This option is not needed for clients. .IP "SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2" 4 .IX Item "SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2" These options turn off the SSLv3, TLSv1, TLSv1.1, TLSv1.2 or TLSv1.3 protocol @@ -243,21 +361,6 @@ respectively. As of OpenSSL 1.1.0, these options are deprecated, use \&\fBSSL_CTX_set_min_proto_version\fR\|(3) and \&\fBSSL_CTX_set_max_proto_version\fR\|(3) instead. -.IP "\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0" 4 -.IX Item "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION" -When performing renegotiation as a server, always start a new session -(i.e., session resumption requests are only accepted in the initial -handshake). This option is not needed for clients. -.IP "\s-1SSL_OP_NO_COMPRESSION\s0" 4 -.IX Item "SSL_OP_NO_COMPRESSION" -Do not use compression even if it is supported. -.IP "\s-1SSL_OP_NO_QUERY_MTU\s0" 4 -.IX Item "SSL_OP_NO_QUERY_MTU" -Do not query the \s-1MTU.\s0 Only affects \s-1DTLS\s0 connections. -.IP "\s-1SSL_OP_COOKIE_EXCHANGE\s0" 4 -.IX Item "SSL_OP_COOKIE_EXCHANGE" -Turn on Cookie Exchange as described in \s-1RFC4347\s0 Section 4.2.1. Only affects -\&\s-1DTLS\s0 connections. .IP "\s-1SSL_OP_NO_TICKET\s0" 4 .IX Item "SSL_OP_NO_TICKET" \&\s-1SSL/TLS\s0 supports two mechanisms for resuming sessions: session ids and stateless @@ -293,30 +396,6 @@ sent. This is a server-side option only. In TLSv1.3 it is possible to suppress all tickets (stateful and stateless) from being sent by calling \fBSSL_CTX_set_num_tickets\fR\|(3) or \&\fBSSL_set_num_tickets\fR\|(3). -.IP "\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0" 4 -.IX Item "SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION" -Allow legacy insecure renegotiation between OpenSSL and unpatched clients or -servers. See the \fB\s-1SECURE RENEGOTIATION\s0\fR section for more details. -.IP "\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0" 4 -.IX Item "SSL_OP_LEGACY_SERVER_CONNECT" -Allow legacy insecure renegotiation between OpenSSL and unpatched servers -\&\fBonly\fR: this option is currently set by default. See the -\&\fB\s-1SECURE RENEGOTIATION\s0\fR section for more details. -.IP "\s-1SSL_OP_NO_ENCRYPT_THEN_MAC\s0" 4 -.IX Item "SSL_OP_NO_ENCRYPT_THEN_MAC" -Normally clients and servers will transparently attempt to negotiate the -\&\s-1RFC7366\s0 Encrypt-then-MAC option on \s-1TLS\s0 and \s-1DTLS\s0 connection. -.Sp -If this option is set, Encrypt-then-MAC is disabled. Clients will not -propose, and servers will not accept the extension. -.IP "\s-1SSL_OP_NO_RENEGOTIATION\s0" 4 -.IX Item "SSL_OP_NO_RENEGOTIATION" -Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest -messages, and ignore renegotiation requests via ClientHello. -.IP "\s-1SSL_OP_ALLOW_NO_DHE_KEX\s0" 4 -.IX Item "SSL_OP_ALLOW_NO_DHE_KEX" -In TLSv1.3 allow a non\-(ec)dhe based key exchange mode on resumption. This means -that there will be no forward secrecy for the resumed session. .IP "\s-1SSL_OP_PRIORITIZE_CHACHA\s0" 4 .IX Item "SSL_OP_PRIORITIZE_CHACHA" When \s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0 is set, temporarily reprioritize @@ -325,46 +404,17 @@ ChaCha20\-Poly1305 cipher is at the top of the client cipher list. This helps those clients (e.g. mobile) use ChaCha20\-Poly1305 if that cipher is anywhere in the server cipher list; but still allows other clients to use \s-1AES\s0 and other ciphers. Requires \fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. -.IP "\s-1SSL_OP_ENABLE_MIDDLEBOX_COMPAT\s0" 4 -.IX Item "SSL_OP_ENABLE_MIDDLEBOX_COMPAT" -If set then dummy Change Cipher Spec (\s-1CCS\s0) messages are sent in TLSv1.3. This -has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that -do not understand TLSv1.3 will not drop the connection. Regardless of whether -this option is set or not \s-1CCS\s0 messages received from the peer will always be -ignored in TLSv1.3. This option is set by default. To switch it off use -\&\fBSSL_clear_options()\fR. A future version of OpenSSL may not set this by default. -.IP "\s-1SSL_OP_NO_ANTI_REPLAY\s0" 4 -.IX Item "SSL_OP_NO_ANTI_REPLAY" -By default, when a server is configured for early data (i.e., max_early_data > 0), -OpenSSL will switch on replay protection. See \fBSSL_read_early_data\fR\|(3) for a -description of the replay protection feature. Anti-replay measures are required -to comply with the TLSv1.3 specification. Some applications may be able to -mitigate the replay risks in other ways and in such cases the built in OpenSSL -functionality is not required. Those applications can turn this feature off by -setting this option. This is a server-side opton only. It is ignored by -clients. -.IP "\s-1SSL_OP_ENABLE_KTLS\s0" 4 -.IX Item "SSL_OP_ENABLE_KTLS" -Enable the use of kernel \s-1TLS.\s0 In order to benefit from kernel \s-1TLS\s0 OpenSSL must -have been compiled with support for it, and it must be supported by the -negotiated ciphersuites and extensions. The specific ciphersuites and extensions -that are supported may vary by platform and kernel version. -.Sp -The kernel \s-1TLS\s0 data-path implements the record layer, and the encryption -algorithm. The kernel will utilize the best hardware -available for encryption. Using the kernel data-path should reduce the memory -footprint of OpenSSL because no buffering is required. Also, the throughput -should improve because data copy is avoided when user data is encrypted into -kernel memory instead of the usual encrypt then copy to kernel. -.Sp -Kernel \s-1TLS\s0 might not support all the features of OpenSSL. For instance, -renegotiation, and setting the maximum fragment size is not possible as of -Linux 4.20. +.IP "\s-1SSL_OP_TLS_ROLLBACK_BUG\s0" 4 +.IX Item "SSL_OP_TLS_ROLLBACK_BUG" +Disable version rollback attack detection. .Sp -Note that with kernel \s-1TLS\s0 enabled some cryptographic operations are performed -by the kernel directly and not via any available OpenSSL Providers. This might -be undesirable if, for example, the application requires all cryptographic -operations to be performed by the \s-1FIPS\s0 provider. +During the client key exchange, the client must send the same information +about acceptable \s-1SSL/TLS\s0 protocol levels as during the first hello. Some +clients violate this rule by adapting to the server's answer. (Example: +the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server +only understands up to SSLv3. In this case the client must still use the +same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect +to the server's answer and violate the version rollback protection.) .PP The following options no longer have any effect but their identifiers are retained for compatibility purposes: @@ -397,6 +447,10 @@ retained for compatibility purposes: .IX Item "SSL_OP_SINGLE_ECDH_USE" .IP "\s-1SSL_OP_EPHEMERAL_RSA\s0" 4 .IX Item "SSL_OP_EPHEMERAL_RSA" +.IP "\s-1SSL_OP_NETSCAPE_CA_DN_BUG\s0" 4 +.IX Item "SSL_OP_NETSCAPE_CA_DN_BUG" +.IP "\s-1SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG\s0" 4 +.IX Item "SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG" .PD .SH "SECURE RENEGOTIATION" .IX Header "SECURE RENEGOTIATION" @@ -426,23 +480,18 @@ unaware of the unpatched nature of the client. .PP If the option \fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR is set then renegotiation \fBalways\fR succeeds. -.SS "Patched OpenSSL client and unpatched server." -.IX Subsection "Patched OpenSSL client and unpatched server." +.SS "Patched OpenSSL client and unpatched server" +.IX Subsection "Patched OpenSSL client and unpatched server" If the option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR or \&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR is set then initial connections and renegotiation between patched OpenSSL clients and unpatched servers succeeds. If neither option is set then initial connections to unpatched servers will fail. .PP -The option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR is currently set by default even -though it has security implications: otherwise it would be impossible to -connect to unpatched servers (i.e. all of them initially) and this is clearly -not acceptable. Renegotiation is permitted because this does not add any -additional security issues: during an attack clients do not see any -renegotiations anyway. -.PP -As more servers become patched the option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR will -\&\fBnot\fR be set by default in a future version of OpenSSL. +Setting the option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR has security implications; +clients that are willing to connect to servers that do not implement +\&\s-1RFC 5746\s0 secure renegotiation are subject to attacks such as +\&\s-1CVE\-2009\-3555.\s0 .PP OpenSSL client applications wishing to ensure they can connect to unpatched servers should always \fBset\fR \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR @@ -460,22 +509,22 @@ renegotiation between OpenSSL clients and unpatched servers \fBonly\fR, while and renegotiation between OpenSSL and unpatched clients or servers. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_options()\fR and \fBSSL_set_options()\fR return the new options bit mask +\&\fBSSL_CTX_set_options()\fR and \fBSSL_set_options()\fR return the new options bit-mask after adding \fBoptions\fR. .PP -\&\fBSSL_CTX_clear_options()\fR and \fBSSL_clear_options()\fR return the new options bit mask +\&\fBSSL_CTX_clear_options()\fR and \fBSSL_clear_options()\fR return the new options bit-mask after clearing \fBoptions\fR. .PP -\&\fBSSL_CTX_get_options()\fR and \fBSSL_get_options()\fR return the current bit mask. +\&\fBSSL_CTX_get_options()\fR and \fBSSL_get_options()\fR return the current bit-mask. .PP \&\fBSSL_get_secure_renegotiation_support()\fR returns 1 is the peer supports secure renegotiation and 0 if it does not. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), \fBSSL_clear\fR\|(3), \fBSSL_shutdown\fR\|(3) \&\fBSSL_CTX_set_tmp_dh_callback\fR\|(3), \&\fBSSL_CTX_set_min_proto_version\fR\|(3), -\&\fBdhparam\fR\|(1) +\&\fBopenssl\-dhparam\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" The attempt to always try to use secure renegotiation was added in @@ -483,11 +532,20 @@ OpenSSL 0.9.8m. .PP The \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR and \fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR options were added in OpenSSL 1.1.1. +.PP +The \fB\s-1SSL_OP_NO_EXTENDED_MASTER_SECRET\s0\fR and \fB\s-1SSL_OP_IGNORE_UNEXPECTED_EOF\s0\fR +options were added in OpenSSL 3.0. +.PP +The \fB\s-1SSL_OP_\s0\fR constants and the corresponding parameter and return values +of the affected functions were changed to \f(CW\*(C`uint64_t\*(C'\fR type in OpenSSL 3.0. +For that reason it is no longer possible use the \fB\s-1SSL_OP_\s0\fR macro values +in preprocessor \f(CW\*(C`#if\*(C'\fR conditions. However it is still possible to test +whether these macros are defined or not. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_psk_client_callback.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_psk_client_callback.3 index 702fdcc4e17d..2ae3d28d129e 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_psk_client_callback.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_psk_client_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,20 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_PSK_CLIENT_CALLBACK 3" -.TH SSL_CTX_SET_PSK_CLIENT_CALLBACK 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_PSK_CLIENT_CALLBACK 3ossl" +.TH SSL_CTX_SET_PSK_CLIENT_CALLBACK 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_psk_client_cb_func, SSL_psk_use_session_cb_func, SSL_CTX_set_psk_client_callback, SSL_set_psk_client_callback, SSL_CTX_set_psk_use_session_callback, SSL_set_psk_use_session_callback \&\- set PSK client callback +SSL_psk_client_cb_func, +SSL_psk_use_session_cb_func, +SSL_CTX_set_psk_client_callback, +SSL_set_psk_client_callback, +SSL_CTX_set_psk_use_session_callback, +SSL_set_psk_use_session_callback +\&\- set PSK client callback .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -230,11 +234,11 @@ the pre-shared key to use during the connection setup phase. .PP The callback is set using functions \fBSSL_CTX_set_psk_client_callback()\fR or \fBSSL_set_psk_client_callback()\fR. The callback function is given the -connection in parameter \fBssl\fR, a \fB\s-1NULL\s0\fR\-terminated \s-1PSK\s0 identity hint +connection in parameter \fBssl\fR, a \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 identity hint sent by the server in parameter \fBhint\fR, a buffer \fBidentity\fR of -length \fBmax_identity_len\fR bytes where the resulting -\&\fB\s-1NUL\s0\fR\-terminated identity is to be stored, and a buffer \fBpsk\fR of -length \fBmax_psk_len\fR bytes where the resulting pre-shared key is to +length \fBmax_identity_len\fR bytes (including the \fB\s-1NUL\s0\fR\-terminator) where the +resulting \fB\s-1NUL\s0\fR\-terminated identity is to be stored, and a buffer \fBpsk\fR +of length \fBmax_psk_len\fR bytes where the resulting pre-shared key is to be stored. .PP The callback for use in TLSv1.2 will also work in TLSv1.3 although it is @@ -278,6 +282,7 @@ The SSL_psk_use_session_cb_func callback should return 1 on success or 0 on failure. In the event of failure the connection setup fails. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \&\fBSSL_CTX_set_psk_find_session_callback\fR\|(3), \&\fBSSL_set_psk_find_session_callback\fR\|(3) .SH "HISTORY" @@ -286,9 +291,9 @@ failure. In the event of failure the connection setup fails. were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_quiet_shutdown.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_quiet_shutdown.3 index 94eb5d967473..7a88a5f839d4 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_quiet_shutdown.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_quiet_shutdown.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_QUIET_SHUTDOWN 3" -.TH SSL_CTX_SET_QUIET_SHUTDOWN 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_QUIET_SHUTDOWN 3ossl" +.TH SSL_CTX_SET_QUIET_SHUTDOWN 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -197,7 +195,7 @@ setting. .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_read_ahead.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_read_ahead.3 index 8db57cce008d..96ae0fea7ce3 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_read_ahead.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_read_ahead.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,17 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_READ_AHEAD 3" -.TH SSL_CTX_SET_READ_AHEAD 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_READ_AHEAD 3ossl" +.TH SSL_CTX_SET_READ_AHEAD 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set_read_ahead, SSL_CTX_get_read_ahead, SSL_set_read_ahead, SSL_get_read_ahead, SSL_CTX_get_default_read_ahead \&\- manage whether to read as many input bytes as possible +SSL_CTX_set_read_ahead, SSL_CTX_get_read_ahead, +SSL_set_read_ahead, SSL_get_read_ahead, +SSL_CTX_get_default_read_ahead +\&\- manage whether to read as many input bytes as possible .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -196,7 +197,7 @@ and non zero otherwise. .IX Header "COPYRIGHT" Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_record_padding_callback.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_record_padding_callback.3 index 0825514c85bc..3c31d8583b35 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_record_padding_callback.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_record_padding_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,21 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_RECORD_PADDING_CALLBACK 3" -.TH SSL_CTX_SET_RECORD_PADDING_CALLBACK 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_RECORD_PADDING_CALLBACK 3ossl" +.TH SSL_CTX_SET_RECORD_PADDING_CALLBACK 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set_record_padding_callback, SSL_set_record_padding_callback, SSL_CTX_set_record_padding_callback_arg, SSL_set_record_padding_callback_arg, SSL_CTX_get_record_padding_callback_arg, SSL_get_record_padding_callback_arg, SSL_CTX_set_block_padding, SSL_set_block_padding \- install callback to specify TLS 1.3 record padding +SSL_CTX_set_record_padding_callback, +SSL_set_record_padding_callback, +SSL_CTX_set_record_padding_callback_arg, +SSL_set_record_padding_callback_arg, +SSL_CTX_get_record_padding_callback_arg, +SSL_get_record_padding_callback_arg, +SSL_CTX_set_block_padding, +SSL_set_block_padding \- install callback to specify TLS 1.3 record padding .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -219,9 +224,9 @@ The return type of \fBSSL_CTX_set_record_padding_callback()\fR function was changed to int in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_security_level.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_security_level.3 index 63020da2be1c..b745d05c0250 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_security_level.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_security_level.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_SECURITY_LEVEL 3" -.TH SSL_CTX_SET_SECURITY_LEVEL 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_SECURITY_LEVEL 3ossl" +.TH SSL_CTX_SET_SECURITY_LEVEL 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -209,7 +207,9 @@ parameters offering below 80 bits of security are excluded. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys shorter than 1024 bits and \s-1ECC\s0 keys shorter than 160 bits are prohibited. All export cipher suites are prohibited since they all offer less than 80 bits of security. \s-1SSL\s0 version 2 is prohibited. Any cipher suite -using \s-1MD5\s0 for the \s-1MAC\s0 is also prohibited. +using \s-1MD5\s0 for the \s-1MAC\s0 is also prohibited. Note that signatures using \s-1SHA1\s0 +and \s-1MD5\s0 are also forbidden at this level as they have less than 80 security +bits. .IP "\fBLevel 2\fR" 4 .IX Item "Level 2" Security level set to 112 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys @@ -271,10 +271,11 @@ key size or the \s-1DH\s0 parameter size will abort the handshake with a fatal alert. .PP Attempts to set certificates or parameters with insufficient security are -also blocked. For example trying to set a certificate using a 512 bit \s-1RSA\s0 -key using \fBSSL_CTX_use_certificate()\fR at level 1. Applications which do not -check the return values for errors will misbehave: for example it might -appear that a certificate is not set at all because it had been rejected. +also blocked. For example trying to set a certificate using a 512 bit \s-1RSA\s0 key +or a certificate with a signature with \s-1SHA1\s0 digest at level 1 using +\&\fBSSL_CTX_use_certificate()\fR. Applications which do not check the return values +for errors will misbehave: for example it might appear that a certificate is +not set at all because it had been rejected. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_CTX_set_security_level()\fR and \fBSSL_set_security_level()\fR do not return values. @@ -290,14 +291,17 @@ to the security callback or \s-1NULL\s0 if the callback is not set. .PP \&\fBSSL_CTX_get0_security_ex_data()\fR and \fBSSL_get0_security_ex_data()\fR return the extra data pointer or \s-1NULL\s0 if the ex data is not set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2014\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2014\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_cache_mode.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_cache_mode.3 index 345c1851a2b9..b3b34ad1e2e3 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_cache_mode.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_cache_mode.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_SESSION_CACHE_MODE 3" -.TH SSL_CTX_SET_SESSION_CACHE_MODE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_SESSION_CACHE_MODE 3ossl" +.TH SSL_CTX_SET_SESSION_CACHE_MODE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -230,6 +228,11 @@ prevents these additions to the internal cache as well. .IX Item "SSL_SESS_CACHE_NO_INTERNAL" Enable both \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 and \&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 at the same time. +.IP "\s-1SSL_SESS_CACHE_UPDATE_TIME\s0" 4 +.IX Item "SSL_SESS_CACHE_UPDATE_TIME" +Updates the timestamp of the session when it is used, increasing the lifespan +of the session. The session timeout applies to last use, rather then creation +time. .PP The default mode is \s-1SSL_SESS_CACHE_SERVER.\s0 .SH "RETURN VALUES" @@ -250,9 +253,9 @@ The default mode is \s-1SSL_SESS_CACHE_SERVER.\s0 \&\fBSSL_CTX_flush_sessions\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_id_context.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_id_context.3 index eca4a3a3f910..0aa012dda3fd 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_id_context.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_id_context.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_SESSION_ID_CONTEXT 3" -.TH SSL_CTX_SET_SESSION_ID_CONTEXT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_SESSION_ID_CONTEXT 3ossl" +.TH SSL_CTX_SET_SESSION_ID_CONTEXT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -209,7 +207,7 @@ The operation succeeded. .IX Header "COPYRIGHT" Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_ticket_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_ticket_cb.3 index a28e9a3b0d10..652b168b8ee6 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_ticket_cb.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_ticket_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,18 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_SESSION_TICKET_CB 3" -.TH SSL_CTX_SET_SESSION_TICKET_CB 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_SESSION_TICKET_CB 3ossl" +.TH SSL_CTX_SET_SESSION_TICKET_CB 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set_session_ticket_cb, SSL_SESSION_get0_ticket_appdata, SSL_SESSION_set1_ticket_appdata, SSL_CTX_generate_session_ticket_fn, SSL_CTX_decrypt_session_ticket_fn \- manage session ticket application data +SSL_CTX_set_session_ticket_cb, +SSL_SESSION_get0_ticket_appdata, +SSL_SESSION_set1_ticket_appdata, +SSL_CTX_generate_session_ticket_fn, +SSL_CTX_decrypt_session_ticket_fn \- manage session ticket application data .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -176,7 +178,7 @@ decryption has been attempted and any session ticket application data is available. If ticket decryption was successful then the \fBss\fR argument contains the session data. The \fBkeyname\fR and \fBkeyname_len\fR arguments identify the key used to decrypt the session ticket. The \fBstatus\fR argument is the result of the -ticket decryption. See the \s-1NOTES\s0 section below for further details. The value +ticket decryption. See the \*(L"\s-1NOTES\*(R"\s0 section below for further details. The value of \fBarg\fR is the same as that given to \fBSSL_CTX_set_session_ticket_cb()\fR. The \&\fBdec_cb\fR callback is defined as type \fBSSL_CTX_decrypt_session_ticket_fn\fR. .PP @@ -282,7 +284,7 @@ failure. The \fBgen_cb\fR callback must return 1 to continue the connection. A return of 0 will terminate the connection with an \s-1INTERNAL_ERROR\s0 alert. .PP -The \fBdec_cb\fR callback must return a value as described in \s-1NOTES\s0 above. +The \fBdec_cb\fR callback must return a value as described in \*(L"\s-1NOTES\*(R"\s0 above. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), @@ -295,7 +297,7 @@ and \fBSSL_SESSION_get_ticket_appdata()\fR functions were added in OpenSSL 1.1.1 .IX Header "COPYRIGHT" Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_split_send_fragment.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_split_send_fragment.3 index 3e80bd896a89..f77342693d31 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_split_send_fragment.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_split_send_fragment.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,20 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3" -.TH SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3ossl" +.TH SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set_max_send_fragment, SSL_set_max_send_fragment, SSL_CTX_set_split_send_fragment, SSL_set_split_send_fragment, SSL_CTX_set_max_pipelines, SSL_set_max_pipelines, SSL_CTX_set_default_read_buffer_len, SSL_set_default_read_buffer_len, SSL_CTX_set_tlsext_max_fragment_length, SSL_set_tlsext_max_fragment_length, SSL_SESSION_get_max_fragment_length \- Control fragment size settings and pipelining operations +SSL_CTX_set_max_send_fragment, SSL_set_max_send_fragment, +SSL_CTX_set_split_send_fragment, SSL_set_split_send_fragment, +SSL_CTX_set_max_pipelines, SSL_set_max_pipelines, +SSL_CTX_set_default_read_buffer_len, SSL_set_default_read_buffer_len, +SSL_CTX_set_tlsext_max_fragment_length, +SSL_set_tlsext_max_fragment_length, +SSL_SESSION_get_max_fragment_length \- Control fragment size settings and pipelining operations .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -159,7 +163,7 @@ SSL_CTX_set_max_send_fragment, SSL_set_max_send_fragment, SSL_CTX_set_split_send \& \& int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode); \& int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode); -\& uint8_t SSL_SESSION_get_max_fragment_length(SSL_SESSION *session); +\& uint8_t SSL_SESSION_get_max_fragment_length(const SSL_SESSION *session); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -187,7 +191,7 @@ of pipelines that will be used at any one time. This value applies to both used (i.e. normal non-parallel operation). The number of pipelines set must be in the range 1 \- \s-1SSL_MAX_PIPELINES\s0 (32). Setting this to a value > 1 will also automatically turn on \*(L"read_ahead\*(R" (see \fBSSL_CTX_set_read_ahead\fR\|(3)). This is -explained further below. OpenSSL will only every use more than one pipeline if +explained further below. OpenSSL will only ever use more than one pipeline if a cipher suite is negotiated that uses a pipeline capable cipher provided by an engine. .PP @@ -227,7 +231,10 @@ into the buffer. Without this set data is read into the read buffer one record at a time. The more data that can be read, the more opportunity there is for parallelising the processing at the cost of increased memory overhead per connection. Setting \fBread_ahead\fR can impact the behaviour of the \fBSSL_pending()\fR -function (see \fBSSL_pending\fR\|(3)). +function (see \fBSSL_pending\fR\|(3)). In addition the default size of the internal +read buffer is multiplied by the number of pipelines available to ensure that we +can read multiple records in one go. This can therefore have a significant +impact on memory usage. .PP The \fBSSL_CTX_set_default_read_buffer_len()\fR and \fBSSL_set_default_read_buffer_len()\fR functions control the size of the read buffer that will be used. The \fBlen\fR @@ -283,6 +290,7 @@ With the exception of \fBSSL_CTX_set_default_read_buffer_len()\fR all these functions are implemented using macros. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \&\fBSSL_CTX_set_read_ahead\fR\|(3), \fBSSL_pending\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" @@ -295,9 +303,9 @@ The \fBSSL_CTX_set_tlsext_max_fragment_length()\fR, \fBSSL_set_tlsext_max_fragme and \fBSSL_SESSION_get_max_fragment_length()\fR functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_srp_password.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_srp_password.3 new file mode 100644 index 000000000000..0b49dab20d8b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_srp_password.3 @@ -0,0 +1,358 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SRP_PASSWORD 3ossl" +.TH SSL_CTX_SET_SRP_PASSWORD 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_srp_username, +SSL_CTX_set_srp_password, +SSL_CTX_set_srp_strength, +SSL_CTX_set_srp_cb_arg, +SSL_CTX_set_srp_username_callback, +SSL_CTX_set_srp_client_pwd_callback, +SSL_CTX_set_srp_verify_param_callback, +SSL_set_srp_server_param, +SSL_set_srp_server_param_pw, +SSL_get_srp_g, +SSL_get_srp_N, +SSL_get_srp_username, +SSL_get_srp_userinfo +\&\- SRP control operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 10 +\& int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name); +\& int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password); +\& int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); +\& int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); +\& int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, +\& int (*cb) (SSL *s, int *ad, void *arg)); +\& int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, +\& char *(*cb) (SSL *s, void *arg)); +\& int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, +\& int (*cb) (SSL *s, void *arg)); +\& +\& int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, +\& BIGNUM *sa, BIGNUM *v, char *info); +\& int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, +\& const char *grp); +\& +\& BIGNUM *SSL_get_srp_g(SSL *s); +\& BIGNUM *SSL_get_srp_N(SSL *s); +\& +\& char *SSL_get_srp_username(SSL *s); +\& char *SSL_get_srp_userinfo(SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. There are no +available replacement functions at this time. +.PP +These functions provide access to \s-1SRP\s0 (Secure Remote Password) parameters, +an alternate authentication mechanism for \s-1TLS. SRP\s0 allows the use of usernames +and passwords over unencrypted channels without revealing the password to an +eavesdropper. \s-1SRP\s0 also supplies a shared secret at the end of the authentication +sequence that can be used to generate encryption keys. +.PP +The \s-1SRP\s0 protocol, version 3 is specified in \s-1RFC 2945. SRP\s0 version 6 is described +in \s-1RFC 5054\s0 with applications to \s-1TLS\s0 authentication. +.PP +The \fBSSL_CTX_set_srp_username()\fR function sets the \s-1SRP\s0 username for \fBctx\fR. This +should be called on the client prior to creating a connection to the server. +The length of \fBname\fR must be shorter or equal to 255 characters. +.PP +The \fBSSL_CTX_set_srp_password()\fR function sets the \s-1SRP\s0 password for \fBctx\fR. This +may be called on the client prior to creating a connection to the server. +This overrides the effect of \fBSSL_CTX_set_srp_client_pwd_callback()\fR. +.PP +The \fBSSL_CTX_set_srp_strength()\fR function sets the \s-1SRP\s0 strength for \fBctx\fR. This +is the minimal length of the \s-1SRP\s0 prime in bits. If not specified 1024 is used. +If not satisfied by the server key exchange the connection will be rejected. +.PP +The \fBSSL_CTX_set_srp_cb_arg()\fR function sets an extra parameter that will +be passed to all following callbacks as \fBarg\fR. +.PP +The \fBSSL_CTX_set_srp_username_callback()\fR function sets the server side callback +that is invoked when an \s-1SRP\s0 username is found in a ClientHello. +The callback parameters are the \s-1SSL\s0 connection \fBs\fR, a writable error flag \fBad\fR +and the extra argument \fBarg\fR set by \fBSSL_CTX_set_srp_cb_arg()\fR. +This callback should setup the server for the key exchange by calling +\&\fBSSL_set_srp_server_param()\fR with the appropriate parameters for the received +username. The username can be obtained by calling \fBSSL_get_srp_username()\fR. +See \fBSRP_VBASE_init\fR\|(3) to parse the verifier file created by \fBopenssl\-srp\fR\|(1) or +\&\fBSRP_create_verifier\fR\|(3) to generate it. +The callback should return \fB\s-1SSL_ERROR_NONE\s0\fR to proceed with the server key exchange, +\&\fB\s-1SSL3_AL_FATAL\s0\fR for a fatal error or any value < 0 for a retryable error. +In the event of a \fB\s-1SSL3_AL_FATAL\s0\fR the alert flag given by \fB*al\fR will be sent +back. By default this will be \fB\s-1SSL_AD_UNKNOWN_PSK_IDENTITY\s0\fR. +.PP +The \fBSSL_CTX_set_srp_client_pwd_callback()\fR function sets the client password +callback on the client. +The callback parameters are the \s-1SSL\s0 connection \fBs\fR and the extra argument \fBarg\fR +set by \fBSSL_CTX_set_srp_cb_arg()\fR. +The callback will be called as part of the generation of the client secrets. +It should return the client password in text form or \s-1NULL\s0 to abort the connection. +The resulting memory will be freed by the library as part of the callback resolution. +This overrides the effect of \fBSSL_CTX_set_srp_password()\fR. +.PP +The \fBSSL_CTX_set_srp_verify_param_callback()\fR sets the \s-1SRP\s0 gN parameter verification +callback on the client. This allows the client to perform custom verification when +receiving the server \s-1SRP\s0 proposed parameters. +The callback parameters are the \s-1SSL\s0 connection \fBs\fR and the extra argument \fBarg\fR +set by \fBSSL_CTX_set_srp_cb_arg()\fR. +The callback should return a positive value to accept the server parameters. +Returning 0 or a negative value will abort the connection. The server parameters +can be obtained by calling \fBSSL_get_srp_N()\fR and \fBSSL_get_srp_g()\fR. +Sanity checks are already performed by the library after the handshake +(B % N non zero, check against the strength parameter) and are not necessary. +If no callback is set the g and N parameters will be checked against +known \s-1RFC 5054\s0 values. +.PP +The \fBSSL_set_srp_server_param()\fR function sets all \s-1SRP\s0 parameters for +the connection \fBs\fR. \fBN\fR and \fBg\fR are the \s-1SRP\s0 group parameters, \fBsa\fR is the +user salt, \fBv\fR the password verifier and \fBinfo\fR is the optional user info. +.PP +The \fBSSL_set_srp_server_param_pw()\fR function sets all \s-1SRP\s0 parameters for the +connection \fBs\fR by generating a random salt and a password verifier. +\&\fBuser\fR is the username, \fBpass\fR the password and \fBgrp\fR the \s-1SRP\s0 group parameters +identifier for \fBSRP_get_default_gN\fR\|(3). +.PP +The \fBSSL_get_srp_g()\fR function returns the \s-1SRP\s0 group generator for \fBs\fR, or from +the underlying \s-1SSL_CTX\s0 if it is \s-1NULL.\s0 +.PP +The \fBSSL_get_srp_N()\fR function returns the \s-1SRP\s0 prime for \fBs\fR, or from +the underlying \s-1SSL_CTX\s0 if it is \s-1NULL.\s0 +.PP +The \fBSSL_get_srp_username()\fR function returns the \s-1SRP\s0 username for \fBs\fR, or from +the underlying \s-1SSL_CTX\s0 if it is \s-1NULL.\s0 +.PP +The \fBSSL_get_srp_userinfo()\fR function returns the \s-1SRP\s0 user info for \fBs\fR, or from +the underlying \s-1SSL_CTX\s0 if it is \s-1NULL.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All SSL_CTX_set_* functions return 1 on success and 0 on failure. +.PP +\&\fBSSL_set_srp_server_param()\fR returns 1 on success and \-1 on failure. +.PP +The SSL_get_SRP_* functions return a pointer to the requested data, the memory +is owned by the library and should not be freed by the caller. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Setup \s-1SRP\s0 parameters on the client: +.PP +.Vb 1 +\& #include <openssl/ssl.h> +\& +\& const char *username = "username"; +\& const char *password = "password"; +\& +\& SSL_CTX *ctx = SSL_CTX_new(TLS_client_method()); +\& if (!ctx) +\& /* Error */ +\& if (!SSL_CTX_set_srp_username(ctx, username)) +\& /* Error */ +\& if (!SSL_CTX_set_srp_password(ctx, password)) +\& /* Error */ +.Ve +.PP +Setup \s-1SRP\s0 server with verifier file: +.PP +.Vb 2 +\& #include <openssl/srp.h> +\& #include <openssl/ssl.h> +\& +\& const char *srpvfile = "password.srpv"; +\& +\& int srpServerCallback(SSL *s, int *ad, void *arg) +\& { +\& SRP_VBASE *srpData = (SRP_VBASE*) arg; +\& char *username = SSL_get_srp_username(s); +\& +\& SRP_user_pwd *user_pwd = SRP_VBASE_get1_by_user(srpData, username); +\& if (!user_pwd) +\& /* Error */ +\& return SSL3_AL_FATAL; +\& +\& if (SSL_set_srp_server_param(s, user_pwd\->N, user_pwd\->g, +\& user_pwd\->s, user_pwd\->v, user_pwd\->info) < 0) +\& /* Error */ +\& +\& SRP_user_pwd_free(user_pwd); +\& return SSL_ERROR_NONE; +\& } +\& +\& SSL_CTX *ctx = SSL_CTX_new(TLS_server_method()); +\& if (!ctx) +\& /* Error */ +\& +\& /* +\& * seedKey should contain a NUL terminated sequence +\& * of random non NUL bytes +\& */ +\& const char *seedKey; +\& +\& SRP_VBASE *srpData = SRP_VBASE_new(seedKey); +\& if (SRP_VBASE_init(srpData, (char*) srpvfile) != SRP_NO_ERROR) +\& /* Error */ +\& +\& SSL_CTX_set_srp_cb_arg(ctx, srpData); +\& SSL_CTX_set_srp_username_callback(ctx, srpServerCallback); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBopenssl\-srp\fR\|(1), +\&\fBSRP_VBASE_new\fR\|(3), +\&\fBSRP_create_verifier\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.1 and deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_ssl_version.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_ssl_version.3 index 276d3be5f0b0..7c6b456c0538 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_ssl_version.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_ssl_version.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,34 +130,42 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_SSL_VERSION 3" -.TH SSL_CTX_SET_SSL_VERSION 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_SSL_VERSION 3ossl" +.TH SSL_CTX_SET_SSL_VERSION 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method \&\- choose a new TLS/SSL method +SSL_CTX_set_ssl_version, SSL_CTX_get_ssl_method, SSL_set_ssl_method, SSL_get_ssl_method +\&\- choose a new TLS/SSL method .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> \& \& int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *method); +\& const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx); +\& \& int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); \& const SSL_METHOD *SSL_get_ssl_method(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL\s0 \fBmethod\fR for \s-1SSL\s0 objects -newly created from this \fBctx\fR. \s-1SSL\s0 objects already created with -\&\fBSSL_new\fR\|(3) are not affected, except when -\&\fBSSL_clear\fR\|(3) is being called. +newly created from this \fBctx\fR. Most of the configuration attached to the +\&\s-1SSL_CTX\s0 object is retained, with the exception of the configured \s-1TLS\s0 ciphers, +which are reset to the default values. \s-1SSL\s0 objects already created from this +\&\s-1SSL_CTX\s0 with \fBSSL_new\fR\|(3) are not affected, except when \fBSSL_clear\fR\|(3) is +being called, as described below. +.PP +\&\fBSSL_CTX_get_ssl_method()\fR returns the \s-1SSL_METHOD\s0 which was used to construct the +\&\s-1SSL_CTX.\s0 .PP \&\fBSSL_set_ssl_method()\fR sets a new \s-1TLS/SSL\s0 \fBmethod\fR for a particular \fBssl\fR object. It may be reset, when \fBSSL_clear()\fR is called. .PP -\&\fBSSL_get_ssl_method()\fR returns a function pointer to the \s-1TLS/SSL\s0 method +\&\fBSSL_get_ssl_method()\fR returns a pointer to the \s-1TLS/SSL\s0 method set in \fBssl\fR. .SH "NOTES" .IX Header "NOTES" @@ -169,6 +175,11 @@ The available \fBmethod\fR choices are described in When \fBSSL_clear\fR\|(3) is called and no session is connected to an \s-1SSL\s0 object, the method of the \s-1SSL\s0 object is reset to the method currently set in the corresponding \s-1SSL_CTX\s0 object. +.PP +\&\fBSSL_CTX_set_version()\fR has unusual semantics and no clear use case; +it would usually be preferable to create a new \s-1SSL_CTX\s0 object than to +try to reuse an existing one in this fashion. Its usage is considered +deprecated. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur for \fBSSL_CTX_set_ssl_version()\fR @@ -178,16 +189,22 @@ The new choice failed, check the error stack to find out the reason. .IP "1" 4 .IX Item "1" The operation succeeded. +.PP +\&\fBSSL_CTX_get_ssl_method()\fR and \fBSSL_get_ssl_method()\fR always return non-NULL +pointers. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBSSL_CTX_new\fR\|(3), \fBSSL_new\fR\|(3), \&\fBSSL_clear\fR\|(3), \fBssl\fR\|(7), \&\fBSSL_set_connect_state\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBSSL_CTX_set_ssl_version()\fR was deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 index aec0802cdd34..d5e1590a4a8c 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,18 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3" -.TH SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3ossl" +.TH SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set_stateless_cookie_generate_cb, SSL_CTX_set_stateless_cookie_verify_cb, SSL_CTX_set_cookie_generate_cb, SSL_CTX_set_cookie_verify_cb \&\- Callback functions for stateless TLS1.3 cookies +SSL_CTX_set_stateless_cookie_generate_cb, +SSL_CTX_set_stateless_cookie_verify_cb, +SSL_CTX_set_cookie_generate_cb, +SSL_CTX_set_cookie_verify_cb +\&\- Callback functions for stateless TLS1.3 cookies .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -206,6 +208,7 @@ responsibility. Neither function returns a value. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \&\fBSSL_stateless\fR\|(3), \&\fBDTLSv1_listen\fR\|(3) .SH "HISTORY" @@ -216,7 +219,7 @@ Neither function returns a value. .IX Header "COPYRIGHT" Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_timeout.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_timeout.3 index 52ff0e161470..5d57ea022b62 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_timeout.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_timeout.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_TIMEOUT 3" -.TH SSL_CTX_SET_TIMEOUT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_TIMEOUT 3ossl" +.TH SSL_CTX_SET_TIMEOUT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -203,7 +201,7 @@ of 0 for the ticket lifetime hint. .IX Header "COPYRIGHT" Copyright 2001\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_servername_callback.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_servername_callback.3 index 5389661212c8..cf450f02c0c9 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_servername_callback.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_servername_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3" -.TH SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3ossl" +.TH SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg, SSL_get_servername_type, SSL_get_servername, SSL_set_tlsext_host_name \- handle server name indication (SNI) +SSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg, +SSL_get_servername_type, SSL_get_servername, +SSL_set_tlsext_host_name \- handle server name indication (SNI) .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -279,7 +279,7 @@ servername requested in the original handshake. This has now been changed to .IX Header "COPYRIGHT" Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_status_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_status_cb.3 index 725705c3d456..36ef61880529 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_status_cb.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_status_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,24 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_TLSEXT_STATUS_CB 3" -.TH SSL_CTX_SET_TLSEXT_STATUS_CB 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_TLSEXT_STATUS_CB 3ossl" +.TH SSL_CTX_SET_TLSEXT_STATUS_CB 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set_tlsext_status_cb, SSL_CTX_get_tlsext_status_cb, SSL_CTX_set_tlsext_status_arg, SSL_CTX_get_tlsext_status_arg, SSL_CTX_set_tlsext_status_type, SSL_CTX_get_tlsext_status_type, SSL_set_tlsext_status_type, SSL_get_tlsext_status_type, SSL_get_tlsext_status_ocsp_resp, SSL_set_tlsext_status_ocsp_resp \&\- OCSP Certificate Status Request functions +SSL_CTX_set_tlsext_status_cb, +SSL_CTX_get_tlsext_status_cb, +SSL_CTX_set_tlsext_status_arg, +SSL_CTX_get_tlsext_status_arg, +SSL_CTX_set_tlsext_status_type, +SSL_CTX_get_tlsext_status_type, +SSL_set_tlsext_status_type, +SSL_get_tlsext_status_type, +SSL_get_tlsext_status_ocsp_resp, +SSL_set_tlsext_status_ocsp_resp +\&\- OCSP Certificate Status Request functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -231,6 +239,9 @@ or \-1 if there is no \s-1OCSP\s0 response data. \&\fBSSL_get_tlsext_status_type()\fR returns \fBTLSEXT_STATUSTYPE_ocsp\fR on the client side if \fBSSL_set_tlsext_status_type()\fR was previously called, or on the server side if the client requested \s-1OCSP\s0 stapling. Otherwise \-1 is returned. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_get_tlsext_status_type()\fR, \fBSSL_CTX_get_tlsext_status_type()\fR @@ -239,7 +250,7 @@ and \fBSSL_CTX_set_tlsext_status_type()\fR functions were added in OpenSSL 1.1.0 .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 index 6e3c4b98659c..efed2284a49d 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,27 +130,40 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3" -.TH SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3ossl" +.TH SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set_tlsext_ticket_key_cb \- set a callback for session ticket processing +SSL_CTX_set_tlsext_ticket_key_evp_cb, +SSL_CTX_set_tlsext_ticket_key_cb +\&\- set a callback for session ticket processing .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/tls1.h> \& -\& long SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx, +\& int SSL_CTX_set_tlsext_ticket_key_evp_cb(SSL_CTX sslctx, +\& int (*cb)(SSL *s, unsigned char key_name[16], +\& unsigned char iv[EVP_MAX_IV_LENGTH], +\& EVP_CIPHER_CTX *ctx, EVP_MAC_CTX *hctx, int enc)); +.Ve +.PP +The following function has been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 4 +\& int SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx, \& int (*cb)(SSL *s, unsigned char key_name[16], \& unsigned char iv[EVP_MAX_IV_LENGTH], \& EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_tlsext_ticket_key_cb()\fR sets a callback function \fIcb\fR for handling +\&\fBSSL_CTX_set_tlsext_ticket_key_evp_cb()\fR sets a callback function \fIcb\fR for handling session tickets for the ssl context \fIsslctx\fR. Session tickets, defined in \&\s-1RFC5077\s0 provide an enhanced session resumption capability where the server implementation is not required to maintain per session state. It only applies @@ -175,7 +186,8 @@ ticket information or it starts a full \s-1TLS\s0 handshake to create a new sess ticket. .PP Before the callback function is started \fIctx\fR and \fIhctx\fR have been -initialised with \fBEVP_CIPHER_CTX_reset\fR\|(3) and \fBHMAC_CTX_reset\fR\|(3) respectively. +initialised with \fBEVP_CIPHER_CTX_reset\fR\|(3) and \fBEVP_MAC_CTX_new\fR\|(3) +respectively. .PP For new sessions tickets, when the client doesn't present a session ticket, or an attempted retrieval of the ticket failed, or a renew option was indicated, @@ -186,12 +198,13 @@ library expects that the function will set an arbitrary \fIname\fR, initialize The \fIname\fR is 16 characters long and is used as a key identifier. .PP The \fIiv\fR length is the length of the \s-1IV\s0 of the corresponding cipher. The -maximum \s-1IV\s0 length is \fB\s-1EVP_MAX_IV_LENGTH\s0\fR bytes defined in \fBevp.h\fR. +maximum \s-1IV\s0 length is \fB\s-1EVP_MAX_IV_LENGTH\s0\fR bytes defined in \fI<openssl/evp.h>\fR. .PP The initialization vector \fIiv\fR should be a random value. The cipher context \&\fIctx\fR should use the initialisation vector \fIiv\fR. The cipher context can be -set using \fBEVP_EncryptInit_ex\fR\|(3). The hmac context can be set using -\&\fBHMAC_Init_ex\fR\|(3). +set using \fBEVP_EncryptInit_ex\fR\|(3). The hmac context and digest can be set using +\&\fBEVP_MAC_CTX_set_params\fR\|(3) with the \fB\s-1OSSL_MAC_PARAM_KEY\s0\fR and +\&\fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR parameters respectively. .PP When the client presents a session ticket, the callback function with be called with \fIenc\fR set to 0 indicating that the \fIcb\fR function should retrieve a set @@ -199,8 +212,9 @@ of parameters. In this case \fIname\fR and \fIiv\fR have already been parsed out the session ticket. The OpenSSL library expects that the \fIname\fR will be used to retrieve a cryptographic parameters and that the cryptographic context \&\fIctx\fR will be set with the retrieved parameters and the initialization vector -\&\fIiv\fR. using a function like \fBEVP_DecryptInit_ex\fR\|(3). The \fIhctx\fR needs to be -set using \fBHMAC_Init_ex\fR\|(3). +\&\fIiv\fR. using a function like \fBEVP_DecryptInit_ex\fR\|(3). The key material and +digest for \fIhctx\fR need to be set using \fBEVP_MAC_CTX_set_params\fR\|(3) with the +\&\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR and \fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR parameters respectively. .PP If the \fIname\fR is still valid but a renewal of the ticket is required the callback function should return 2. The library will call the callback again @@ -229,6 +243,14 @@ a new set of parameters. .IP "less than 0" 4 .IX Item "less than 0" This indicates an error. +.PP +The \fBSSL_CTX_set_tlsext_ticket_key_cb()\fR function is identical to +\&\fBSSL_CTX_set_tlsext_ticket_key_evp_cb()\fR except that it takes a deprecated +\&\s-1HMAC_CTX\s0 pointer instead of an \s-1EVP_MAC_CTX\s0 one. +Before this callback function is started \fIhctx\fR will have been +initialised with \fBEVP_MAC_CTX_new\fR\|(3) and the digest set with +\&\fBEVP_MAC_CTX_set_params\fR\|(3). +The \fIhctx\fR key material can be set using \fBHMAC_Init_ex\fR\|(3). .SH "NOTES" .IX Header "NOTES" Session resumption shortcuts the \s-1TLS\s0 so that the client certificate @@ -255,13 +277,14 @@ Returns 1 to indicate the callback function was set and 0 otherwise. Reference Implementation: .PP .Vb 2 -\& SSL_CTX_set_tlsext_ticket_key_cb(SSL, ssl_tlsext_ticket_key_cb); +\& SSL_CTX_set_tlsext_ticket_key_evp_cb(SSL, ssl_tlsext_ticket_key_cb); \& ... \& \& static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], \& unsigned char *iv, EVP_CIPHER_CTX *ctx, -\& HMAC_CTX *hctx, int enc) +\& EVP_MAC_CTX *hctx, int enc) \& { +\& OSSL_PARAM params[3]; \& your_type_t *key; /* something that you need to implement */ \& \& if (enc) { /* create new session */ @@ -282,8 +305,17 @@ Reference Implementation: \& } \& memcpy(key_name, key\->name, 16); \& -\& EVP_EncryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key\->aes_key, iv); -\& HMAC_Init_ex(&hctx, key\->hmac_key, 32, EVP_sha256(), NULL); +\& if (EVP_EncryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key\->aes_key, +\& iv) == 0) +\& return \-1; /* error in cipher initialisation */ +\& +\& params[0] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, +\& key\->hmac_key, 32); +\& params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, +\& "sha256", 0); +\& params[2] = OSSL_PARAM_construct_end(); +\& if (EVP_MAC_CTX_set_params(hctx, params) == 0) +\& return \-1; /* error in mac initialisation */ \& \& return 1; \& @@ -294,8 +326,17 @@ Reference Implementation: \& if (key == NULL || key\->expire < t) \& return 0; \& -\& HMAC_Init_ex(&hctx, key\->hmac_key, 32, EVP_sha256(), NULL); -\& EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key\->aes_key, iv); +\& params[0] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, +\& key\->hmac_key, 32); +\& params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, +\& "sha256", 0); +\& params[2] = OSSL_PARAM_construct_end(); +\& if (EVP_MAC_CTX_set_params(hctx, params) == 0) +\& return \-1; /* error in mac initialisation */ +\& +\& if (EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key\->aes_key, +\& iv) == 0) +\& return \-1; /* error in cipher initialisation */ \& \& if (key\->expire < t \- RENEW_TIME) { /* RENEW_TIME: implement */ \& /* @@ -316,11 +357,17 @@ Reference Implementation: \&\fBSSL_CTX_sess_number\fR\|(3), \&\fBSSL_CTX_sess_set_get_cb\fR\|(3), \&\fBSSL_CTX_set_session_id_context\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_CTX_set_tlsext_ticket_key_cb()\fR function was deprecated in OpenSSL 3.0. +.PP +The \fBSSL_CTX_set_tlsext_ticket_key_evp_cb()\fR function was introduced in +OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2014\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_use_srtp.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_use_srtp.3 index 2e3ecb37a18d..a3d62ce6436f 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_use_srtp.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_use_srtp.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,18 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_TLSEXT_USE_SRTP 3" -.TH SSL_CTX_SET_TLSEXT_USE_SRTP 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_TLSEXT_USE_SRTP 3ossl" +.TH SSL_CTX_SET_TLSEXT_USE_SRTP 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set_tlsext_use_srtp, SSL_set_tlsext_use_srtp, SSL_get_srtp_profiles, SSL_get_selected_srtp_profile \&\- Configure and query SRTP support +SSL_CTX_set_tlsext_use_srtp, +SSL_set_tlsext_use_srtp, +SSL_get_srtp_profiles, +SSL_get_selected_srtp_profile +\&\- Configure and query SRTP support .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -220,12 +222,13 @@ success or \s-1NULL\s0 on error or if no protection profiles have been configure object if one has been negotiated or \s-1NULL\s0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \&\fBSSL_export_keying_material\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tmp_dh_callback.3 index aea0f5282788..acc28d583d1d 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_tmp_dh_callback.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tmp_dh_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,19 +130,33 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_TMP_DH_CALLBACK 3" -.TH SSL_CTX_SET_TMP_DH_CALLBACK 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_TMP_DH_CALLBACK 3ossl" +.TH SSL_CTX_SET_TMP_DH_CALLBACK 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \- handle DH keys for ephemeral key exchange +SSL_CTX_set_dh_auto, SSL_set_dh_auto, SSL_CTX_set0_tmp_dh_pkey, +SSL_set0_tmp_dh_pkey, SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, +SSL_set_tmp_dh_callback, SSL_set_tmp_dh +\&\- handle DH keys for ephemeral key exchange .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> \& +\& long SSL_CTX_set_dh_auto(SSL_CTX *ctx, int onoff); +\& long SSL_set_dh_auto(SSL *s, int onoff); +\& int SSL_CTX_set0_tmp_dh_pkey(SSL_CTX *ctx, EVP_PKEY *dhpkey); +\& int SSL_set0_tmp_dh_pkey(SSL *s, EVP_PKEY *dhpkey); +.Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 4 \& void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, \& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, \& int keylength)); @@ -153,36 +165,23 @@ SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_se \& void SSL_set_tmp_dh_callback(SSL *ctx, \& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, \& int keylength)); -\& long SSL_set_tmp_dh(SSL *ssl, DH *dh) +\& long SSL_set_tmp_dh(SSL *ssl, DH *dh); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_tmp_dh_callback()\fR sets the callback function for \fBctx\fR to be -used when a \s-1DH\s0 parameters are required to \fBtmp_dh_callback\fR. -The callback is inherited by all \fBssl\fR objects created from \fBctx\fR. -.PP -\&\fBSSL_CTX_set_tmp_dh()\fR sets \s-1DH\s0 parameters to be used to be \fBdh\fR. -The key is inherited by all \fBssl\fR objects created from \fBctx\fR. -.PP -\&\fBSSL_set_tmp_dh_callback()\fR sets the callback only for \fBssl\fR. +The functions described on this page are relevant for servers only. .PP -\&\fBSSL_set_tmp_dh()\fR sets the parameters only for \fBssl\fR. +Some ciphersuites may use ephemeral Diffie-Hellman (\s-1DH\s0) key exchange. In these +cases, the session data is negotiated using the ephemeral/temporary \s-1DH\s0 key and +the key supplied and certified by the certificate chain is only used for +signing. Anonymous ciphers (without a permanent server key) also use ephemeral +\&\s-1DH\s0 keys. .PP -These functions apply to \s-1SSL/TLS\s0 servers only. -.SH "NOTES" -.IX Header "NOTES" -When using a cipher with \s-1RSA\s0 authentication, an ephemeral \s-1DH\s0 key exchange -can take place. Ciphers with \s-1DSA\s0 keys always use ephemeral \s-1DH\s0 keys as well. -In these cases, the session data are negotiated using the -ephemeral/temporary \s-1DH\s0 key and the key supplied and certified -by the certificate chain is only used for signing. -Anonymous ciphers (without a permanent server key) also use ephemeral \s-1DH\s0 keys. -.PP -Using ephemeral \s-1DH\s0 key exchange yields forward secrecy, as the connection -can only be decrypted, when the \s-1DH\s0 key is known. By generating a temporary +Using ephemeral \s-1DH\s0 key exchange yields forward secrecy as the connection +can only be decrypted when the \s-1DH\s0 key is known. By generating a temporary \&\s-1DH\s0 key inside the server application that is lost when the application is left, it becomes impossible for an attacker to decrypt past sessions, -even if he gets hold of the normal (certified) key, as this key was +even if they get hold of the normal (certified) key, as this key was only used for signing. .PP In order to perform a \s-1DH\s0 key exchange the server must use a \s-1DH\s0 group @@ -190,80 +189,66 @@ In order to perform a \s-1DH\s0 key exchange the server must use a \s-1DH\s0 gro a new \s-1DH\s0 key during the negotiation. .PP As generating \s-1DH\s0 parameters is extremely time consuming, an application -should not generate the parameters on the fly but supply the parameters. -\&\s-1DH\s0 parameters can be reused, as the actual key is newly generated during -the negotiation. The risk in reusing \s-1DH\s0 parameters is that an attacker -may specialize on a very often used \s-1DH\s0 group. Applications should therefore -generate their own \s-1DH\s0 parameters during the installation process using the -openssl \fBdhparam\fR\|(1) application. This application -guarantees that \*(L"strong\*(R" primes are used. -.PP -Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current -version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters, -which use safe primes and were generated verifiably pseudo-randomly. -These files can be converted into C code using the \fB\-C\fR option of the -\&\fBdhparam\fR\|(1) application. Generation of custom \s-1DH\s0 -parameters during installation should still be preferred to stop an -attacker from specializing on a commonly used group. File dh1024.pem -contains old parameters that must not be used by applications. -.PP -An application may either directly specify the \s-1DH\s0 parameters or -can supply the \s-1DH\s0 parameters via a callback function. -.PP -Previous versions of the callback used \fBis_export\fR and \fBkeylength\fR -parameters to control parameter generation for export and non-export -cipher suites. Modern servers that do not support export cipher suites -are advised to either use \fBSSL_CTX_set_tmp_dh()\fR or alternatively, use -the callback but ignore \fBkeylength\fR and \fBis_export\fR and simply -supply at least 2048\-bit parameters in the callback. +should not generate the parameters on the fly. \s-1DH\s0 parameters can be reused, as +the actual key is newly generated during the negotiation. +.PP +Typically applications should use well know \s-1DH\s0 parameters that have built-in +support in OpenSSL. The macros \fBSSL_CTX_set_dh_auto()\fR and \fBSSL_set_dh_auto()\fR +configure OpenSSL to use the default built-in \s-1DH\s0 parameters for the \fB\s-1SSL_CTX\s0\fR +and \fB\s-1SSL\s0\fR objects respectively. Passing a value of 1 in the \fIonoff\fR parameter +switches the feature on, and passing a value of 0 switches it off. The default +setting is off. +.PP +If \*(L"auto\*(R" \s-1DH\s0 parameters are switched on then the parameters will be selected to +be consistent with the size of the key associated with the server's certificate. +If there is no certificate (e.g. for \s-1PSK\s0 ciphersuites), then it it will be +consistent with the size of the negotiated symmetric cipher key. +.PP +Applications may supply their own \s-1DH\s0 parameters instead of using the built-in +values. This approach is discouraged and applications should in preference use +the built-in parameter support described above. Applications wishing to supply +their own \s-1DH\s0 parameters should call \fBSSL_CTX_set0_tmp_dh_pkey()\fR or +\&\fBSSL_set0_tmp_dh_pkey()\fR to supply the parameters for the \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR +respectively. The parameters should be supplied in the \fIdhpkey\fR argument as +an \fB\s-1EVP_PKEY\s0\fR containing \s-1DH\s0 parameters. Ownership of the \fIdhpkey\fR value is +passed to the \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR object as a result of this call, and so the +caller should not free it if the function call is successful. +.PP +The deprecated macros \fBSSL_CTX_set_tmp_dh()\fR and \fBSSL_set_tmp_dh()\fR do the same +thing as \fBSSL_CTX_set0_tmp_dh_pkey()\fR and \fBSSL_set0_tmp_dh_pkey()\fR except that the +\&\s-1DH\s0 parameters are supplied in a \fB\s-1DH\s0\fR object instead in the \fIdh\fR argument, and +ownership of the \fB\s-1DH\s0\fR object is retained by the application. Applications +should use \*(L"auto\*(R" parameters instead, or call \fBSSL_CTX_set0_tmp_dh_pkey()\fR or +\&\fBSSL_set0_tmp_dh_pkey()\fR as appropriate. +.PP +An application may instead specify the \s-1DH\s0 parameters via a callback function +using the functions \fBSSL_CTX_set_tmp_dh_callback()\fR or \fBSSL_set_tmp_dh_callback()\fR +to set the callback for the \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR object respectively. These +functions are deprecated. Applications should instead use \*(L"auto\*(R" parameters, or +specify the parameters via \fBSSL_CTX_set0_tmp_dh_pkey()\fR or \fBSSL_set0_tmp_dh_pkey()\fR +as appropriate. +.PP +The callback will be invoked during a connection when \s-1DH\s0 parameters are +required. The \fB\s-1SSL\s0\fR object for the current connection is supplied as an +argument. Previous versions of OpenSSL used the \fBis_export\fR and \fBkeylength\fR +arguments to control parameter generation for export and non-export +cipher suites. Modern OpenSSL does not support export ciphersuites and so these +arguments are unused and can be ignored by the callback. The callback should +return the parameters to be used in a \s-1DH\s0 object. Ownership of the \s-1DH\s0 object is +retained by the application and should later be freed. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_tmp_dh_callback()\fR and \fBSSL_set_tmp_dh_callback()\fR do not return -diagnostic output. -.PP -\&\fBSSL_CTX_set_tmp_dh()\fR and \fBSSL_set_tmp_dh()\fR do return 1 on success and 0 -on failure. Check the error queue to find out the reason of failure. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Setup \s-1DH\s0 parameters with a key length of 2048 bits. (Error handling -partly left out.) -.PP -Command-line parameter generation: -.PP -.Vb 1 -\& $ openssl dhparam \-out dh_param_2048.pem 2048 -.Ve -.PP -Code for setting up parameters during server initialization: -.PP -.Vb 1 -\& SSL_CTX ctx = SSL_CTX_new(); -\& -\& DH *dh_2048 = NULL; -\& FILE *paramfile = fopen("dh_param_2048.pem", "r"); -\& -\& if (paramfile) { -\& dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); -\& fclose(paramfile); -\& } else { -\& /* Error. */ -\& } -\& if (dh_2048 == NULL) -\& /* Error. */ -\& if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) -\& /* Error. */ -\& ... -.Ve +All of these functions/macros return 1 for success or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_CTX_set_cipher_list\fR\|(3), \&\fBSSL_CTX_set_options\fR\|(3), -\&\fBciphers\fR\|(1), \fBdhparam\fR\|(1) +\&\fBopenssl\-ciphers\fR\|(1), \fBopenssl\-dhparam\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_ex_data.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tmp_ecdh.3 index e1dfff3499eb..96fa262a4e33 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_ex_data.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tmp_ecdh.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,51 +130,51 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_EX_DATA 3" -.TH SSL_CTX_SET_EX_DATA 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_TMP_ECDH 3ossl" +.TH SSL_CTX_SET_TMP_ECDH 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_get_ex_data, SSL_CTX_set_ex_data, SSL_get_ex_data, SSL_set_ex_data \&\- Store and retrieve extra data from the SSL_CTX, SSL or SSL_SESSION +SSL_CTX_set_tmp_ecdh, SSL_set_tmp_ecdh, SSL_CTX_set_ecdh_auto, SSL_set_ecdh_auto +\&\- handle ECDH keys for ephemeral key exchange .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> \& -\& void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx); -\& -\& int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg); +\& long SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ecdh); +\& long SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ecdh); \& -\& void *SSL_get_ex_data(const SSL *s, int idx); -\& -\& int SSL_set_ex_data(SSL *s, int idx, void *arg); +\& long SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state); +\& long SSL_set_ecdh_auto(SSL *ssl, int state); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -SSL*\fB_set_ex_data()\fR functions can be used to store arbitrary user data into the -\&\fB\s-1SSL_CTX\s0\fR, or \fB\s-1SSL\s0\fR object. The user must supply a unique index -which they can subsequently use to retrieve the data using SSL*\fB_get_ex_data()\fR. +\&\fBSSL_CTX_set_tmp_ecdh()\fR sets \s-1ECDH\s0 parameters to be used to be \fBecdh\fR. +The key is inherited by all \fBssl\fR objects created from \fBctx\fR. +This macro is deprecated in favor of \fBSSL_CTX_set1_groups\fR\|(3). +.PP +\&\fBSSL_set_tmp_ecdh()\fR sets the parameters only for \fBssl\fR. +This macro is deprecated in favor of \fBSSL_set1_groups\fR\|(3). .PP -For more detailed information see \fBCRYPTO_get_ex_data\fR\|(3) and -\&\fBCRYPTO_set_ex_data\fR\|(3) which implement these functions and -\&\fBCRYPTO_get_ex_new_index\fR\|(3) for generating a unique index. +\&\fBSSL_CTX_set_ecdh_auto()\fR and \fBSSL_set_ecdh_auto()\fR are deprecated and +have no effect. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The SSL*\fB_set_ex_data()\fR functions return 1 if the item is successfully stored -and 0 if it is not. -The SSL*\fB_get_ex_data()\fR functions return the ex_data pointer if successful, -otherwise \s-1NULL.\s0 +\&\fBSSL_CTX_set_tmp_ecdh()\fR and \fBSSL_set_tmp_ecdh()\fR return 1 on success and 0 +on failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBCRYPTO_get_ex_data\fR\|(3), \fBCRYPTO_set_ex_data\fR\|(3), -\&\fBCRYPTO_get_ex_new_index\fR\|(3) +\&\fBssl\fR\|(7), \fBSSL_CTX_set1_curves\fR\|(3), \fBSSL_CTX_set_cipher_list\fR\|(3), +\&\fBSSL_CTX_set_options\fR\|(3), \fBSSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fBopenssl\-ciphers\fR\|(1), \fBopenssl\-ecparam\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_verify.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_verify.3 index 666885270148..727f132ebc8c 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_verify.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_verify.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,21 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_SET_VERIFY 3" -.TH SSL_CTX_SET_VERIFY 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_SET_VERIFY 3ossl" +.TH SSL_CTX_SET_VERIFY 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_get_ex_data_X509_STORE_CTX_idx, SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth, SSL_verify_cb, SSL_verify_client_post_handshake, SSL_set_post_handshake_auth, SSL_CTX_set_post_handshake_auth \&\- set peer certificate verification parameters +SSL_get_ex_data_X509_STORE_CTX_idx, +SSL_CTX_set_verify, SSL_set_verify, +SSL_CTX_set_verify_depth, SSL_set_verify_depth, +SSL_verify_cb, +SSL_verify_client_post_handshake, +SSL_set_post_handshake_auth, +SSL_CTX_set_post_handshake_auth +\&\- set various SSL/TLS parameters for peer certificate verification .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -174,6 +179,21 @@ no special \fBcallback\fR was set before, the default callback for the underlyin \&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR can be called to get the data index of the current \s-1SSL\s0 object that is doing the verification. .PP +In client mode \fBverify_callback\fR may also call the \fBSSL_set_retry_verify\fR\|(3) +function on the \fB\s-1SSL\s0\fR object set in the \fIx509_store_ctx\fR ex data (see +\&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3)) and return 1. +This would be typically done in case the certificate verification was not yet +able to succeed. +This makes the handshake suspend and return control to the calling application +with \fB\s-1SSL_ERROR_WANT_RETRY_VERIFY\s0\fR. +The application can for instance fetch further certificates or cert status +information needed for the verification. +Calling \fBSSL_connect\fR\|(3) again resumes the connection attempt by retrying the +server certificate verification step. +This process may even be repeated if need be. +Note that the handshake may still be aborted if a subsequent invocation of the +callback (e.g., at a lower depth, or for a separate error condition) returns 0. +.PP \&\fBSSL_CTX_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain verification that shall be allowed for \fBctx\fR. .PP @@ -464,9 +484,9 @@ The \s-1SSL_VERIFY_POST_HANDSHAKE\s0 option, and the \fBSSL_verify_client_post_h and \fBSSL_set_post_handshake_auth()\fR functions were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_use_certificate.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_use_certificate.3 index df2ce81a3ce0..8cb25b5798a0 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_use_certificate.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_use_certificate.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,41 +130,52 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_USE_CERTIFICATE 3" -.TH SSL_CTX_USE_CERTIFICATE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_USE_CERTIFICATE 3ossl" +.TH SSL_CTX_USE_CERTIFICATE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key, SSL_CTX_use_cert_and_key, SSL_use_cert_and_key \&\- load certificate and key data +SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, +SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, +SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, +SSL_use_certificate_chain_file, +SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, +SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, +SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, +SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, +SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, +SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key, +SSL_CTX_use_cert_and_key, SSL_use_cert_and_key +\&\- load certificate and key data .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> \& \& int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); -\& int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); +\& int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); \& int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); \& int SSL_use_certificate(SSL *ssl, X509 *x); -\& int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len); +\& int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); \& int SSL_use_certificate_file(SSL *ssl, const char *file, int type); \& \& int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); \& int SSL_use_certificate_chain_file(SSL *ssl, const char *file); \& \& int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); -\& int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d, +\& int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, \& long len); \& int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); \& int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); -\& int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len); +\& int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); \& int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); \& int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); -\& int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, unsigned char *d, long len); +\& int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, long len); \& int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); \& int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); -\& int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); +\& int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len); \& int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); \& \& int SSL_CTX_check_private_key(const SSL_CTX *ctx); @@ -218,10 +227,10 @@ similar except it loads the certificate chain into \fBssl\fR. \&\fBSSL_CTX_use_RSAPrivateKey()\fR adds the private key \fBrsa\fR of type \s-1RSA\s0 to \fBctx\fR. \fBSSL_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBssl\fR; \&\fBSSL_use_RSAPrivateKey()\fR adds \fBrsa\fR as private key of type \s-1RSA\s0 to \fBssl\fR. -If a certificate has already been set and the private does not belong -to the certificate an error is returned. To change a certificate, private -key pair the new certificate needs to be set with \fBSSL_use_certificate()\fR -or \fBSSL_CTX_use_certificate()\fR before setting the private key with +If a certificate has already been set and the private key does not belong +to the certificate an error is returned. To change a [certificate/private\-key] +pair, the new certificate needs to be set first with \fBSSL_use_certificate()\fR or +\&\fBSSL_CTX_use_certificate()\fR before setting the private key with \&\fBSSL_CTX_use_PrivateKey()\fR or \fBSSL_use_PrivateKey()\fR. .PP \&\fBSSL_CTX_use_cert_and_key()\fR and \fBSSL_use_cert_and_key()\fR assign the X.509 @@ -256,7 +265,7 @@ in \fBfile\fR to \fBssl\fR; \fBSSL_use_RSAPrivateKey_file()\fR adds the first pr \&\fBSSL_CTX_check_private_key()\fR checks the consistency of a private key with the corresponding certificate loaded into \fBctx\fR. If more than one key/certificate pair (\s-1RSA/DSA\s0) is installed, the last item installed will -be checked. If e.g. the last item was a \s-1RSA\s0 certificate or key, the \s-1RSA\s0 +be checked. If e.g. the last item was an \s-1RSA\s0 certificate or key, the \s-1RSA\s0 key/certificate pair will be checked. \fBSSL_check_private_key()\fR performs the same check for \fBssl\fR. If no key/certificate was explicitly added for this \fBssl\fR, the last item added into \fBctx\fR will be checked. @@ -274,7 +283,8 @@ Files of type \s-1SSL_FILETYPE_PEM\s0 can contain more than one item. .PP \&\fBSSL_CTX_use_certificate_chain_file()\fR adds the first certificate found in the file to the certificate store. The other certificates are added -to the store of chain certificates using \fBSSL_CTX_add1_chain_cert\fR\|(3). Note: versions of OpenSSL before 1.0.2 only had a single +to the store of chain certificates using \fBSSL_CTX_add1_chain_cert\fR\|(3). +Note: versions of OpenSSL before 1.0.2 only had a single certificate chain store for all certificate types, OpenSSL 1.0.2 and later have a separate chain store for each type. \fBSSL_CTX_use_certificate_chain_file()\fR should be used instead of the \fBSSL_CTX_use_certificate_file()\fR function in order @@ -316,9 +326,9 @@ Otherwise check out the error stack to find out the reason. \&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_use_psk_identity_hint.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_use_psk_identity_hint.3 index f49de95c4bef..50b31665067f 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_use_psk_identity_hint.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_use_psk_identity_hint.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,22 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_USE_PSK_IDENTITY_HINT 3" -.TH SSL_CTX_USE_PSK_IDENTITY_HINT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_USE_PSK_IDENTITY_HINT 3ossl" +.TH SSL_CTX_USE_PSK_IDENTITY_HINT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_psk_server_cb_func, SSL_psk_find_session_cb_func, SSL_CTX_use_psk_identity_hint, SSL_use_psk_identity_hint, SSL_CTX_set_psk_server_callback, SSL_set_psk_server_callback, SSL_CTX_set_psk_find_session_callback, SSL_set_psk_find_session_callback \&\- set PSK identity hint to use +SSL_psk_server_cb_func, +SSL_psk_find_session_cb_func, +SSL_CTX_use_psk_identity_hint, +SSL_use_psk_identity_hint, +SSL_CTX_set_psk_server_callback, +SSL_set_psk_server_callback, +SSL_CTX_set_psk_find_session_callback, +SSL_set_psk_find_session_callback +\&\- set PSK identity hint to use .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -215,8 +221,7 @@ check to see if a callback has been set via \fBSSL_CTX_set_psk_server_callback() will default to \s-1SHA\-256\s0 for any returned \s-1PSK.\s0 TLSv1.3 early data exchanges are possible in \s-1PSK\s0 connections only with the \fBSSL_psk_find_session_cb_func\fR callback, and are not possible with the \fBSSL_psk_server_cb_func\fR callback. -.SH "NOTES" -.IX Header "NOTES" +.PP A connection established via a TLSv1.3 \s-1PSK\s0 will appear as if session resumption has occurred so that \fBSSL_session_reused\fR\|(3) will return true. .SH "RETURN VALUES" @@ -255,6 +260,7 @@ ensure safety from cross-protocol related output by not reusing PSKs between \&\s-1TLS 1.3\s0 and \s-1TLS 1.2.\*(R"\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3), \&\fBSSL_set_psk_use_session_callback\fR\|(3) .SH "HISTORY" @@ -265,7 +271,7 @@ were added in OpenSSL 1.1.1. .IX Header "COPYRIGHT" Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_use_serverinfo.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_use_serverinfo.3 index 271e9e92beb7..0bf7e320015a 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_use_serverinfo.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_use_serverinfo.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,17 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CTX_USE_SERVERINFO 3" -.TH SSL_CTX_USE_SERVERINFO 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CTX_USE_SERVERINFO 3ossl" +.TH SSL_CTX_USE_SERVERINFO 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_use_serverinfo_ex, SSL_CTX_use_serverinfo, SSL_CTX_use_serverinfo_file \&\- use serverinfo extension +SSL_CTX_use_serverinfo_ex, +SSL_CTX_use_serverinfo, +SSL_CTX_use_serverinfo_file +\&\- use serverinfo extension .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -195,7 +196,7 @@ must be in a format as described above for \fBSSL_CTX_use_serverinfo_ex()\fR. E .PP If more than one certificate (\s-1RSA/DSA\s0) is installed using \&\fBSSL_CTX_use_certificate()\fR, the serverinfo extension will be loaded into the -last certificate installed. If e.g. the last item was a \s-1RSA\s0 certificate, the +last certificate installed. If e.g. the last item was an \s-1RSA\s0 certificate, the loaded serverinfo extension data will be loaded for that certificate. To use the serverinfo extension for multiple certificates, \&\fBSSL_CTX_use_serverinfo()\fR needs to be called multiple times, once \fBafter\fR @@ -205,11 +206,14 @@ each time a certificate is loaded via a call to \fBSSL_CTX_use_certificate()\fR. On success, the functions return 1. On failure, the functions return 0. Check out the error stack to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_free.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_free.3 index efe365c464d9..0cddf8b5eee9 100644 --- a/secure/lib/libcrypto/man/man3/SSL_SESSION_free.3 +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_free.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,21 +130,24 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_SESSION_FREE 3" -.TH SSL_SESSION_FREE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_SESSION_FREE 3ossl" +.TH SSL_SESSION_FREE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_SESSION_new, SSL_SESSION_dup, SSL_SESSION_up_ref, SSL_SESSION_free \- create, free and manage SSL_SESSION structures +SSL_SESSION_new, +SSL_SESSION_dup, +SSL_SESSION_up_ref, +SSL_SESSION_free \- create, free and manage SSL_SESSION structures .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> \& \& SSL_SESSION *SSL_SESSION_new(void); -\& SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src); +\& SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src); \& int SSL_SESSION_up_ref(SSL_SESSION *ses); \& void SSL_SESSION_free(SSL_SESSION *session); .Ve @@ -155,8 +156,8 @@ SSL_SESSION_new, SSL_SESSION_dup, SSL_SESSION_up_ref, SSL_SESSION_free \- create \&\fBSSL_SESSION_new()\fR creates a new \s-1SSL_SESSION\s0 structure and returns a pointer to it. .PP -\&\fBSSL_SESSION_dup()\fR copies the contents of the \s-1SSL_SESSION\s0 structure in \fBsrc\fR -and returns a pointer to it. +\&\fBSSL_SESSION_dup()\fR creates a new \s-1SSL_SESSION\s0 structure that is a copy of \fBsrc\fR. +The copy is not owned by any cache that \fBsrc\fR may have been in. .PP \&\fBSSL_SESSION_up_ref()\fR increments the reference count on the given \s-1SSL_SESSION\s0 structure. @@ -194,6 +195,8 @@ incorrect reference counts and therefore program failures. SSL_SESSION_new returns a pointer to the newly allocated \s-1SSL_SESSION\s0 structure or \s-1NULL\s0 on error. .PP +SSL_SESSION_dup returns a pointer to the new copy or \s-1NULL\s0 on error. +.PP SSL_SESSION_up_ref returns 1 on success or 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" @@ -206,9 +209,9 @@ SSL_SESSION_up_ref returns 1 on success or 0 on error. The \fBSSL_SESSION_dup()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_cipher.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_cipher.3 index 0885992db077..baf445c2c87b 100644 --- a/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_cipher.3 +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_cipher.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_SESSION_GET0_CIPHER 3" -.TH SSL_SESSION_GET0_CIPHER 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_SESSION_GET0_CIPHER 3ossl" +.TH SSL_SESSION_GET0_CIPHER 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_SESSION_get0_cipher, SSL_SESSION_set_cipher \&\- set and retrieve the SSL cipher associated with a session +SSL_SESSION_get0_cipher, +SSL_SESSION_set_cipher +\&\- set and retrieve the SSL cipher associated with a session .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -181,7 +181,7 @@ The \fBSSL_SESSION_set_cipher()\fR function was added in OpenSSL 1.1.1. .IX Header "COPYRIGHT" Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_hostname.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_hostname.3 index 0a900097a946..81cfa8bc19da 100644 --- a/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_hostname.3 +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_hostname.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,18 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_SESSION_GET0_HOSTNAME 3" -.TH SSL_SESSION_GET0_HOSTNAME 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_SESSION_GET0_HOSTNAME 3ossl" +.TH SSL_SESSION_GET0_HOSTNAME 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_SESSION_get0_hostname, SSL_SESSION_set1_hostname, SSL_SESSION_get0_alpn_selected, SSL_SESSION_set1_alpn_selected \&\- get and set SNI and ALPN data associated with a session +SSL_SESSION_get0_hostname, +SSL_SESSION_set1_hostname, +SSL_SESSION_get0_alpn_selected, +SSL_SESSION_set1_alpn_selected +\&\- get and set SNI and ALPN data associated with a session .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -198,7 +200,7 @@ The \fBSSL_SESSION_set1_hostname()\fR, \fBSSL_SESSION_get0_alpn_selected()\fR an .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_id_context.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_id_context.3 index 7138d5ab34b5..9c6a80b622a5 100644 --- a/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_id_context.3 +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_id_context.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,21 +130,23 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_SESSION_GET0_ID_CONTEXT 3" -.TH SSL_SESSION_GET0_ID_CONTEXT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_SESSION_GET0_ID_CONTEXT 3ossl" +.TH SSL_SESSION_GET0_ID_CONTEXT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_SESSION_get0_id_context, SSL_SESSION_set1_id_context \&\- get and set the SSL ID context associated with a session +SSL_SESSION_get0_id_context, +SSL_SESSION_set1_id_context +\&\- get and set the SSL ID context associated with a session .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> \& \& const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, -\& unsigned int *len) +\& unsigned int *len); \& int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, \& unsigned int sid_ctx_len); .Ve @@ -177,9 +177,9 @@ is given by \fBsid_ctx_len\fR which must not exceed \s-1SSL_MAX_SID_CTX_LENGTH\s The \fBSSL_SESSION_get0_id_context()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_peer.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_peer.3 index 37f20ba8e73d..ebffa144e0e8 100644 --- a/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_peer.3 +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_peer.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_SESSION_GET0_PEER 3" -.TH SSL_SESSION_GET0_PEER 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_SESSION_GET0_PEER 3ossl" +.TH SSL_SESSION_GET0_PEER 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_SESSION_get0_peer \&\- get details about peer's certificate for a session +SSL_SESSION_get0_peer +\&\- get details about peer's certificate for a session .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -163,7 +162,7 @@ no peer certificate is available. .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_get_compress_id.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_get_compress_id.3 index d9da85260d83..b366d8fb8360 100644 --- a/secure/lib/libcrypto/man/man3/SSL_SESSION_get_compress_id.3 +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_get_compress_id.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_SESSION_GET_COMPRESS_ID 3" -.TH SSL_SESSION_GET_COMPRESS_ID 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_SESSION_GET_COMPRESS_ID 3ossl" +.TH SSL_SESSION_GET_COMPRESS_ID 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_SESSION_get_compress_id \&\- get details about the compression associated with a session +SSL_SESSION_get_compress_id +\&\- get details about the compression associated with a session .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -164,7 +163,7 @@ none. .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_get_protocol_version.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_get_protocol_version.3 index 0be9a49477a0..20ff11b2ced6 100644 --- a/secure/lib/libcrypto/man/man3/SSL_SESSION_get_protocol_version.3 +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_get_protocol_version.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_SESSION_GET_PROTOCOL_VERSION 3" -.TH SSL_SESSION_GET_PROTOCOL_VERSION 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_SESSION_GET_PROTOCOL_VERSION 3ossl" +.TH SSL_SESSION_GET_PROTOCOL_VERSION 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_SESSION_get_protocol_version, SSL_SESSION_set_protocol_version \&\- get and set the session protocol version +SSL_SESSION_get_protocol_version, +SSL_SESSION_set_protocol_version +\&\- get and set the session protocol version .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -179,7 +179,7 @@ The \fBSSL_SESSION_set_protocol_version()\fR function was added in OpenSSL 1.1.1 .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_get_time.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_get_time.3 index c9e601275edd..f62ee7b0e213 100644 --- a/secure/lib/libcrypto/man/man3/SSL_SESSION_get_time.3 +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_get_time.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,17 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_SESSION_GET_TIME 3" -.TH SSL_SESSION_GET_TIME 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_SESSION_GET_TIME 3ossl" +.TH SSL_SESSION_GET_TIME 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_set_timeout, SSL_get_time, SSL_set_time, SSL_get_timeout, SSL_set_timeout \&\- retrieve and manipulate session time and timeout settings +SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, +SSL_SESSION_set_timeout, +SSL_get_time, SSL_set_time, SSL_get_timeout, SSL_set_timeout +\&\- retrieve and manipulate session time and timeout settings .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -198,7 +199,7 @@ If any of the function is passed the \s-1NULL\s0 pointer for the session \fBs\fR .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_has_ticket.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_has_ticket.3 index 960334ae145f..a1ed7871b012 100644 --- a/secure/lib/libcrypto/man/man3/SSL_SESSION_has_ticket.3 +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_has_ticket.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_SESSION_HAS_TICKET 3" -.TH SSL_SESSION_HAS_TICKET 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_SESSION_HAS_TICKET 3ossl" +.TH SSL_SESSION_HAS_TICKET 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_SESSION_get0_ticket, SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint \&\- get details about the ticket associated with a session +SSL_SESSION_get0_ticket, +SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint +\&\- get details about the ticket associated with a session .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -182,7 +182,7 @@ and \fBSSL_SESSION_get0_ticket()\fR functions were added in OpenSSL 1.1.0. .IX Header "COPYRIGHT" Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_is_resumable.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_is_resumable.3 index 3a6340b0dec4..e67c89b7b4ea 100644 --- a/secure/lib/libcrypto/man/man3/SSL_SESSION_is_resumable.3 +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_is_resumable.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_SESSION_IS_RESUMABLE 3" -.TH SSL_SESSION_IS_RESUMABLE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_SESSION_IS_RESUMABLE 3ossl" +.TH SSL_SESSION_IS_RESUMABLE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_SESSION_is_resumable \&\- determine whether an SSL_SESSION object can be used for resumption +SSL_SESSION_is_resumable +\&\- determine whether an SSL_SESSION object can be used for resumption .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -168,7 +167,7 @@ The \fBSSL_SESSION_is_resumable()\fR function was added in OpenSSL 1.1.1. .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_print.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_print.3 index 3ef6ea6c526a..3418084866ae 100644 --- a/secure/lib/libcrypto/man/man3/SSL_SESSION_print.3 +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_print.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,17 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_SESSION_PRINT 3" -.TH SSL_SESSION_PRINT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_SESSION_PRINT 3ossl" +.TH SSL_SESSION_PRINT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_SESSION_print, SSL_SESSION_print_fp, SSL_SESSION_print_keylog \&\- printf information about a session +SSL_SESSION_print, +SSL_SESSION_print_fp, +SSL_SESSION_print_keylog +\&\- printf information about a session .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -170,7 +171,7 @@ in \s-1NSS\s0 keylog format. .IX Header "COPYRIGHT" Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_set1_id.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_set1_id.3 index 79161515f66f..b8a1b5614ce7 100644 --- a/secure/lib/libcrypto/man/man3/SSL_SESSION_set1_id.3 +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_set1_id.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,21 +130,23 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_SESSION_SET1_ID 3" -.TH SSL_SESSION_SET1_ID 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_SESSION_SET1_ID 3ossl" +.TH SSL_SESSION_SET1_ID 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_SESSION_get_id, SSL_SESSION_set1_id \&\- get and set the SSL session ID +SSL_SESSION_get_id, +SSL_SESSION_set1_id +\&\- get and set the SSL session ID .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> \& \& const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, -\& unsigned int *len) +\& unsigned int *len); \& int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, \& unsigned int sid_len); .Ve @@ -171,9 +171,9 @@ if the supplied session \s-1ID\s0 length exceeds \fB\s-1SSL_MAX_SSL_SESSION_ID_L The \fBSSL_SESSION_set1_id()\fR function was added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_accept.3 b/secure/lib/libcrypto/man/man3/SSL_accept.3 index 13922943f828..3e71f509bd15 100644 --- a/secure/lib/libcrypto/man/man3/SSL_accept.3 +++ b/secure/lib/libcrypto/man/man3/SSL_accept.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_ACCEPT 3" -.TH SSL_ACCEPT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_ACCEPT 3ossl" +.TH SSL_ACCEPT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -199,7 +197,7 @@ to find out the reason. .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_alert_type_string.3 b/secure/lib/libcrypto/man/man3/SSL_alert_type_string.3 index f1f0cdb3d5da..4de1d9d001b5 100644 --- a/secure/lib/libcrypto/man/man3/SSL_alert_type_string.3 +++ b/secure/lib/libcrypto/man/man3/SSL_alert_type_string.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_ALERT_TYPE_STRING 3" -.TH SSL_ALERT_TYPE_STRING 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_ALERT_TYPE_STRING 3ossl" +.TH SSL_ALERT_TYPE_STRING 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -363,7 +361,7 @@ Probably \fBvalue\fR does not contain a correct alert message. .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_alloc_buffers.3 b/secure/lib/libcrypto/man/man3/SSL_alloc_buffers.3 index 63711b263943..74aa5e4a93ce 100644 --- a/secure/lib/libcrypto/man/man3/SSL_alloc_buffers.3 +++ b/secure/lib/libcrypto/man/man3/SSL_alloc_buffers.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_ALLOC_BUFFERS 3" -.TH SSL_ALLOC_BUFFERS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_ALLOC_BUFFERS 3ossl" +.TH SSL_ALLOC_BUFFERS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -180,14 +178,15 @@ This value is also returned if the buffers had been allocated before calling \&\fBSSL_alloc_buffers()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \&\fBSSL_free\fR\|(3), \fBSSL_clear\fR\|(3), \&\fBSSL_new\fR\|(3), \fBSSL_CTX_set_mode\fR\|(3), -CRYPTO_set_mem_functions +\&\fBCRYPTO_set_mem_functions\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_check_chain.3 b/secure/lib/libcrypto/man/man3/SSL_check_chain.3 index 64f494b86a7b..577908b7b11b 100644 --- a/secure/lib/libcrypto/man/man3/SSL_check_chain.3 +++ b/secure/lib/libcrypto/man/man3/SSL_check_chain.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CHECK_CHAIN 3" -.TH SSL_CHECK_CHAIN 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CHECK_CHAIN 3ossl" +.TH SSL_CHECK_CHAIN 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -219,7 +217,7 @@ for earlier versions of \s-1TLS\s0 or \s-1DTLS.\s0 .IX Header "COPYRIGHT" Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_clear.3 b/secure/lib/libcrypto/man/man3/SSL_clear.3 index 15dcf39a3cf4..0e333b6228ae 100644 --- a/secure/lib/libcrypto/man/man3/SSL_clear.3 +++ b/secure/lib/libcrypto/man/man3/SSL_clear.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CLEAR 3" -.TH SSL_CLEAR 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CLEAR 3ossl" +.TH SSL_CLEAR 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -202,7 +200,7 @@ The \fBSSL_clear()\fR operation was successful. .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_connect.3 b/secure/lib/libcrypto/man/man3/SSL_connect.3 index 913d5f4f2c7b..b0a624244248 100644 --- a/secure/lib/libcrypto/man/man3/SSL_connect.3 +++ b/secure/lib/libcrypto/man/man3/SSL_connect.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_CONNECT 3" -.TH SSL_CONNECT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_CONNECT 3ossl" +.TH SSL_CONNECT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -214,7 +212,7 @@ to find out the reason. .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_do_handshake.3 b/secure/lib/libcrypto/man/man3/SSL_do_handshake.3 index dd3d051deff6..07f0c59ffe97 100644 --- a/secure/lib/libcrypto/man/man3/SSL_do_handshake.3 +++ b/secure/lib/libcrypto/man/man3/SSL_do_handshake.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_DO_HANDSHAKE 3" -.TH SSL_DO_HANDSHAKE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_DO_HANDSHAKE 3ossl" +.TH SSL_DO_HANDSHAKE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -198,7 +196,7 @@ to find out the reason. .IX Header "COPYRIGHT" Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_export_keying_material.3 b/secure/lib/libcrypto/man/man3/SSL_export_keying_material.3 index 83676edac5e4..aecc24ca8bf1 100644 --- a/secure/lib/libcrypto/man/man3/SSL_export_keying_material.3 +++ b/secure/lib/libcrypto/man/man3/SSL_export_keying_material.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_EXPORT_KEYING_MATERIAL 3" -.TH SSL_EXPORT_KEYING_MATERIAL 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_EXPORT_KEYING_MATERIAL 3ossl" +.TH SSL_EXPORT_KEYING_MATERIAL 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_export_keying_material, SSL_export_keying_material_early \&\- obtain keying material for application use +SSL_export_keying_material, +SSL_export_keying_material_early +\&\- obtain keying material for application use .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -204,6 +204,9 @@ above. Attempting to use it in SSLv3 will result in an error. \&\fBSSL_export_keying_material()\fR returns 0 or \-1 on failure or 1 on success. .PP \&\fBSSL_export_keying_material_early()\fR returns 0 on failure or 1 on success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_export_keying_material_early()\fR function was added in OpenSSL 1.1.1. @@ -211,7 +214,7 @@ The \fBSSL_export_keying_material_early()\fR function was added in OpenSSL 1.1.1 .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_extension_supported.3 b/secure/lib/libcrypto/man/man3/SSL_extension_supported.3 index b5793f889eda..e4adb3435172 100644 --- a/secure/lib/libcrypto/man/man3/SSL_extension_supported.3 +++ b/secure/lib/libcrypto/man/man3/SSL_extension_supported.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,37 +130,44 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_EXTENSION_SUPPORTED 3" -.TH SSL_EXTENSION_SUPPORTED 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_EXTENSION_SUPPORTED 3ossl" +.TH SSL_EXTENSION_SUPPORTED 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_extension_supported, SSL_CTX_add_custom_ext, SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext, custom_ext_add_cb, custom_ext_free_cb, custom_ext_parse_cb \&\- custom TLS extension handling +SSL_extension_supported, +SSL_custom_ext_add_cb_ex, +SSL_custom_ext_free_cb_ex, +SSL_custom_ext_parse_cb_ex, +SSL_CTX_add_custom_ext, +SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext, +custom_ext_add_cb, custom_ext_free_cb, custom_ext_parse_cb +\&\- custom TLS extension handling .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> \& -\& typedef int (*SSL_custom_ext_add_cb_ex) (SSL *s, unsigned int ext_type, -\& unsigned int context, -\& const unsigned char **out, -\& size_t *outlen, X509 *x, -\& size_t chainidx, int *al, -\& void *add_arg); +\& typedef int (*SSL_custom_ext_add_cb_ex)(SSL *s, unsigned int ext_type, +\& unsigned int context, +\& const unsigned char **out, +\& size_t *outlen, X509 *x, +\& size_t chainidx, int *al, +\& void *add_arg); \& -\& typedef void (*SSL_custom_ext_free_cb_ex) (SSL *s, unsigned int ext_type, -\& unsigned int context, -\& const unsigned char *out, -\& void *add_arg); +\& typedef void (*SSL_custom_ext_free_cb_ex)(SSL *s, unsigned int ext_type, +\& unsigned int context, +\& const unsigned char *out, +\& void *add_arg); \& -\& typedef int (*SSL_custom_ext_parse_cb_ex) (SSL *s, unsigned int ext_type, -\& unsigned int context, -\& const unsigned char *in, -\& size_t inlen, X509 *x, -\& size_t chainidx, int *al, -\& void *parse_arg); +\& typedef int (*SSL_custom_ext_parse_cb_ex)(SSL *s, unsigned int ext_type, +\& unsigned int context, +\& const unsigned char *in, +\& size_t inlen, X509 *x, +\& size_t chainidx, int *al, +\& void *parse_arg); \& \& int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, \& unsigned int context, @@ -386,14 +391,17 @@ failure). .PP \&\fBSSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled internally by OpenSSL and 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_CTX_add_custom_ext()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2014\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2014\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_free.3 b/secure/lib/libcrypto/man/man3/SSL_free.3 index d08c9bdce7bd..965b9e57026e 100644 --- a/secure/lib/libcrypto/man/man3/SSL_free.3 +++ b/secure/lib/libcrypto/man/man3/SSL_free.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_FREE 3" -.TH SSL_FREE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_FREE 3ossl" +.TH SSL_FREE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -180,7 +178,7 @@ from the session cache as required by \s-1RFC2246.\s0 .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_get0_peer_scts.3 b/secure/lib/libcrypto/man/man3/SSL_get0_peer_scts.3 index 74388fa23128..7b8cb213064b 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get0_peer_scts.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get0_peer_scts.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_GET0_PEER_SCTS 3" -.TH SSL_GET0_PEER_SCTS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_GET0_PEER_SCTS 3ossl" +.TH SSL_GET0_PEER_SCTS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -170,7 +168,7 @@ capable of sending. .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_SSL_CTX.3 b/secure/lib/libcrypto/man/man3/SSL_get_SSL_CTX.3 index 24bc597e8f58..9ea9eb53e98a 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_SSL_CTX.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_SSL_CTX.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_GET_SSL_CTX 3" -.TH SSL_GET_SSL_CTX 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_GET_SSL_CTX 3ossl" +.TH SSL_GET_SSL_CTX 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -161,7 +159,7 @@ The pointer to the \s-1SSL_CTX\s0 object is returned. .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_all_async_fds.3 b/secure/lib/libcrypto/man/man3/SSL_get_all_async_fds.3 index fbfcbdf4a2be..a8f4a76fd4e4 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_all_async_fds.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_all_async_fds.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,17 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_GET_ALL_ASYNC_FDS 3" -.TH SSL_GET_ALL_ASYNC_FDS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_GET_ALL_ASYNC_FDS 3ossl" +.TH SSL_GET_ALL_ASYNC_FDS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_waiting_for_async, SSL_get_all_async_fds, SSL_get_changed_async_fds \&\- manage asynchronous operations +SSL_waiting_for_async, +SSL_get_all_async_fds, +SSL_get_changed_async_fds +\&\- manage asynchronous operations .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 2 @@ -154,32 +155,32 @@ SSL_waiting_for_async, SSL_get_all_async_fds, SSL_get_changed_async_fds \&\- man .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBSSL_waiting_for_async()\fR determines whether an \s-1SSL\s0 connection is currently -waiting for asynchronous operations to complete (see the \s-1SSL_MODE_ASYNC\s0 mode in -\&\fBSSL_CTX_set_mode\fR\|(3)). +waiting for asynchronous operations to complete (see the \fB\s-1SSL_MODE_ASYNC\s0\fR mode +in \fBSSL_CTX_set_mode\fR\|(3)). .PP \&\fBSSL_get_all_async_fds()\fR returns a list of file descriptor which can be used in a call to \fBselect()\fR or \fBpoll()\fR to determine whether the current asynchronous operation has completed or not. A completed operation will result in data appearing as \*(L"read ready\*(R" on the file descriptor (no actual data should be read -from the file descriptor). This function should only be called if the \s-1SSL\s0 object -is currently waiting for asynchronous work to complete (i.e. -\&\s-1SSL_ERROR_WANT_ASYNC\s0 has been received \- see \fBSSL_get_error\fR\|(3)). Typically the -list will only contain one file descriptor. However, if multiple asynchronous +from the file descriptor). This function should only be called if the \fB\s-1SSL\s0\fR +object is currently waiting for asynchronous work to complete (i.e. +\&\fB\s-1SSL_ERROR_WANT_ASYNC\s0\fR has been received \- see \fBSSL_get_error\fR\|(3)). Typically +the list will only contain one file descriptor. However, if multiple asynchronous capable engines are in use then more than one is possible. The number of file -descriptors returned is stored in \fB*numfds\fR and the file descriptors themselves -are in \fB*fds\fR. The \fBfds\fR parameter may be \s-1NULL\s0 in which case no file -descriptors are returned but \fB*numfds\fR is still populated. It is the callers -responsibility to ensure sufficient memory is allocated at \fB*fds\fR so typically -this function is called twice (once with a \s-1NULL\s0 \fBfds\fR parameter and once +descriptors returned is stored in \fI*numfds\fR and the file descriptors themselves +are in \fI*fds\fR. The \fIfds\fR parameter may be \s-1NULL\s0 in which case no file +descriptors are returned but \fI*numfds\fR is still populated. It is the callers +responsibility to ensure sufficient memory is allocated at \fI*fds\fR so typically +this function is called twice (once with a \s-1NULL\s0 \fIfds\fR parameter and once without). .PP \&\fBSSL_get_changed_async_fds()\fR returns a list of the asynchronous file descriptors that have been added and a list that have been deleted since the last -\&\s-1SSL_ERROR_WANT_ASYNC\s0 was received (or since the \s-1SSL\s0 object was created if no -\&\s-1SSL_ERROR_WANT_ASYNC\s0 has been received). Similar to \fBSSL_get_all_async_fds()\fR it -is the callers responsibility to ensure that \fB*addfd\fR and \fB*delfd\fR have +\&\fB\s-1SSL_ERROR_WANT_ASYNC\s0\fR was received (or since the \fB\s-1SSL\s0\fR object was created if +no \fB\s-1SSL_ERROR_WANT_ASYNC\s0\fR has been received). Similar to \fBSSL_get_all_async_fds()\fR +it is the callers responsibility to ensure that \fI*addfd\fR and \fI*delfd\fR have sufficient memory allocated, although they may be \s-1NULL.\s0 The number of added fds -and the number of deleted fds are stored in \fB*numaddfds\fR and \fB*numdelfds\fR +and the number of deleted fds are stored in \fI*numaddfds\fR and \fI*numdelfds\fR respectively. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -190,14 +191,15 @@ for an async operation to complete and 0 otherwise. 0 on error. .SH "NOTES" .IX Header "NOTES" -On Windows platforms the openssl/async.h header is dependent on some -of the types customarily made available by including windows.h. The +On Windows platforms the \fI<openssl/async.h>\fR header is dependent on some +of the types customarily made available by including \fI<windows.h>\fR. The application developer is likely to require control over when the latter is included, commonly as one of the first included headers. Therefore, it is defined as an application developer's responsibility to include -windows.h prior to async.h. +\&\fI<windows.h>\fR prior to \fI<openssl/async.h>\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \&\fBSSL_get_error\fR\|(3), \fBSSL_CTX_set_mode\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" @@ -205,9 +207,9 @@ The \fBSSL_waiting_for_async()\fR, \fBSSL_get_all_async_fds()\fR and \fBSSL_get_changed_async_fds()\fR functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_certificate.3 b/secure/lib/libcrypto/man/man3/SSL_get_certificate.3 new file mode 100644 index 000000000000..7b96508d7fd3 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_get_certificate.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_CERTIFICATE 3ossl" +.TH SSL_GET_CERTIFICATE 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_certificate, SSL_get_privatekey \- retrieve TLS/SSL certificate and +private key +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +\& +\& X509 *SSL_get_certificate(const SSL *s); +\& EVP_PKEY *SSL_get_privatekey(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_certificate()\fR returns a pointer to an \fBX509\fR object representing a +certificate used as the local peer's identity. +.PP +Multiple certificates can be configured; for example, a server might have both +\&\s-1RSA\s0 and \s-1ECDSA\s0 certificates. The certificate which is returned by +\&\fBSSL_get_certificate()\fR is determined as follows: +.IP "\(bu" 4 +If it is called before certificate selection has occurred, it returns the most +recently added certificate, or \s-1NULL\s0 if no certificate has been added. +.IP "\(bu" 4 +After certificate selection has occurred, it returns the certificate which was +selected during the handshake, or \s-1NULL\s0 if no certificate was selected (for +example, on a client where no client certificate is in use). +.PP +Certificate selection occurs during the handshake; therefore, the value returned +by \fBSSL_get_certificate()\fR during any callback made during the handshake process +will depend on whether that callback is made before or after certificate +selection occurs. +.PP +A specific use for \fBSSL_get_certificate()\fR is inside a callback set via a call to +\&\fBSSL_CTX_set_tlsext_status_cb\fR\|(3). This callback occurs after certificate +selection, where it can be used to examine a server's chosen certificate, for +example for the purpose of identifying a certificate's \s-1OCSP\s0 responder \s-1URL\s0 so +that an \s-1OCSP\s0 response can be obtained. +.PP +\&\fBSSL_get_privatekey()\fR returns a pointer to the \fB\s-1EVP_PKEY\s0\fR object corresponding +to the certificate returned by \fBSSL_get_certificate()\fR, if any. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return pointers to their respective objects, or \s-1NULL\s0 if no such +object is available. Returned objects are owned by the \s-1SSL\s0 object and should not +be freed by users of these functions. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_set_tlsext_status_cb\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2022 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_ciphers.3 b/secure/lib/libcrypto/man/man3/SSL_get_ciphers.3 index eff1fa1af2a4..1d2cdec1102f 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_ciphers.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_ciphers.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,21 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_GET_CIPHERS 3" -.TH SSL_GET_CIPHERS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_GET_CIPHERS 3ossl" +.TH SSL_GET_CIPHERS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_get1_supported_ciphers, SSL_get_client_ciphers, SSL_get_ciphers, SSL_CTX_get_ciphers, SSL_bytes_to_cipher_list, SSL_get_cipher_list, SSL_get_shared_ciphers \&\- get list of available SSL_CIPHERs +SSL_get1_supported_ciphers, +SSL_get_client_ciphers, +SSL_get_ciphers, +SSL_CTX_get_ciphers, +SSL_bytes_to_cipher_list, +SSL_get_cipher_list, +SSL_get_shared_ciphers +\&\- get list of available SSL_CIPHERs .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -235,7 +240,7 @@ See \s-1DESCRIPTION\s0 .IX Header "COPYRIGHT" Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_client_random.3 b/secure/lib/libcrypto/man/man3/SSL_get_client_random.3 index fa9b98bdd9a6..eb2ac1ea8374 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_client_random.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_client_random.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,18 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_GET_CLIENT_RANDOM 3" -.TH SSL_GET_CLIENT_RANDOM 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_GET_CLIENT_RANDOM 3ossl" +.TH SSL_GET_CLIENT_RANDOM 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_get_client_random, SSL_get_server_random, SSL_SESSION_get_master_key, SSL_SESSION_set1_master_key \&\- get internal TLS/SSL random values and get/set master key +SSL_get_client_random, +SSL_get_server_random, +SSL_SESSION_get_master_key, +SSL_SESSION_set1_master_key +\&\- get internal TLS/SSL random values and get/set master key .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -223,7 +225,7 @@ of bytes they would copy \*(-- that is, the length of the underlying field. .IX Header "COPYRIGHT" Copyright 2015\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_current_cipher.3 b/secure/lib/libcrypto/man/man3/SSL_get_current_cipher.3 index 6a44c8eeb967..86be61d0984e 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_current_cipher.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_current_cipher.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_GET_CURRENT_CIPHER 3" -.TH SSL_GET_CURRENT_CIPHER 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_GET_CURRENT_CIPHER 3ossl" +.TH SSL_GET_CURRENT_CIPHER 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_get_current_cipher, SSL_get_cipher_name, SSL_get_cipher, SSL_get_cipher_bits, SSL_get_cipher_version, SSL_get_pending_cipher \- get SSL_CIPHER of a connection +SSL_get_current_cipher, SSL_get_cipher_name, SSL_get_cipher, +SSL_get_cipher_bits, SSL_get_cipher_version, +SSL_get_pending_cipher \- get SSL_CIPHER of a connection .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -194,7 +194,7 @@ SSL_get_cipher_name are implemented as macros. .IX Header "COPYRIGHT" Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_default_timeout.3 b/secure/lib/libcrypto/man/man3/SSL_get_default_timeout.3 index 8ea8e353db84..a829ffff1390 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_default_timeout.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_default_timeout.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_GET_DEFAULT_TIMEOUT 3" -.TH SSL_GET_DEFAULT_TIMEOUT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_GET_DEFAULT_TIMEOUT 3ossl" +.TH SSL_GET_DEFAULT_TIMEOUT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -175,7 +173,7 @@ See description. .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_error.3 b/secure/lib/libcrypto/man/man3/SSL_get_error.3 index d799897c62a7..4d63ab36b208 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_error.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_GET_ERROR 3" -.TH SSL_GET_ERROR 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_GET_ERROR 3ossl" +.TH SSL_GET_ERROR 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -161,6 +159,14 @@ used in the same thread that performed the \s-1TLS/SSL I/O\s0 operation, and no other OpenSSL function calls should appear in between. The current thread's error queue must be empty before the \s-1TLS/SSL I/O\s0 operation is attempted, or \fBSSL_get_error()\fR will not work reliably. +.SH "NOTES" +.IX Header "NOTES" +Some \s-1TLS\s0 implementations do not send a close_notify alert on shutdown. +.PP +On an unexpected \s-1EOF,\s0 versions before OpenSSL 3.0 returned +\&\fB\s-1SSL_ERROR_SYSCALL\s0\fR, nothing was added to the error stack, and errno was 0. +Since OpenSSL 3.0 the returned error is \fB\s-1SSL_ERROR_SSL\s0\fR with a meaningful +error on the error stack. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can currently occur: @@ -175,6 +181,9 @@ close_notify alert. No more data can be read. Note that \fB\s-1SSL_ERROR_ZERO_RETURN\s0\fR does not necessarily indicate that the underlying transport has been closed. +.Sp +This error can also appear when the option \fB\s-1SSL_OP_IGNORE_UNEXPECTED_EOF\s0\fR +is set. See \fBSSL_CTX_set_options\fR\|(3) for more details. .IP "\s-1SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE\s0" 4 .IX Item "SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE" The operation did not complete and can be retried later. @@ -204,7 +213,9 @@ protocol level. It is safe to call \fBSSL_read()\fR or \fBSSL_read_ex()\fR when more data is available even when the call that set this error was an \fBSSL_write()\fR or \fBSSL_write_ex()\fR. However, if the call was an \fBSSL_write()\fR or \fBSSL_write_ex()\fR, it should be called -again to continue sending the application data. +again to continue sending the application data. If you get \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR +from \fBSSL_write()\fR or \fBSSL_write_ex()\fR then you should not do any other operation +that could trigger \fB\s-1IO\s0\fR other than to repeat the previous \fBSSL_write()\fR call. .Sp For socket \fB\s-1BIO\s0\fRs (e.g. when \fBSSL_set_fd()\fR was used), \fBselect()\fR or \&\fBpoll()\fR on the underlying socket can be used to find out when the @@ -276,17 +287,6 @@ A non-recoverable, fatal error in the \s-1SSL\s0 library occurred, usually a pro error. The OpenSSL error queue contains more information on the error. If this error occurs then no further I/O operations should be performed on the connection and \fBSSL_shutdown()\fR must not be called. -.SH "BUGS" -.IX Header "BUGS" -The \fB\s-1SSL_ERROR_SYSCALL\s0\fR with \fBerrno\fR value of 0 indicates unexpected \s-1EOF\s0 from -the peer. This will be properly reported as \fB\s-1SSL_ERROR_SSL\s0\fR with reason -code \fB\s-1SSL_R_UNEXPECTED_EOF_WHILE_READING\s0\fR in the OpenSSL 3.0 release because -it is truly a \s-1TLS\s0 protocol error to terminate the connection without -a \fBSSL_shutdown()\fR. -.PP -The issue is kept unfixed in OpenSSL 1.1.1 releases because many applications -which choose to ignore this protocol error depend on the existing way of -reporting the error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7) @@ -296,9 +296,9 @@ The \s-1SSL_ERROR_WANT_ASYNC\s0 error code was added in OpenSSL 1.1.0. The \s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0 error code was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_extms_support.3 b/secure/lib/libcrypto/man/man3/SSL_get_extms_support.3 index 98696615ebf8..43f7374ccd43 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_extms_support.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_extms_support.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_GET_EXTMS_SUPPORT 3" -.TH SSL_GET_EXTMS_SUPPORT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_GET_EXTMS_SUPPORT 3ossl" +.TH SSL_GET_EXTMS_SUPPORT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -166,7 +164,7 @@ was used. .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_fd.3 b/secure/lib/libcrypto/man/man3/SSL_get_fd.3 index 56e577a4f0aa..3df3bc9a7055 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_fd.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_fd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_GET_FD 3" -.TH SSL_GET_FD 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_GET_FD 3ossl" +.TH SSL_GET_FD 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -173,7 +171,7 @@ The file descriptor linked to \fBssl\fR. .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_peer_cert_chain.3 b/secure/lib/libcrypto/man/man3/SSL_get_peer_cert_chain.3 index d3858ccb88d7..e113fbe04fc1 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_peer_cert_chain.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_peer_cert_chain.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_GET_PEER_CERT_CHAIN 3" -.TH SSL_GET_PEER_CERT_CHAIN 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_GET_PEER_CERT_CHAIN 3ossl" +.TH SSL_GET_PEER_CERT_CHAIN 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_get_peer_cert_chain, SSL_get0_verified_chain \- get the X509 certificate chain of the peer +SSL_get_peer_cert_chain, SSL_get0_verified_chain \- get the X509 certificate +chain of the peer .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -195,7 +194,7 @@ The return value points to the certificate chain presented by the peer. .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_peer_certificate.3 b/secure/lib/libcrypto/man/man3/SSL_get_peer_certificate.3 index 7224a665f70a..0f2eeb9db3b4 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_peer_certificate.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_peer_certificate.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,24 +130,28 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_GET_PEER_CERTIFICATE 3" -.TH SSL_GET_PEER_CERTIFICATE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_GET_PEER_CERTIFICATE 3ossl" +.TH SSL_GET_PEER_CERTIFICATE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_get_peer_certificate \- get the X509 certificate of the peer +SSL_get_peer_certificate, +SSL_get0_peer_certificate, +SSL_get1_peer_certificate \- get the X509 certificate of the peer .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> \& \& X509 *SSL_get_peer_certificate(const SSL *ssl); +\& X509 *SSL_get0_peer_certificate(const SSL *ssl); +\& X509 *SSL_get1_peer_certificate(const SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBSSL_get_peer_certificate()\fR returns a pointer to the X509 certificate the +These functions return a pointer to the X509 certificate the peer presented. If the peer did not present a certificate, \s-1NULL\s0 is returned. .SH "NOTES" .IX Header "NOTES" @@ -163,9 +165,15 @@ That a certificate is returned does not indicate information about the verification state, use \fBSSL_get_verify_result\fR\|(3) to check the verification state. .PP -The reference count of the X509 object is incremented by one, so that it -will not be destroyed when the session containing the peer certificate is -freed. The X509 object must be explicitly freed using \fBX509_free()\fR. +The reference count of the X509 object returned by \fBSSL_get1_peer_certificate()\fR +is incremented by one, so that it will not be destroyed when the session +containing the peer certificate is freed. The X509 object must be explicitly +freed using \fBX509_free()\fR. +.PP +The reference count of the X509 object returned by \fBSSL_get0_peer_certificate()\fR +is not incremented, and must not be freed. +.PP +\&\fBSSL_get_peer_certificate()\fR is an alias of \fBSSL_get1_peer_certificate()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: @@ -179,11 +187,15 @@ The return value points to the certificate presented by the peer. .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_get_verify_result\fR\|(3), \&\fBSSL_CTX_set_verify\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBSSL_get0_peer_certificate()\fR and \fBSSL_get1_peer_certificate()\fR were added in 3.0.0. +\&\fBSSL_get_peer_certificate()\fR was deprecated in 3.0.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_peer_signature_nid.3 b/secure/lib/libcrypto/man/man3/SSL_get_peer_signature_nid.3 index a1b2a655c048..0cb3a50278ca 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_peer_signature_nid.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_peer_signature_nid.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_GET_PEER_SIGNATURE_NID 3" -.TH SSL_GET_PEER_SIGNATURE_NID 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_GET_PEER_SIGNATURE_NID 3ossl" +.TH SSL_GET_PEER_SIGNATURE_NID 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid, SSL_get_signature_nid, SSL_get_signature_type_nid \- get TLS message signing types +SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid, +SSL_get_signature_nid, SSL_get_signature_type_nid \- get TLS message signing +types .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -177,7 +177,7 @@ the functions were called too early, e.g. before the peer signed a message. .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_peer_tmp_key.3 b/secure/lib/libcrypto/man/man3/SSL_get_peer_tmp_key.3 index b2d8a8662c15..0ca5cd298e25 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_peer_tmp_key.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_peer_tmp_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_GET_PEER_TMP_KEY 3" -.TH SSL_GET_PEER_TMP_KEY 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_GET_PEER_TMP_KEY 3ossl" +.TH SSL_GET_PEER_TMP_KEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_get_peer_tmp_key, SSL_get_server_tmp_key, SSL_get_tmp_key \- get information about temporary keys used during a handshake +SSL_get_peer_tmp_key, SSL_get_server_tmp_key, SSL_get_tmp_key \- get information +about temporary keys used during a handshake .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -177,7 +176,7 @@ This function is implemented as a macro. .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_psk_identity.3 b/secure/lib/libcrypto/man/man3/SSL_get_psk_identity.3 index 38668ac606b0..d72d6a491cac 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_psk_identity.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_psk_identity.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_GET_PSK_IDENTITY 3" -.TH SSL_GET_PSK_IDENTITY 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_GET_PSK_IDENTITY 3ossl" +.TH SSL_GET_PSK_IDENTITY 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -163,11 +161,14 @@ no \s-1PSK\s0 identity hint was used during the connection setup. .PP Note that the return value is valid only during the lifetime of the \&\s-1SSL\s0 object \fBssl\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_rbio.3 b/secure/lib/libcrypto/man/man3/SSL_get_rbio.3 index 4c518090825b..16579e2921a8 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_rbio.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_rbio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_GET_RBIO 3" -.TH SSL_GET_RBIO 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_GET_RBIO 3ossl" +.TH SSL_GET_RBIO 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -169,7 +167,7 @@ The \s-1BIO\s0 linked to \fBssl\fR. .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_session.3 b/secure/lib/libcrypto/man/man3/SSL_get_session.3 index 5b8c2dc0949d..d3e30be846c3 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_session.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_session.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_GET_SESSION 3" -.TH SSL_GET_SESSION 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_GET_SESSION 3ossl" +.TH SSL_GET_SESSION 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -232,7 +230,7 @@ The return value points to the data of an \s-1SSL\s0 session. .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_shared_sigalgs.3 b/secure/lib/libcrypto/man/man3/SSL_get_shared_sigalgs.3 index 74c29fed28b1..2aed3d58d32a 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_shared_sigalgs.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_shared_sigalgs.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_GET_SHARED_SIGALGS 3" -.TH SSL_GET_SHARED_SIGALGS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_GET_SHARED_SIGALGS 3ossl" +.TH SSL_GET_SHARED_SIGALGS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -213,7 +211,7 @@ signature algorithm does not use a hash (for example Ed25519). .IX Header "COPYRIGHT" Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_verify_result.3 b/secure/lib/libcrypto/man/man3/SSL_get_verify_result.3 index 37dc3e731773..fb1f3eda41fd 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_verify_result.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_verify_result.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_GET_VERIFY_RESULT 3" -.TH SSL_GET_VERIFY_RESULT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_GET_VERIFY_RESULT 3ossl" +.TH SSL_GET_VERIFY_RESULT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -158,6 +156,13 @@ of a certificate can fail because of many reasons at the same time. Only the last verification error that occurred during the processing is available from \fBSSL_get_verify_result()\fR. .PP +Sometimes there can be a sequence of errors leading to the verification +failure as reported by \fBSSL_get_verify_result()\fR. +To get the errors, it is necessary to setup a verify callback via +\&\fBSSL_CTX_set_verify\fR\|(3) or \fBSSL_set_verify\fR\|(3) and retrieve the errors +from the error stack there, because once \fBSSL_connect\fR\|(3) returns, +these errors may no longer be available. +.PP The verification result is part of the established session and is restored when a session is reused. .SH "BUGS" @@ -174,17 +179,17 @@ The following return values can currently occur: The verification succeeded or no peer certificate was presented. .IP "Any other value" 4 .IX Item "Any other value" -Documented in \fBverify\fR\|(1). +Documented in \fBopenssl\-verify\fR\|(1). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_set_verify_result\fR\|(3), \&\fBSSL_get_peer_certificate\fR\|(3), -\&\fBverify\fR\|(1) +\&\fBopenssl\-verify\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_version.3 b/secure/lib/libcrypto/man/man3/SSL_get_version.3 index d8e929aa5aca..b8f813635f21 100644 --- a/secure/lib/libcrypto/man/man3/SSL_get_version.3 +++ b/secure/lib/libcrypto/man/man3/SSL_get_version.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_GET_VERSION 3" -.TH SSL_GET_VERSION 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_GET_VERSION 3ossl" +.TH SSL_GET_VERSION 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_client_version, SSL_get_version, SSL_is_dtls, SSL_version \- get the protocol information of a connection +SSL_client_version, SSL_get_version, SSL_is_dtls, SSL_version \- get the +protocol information of a connection .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -215,7 +214,7 @@ The \fBSSL_is_dtls()\fR function was added in OpenSSL 1.1.0. .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_get_ex_data.3 b/secure/lib/libcrypto/man/man3/SSL_group_to_name.3 index 29f3257ec8bf..dc27962c782e 100644 --- a/secure/lib/libcrypto/man/man3/SSL_SESSION_get_ex_data.3 +++ b/secure/lib/libcrypto/man/man3/SSL_group_to_name.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,46 +130,44 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_SESSION_GET_EX_DATA 3" -.TH SSL_SESSION_GET_EX_DATA 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_GROUP_TO_NAME 3ossl" +.TH SSL_GROUP_TO_NAME 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data \&\- get and set application specific data on a session +SSL_group_to_name \- get name of group .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> \& -\& int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); -\& void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx); +\& const char *SSL_group_to_name(const SSL *ssl, int id); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBSSL_SESSION_set_ex_data()\fR enables an application to store arbitrary application -specific data \fBdata\fR in an \s-1SSL_SESSION\s0 structure \fBss\fR. The index \fBidx\fR should -be a value previously returned from a call to \fBCRYPTO_get_ex_new_index\fR\|(3). -.PP -\&\fBSSL_SESSION_get_ex_data()\fR retrieves application specific data previously stored -in an \s-1SSL_SESSION\s0 structure \fBs\fR. The \fBidx\fR value should be the same as that -used when originally storing the data. +\&\fBSSL_group_to_name()\fR is used to retrieve the \s-1TLS\s0 group name +associated with a given \s-1TLS\s0 group \s-1ID,\s0 as registered via built-in +or external providers and as returned by a call to \fBSSL_get1_groups()\fR +or \fBSSL_get_shared_group()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBSSL_SESSION_set_ex_data()\fR returns 1 for success or 0 for failure. +If non-NULL, \fBSSL_group_to_name()\fR returns the \s-1TLS\s0 group name +corresponding to the given \fIid\fR as a NUL-terminated string. +If \fBSSL_group_to_name()\fR returns \s-1NULL,\s0 an error occurred; possibly no +corresponding tlsname was registered during provider initialisation. .PP -\&\fBSSL_SESSION_get_ex_data()\fR returns the previously stored value or \s-1NULL\s0 on -failure. \s-1NULL\s0 may also be a valid value. +Note that the return value is valid only during the lifetime of the +\&\s-1SSL\s0 object \fIssl\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBssl\fR\|(7), -\&\fBCRYPTO_get_ex_new_index\fR\|(3) +\&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_in_init.3 b/secure/lib/libcrypto/man/man3/SSL_in_init.3 index 907dc3d45dfc..eedaea237465 100644 --- a/secure/lib/libcrypto/man/man3/SSL_in_init.3 +++ b/secure/lib/libcrypto/man/man3/SSL_in_init.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,20 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_IN_INIT 3" -.TH SSL_IN_INIT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_IN_INIT 3ossl" +.TH SSL_IN_INIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_in_before, SSL_in_init, SSL_is_init_finished, SSL_in_connect_init, SSL_in_accept_init, SSL_get_state \&\- retrieve information about the handshake state machine +SSL_in_before, +SSL_in_init, +SSL_is_init_finished, +SSL_in_connect_init, +SSL_in_accept_init, +SSL_get_state +\&\- retrieve information about the handshake state machine .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -221,7 +225,7 @@ and \fBSSL_in_accept_init()\fR return values as indicated above. .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_key_update.3 b/secure/lib/libcrypto/man/man3/SSL_key_update.3 index 278e967e1869..19baa9d74be0 100644 --- a/secure/lib/libcrypto/man/man3/SSL_key_update.3 +++ b/secure/lib/libcrypto/man/man3/SSL_key_update.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,19 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_KEY_UPDATE 3" -.TH SSL_KEY_UPDATE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_KEY_UPDATE 3ossl" +.TH SSL_KEY_UPDATE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_key_update, SSL_get_key_update_type, SSL_renegotiate, SSL_renegotiate_abbreviated, SSL_renegotiate_pending \&\- initiate and obtain information about updating connection keys +SSL_key_update, +SSL_get_key_update_type, +SSL_renegotiate, +SSL_renegotiate_abbreviated, +SSL_renegotiate_pending +\&\- initiate and obtain information about updating connection keys .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -164,10 +167,11 @@ peer to additionally update its sending keys. It is an error if \fBupdatetype\fR set to \fB\s-1SSL_KEY_UPDATE_NONE\s0\fR. .PP \&\fBSSL_key_update()\fR must only be called after the initial handshake has been -completed and TLSv1.3 has been negotiated. The key update will not take place -until the next time an \s-1IO\s0 operation such as \fBSSL_read_ex()\fR or \fBSSL_write_ex()\fR -takes place on the connection. Alternatively \fBSSL_do_handshake()\fR can be called to -force the update to take place immediately. +completed and TLSv1.3 has been negotiated, at the same time, the application +needs to ensure that the writing of data has been completed. The key update +will not take place until the next time an \s-1IO\s0 operation such as \fBSSL_read_ex()\fR +or \fBSSL_write_ex()\fR takes place on the connection. Alternatively \fBSSL_do_handshake()\fR +can be called to force the update to take place immediately. .PP \&\fBSSL_get_key_update_type()\fR can be used to determine whether a key update operation has been scheduled but not yet performed. The type of the pending key @@ -228,9 +232,9 @@ The \fBSSL_key_update()\fR and \fBSSL_get_key_update_type()\fR functions were ad OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_library_init.3 b/secure/lib/libcrypto/man/man3/SSL_library_init.3 index 96edfdbae92d..ca14cead2bf3 100644 --- a/secure/lib/libcrypto/man/man3/SSL_library_init.3 +++ b/secure/lib/libcrypto/man/man3/SSL_library_init.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_LIBRARY_INIT 3" -.TH SSL_LIBRARY_INIT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_LIBRARY_INIT 3ossl" +.TH SSL_LIBRARY_INIT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_library_init, OpenSSL_add_ssl_algorithms \&\- initialize SSL library by registering algorithms +SSL_library_init, OpenSSL_add_ssl_algorithms +\&\- initialize SSL library by registering algorithms .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -177,9 +176,9 @@ The \fBSSL_library_init()\fR and \fBOpenSSL_add_ssl_algorithms()\fR functions we deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_ssl()\fR. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_load_client_CA_file.3 b/secure/lib/libcrypto/man/man3/SSL_load_client_CA_file.3 index 75b2c9cdf607..02a1b1f7833f 100644 --- a/secure/lib/libcrypto/man/man3/SSL_load_client_CA_file.3 +++ b/secure/lib/libcrypto/man/man3/SSL_load_client_CA_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,30 +130,43 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_LOAD_CLIENT_CA_FILE 3" -.TH SSL_LOAD_CLIENT_CA_FILE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_LOAD_CLIENT_CA_FILE 3ossl" +.TH SSL_LOAD_CLIENT_CA_FILE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_load_client_CA_file, SSL_add_file_cert_subjects_to_stack, SSL_add_dir_cert_subjects_to_stack \&\- load certificate names +SSL_load_client_CA_file_ex, SSL_load_client_CA_file, +SSL_add_file_cert_subjects_to_stack, +SSL_add_dir_cert_subjects_to_stack, +SSL_add_store_cert_subjects_to_stack +\&\- load certificate names .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/ssl.h> \& +\& STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file, +\& OSSL_LIB_CTX *libctx, +\& const char *propq); \& STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); \& \& int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, -\& const char *file) +\& const char *file); \& int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, -\& const char *dir) +\& const char *dir); +\& int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, +\& const char *store); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBSSL_load_client_CA_file()\fR reads certificates from \fIfile\fR and returns -a \s-1STACK_OF\s0(X509_NAME) with the subject names found. +\&\fBSSL_load_client_CA_file_ex()\fR reads certificates from \fIfile\fR and returns +a \s-1STACK_OF\s0(X509_NAME) with the subject names found. The library context \fIlibctx\fR +and property query \fIpropq\fR are used when fetching algorithms from providers. +.PP +\&\fBSSL_load_client_CA_file()\fR is similar to \fBSSL_load_client_CA_file_ex()\fR +but uses \s-1NULL\s0 for the library context \fIlibctx\fR and property query \fIpropq\fR. .PP \&\fBSSL_add_file_cert_subjects_to_stack()\fR reads certificates from \fIfile\fR, and adds their subject name to the already existing \fIstack\fR. @@ -163,6 +174,10 @@ and adds their subject name to the already existing \fIstack\fR. \&\fBSSL_add_dir_cert_subjects_to_stack()\fR reads certificates from every file in the directory \fIdir\fR, and adds their subject name to the already existing \fIstack\fR. +.PP +\&\fBSSL_add_store_cert_subjects_to_stack()\fR loads certificates from the +\&\fIstore\fR \s-1URI,\s0 and adds their subject name to the already existing +\&\fIstack\fR. .SH "NOTES" .IX Header "NOTES" \&\fBSSL_load_client_CA_file()\fR reads a file of \s-1PEM\s0 formatted certificates and @@ -198,12 +213,17 @@ Load names of CAs from file and use it as a client \s-1CA\s0 list: .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), +\&\fBossl_store\fR\|(7), \&\fBSSL_CTX_set_client_CA_list\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBSSL_load_client_CA_file_ex()\fR and \fBSSL_add_store_cert_subjects_to_stack()\fR +were added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_new.3 b/secure/lib/libcrypto/man/man3/SSL_new.3 index 26689a9cefd5..e0650851a373 100644 --- a/secure/lib/libcrypto/man/man3/SSL_new.3 +++ b/secure/lib/libcrypto/man/man3/SSL_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_NEW 3" -.TH SSL_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_NEW 3ossl" +.TH SSL_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -172,7 +170,7 @@ For \fBSSL_dup()\fR to work, the connection \s-1MUST\s0 be in its initial state their initial state \fBSSL_dup()\fR just increments an internal reference count and returns the \fIsame\fR handle. It may be possible to use \fBSSL_clear\fR\|(3) to recycle an \s-1SSL\s0 handle that is not in its initial -state for re-use, but this is best avoided. Instead, save and restore +state for reuse, but this is best avoided. Instead, save and restore the session, if desired, and construct a fresh handle for each connection. .PP The subset of settings in \fIs\fR that are duplicated are: @@ -193,8 +191,8 @@ The subset of settings in \fIs\fR that are duplicated are: .IX Item "any Mode set via SSL_set_mode" .IP "any minimum or maximum protocol settings set via \fBSSL_set_min_proto_version\fR\|(3) or \fBSSL_set_max_proto_version\fR\|(3) (Note: Only from OpenSSL 1.1.1h and above)" 4 .IX Item "any minimum or maximum protocol settings set via SSL_set_min_proto_version or SSL_set_max_proto_version (Note: Only from OpenSSL 1.1.1h and above)" -.IP "any Verify mode, callback or depth set via \fBSSL_set_verify\fR\|(3) or \fBSSL_set_verify_depth\fR\|(3) or any configured X509 verification parameters" 4 -.IX Item "any Verify mode, callback or depth set via SSL_set_verify or SSL_set_verify_depth or any configured X509 verification parameters" +.IP "any verify mode, callback or depth set via \fBSSL_set_verify\fR\|(3) or \fBSSL_set_verify_depth\fR\|(3) or any configured X509 verification parameters" 4 +.IX Item "any verify mode, callback or depth set via SSL_set_verify or SSL_set_verify_depth or any configured X509 verification parameters" .IP "any msg callback or info callback set via \fBSSL_set_msg_callback\fR\|(3) or \fBSSL_set_info_callback\fR\|(3)" 4 .IX Item "any msg callback or info callback set via SSL_set_msg_callback or SSL_set_info_callback" .IP "any default password callback set via \fBSSL_set_default_passwd_cb\fR\|(3)" 4 @@ -244,9 +242,9 @@ The return value points to an allocated \s-1SSL\s0 structure. \&\fBssl\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_pending.3 b/secure/lib/libcrypto/man/man3/SSL_pending.3 index 6d32c64412ee..aa0a900159d9 100644 --- a/secure/lib/libcrypto/man/man3/SSL_pending.3 +++ b/secure/lib/libcrypto/man/man3/SSL_pending.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_PENDING 3" -.TH SSL_PENDING 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_PENDING 3ossl" +.TH SSL_PENDING 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_pending, SSL_has_pending \- check for readable bytes buffered in an SSL object +SSL_pending, SSL_has_pending \- check for readable bytes buffered in an +SSL object .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -193,7 +192,7 @@ The \fBSSL_has_pending()\fR function was added in OpenSSL 1.1.0. .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_read.3 b/secure/lib/libcrypto/man/man3/SSL_read.3 index c1ff700f23a9..053d52ea47f9 100644 --- a/secure/lib/libcrypto/man/man3/SSL_read.3 +++ b/secure/lib/libcrypto/man/man3/SSL_read.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_READ 3" -.TH SSL_READ 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_READ 3ossl" +.TH SSL_READ 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_read_ex, SSL_read, SSL_peek_ex, SSL_peek \&\- read bytes from a TLS/SSL connection +SSL_read_ex, SSL_read, SSL_peek_ex, SSL_peek +\&\- read bytes from a TLS/SSL connection .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -269,7 +268,7 @@ The \fBSSL_read_ex()\fR and \fBSSL_peek_ex()\fR functions were added in OpenSSL .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_read_early_data.3 b/secure/lib/libcrypto/man/man3/SSL_read_early_data.3 index 2fb95bee629f..8f3406673c2e 100644 --- a/secure/lib/libcrypto/man/man3/SSL_read_early_data.3 +++ b/secure/lib/libcrypto/man/man3/SSL_read_early_data.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,30 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_READ_EARLY_DATA 3" -.TH SSL_READ_EARLY_DATA 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_READ_EARLY_DATA 3ossl" +.TH SSL_READ_EARLY_DATA 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_set_max_early_data, SSL_CTX_set_max_early_data, SSL_get_max_early_data, SSL_CTX_get_max_early_data, SSL_set_recv_max_early_data, SSL_CTX_set_recv_max_early_data, SSL_get_recv_max_early_data, SSL_CTX_get_recv_max_early_data, SSL_SESSION_get_max_early_data, SSL_SESSION_set_max_early_data, SSL_write_early_data, SSL_read_early_data, SSL_get_early_data_status, SSL_allow_early_data_cb_fn, SSL_CTX_set_allow_early_data_cb, SSL_set_allow_early_data_cb \&\- functions for sending and receiving early data +SSL_set_max_early_data, +SSL_CTX_set_max_early_data, +SSL_get_max_early_data, +SSL_CTX_get_max_early_data, +SSL_set_recv_max_early_data, +SSL_CTX_set_recv_max_early_data, +SSL_get_recv_max_early_data, +SSL_CTX_get_recv_max_early_data, +SSL_SESSION_get_max_early_data, +SSL_SESSION_set_max_early_data, +SSL_write_early_data, +SSL_read_early_data, +SSL_get_early_data_status, +SSL_allow_early_data_cb_fn, +SSL_CTX_set_allow_early_data_cb, +SSL_set_allow_early_data_cb +\&\- functions for sending and receiving early data .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -475,7 +489,7 @@ All of the functions described above were added in OpenSSL 1.1.1. .IX Header "COPYRIGHT" Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_rstate_string.3 b/secure/lib/libcrypto/man/man3/SSL_rstate_string.3 index b13cd459b1d1..0946bb36e2ea 100644 --- a/secure/lib/libcrypto/man/man3/SSL_rstate_string.3 +++ b/secure/lib/libcrypto/man/man3/SSL_rstate_string.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_RSTATE_STRING 3" -.TH SSL_RSTATE_STRING 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_RSTATE_STRING 3ossl" +.TH SSL_RSTATE_STRING 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -189,7 +187,7 @@ The read state is unknown. This should never happen. .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_session_reused.3 b/secure/lib/libcrypto/man/man3/SSL_session_reused.3 index 915239d78c4e..9e6087013e40 100644 --- a/secure/lib/libcrypto/man/man3/SSL_session_reused.3 +++ b/secure/lib/libcrypto/man/man3/SSL_session_reused.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_SESSION_REUSED 3" -.TH SSL_SESSION_REUSED 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_SESSION_REUSED 3ossl" +.TH SSL_SESSION_REUSED 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -170,9 +168,9 @@ A session was reused. \&\fBSSL_CTX_set_session_cache_mode\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_set1_host.3 b/secure/lib/libcrypto/man/man3/SSL_set1_host.3 index 7c142813dca7..7eeaf8a55708 100644 --- a/secure/lib/libcrypto/man/man3/SSL_set1_host.3 +++ b/secure/lib/libcrypto/man/man3/SSL_set1_host.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_SET1_HOST 3" -.TH SSL_SET1_HOST 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_SET1_HOST 3ossl" +.TH SSL_SET1_HOST 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_set1_host, SSL_add1_host, SSL_set_hostflags, SSL_get0_peername \- SSL server verification parameters +SSL_set1_host, SSL_add1_host, SSL_set_hostflags, SSL_get0_peername \- +SSL server verification parameters .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -155,8 +154,8 @@ SSL_set1_host, SSL_add1_host, SSL_set_hostflags, SSL_get0_peername \- SSL server These functions configure server hostname checks in the \s-1SSL\s0 client. .PP \&\fBSSL_set1_host()\fR sets the expected \s-1DNS\s0 hostname to \fBname\fR clearing -any previously specified hostname or names. If \fBname\fR is \s-1NULL,\s0 -or the empty string the list of hostnames is cleared, and name +any previously specified hostname. If \fBname\fR is \s-1NULL\s0 +or the empty string, the list of hostnames is cleared and name checks are not performed on the peer certificate. When a nonempty \&\fBname\fR is specified, certificate verification automatically checks the peer hostname via \fBX509_check_host\fR\|(3) with \fBflags\fR as specified @@ -233,6 +232,7 @@ the lifetime of the \s-1SSL\s0 connection. .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \&\fBX509_check_host\fR\|(3), \&\fBSSL_get_verify_result\fR\|(3). \&\fBSSL_dane_enable\fR\|(3). @@ -243,7 +243,7 @@ These functions were added in OpenSSL 1.1.0. .IX Header "COPYRIGHT" Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_set_async_callback.3 b/secure/lib/libcrypto/man/man3/SSL_set_async_callback.3 new file mode 100644 index 000000000000..afd3f5b6a806 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_set_async_callback.3 @@ -0,0 +1,236 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_ASYNC_CALLBACK 3ossl" +.TH SSL_SET_ASYNC_CALLBACK 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_async_callback, +SSL_CTX_set_async_callback_arg, +SSL_set_async_callback, +SSL_set_async_callback_arg, +SSL_get_async_status, +SSL_async_callback_fn +\&\- manage asynchronous operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +\& +\& typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); +\& int SSL_CTX_set_async_callback(SSL_CTX *ctx, SSL_async_callback_fn callback); +\& int SSL_CTX_set_async_callback_arg(SSL_CTX *ctx, void *arg); +\& int SSL_set_async_callback(SSL *s, SSL_async_callback_fn callback); +\& int SSL_set_async_callback_arg(SSL *s, void *arg); +\& int SSL_get_async_status(SSL *s, int *status); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_async_callback()\fR sets an asynchronous callback function. All \fB\s-1SSL\s0\fR +objects generated based on this \fB\s-1SSL_CTX\s0\fR will get this callback. If an engine +supports the callback mechanism, it will be automatically called if +\&\fB\s-1SSL_MODE_ASYNC\s0\fR has been set and an asynchronous capable engine completes a +cryptography operation to notify the application to resume the paused work flow. +.PP +\&\fBSSL_CTX_set_async_callback_arg()\fR sets the callback argument. +.PP +\&\fBSSL_set_async_callback()\fR allows an application to set a callback in an +asynchronous \fB\s-1SSL\s0\fR object, so that when an engine completes a cryptography +operation, the callback will be called to notify the application to resume the +paused work flow. +.PP +\&\fBSSL_set_async_callback_arg()\fR sets an argument for the \fB\s-1SSL\s0\fR object when the +above callback is called. +.PP +\&\fBSSL_get_async_status()\fR returns the engine status. This function facilitates the +communication from the engine to the application. During an \s-1SSL\s0 session, +cryptographic operations are dispatched to an engine. The engine status is very +useful for an application to know if the operation has been successfully +dispatched. If the engine does not support this additional callback method, +\&\fB\s-1ASYNC_STATUS_UNSUPPORTED\s0\fR will be returned. See \fBASYNC_WAIT_CTX_set_status()\fR +for a description of all of the status values. +.PP +An example of the above functions would be the following: +.IP "1." 4 +Application sets the async callback and callback data on an \s-1SSL\s0 connection +by calling \fBSSL_set_async_callback()\fR. +.IP "2." 4 +Application sets \fB\s-1SSL_MODE_ASYNC\s0\fR and makes an asynchronous \s-1SSL\s0 call +.IP "3." 4 +OpenSSL submits the asynchronous request to the engine. If a retry occurs at +this point then the status within the \fB\s-1ASYNC_WAIT_CTX\s0\fR would be set and the +async callback function would be called (goto Step 7). +.IP "4." 4 +The OpenSSL engine pauses the current job and returns, so that the +application can continue processing other connections. +.IP "5." 4 +At a future point in time (probably via a polling mechanism or via an +interrupt) the engine will become aware that the asynchronous request has +finished processing. +.IP "6." 4 +The engine will call the application's callback passing the callback data as +a parameter. +.IP "7." 4 +The callback function should then run. Note: it is a requirement that the +callback function is small and nonblocking as it will be run in the context of +a polling mechanism or an interrupt. +.IP "8." 4 +It is the application's responsibility via the callback function to schedule +recalling the OpenSSL asynchronous function and to continue processing. +.IP "9." 4 +The callback function has the option to check the status returned via +\&\fBSSL_get_async_status()\fR to determine whether a retry happened instead of the +request being submitted, allowing different processing if required. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_async_callback()\fR, \fBSSL_set_async_callback()\fR, +\&\fBSSL_CTX_set_async_callback_arg()\fR, \fBSSL_CTX_set_async_callback_arg()\fR and +\&\fBSSL_get_async_status()\fR return 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBSSL_CTX_set_async_callback()\fR, \fBSSL_CTX_set_async_callback_arg()\fR, +\&\fBSSL_set_async_callback()\fR, \fBSSL_set_async_callback_arg()\fR and +\&\fBSSL_get_async_status()\fR were first added to OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_set_bio.3 b/secure/lib/libcrypto/man/man3/SSL_set_bio.3 index a760731ab343..35a32e8b0d5a 100644 --- a/secure/lib/libcrypto/man/man3/SSL_set_bio.3 +++ b/secure/lib/libcrypto/man/man3/SSL_set_bio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_SET_BIO 3" -.TH SSL_SET_BIO 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_SET_BIO 3ossl" +.TH SSL_SET_BIO 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -199,10 +197,8 @@ and no references are consumed for the \fBwbio\fR. If the \fBrbio\fR and \fBwbio\fR parameters are different and the \fBwbio\fR is the same as the previously set value and the old \fBrbio\fR and \fBwbio\fR values were different -to each -other then one reference is consumed for the \fBrbio\fR and one reference -is consumed -for the \fBwbio\fR. +to each other, then one reference is consumed for the \fBrbio\fR and one +reference is consumed for the \fBwbio\fR. .PP Because of this complexity, this function should be avoided; use \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR instead. @@ -219,9 +215,9 @@ use \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR instead. \&\fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_set_connect_state.3 b/secure/lib/libcrypto/man/man3/SSL_set_connect_state.3 index f5ea229b9273..ded9148db0cc 100644 --- a/secure/lib/libcrypto/man/man3/SSL_set_connect_state.3 +++ b/secure/lib/libcrypto/man/man3/SSL_set_connect_state.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_SET_CONNECT_STATE 3" -.TH SSL_SET_CONNECT_STATE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_SET_CONNECT_STATE 3ossl" +.TH SSL_SET_CONNECT_STATE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_set_connect_state, SSL_set_accept_state, SSL_is_server \&\- functions for manipulating and examining the client or server mode of an SSL object +SSL_set_connect_state, SSL_set_accept_state, SSL_is_server +\&\- functions for manipulating and examining the client or server mode of an SSL object .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -201,7 +200,7 @@ information. .IX Header "COPYRIGHT" Copyright 2001\-2017 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_set_fd.3 b/secure/lib/libcrypto/man/man3/SSL_set_fd.3 index e1e18d27c329..02a05bf3120d 100644 --- a/secure/lib/libcrypto/man/man3/SSL_set_fd.3 +++ b/secure/lib/libcrypto/man/man3/SSL_set_fd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_SET_FD 3" -.TH SSL_SET_FD 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_SET_FD 3ossl" +.TH SSL_SET_FD 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -191,7 +189,7 @@ is limited to 2^24. .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/RAND_DRBG_set_ex_data.3 b/secure/lib/libcrypto/man/man3/SSL_set_retry_verify.3 index cce2dc9c2f01..fcc1c53cb096 100644 --- a/secure/lib/libcrypto/man/man3/RAND_DRBG_set_ex_data.3 +++ b/secure/lib/libcrypto/man/man3/SSL_set_retry_verify.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,62 +130,70 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "RAND_DRBG_SET_EX_DATA 3" -.TH RAND_DRBG_SET_EX_DATA 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_SET_RETRY_VERIFY 3ossl" +.TH SSL_SET_RETRY_VERIFY 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -RAND_DRBG_set_ex_data, RAND_DRBG_get_ex_data, RAND_DRBG_get_ex_new_index \&\- store and retrieve extra data from the DRBG instance +SSL_set_retry_verify \- indicate that certificate verification should be retried .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& #include <openssl/rand_drbg.h> -\& -\& int RAND_DRBG_set_ex_data(RAND_DRBG *drbg, int idx, void *data); -\& -\& void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx); +\& #include <openssl/ssl.h> \& -\& int RAND_DRBG_get_ex_new_index(long argl, void *argp, -\& CRYPTO_EX_new *new_func, -\& CRYPTO_EX_dup *dup_func, -\& CRYPTO_EX_free *free_func); +\& int SSL_set_retry_verify(SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBRAND_DRBG_set_ex_data()\fR enables an application to store arbitrary application -specific data \fBdata\fR in a \s-1RAND_DRBG\s0 instance \fBdrbg\fR. The index \fBidx\fR should -be a value previously returned from a call to \fBRAND_DRBG_get_ex_new_index()\fR. +\&\fBSSL_set_retry_verify()\fR should be called from the certificate verification +callback on a client when the application wants to indicate that the handshake +should be suspended and the control should be returned to the application. +\&\fBSSL_want_retry_verify\fR\|(3) will return 1 as a consequence until the handshake +is resumed again by the application, retrying the verification step. .PP -\&\fBRAND_DRBG_get_ex_data()\fR retrieves application specific data previously stored -in an \s-1RAND_DRBG\s0 instance \fBdrbg\fR. The \fBidx\fR value should be the same as that -used when originally storing the data. -.PP -For more detailed information see \fBCRYPTO_get_ex_data\fR\|(3) and -\&\fBCRYPTO_set_ex_data\fR\|(3) which implement these functions and -\&\fBCRYPTO_get_ex_new_index\fR\|(3) for generating a unique index. +Please refer to \fBSSL_CTX_set_cert_verify_callback\fR\|(3) for further details. +.SH "NOTES" +.IX Header "NOTES" +The effect of calling \fBSSL_set_retry_verify()\fR outside of the certificate +verification callback on the client side is undefined. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBRAND_DRBG_set_ex_data()\fR returns 1 for success or 0 for failure. +SSL_set_retry \fBverify()\fR returns 1 on success, 0 otherwise. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following code snippet shows how to obtain the \fB\s-1SSL\s0\fR object associated +with the \fBX509_STORE_CTX\fR to call the \fBSSL_set_retry_verify()\fR function: .PP -\&\fBRAND_DRBG_get_ex_data()\fR returns the previously stored value or \s-1NULL\s0 on -failure. \s-1NULL\s0 may also be a valid value. -.SH "NOTES" -.IX Header "NOTES" -RAND_DRBG_get_ex_new_index(...) is implemented as a macro and equivalent to -CRYPTO_get_ex_new_index(\s-1CRYPTO_EX_INDEX_DRBG,...\s0). +.Vb 2 +\& int idx = SSL_get_ex_data_X509_STORE_CTX_idx(); +\& SSL *ssl; +\& +\& /* this should not happen but check anyway */ +\& if (idx < 0 +\& || (ssl = X509_STORE_CTX_get_ex_data(ctx, idx)) == NULL) +\& return 0; +\& +\& if (/* we need to retry verification callback */) +\& return SSL_set_retry_verify(ssl); +\& +\& /* do normal processing of the verification callback */ +.Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBCRYPTO_get_ex_data\fR\|(3), -\&\fBCRYPTO_set_ex_data\fR\|(3), -\&\fBCRYPTO_get_ex_new_index\fR\|(3), -\&\s-1\fBRAND_DRBG\s0\fR\|(7) +\&\fBssl\fR\|(7), \fBSSL_connect\fR\|(3), \fBSSL_CTX_set_cert_verify_callback\fR\|(3), +\&\fBSSL_want_retry_verify\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBSSL_set_retry_verify()\fR was added in OpenSSL 3.0.2 to replace backwards +incompatible handling of a negative return value from the verification +callback. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_set_session.3 b/secure/lib/libcrypto/man/man3/SSL_set_session.3 index 1a04432f35c1..3dcf8929dac2 100644 --- a/secure/lib/libcrypto/man/man3/SSL_set_session.3 +++ b/secure/lib/libcrypto/man/man3/SSL_set_session.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_SET_SESSION 3" -.TH SSL_SET_SESSION 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_SET_SESSION 3ossl" +.TH SSL_SET_SESSION 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -158,7 +156,8 @@ with the \fBSSL_session_reused\fR\|(3) call. .PP If there is already a session set inside \fBssl\fR (because it was set with \&\fBSSL_set_session()\fR before or because the same \fBssl\fR was already used for -a connection), \fBSSL_SESSION_free()\fR will be called for that session. If that old +a connection), \fBSSL_SESSION_free()\fR will be called for that session. +This is also the case when \fBsession\fR is a \s-1NULL\s0 pointer. If that old session is still \fBopen\fR, it is considered bad and will be removed from the session cache (if used). A session is considered open, if \fBSSL_shutdown\fR\|(3) was not called for the connection (or at least \fBSSL_set_shutdown\fR\|(3) was used to @@ -186,9 +185,9 @@ The operation succeeded. \&\fBSSL_CTX_set_session_cache_mode\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_set_shutdown.3 b/secure/lib/libcrypto/man/man3/SSL_set_shutdown.3 index 0c71a192889c..6248cca92d9b 100644 --- a/secure/lib/libcrypto/man/man3/SSL_set_shutdown.3 +++ b/secure/lib/libcrypto/man/man3/SSL_set_shutdown.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_SET_SHUTDOWN 3" -.TH SSL_SET_SHUTDOWN 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_SET_SHUTDOWN 3ossl" +.TH SSL_SET_SHUTDOWN 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -156,7 +154,7 @@ SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an SSL connec \&\fBSSL_get_shutdown()\fR returns the shutdown mode of \fBssl\fR. .SH "NOTES" .IX Header "NOTES" -The shutdown state of an ssl connection is a bit mask of: +The shutdown state of an ssl connection is a bit-mask of: .IP "0" 4 No shutdown setting, yet. .IP "\s-1SSL_SENT_SHUTDOWN\s0" 4 @@ -196,9 +194,9 @@ for setting \s-1SSL_SENT_SHUTDOWN\s0 the application must however still call \&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_set_verify_result.3 b/secure/lib/libcrypto/man/man3/SSL_set_verify_result.3 index c2831a4a0b4e..afa3b121bd6c 100644 --- a/secure/lib/libcrypto/man/man3/SSL_set_verify_result.3 +++ b/secure/lib/libcrypto/man/man3/SSL_set_verify_result.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_SET_VERIFY_RESULT 3" -.TH SSL_SET_VERIFY_RESULT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_SET_VERIFY_RESULT 3ossl" +.TH SSL_SET_VERIFY_RESULT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -159,7 +157,7 @@ the verification result of the \fBssl\fR object. It does not become part of the established session, so if the session is to be reused later, the original value will reappear. .PP -The valid codes for \fBverify_result\fR are documented in \fBverify\fR\|(1). +The valid codes for \fBverify_result\fR are documented in \fBopenssl\-verify\fR\|(1). .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBSSL_set_verify_result()\fR does not provide a return value. @@ -167,12 +165,12 @@ The valid codes for \fBverify_result\fR are documented in \fBverify\fR\|(1). .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_get_verify_result\fR\|(3), \&\fBSSL_get_peer_certificate\fR\|(3), -\&\fBverify\fR\|(1) +\&\fBopenssl\-verify\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_shutdown.3 b/secure/lib/libcrypto/man/man3/SSL_shutdown.3 index d8510ce551b4..3bb0a09696c4 100644 --- a/secure/lib/libcrypto/man/man3/SSL_shutdown.3 +++ b/secure/lib/libcrypto/man/man3/SSL_shutdown.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_SHUTDOWN 3" -.TH SSL_SHUTDOWN 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_SHUTDOWN 3ossl" +.TH SSL_SHUTDOWN 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,8 +149,7 @@ SSL_shutdown \- shut down a TLS/SSL connection .IX Header "DESCRIPTION" \&\fBSSL_shutdown()\fR shuts down an active \s-1TLS/SSL\s0 connection. It sends the close_notify shutdown alert to the peer. -.SH "NOTES" -.IX Header "NOTES" +.PP \&\fBSSL_shutdown()\fR tries to send the close_notify shutdown alert to the peer. Whether the operation succeeds or not, the \s-1SSL_SENT_SHUTDOWN\s0 flag is set and a currently open session is considered closed and good and will be kept in the @@ -187,6 +184,44 @@ synchronized. \&\fBSSL_shutdown()\fR only closes the write direction. It is not possible to call \fBSSL_write()\fR after calling \fBSSL_shutdown()\fR. The read direction is closed by the peer. +.PP +The behaviour of \fBSSL_shutdown()\fR additionally depends on the underlying \s-1BIO.\s0 +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_shutdown()\fR will only return once the +handshake step has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnonblocking\fR, \fBSSL_shutdown()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_shutdown()\fR +to continue the handshake. In this case a call to \fBSSL_get_error()\fR with the +return value of \fBSSL_shutdown()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of \fBSSL_shutdown()\fR. +The action depends on the underlying \s-1BIO.\s0 When using a nonblocking socket, +nothing is to be done, but \fBselect()\fR can be used to check for the required +condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written +into or retrieved out of the \s-1BIO\s0 before being able to continue. +.PP +After \fBSSL_shutdown()\fR returned 0, it is possible to call \fBSSL_shutdown()\fR again +to wait for the peer's close_notify alert. +\&\fBSSL_shutdown()\fR will return 1 in that case. +However, it is recommended to wait for it using \fBSSL_read()\fR instead. +.PP +\&\fBSSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R" +state but not actually send the close_notify alert messages, +see \fBSSL_CTX_set_quiet_shutdown\fR\|(3). +When \*(L"quiet shutdown\*(R" is enabled, \fBSSL_shutdown()\fR will always succeed +and return 1. +Note that this is not standard compliant behaviour. +It should only be done when the peer has a way to make sure all +data has been received and doesn't wait for the close_notify alert +message, otherwise an unexpected \s-1EOF\s0 will be reported. +.PP +There are implementations that do not send the required close_notify alert. +If there is a need to communicate with such an implementation, and it's clear +that all data has been received, do not wait for the peer's close_notify alert. +Waiting for the close_notify alert when the peer just closes the connection +will result in an error being generated. +The error can be ignored using the \fB\s-1SSL_OP_IGNORE_UNEXPECTED_EOF\s0\fR. +For more information see \fBSSL_CTX_set_options\fR\|(3). .SS "First to close the connection" .IX Subsection "First to close the connection" When the application is the first party to send the close_notify @@ -222,43 +257,6 @@ If successful, \fBSSL_shutdown()\fR will return 1. .PP Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \&\fBSSL_get_shutdown()\fR (see also \fBSSL_set_shutdown\fR\|(3) call. -.SH "NOTES" -.IX Header "NOTES" -The behaviour of \fBSSL_shutdown()\fR additionally depends on the underlying \s-1BIO.\s0 -If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_shutdown()\fR will only return once the -handshake step has been finished or an error occurred. -.PP -If the underlying \s-1BIO\s0 is \fBnonblocking\fR, \fBSSL_shutdown()\fR will also return -when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_shutdown()\fR -to continue the handshake. In this case a call to \fBSSL_get_error()\fR with the -return value of \fBSSL_shutdown()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or -\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after -taking appropriate action to satisfy the needs of \fBSSL_shutdown()\fR. -The action depends on the underlying \s-1BIO.\s0 When using a nonblocking socket, -nothing is to be done, but \fBselect()\fR can be used to check for the required -condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written -into or retrieved out of the \s-1BIO\s0 before being able to continue. -.PP -After \fBSSL_shutdown()\fR returned 0, it is possible to call \fBSSL_shutdown()\fR again -to wait for the peer's close_notify alert. -\&\fBSSL_shutdown()\fR will return 1 in that case. -However, it is recommended to wait for it using \fBSSL_read()\fR instead. -.PP -\&\fBSSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R" -state but not actually send the close_notify alert messages, -see \fBSSL_CTX_set_quiet_shutdown\fR\|(3). -When \*(L"quiet shutdown\*(R" is enabled, \fBSSL_shutdown()\fR will always succeed -and return 1. -Note that this is not standard compliant behaviour. -It should only be done when the peer has a way to make sure all -data has been received and doesn't wait for the close_notify alert -message, otherwise an unexpected \s-1EOF\s0 will be reported. -.PP -There are implementations that do not send the required close_notify alert. -If there is a need to communicate with such an implementation, and it's clear -that all data has been received, do not wait for the peer's close_notify alert. -Waiting for the close_notify alert when the peer just closes the connection will -result in an error being generated. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following return values can occur: @@ -286,14 +284,14 @@ It can also occur when not all data was read using \fBSSL_read()\fR. .IX Header "SEE ALSO" \&\fBSSL_get_error\fR\|(3), \fBSSL_connect\fR\|(3), \&\fBSSL_accept\fR\|(3), \fBSSL_set_shutdown\fR\|(3), -\&\fBSSL_CTX_set_quiet_shutdown\fR\|(3), +\&\fBSSL_CTX_set_quiet_shutdown\fR\|(3), \fBSSL_CTX_set_options\fR\|(3) \&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3), \&\fBssl\fR\|(7), \fBbio\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_state_string.3 b/secure/lib/libcrypto/man/man3/SSL_state_string.3 index cf1128a4697e..1590c3502c4d 100644 --- a/secure/lib/libcrypto/man/man3/SSL_state_string.3 +++ b/secure/lib/libcrypto/man/man3/SSL_state_string.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_STATE_STRING 3" -.TH SSL_STATE_STRING 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_STATE_STRING 3ossl" +.TH SSL_STATE_STRING 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,10 +148,10 @@ SSL_state_string, SSL_state_string_long \- get textual description of state of a .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBSSL_state_string()\fR returns a 6 letter string indicating the current state -of the \s-1SSL\s0 object \fBssl\fR. +\&\fBSSL_state_string()\fR returns an abbreviated string indicating the current state +of the \s-1SSL\s0 object \fBssl\fR. The returned NUL-terminated string contains 6 or fewer characters. .PP -\&\fBSSL_state_string_long()\fR returns a string indicating the current state of +\&\fBSSL_state_string_long()\fR returns a descriptive string indicating the current state of the \s-1SSL\s0 object \fBssl\fR. .SH "NOTES" .IX Header "NOTES" @@ -177,9 +175,9 @@ Detailed description of possible states to be included later. \&\fBssl\fR\|(7), \fBSSL_CTX_set_info_callback\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_want.3 b/secure/lib/libcrypto/man/man3/SSL_want.3 index 9d14966d9245..e98db1dc04bc 100644 --- a/secure/lib/libcrypto/man/man3/SSL_want.3 +++ b/secure/lib/libcrypto/man/man3/SSL_want.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_WANT 3" -.TH SSL_WANT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_WANT 3ossl" +.TH SSL_WANT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup, SSL_want_async, SSL_want_async_job, SSL_want_client_hello_cb \- obtain state information TLS/SSL I/O operation +SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, +SSL_want_x509_lookup, SSL_want_retry_verify, SSL_want_async, SSL_want_async_job, +SSL_want_client_hello_cb \- obtain state information TLS/SSL I/O operation .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -150,6 +150,7 @@ SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup, \& int SSL_want_read(const SSL *ssl); \& int SSL_want_write(const SSL *ssl); \& int SSL_want_x509_lookup(const SSL *ssl); +\& int SSL_want_retry_verify(const SSL *ssl); \& int SSL_want_async(const SSL *ssl); \& int SSL_want_async_job(const SSL *ssl); \& int SSL_want_client_hello_cb(const SSL *ssl); @@ -182,40 +183,42 @@ There is no data to be written or to be read. .IX Item "SSL_WRITING" There are data in the \s-1SSL\s0 buffer that must be written to the underlying \&\fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation. -A call to \fBSSL_get_error\fR\|(3) should return -\&\s-1SSL_ERROR_WANT_WRITE.\s0 +A call to \fBSSL_get_error\fR\|(3) should return \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. .IP "\s-1SSL_READING\s0" 4 .IX Item "SSL_READING" More data must be read from the underlying \fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation. -A call to \fBSSL_get_error\fR\|(3) should return -\&\s-1SSL_ERROR_WANT_READ.\s0 +A call to \fBSSL_get_error\fR\|(3) should return \fB\s-1SSL_ERROR_WANT_READ\s0\fR. .IP "\s-1SSL_X509_LOOKUP\s0" 4 .IX Item "SSL_X509_LOOKUP" The operation did not complete because an application callback set by \&\fBSSL_CTX_set_client_cert_cb()\fR has asked to be called again. -A call to \fBSSL_get_error\fR\|(3) should return -\&\s-1SSL_ERROR_WANT_X509_LOOKUP.\s0 +A call to \fBSSL_get_error\fR\|(3) should return \fB\s-1SSL_ERROR_WANT_X509_LOOKUP\s0\fR. +.IP "\s-1SSL_RETRY_VERIFY\s0" 4 +.IX Item "SSL_RETRY_VERIFY" +The operation did not complete because a certificate verification callback +has asked to be called again via \fBSSL_set_retry_verify\fR\|(3). +A call to \fBSSL_get_error\fR\|(3) should return \fB\s-1SSL_ERROR_WANT_RETRY_VERIFY\s0\fR. .IP "\s-1SSL_ASYNC_PAUSED\s0" 4 .IX Item "SSL_ASYNC_PAUSED" An asynchronous operation partially completed and was then paused. See \&\fBSSL_get_all_async_fds\fR\|(3). A call to \fBSSL_get_error\fR\|(3) should return -\&\s-1SSL_ERROR_WANT_ASYNC.\s0 +\&\fB\s-1SSL_ERROR_WANT_ASYNC\s0\fR. .IP "\s-1SSL_ASYNC_NO_JOBS\s0" 4 .IX Item "SSL_ASYNC_NO_JOBS" The asynchronous job could not be started because there were no async jobs available in the pool (see \fBASYNC_init_thread\fR\|(3)). A call to \fBSSL_get_error\fR\|(3) -should return \s-1SSL_ERROR_WANT_ASYNC_JOB.\s0 +should return \fB\s-1SSL_ERROR_WANT_ASYNC_JOB\s0\fR. .IP "\s-1SSL_CLIENT_HELLO_CB\s0" 4 .IX Item "SSL_CLIENT_HELLO_CB" The operation did not complete because an application callback set by \&\fBSSL_CTX_set_client_hello_cb()\fR has asked to be called again. -A call to \fBSSL_get_error\fR\|(3) should return -\&\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB.\s0 +A call to \fBSSL_get_error\fR\|(3) should return \fB\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0\fR. .PP -\&\fBSSL_want_nothing()\fR, \fBSSL_want_read()\fR, \fBSSL_want_write()\fR, \fBSSL_want_x509_lookup()\fR, -\&\fBSSL_want_async()\fR, \fBSSL_want_async_job()\fR, and \fBSSL_want_client_hello_cb()\fR return -1, when the corresponding condition is true or 0 otherwise. +\&\fBSSL_want_nothing()\fR, \fBSSL_want_read()\fR, \fBSSL_want_write()\fR, +\&\fBSSL_want_x509_lookup()\fR, \fBSSL_want_retry_verify()\fR, +\&\fBSSL_want_async()\fR, \fBSSL_want_async_job()\fR, and \fBSSL_want_client_hello_cb()\fR +return 1 when the corresponding condition is true or 0 otherwise. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBssl\fR\|(7), \fBSSL_get_error\fR\|(3) @@ -225,9 +228,9 @@ The \fBSSL_want_client_hello_cb()\fR function and the \s-1SSL_CLIENT_HELLO_CB\s0 were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/SSL_write.3 b/secure/lib/libcrypto/man/man3/SSL_write.3 index 8ba09a9d25a2..f7e62b0169f3 100644 --- a/secure/lib/libcrypto/man/man3/SSL_write.3 +++ b/secure/lib/libcrypto/man/man3/SSL_write.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "SSL_WRITE 3" -.TH SSL_WRITE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "SSL_WRITE 3ossl" +.TH SSL_WRITE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -250,7 +248,7 @@ value can be less than \fBsize\fR for a partial write. .IP "< 0" 4 .IX Item "< 0" The write operation was not successful, because either the connection was -closed, an error occured or action must be taken by the calling process. +closed, an error occurred or action must be taken by the calling process. Call \fBSSL_get_error()\fR with the return value to find out the reason. .SH "SEE ALSO" .IX Header "SEE ALSO" @@ -262,12 +260,12 @@ Call \fBSSL_get_error()\fR with the return value to find out the reason. .SH "HISTORY" .IX Header "HISTORY" The \fBSSL_write_ex()\fR function was added in OpenSSL 1.1.1. -The \fBSSL_sendfile()\fR function was added in OpenSSL 3.0.0. +The \fBSSL_sendfile()\fR function was added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/TS_RESP_CTX_new.3 b/secure/lib/libcrypto/man/man3/TS_RESP_CTX_new.3 new file mode 100644 index 000000000000..c4b62890e562 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/TS_RESP_CTX_new.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "TS_RESP_CTX_NEW 3ossl" +.TH TS_RESP_CTX_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +TS_RESP_CTX_new_ex, TS_RESP_CTX_new, +TS_RESP_CTX_free \- Timestamp response context object creation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ts.h> +\& +\& TS_RESP_CTX *TS_RESP_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq); +\& TS_RESP_CTX *TS_RESP_CTX_new(void); +\& void TS_RESP_CTX_free(TS_RESP_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Creates a response context that can be used for generating responses. +.PP +\&\fBTS_RESP_CTX_new_ex()\fR allocates and initializes a \s-1TS_RESP_CTX\s0 structure with a +library context of \fIlibctx\fR and a property query of \fIpropq\fR. +The library context and property query can be used to select which providers +supply the fetched algorithms. +.PP +\&\fBTS_RESP_CTX_new()\fR is similar to \fBTS_RESP_CTX_new_ex()\fR but sets the library context +and property query to \s-1NULL.\s0 This results in the default (\s-1NULL\s0) library context +being used for any operations requiring algorithm fetches. +.PP +\&\fBTS_RESP_CTX_free()\fR frees the \fB\s-1TS_RESP_CTX\s0\fR object \fIctx\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fBTS_RESP_CTX_new_ex()\fR and \fBTS_RESP_CTX_new()\fR return \s-1NULL,\s0 +otherwise it returns a pointer to the newly allocated structure. +.SH "HISTORY" +.IX Header "HISTORY" +The function \fBTS_RESP_CTX_new_ex()\fR was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/TS_VERIFY_CTX_set_certs.3 b/secure/lib/libcrypto/man/man3/TS_VERIFY_CTX_set_certs.3 new file mode 100644 index 000000000000..8335986b4644 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/TS_VERIFY_CTX_set_certs.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "TS_VERIFY_CTX_SET_CERTS 3ossl" +.TH TS_VERIFY_CTX_SET_CERTS 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +TS_VERIFY_CTX_set_certs, TS_VERIFY_CTS_set_certs +\&\- set certificates for TS response verification +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ts.h> +\& +\& STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx, +\& STACK_OF(X509) *certs); +\& STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx, +\& STACK_OF(X509) *certs); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The Time-Stamp Protocol (\s-1TSP\s0) is defined by \s-1RFC 3161. TSP\s0 is a protocol used to +provide long term proof of the existence of a certain datum before a particular +time. \s-1TSP\s0 defines a Time Stamping Authority (\s-1TSA\s0) and an entity who shall make +requests to the \s-1TSA.\s0 Usually the \s-1TSA\s0 is denoted as the server side and the +requesting entity is denoted as the client. +.PP +In \s-1TSP,\s0 when a server is sending a response to a client, the server normally +needs to sign the response data \- the TimeStampToken (\s-1TST\s0) \- with its private +key. Then the client shall verify the received \s-1TST\s0 by the server's certificate +chain. +.PP +\&\fBTS_VERIFY_CTX_set_certs()\fR is used to set the server's certificate chain when +verifying a \s-1TST.\s0 \fBctx\fR is the verification context created in advance and +\&\fBcerts\fR is a stack of \fBX509\fR certificates. +.PP +\&\fBTS_VERIFY_CTS_set_certs()\fR is a misspelled version of \fBTS_VERIFY_CTX_set_certs()\fR +which takes the same parameters and returns the same result. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBTS_VERIFY_CTX_set_certs()\fR returns the stack of \fBX509\fR certificates the user +passes in via parameter \fBcerts\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOSSL_ESS_check_signing_certs\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The spelling of \fBTS_VERIFY_CTX_set_certs()\fR was corrected in OpenSSL 3.0.0. +The misspelled version \fBTS_VERIFY_CTS_set_certs()\fR has been retained for +compatibility reasons, but it is deprecated in OpenSSL 3.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/UI_STRING.3 b/secure/lib/libcrypto/man/man3/UI_STRING.3 index 7a06359b1eb0..85997192f17d 100644 --- a/secure/lib/libcrypto/man/man3/UI_STRING.3 +++ b/secure/lib/libcrypto/man/man3/UI_STRING.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,19 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "UI_STRING 3" -.TH UI_STRING 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "UI_STRING 3ossl" +.TH UI_STRING 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -UI_STRING, UI_string_types, UI_get_string_type, UI_get_input_flags, UI_get0_output_string, UI_get0_action_string, UI_get0_result_string, UI_get_result_string_length, UI_get0_test_string, UI_get_result_minsize, UI_get_result_maxsize, UI_set_result, UI_set_result_ex \&\- User interface string parsing +UI_STRING, UI_string_types, UI_get_string_type, +UI_get_input_flags, UI_get0_output_string, +UI_get0_action_string, UI_get0_result_string, UI_get_result_string_length, +UI_get0_test_string, UI_get_result_minsize, +UI_get_result_maxsize, UI_set_result, UI_set_result_ex +\&\- User interface string parsing .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -268,7 +271,7 @@ error. .IX Header "COPYRIGHT" Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/UI_UTIL_read_pw.3 b/secure/lib/libcrypto/man/man3/UI_UTIL_read_pw.3 index 32589abd2a6c..ebca7ef81c03 100644 --- a/secure/lib/libcrypto/man/man3/UI_UTIL_read_pw.3 +++ b/secure/lib/libcrypto/man/man3/UI_UTIL_read_pw.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "UI_UTIL_READ_PW 3" -.TH UI_UTIL_READ_PW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "UI_UTIL_READ_PW 3ossl" +.TH UI_UTIL_READ_PW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -UI_UTIL_read_pw_string, UI_UTIL_read_pw, UI_UTIL_wrap_read_pem_callback \- user interface utilities +UI_UTIL_read_pw_string, UI_UTIL_read_pw, +UI_UTIL_wrap_read_pem_callback \- user interface utilities .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -194,9 +193,9 @@ if an error occurred. \&\fBUI_get_default_method\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/UI_create_method.3 b/secure/lib/libcrypto/man/man3/UI_create_method.3 index f220ea74f34c..3da1b82e898c 100644 --- a/secure/lib/libcrypto/man/man3/UI_create_method.3 +++ b/secure/lib/libcrypto/man/man3/UI_create_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,23 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "UI_CREATE_METHOD 3" -.TH UI_CREATE_METHOD 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "UI_CREATE_METHOD 3ossl" +.TH UI_CREATE_METHOD 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -UI_METHOD, UI_create_method, UI_destroy_method, UI_method_set_opener, UI_method_set_writer, UI_method_set_flusher, UI_method_set_reader, UI_method_set_closer, UI_method_set_data_duplicator, UI_method_set_prompt_constructor, UI_method_set_ex_data, UI_method_get_opener, UI_method_get_writer, UI_method_get_flusher, UI_method_get_reader, UI_method_get_closer, UI_method_get_data_duplicator, UI_method_get_data_destructor, UI_method_get_prompt_constructor, UI_method_get_ex_data \- user interface method creation and destruction +UI_METHOD, +UI_create_method, UI_destroy_method, UI_method_set_opener, +UI_method_set_writer, UI_method_set_flusher, UI_method_set_reader, +UI_method_set_closer, UI_method_set_data_duplicator, +UI_method_set_prompt_constructor, UI_method_set_ex_data, +UI_method_get_opener, UI_method_get_writer, UI_method_get_flusher, +UI_method_get_reader, UI_method_get_closer, +UI_method_get_data_duplicator, UI_method_get_data_destructor, +UI_method_get_prompt_constructor, UI_method_get_ex_data \- user +interface method creation and destruction .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -313,7 +320,7 @@ and \fBUI_method_get_data_destructor()\fR functions were added in OpenSSL 1.1.1. .IX Header "COPYRIGHT" Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/UI_new.3 b/secure/lib/libcrypto/man/man3/UI_new.3 index 7406d7fdad31..0564e5c57134 100644 --- a/secure/lib/libcrypto/man/man3/UI_new.3 +++ b/secure/lib/libcrypto/man/man3/UI_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,22 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "UI_NEW 3" -.TH UI_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "UI_NEW 3ossl" +.TH UI_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -UI, UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string, UI_add_error_string, UI_dup_error_string, UI_construct_prompt, UI_add_user_data, UI_dup_user_data, UI_get0_user_data, UI_get0_result, UI_get_result_length, UI_process, UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method, UI_set_method, UI_OpenSSL, UI_null \- user interface +UI, +UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, +UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, +UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string, +UI_add_error_string, UI_dup_error_string, UI_construct_prompt, +UI_add_user_data, UI_dup_user_data, UI_get0_user_data, UI_get0_result, +UI_get_result_length, +UI_process, UI_ctrl, UI_set_default_method, UI_get_default_method, +UI_get_method, UI_set_method, UI_OpenSSL, UI_null \- user interface .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -173,7 +179,7 @@ UI, UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, UI \& int UI_dup_error_string(UI *ui, const char *text); \& \& char *UI_construct_prompt(UI *ui_method, -\& const char *object_desc, const char *object_name); +\& const char *phrase_desc, const char *object_name); \& \& void *UI_add_user_data(UI *ui, void *user_data); \& int UI_dup_user_data(UI *ui, void *user_data); @@ -261,7 +267,7 @@ the possible answers (given through the \fIaction_desc\fR argument). .PP \&\fBUI_add_info_string()\fR and \fBUI_add_error_string()\fR add strings that are shown at the same time as the prompt for extra information or to show an error string. -The difference between the two is only conceptual. With the builtin method, +The difference between the two is only conceptual. With the built-in method, there's no technical difference between them. Other methods may make a difference between them, however. .PP @@ -278,16 +284,18 @@ as their UI_add counterparts, except that they make their own copies of all strings. .PP \&\fBUI_construct_prompt()\fR is a helper function that can be used to create -a prompt from two pieces of information: an description and a name. +a prompt from two pieces of information: a phrase description \fIphrase_desc\fR +and an object name \fIobject_name\fR, where the latter may be \s-1NULL.\s0 The default constructor (if there is none provided by the method used) -creates a string "Enter \fIdescription\fR for \fIname\fR:\*(L". With the -description \*(R"pass phrase\*(L" and the filename \*(R"foo.key\*(L", that becomes -\&\*(R"Enter pass phrase for foo.key:". Other methods may create whatever +creates a string "Enter \fIphrase_desc\fR for \fIobject_name\fR:\*(L" +where the \*(R" for \fIobject_name\fR" part is left out if \fIobject_name\fR is \s-1NULL.\s0 +With the description \*(L"pass phrase\*(R" and the filename \*(L"foo.key\*(R", that becomes +\&\*(L"Enter pass phrase for foo.key:\*(R". Other methods may create whatever string and may include encodings that will be processed by the other method functions. .PP \&\fBUI_add_user_data()\fR adds a user data pointer for the method to use at any -time. The builtin \s-1UI\s0 method doesn't care about this info. Note that several +time. The built-in \s-1UI\s0 method doesn't care about this info. Note that several calls to this function doesn't add data, it replaces the previous blob with the one given as argument. .PP @@ -333,7 +341,7 @@ are assumed to be encoded according to the current locale or (for Windows) code page. For applications having different demands, these strings need to be converted appropriately by the caller. -For Windows, if the \s-1OPENSSL_WIN32_UTF8\s0 environment variable is set, +For Windows, if the \fB\s-1OPENSSL_WIN32_UTF8\s0\fR environment variable is set, the built-in method \fBUI_OpenSSL()\fR will produce \s-1UTF\-8\s0 encoded strings instead. .SH "RETURN VALUES" @@ -370,7 +378,7 @@ The \fBUI_dup_user_data()\fR function was added in OpenSSL 1.1.1. .IX Header "COPYRIGHT" Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509V3_get_d2i.3 b/secure/lib/libcrypto/man/man3/X509V3_get_d2i.3 index 2f33bd4d257f..e65372288a30 100644 --- a/secure/lib/libcrypto/man/man3/X509V3_get_d2i.3 +++ b/secure/lib/libcrypto/man/man3/X509V3_get_d2i.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,19 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509V3_GET_D2I 3" -.TH X509V3_GET_D2I 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509V3_GET_D2I 3ossl" +.TH X509V3_GET_D2I 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_get0_extensions, X509_CRL_get0_extensions, X509_REVOKED_get0_extensions, X509V3_get_d2i, X509V3_add1_i2d, X509V3_EXT_d2i, X509V3_EXT_i2d, X509_get_ext_d2i, X509_add1_ext_i2d, X509_CRL_get_ext_d2i, X509_CRL_add1_ext_i2d, X509_REVOKED_get_ext_d2i, X509_REVOKED_add1_ext_i2d \- X509 extension decode and encode functions +X509V3_get_d2i, X509V3_add1_i2d, X509V3_EXT_d2i, X509V3_EXT_i2d, +X509_get_ext_d2i, X509_add1_ext_i2d, +X509_CRL_get_ext_d2i, X509_CRL_add1_ext_i2d, +X509_REVOKED_get_ext_d2i, X509_REVOKED_add1_ext_i2d, +X509_get0_extensions, X509_CRL_get0_extensions, +X509_REVOKED_get0_extensions \- X509 extension decode and encode functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -151,7 +154,7 @@ X509_get0_extensions, X509_CRL_get0_extensions, X509_REVOKED_get0_extensions, X5 \& int crit, unsigned long flags); \& \& void *X509V3_EXT_d2i(X509_EXTENSION *ext); -\& X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext); +\& X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); \& \& void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); \& int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, @@ -171,74 +174,78 @@ X509_get0_extensions, X509_CRL_get0_extensions, X509_REVOKED_get0_extensions, X5 .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBX509V3_get_ext_d2i()\fR looks for an extension with \s-1OID\s0 \fBnid\fR in the extensions -\&\fBx\fR and, if found, decodes it. If \fBidx\fR is \fB\s-1NULL\s0\fR then only one -occurrence of an extension is permissible otherwise the first extension after -index \fB*idx\fR is returned and \fB*idx\fR updated to the location of the extension. -If \fBcrit\fR is not \fB\s-1NULL\s0\fR then \fB*crit\fR is set to a status value: \-2 if the -extension occurs multiple times (this is only returned if \fBidx\fR is \fB\s-1NULL\s0\fR), +\&\fBX509V3_get_d2i()\fR looks for an extension with \s-1OID\s0 \fInid\fR in the extensions +\&\fIx\fR and, if found, decodes it. If \fIidx\fR is \s-1NULL\s0 then only one +occurrence of an extension is permissible, otherwise the first extension after +index \fI*idx\fR is returned and \fI*idx\fR updated to the location of the extension. +If \fIcrit\fR is not \s-1NULL\s0 then \fI*crit\fR is set to a status value: \-2 if the +extension occurs multiple times (this is only returned if \fIidx\fR is \s-1NULL\s0), \&\-1 if the extension could not be found, 0 if the extension is found and is not critical and 1 if critical. A pointer to an extension specific structure -or \fB\s-1NULL\s0\fR is returned. +or \s-1NULL\s0 is returned. .PP -\&\fBX509V3_add1_i2d()\fR adds extension \fBvalue\fR to \s-1STACK\s0 \fB*x\fR (allocating a new -\&\s-1STACK\s0 if necessary) using \s-1OID\s0 \fBnid\fR and criticality \fBcrit\fR according -to \fBflags\fR. +\&\fBX509V3_add1_i2d()\fR adds extension \fIvalue\fR to \s-1STACK\s0 \fI*x\fR (allocating a new +\&\s-1STACK\s0 if necessary) using \s-1OID\s0 \fInid\fR and criticality \fIcrit\fR according +to \fIflags\fR. .PP \&\fBX509V3_EXT_d2i()\fR attempts to decode the \s-1ASN.1\s0 data contained in extension -\&\fBext\fR and returns a pointer to an extension specific structure or \fB\s-1NULL\s0\fR +\&\fIext\fR and returns a pointer to an extension specific structure or \s-1NULL\s0 if the extension could not be decoded (invalid syntax or not supported). .PP -\&\fBX509V3_EXT_i2d()\fR encodes the extension specific structure \fBext\fR -with \s-1OID\s0 \fBext_nid\fR and criticality \fBcrit\fR. +\&\fBX509V3_EXT_i2d()\fR encodes the extension specific structure \fIext_struc\fR +with \s-1OID\s0 \fIext_nid\fR and criticality \fIcrit\fR. .PP \&\fBX509_get_ext_d2i()\fR and \fBX509_add1_ext_i2d()\fR operate on the extensions of -certificate \fBx\fR, they are otherwise identical to \fBX509V3_get_d2i()\fR and -\&\fBX509V3_add_i2d()\fR. +certificate \fIx\fR. They are otherwise identical to \fBX509V3_get_d2i()\fR and +\&\fBX509V3_add1_i2d()\fR. .PP \&\fBX509_CRL_get_ext_d2i()\fR and \fBX509_CRL_add1_ext_i2d()\fR operate on the extensions -of \s-1CRL\s0 \fBcrl\fR, they are otherwise identical to \fBX509V3_get_d2i()\fR and -\&\fBX509V3_add_i2d()\fR. +of \s-1CRL\s0 \fIcrl\fR. They are otherwise identical to \fBX509V3_get_d2i()\fR and +\&\fBX509V3_add1_i2d()\fR. .PP \&\fBX509_REVOKED_get_ext_d2i()\fR and \fBX509_REVOKED_add1_ext_i2d()\fR operate on the -extensions of \fBX509_REVOKED\fR structure \fBr\fR (i.e for \s-1CRL\s0 entry extensions), -they are otherwise identical to \fBX509V3_get_d2i()\fR and \fBX509V3_add_i2d()\fR. +extensions of \fBX509_REVOKED\fR structure \fIr\fR (i.e for \s-1CRL\s0 entry extensions). +They are otherwise identical to \fBX509V3_get_d2i()\fR and \fBX509V3_add1_i2d()\fR. .PP \&\fBX509_get0_extensions()\fR, \fBX509_CRL_get0_extensions()\fR and -\&\fBX509_REVOKED_get0_extensions()\fR return a stack of all the extensions -of a certificate a \s-1CRL\s0 or a \s-1CRL\s0 entry respectively. +\&\fBX509_REVOKED_get0_extensions()\fR return a \s-1STACK\s0 of all the extensions +of a certificate, a \s-1CRL\s0 or a \s-1CRL\s0 entry respectively. .SH "NOTES" .IX Header "NOTES" In almost all cases an extension can occur at most once and multiple -occurrences is an error. Therefore, the \fBidx\fR parameter is usually \fB\s-1NULL\s0\fR. +occurrences is an error. Therefore, the \fIidx\fR parameter is usually \s-1NULL.\s0 .PP -The \fBflags\fR parameter may be one of the following values. +The \fIflags\fR parameter may be one of the following values. .PP \&\fBX509V3_ADD_DEFAULT\fR appends a new extension only if the extension does -not already exist. An error is returned if the extension does already -exist. +not exist. An error is returned if the extension exists. .PP \&\fBX509V3_ADD_APPEND\fR appends a new extension, ignoring whether the extension -already exists. +exists. .PP -\&\fBX509V3_ADD_REPLACE\fR replaces an extension if it exists otherwise appends -a new extension. +\&\fBX509V3_ADD_REPLACE\fR replaces an existing extension. If the extension does +not exist, appends a new extension. .PP -\&\fBX509V3_ADD_REPLACE_EXISTING\fR replaces an existing extension if it exists -otherwise returns an error. +\&\fBX509V3_ADD_REPLACE_EXISTING\fR replaces an existing extension. If the +extension does not exist, returns an error. .PP \&\fBX509V3_ADD_KEEP_EXISTING\fR appends a new extension only if the extension does -not already exist. An error \fBis not\fR returned if the extension does already -exist. +not exist. An error is \fBnot\fR returned if the extension exists. .PP -\&\fBX509V3_ADD_DELETE\fR extension \fBnid\fR is deleted: no new extension is added. +\&\fBX509V3_ADD_DELETE\fR deletes and frees an existing extension. If the extension +does not exist, returns an error. No new extension is added. .PP -If \fBX509V3_ADD_SILENT\fR is ored with \fBflags\fR: any error returned will not -be added to the error queue. +If \fBX509V3_ADD_SILENT\fR is bitwise ORed with \fIflags\fR: any error returned +will not be added to the error queue. .PP -The function \fBX509V3_get_d2i()\fR will return \fB\s-1NULL\s0\fR if the extension is not +The function \fBX509V3_get_d2i()\fR and its variants +will return \s-1NULL\s0 if the extension is not found, occurs multiple times or cannot be decoded. It is possible to -determine the precise reason by checking the value of \fB*crit\fR. +determine the precise reason by checking the value of \fI*crit\fR. +.PP +The function \fBX509V3_add1_i2d()\fR and its variants allocate \fBX509_EXTENSION\fR +objects on \s-1STACK\s0 \fI*x\fR depending on \fIflags\fR. The \fBX509_EXTENSION\fR objects +must be explicitly freed using \fBX509_EXTENSION_free()\fR. .SH "SUPPORTED EXTENSIONS" .IX Header "SUPPORTED EXTENSIONS" The following sections contain a list of all supported extensions @@ -333,17 +340,17 @@ The following extensions are used by certificate transparency, \s-1RFC6962\s0 .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBX509V3_EXT_d2i()\fR and *\fBX509V3_get_d2i()\fR return a pointer to an extension -specific structure of \fB\s-1NULL\s0\fR if an error occurs. -.PP -\&\fBX509V3_EXT_i2d()\fR returns a pointer to an \fBX509_EXTENSION\fR structure -or \fB\s-1NULL\s0\fR if an error occurs. +\&\fBX509V3_get_d2i()\fR, its variants, and \fBX509V3_EXT_d2i()\fR return +a pointer to an extension specific structure or \s-1NULL\s0 if an error occurs. .PP -\&\fBX509V3_add1_i2d()\fR returns 1 if the operation is successful and 0 if it -fails due to a non-fatal error (extension not found, already exists, +\&\fBX509V3_add1_i2d()\fR and its variants return 1 if the operation is successful +and 0 if it fails due to a non-fatal error (extension not found, already exists, cannot be encoded) or \-1 due to a fatal error such as a memory allocation failure. .PP +\&\fBX509V3_EXT_i2d()\fR returns a pointer to an \fBX509_EXTENSION\fR structure +or \s-1NULL\s0 if an error occurs. +.PP \&\fBX509_get0_extensions()\fR, \fBX509_CRL_get0_extensions()\fR and \&\fBX509_REVOKED_get0_extensions()\fR return a stack of extensions. They return \&\s-1NULL\s0 if no extensions are present. @@ -367,9 +374,9 @@ failure. \&\fBX509_verify_cert\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509V3_set_ctx.3 b/secure/lib/libcrypto/man/man3/X509V3_set_ctx.3 new file mode 100644 index 000000000000..66a8e2028d27 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509V3_set_ctx.3 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509V3_SET_CTX 3ossl" +.TH X509V3_SET_CTX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509V3_set_ctx, +X509V3_set_issuer_pkey \- X.509 v3 extension generation utilities +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509v3.h> +\& +\& void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, +\& X509_REQ *req, X509_CRL *crl, int flags); +\& int X509V3_set_issuer_pkey(X509V3_CTX *ctx, EVP_PKEY *pkey); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509V3_set_ctx()\fR fills in the basic fields of \fIctx\fR of type \fBX509V3_CTX\fR, +providing details potentially needed by functions producing X509 v3 extensions, +e.g., to look up values for filling in authority key identifiers. +Any of \fIsubject\fR, \fIreq\fR, or \fIcrl\fR may be provided, pointing to a certificate, +certification request, or certificate revocation list, respectively. +When constructing the subject key identifier of a certificate by computing a +hash value of its public key, the public key is taken from \fIsubject\fR or \fIreq\fR. +Similarly, when constructing subject alternative names from any email addresses +contained in a subject \s-1DN,\s0 the subject \s-1DN\s0 is taken from \fIsubject\fR or \fIreq\fR. +If \fIsubject\fR or \fIcrl\fR is provided, \fIissuer\fR should point to its issuer, +for instance to help generating an authority key identifier extension. +Note that if \fIsubject\fR is provided, \fIissuer\fR may be the same as \fIsubject\fR, +which means that \fIsubject\fR is self-issued (or even self-signed). +\&\fIflags\fR may be 0 +or contain \fBX509V3_CTX_TEST\fR, which means that just the syntax of +extension definitions is to be checked without actually producing an extension, +or \fBX509V3_CTX_REPLACE\fR, which means that each X.509v3 extension added as +defined in some configuration section shall replace any already existing +extension with the same \s-1OID.\s0 +.PP +\&\fBX509V3_set_issuer_pkey()\fR explicitly sets the issuer private key of +the certificate that has been provided in \fIctx\fR. +This should be done for self-issued certificates (which may be self-signed +or not) to provide fallback data for the authority key identifier extension. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509V3_set_ctx()\fR and \fBX509V3_set_issuer_pkey()\fR +return 1 on success and 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_add_ext\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBX509V3_set_issuer_pkey()\fR was added in OpenSSL 3.0. +.PP +\&\s-1CTX_TEST\s0 was deprecated in OpenSSL 3.0; use X509V3_CTX_TEST instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_ALGOR_dup.3 b/secure/lib/libcrypto/man/man3/X509_ALGOR_dup.3 index 3d5d5de51fe5..ee8f506ab592 100644 --- a/secure/lib/libcrypto/man/man3/X509_ALGOR_dup.3 +++ b/secure/lib/libcrypto/man/man3/X509_ALGOR_dup.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_ALGOR_DUP 3" -.TH X509_ALGOR_DUP 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_ALGOR_DUP 3ossl" +.TH X509_ALGOR_DUP 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -194,7 +192,7 @@ The \fBX509_ALGOR_copy()\fR was added in 1.1.1e. .IX Header "COPYRIGHT" Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_CRL_get0_by_serial.3 b/secure/lib/libcrypto/man/man3/X509_CRL_get0_by_serial.3 index 6792172c1548..e07c25292615 100644 --- a/secure/lib/libcrypto/man/man3/X509_CRL_get0_by_serial.3 +++ b/secure/lib/libcrypto/man/man3/X509_CRL_get0_by_serial.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,21 +130,25 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_CRL_GET0_BY_SERIAL 3" -.TH X509_CRL_GET0_BY_SERIAL 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_CRL_GET0_BY_SERIAL 3ossl" +.TH X509_CRL_GET0_BY_SERIAL 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_CRL_get0_by_serial, X509_CRL_get0_by_cert, X509_CRL_get_REVOKED, X509_REVOKED_get0_serialNumber, X509_REVOKED_get0_revocationDate, X509_REVOKED_set_serialNumber, X509_REVOKED_set_revocationDate, X509_CRL_add0_revoked, X509_CRL_sort \- CRL revoked entry utility functions +X509_CRL_get0_by_serial, X509_CRL_get0_by_cert, X509_CRL_get_REVOKED, +X509_REVOKED_get0_serialNumber, X509_REVOKED_get0_revocationDate, +X509_REVOKED_set_serialNumber, X509_REVOKED_set_revocationDate, +X509_CRL_add0_revoked, X509_CRL_sort \- CRL revoked entry utility +functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/x509.h> \& \& int X509_CRL_get0_by_serial(X509_CRL *crl, -\& X509_REVOKED **ret, ASN1_INTEGER *serial); +\& X509_REVOKED **ret, const ASN1_INTEGER *serial); \& int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); \& \& STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); @@ -163,41 +165,41 @@ X509_CRL_get0_by_serial, X509_CRL_get0_by_cert, X509_CRL_get_REVOKED, X509_REVOK .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBX509_CRL_get0_by_serial()\fR attempts to find a revoked entry in \fBcrl\fR for -serial number \fBserial\fR. If it is successful it sets \fB*ret\fR to the internal -pointer of the matching entry, as a result \fB*ret\fR must not be freed up +\&\fBX509_CRL_get0_by_serial()\fR attempts to find a revoked entry in \fIcrl\fR for +serial number \fIserial\fR. If it is successful, it sets \fI*ret\fR to the internal +pointer of the matching entry. As a result, \fI*ret\fR \fB\s-1MUST NOT\s0\fR be freed after the call. .PP \&\fBX509_CRL_get0_by_cert()\fR is similar to \fBX509_get0_by_serial()\fR except it -looks for a revoked entry using the serial number of certificate \fBx\fR. +looks for a revoked entry using the serial number of certificate \fIx\fR. .PP -\&\fBX509_CRL_get_REVOKED()\fR returns an internal pointer to a stack of all -revoked entries for \fBcrl\fR. +\&\fBX509_CRL_get_REVOKED()\fR returns an internal pointer to a \s-1STACK\s0 of all +revoked entries for \fIcrl\fR. .PP \&\fBX509_REVOKED_get0_serialNumber()\fR returns an internal pointer to the -serial number of \fBr\fR. +serial number of \fIr\fR. .PP \&\fBX509_REVOKED_get0_revocationDate()\fR returns an internal pointer to the -revocation date of \fBr\fR. +revocation date of \fIr\fR. .PP -\&\fBX509_REVOKED_set_serialNumber()\fR sets the serial number of \fBr\fR to \fBserial\fR. -The supplied \fBserial\fR pointer is not used internally so it should be -freed up after use. +\&\fBX509_REVOKED_set_serialNumber()\fR sets the serial number of \fIr\fR to \fIserial\fR. +The supplied \fIserial\fR pointer is not used internally so it should be +freed after use. .PP -\&\fBX509_REVOKED_set_revocationDate()\fR sets the revocation date of \fBr\fR to -\&\fBtm\fR. The supplied \fBtm\fR pointer is not used internally so it should be -freed up after use. +\&\fBX509_REVOKED_set_revocationDate()\fR sets the revocation date of \fIr\fR to +\&\fItm\fR. The supplied \fItm\fR pointer is not used internally so it should be +freed after use. .PP -\&\fBX509_CRL_add0_revoked()\fR appends revoked entry \fBrev\fR to \s-1CRL\s0 \fBcrl\fR. The -pointer \fBrev\fR is used internally so it must not be freed up after the call: +\&\fBX509_CRL_add0_revoked()\fR appends revoked entry \fIrev\fR to \s-1CRL\s0 \fIcrl\fR. The +pointer \fIrev\fR is used internally so it \fB\s-1MUST NOT\s0\fR be freed after the call: it is freed when the parent \s-1CRL\s0 is freed. .PP -\&\fBX509_CRL_sort()\fR sorts the revoked entries of \fBcrl\fR into ascending serial +\&\fBX509_CRL_sort()\fR sorts the revoked entries of \fIcrl\fR into ascending serial number order. .SH "NOTES" .IX Header "NOTES" Applications can determine the number of revoked entries returned by -\&\fBX509_CRL_get_revoked()\fR using \fBsk_X509_REVOKED_num()\fR and examine each one +\&\fBX509_CRL_get_REVOKED()\fR using \fBsk_X509_REVOKED_num()\fR and examine each one in turn using \fBsk_X509_REVOKED_value()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" @@ -205,15 +207,15 @@ in turn using \fBsk_X509_REVOKED_value()\fR. 1 on success except if the revoked entry has the reason \f(CW\*(C`removeFromCRL\*(C'\fR (8), in which case 2 is returned. .PP -\&\fBX509_REVOKED_set_serialNumber()\fR, \fBX509_REVOKED_set_revocationDate()\fR, -\&\fBX509_CRL_add0_revoked()\fR and \fBX509_CRL_sort()\fR return 1 for success and 0 for -failure. +\&\fBX509_CRL_get_REVOKED()\fR returns a \s-1STACK\s0 of revoked entries. .PP -\&\fBX509_REVOKED_get0_serialNumber()\fR returns an \fB\s-1ASN1_INTEGER\s0\fR pointer. +\&\fBX509_REVOKED_get0_serialNumber()\fR returns an \fB\s-1ASN1_INTEGER\s0\fR structure. .PP -\&\fBX509_REVOKED_get0_revocationDate()\fR returns an \fB\s-1ASN1_TIME\s0\fR value. +\&\fBX509_REVOKED_get0_revocationDate()\fR returns an \fB\s-1ASN1_TIME\s0\fR structure. .PP -\&\fBX509_CRL_get_REVOKED()\fR returns a \s-1STACK\s0 of revoked entries. +\&\fBX509_REVOKED_set_serialNumber()\fR, \fBX509_REVOKED_set_revocationDate()\fR, +\&\fBX509_CRL_add0_revoked()\fR and \fBX509_CRL_sort()\fR return 1 for success and 0 for +failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_X509\fR\|(3), @@ -234,9 +236,9 @@ failure. \&\fBX509_verify_cert\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_EXTENSION_set_object.3 b/secure/lib/libcrypto/man/man3/X509_EXTENSION_set_object.3 index 26abc685eddc..98fe5c4a10cd 100644 --- a/secure/lib/libcrypto/man/man3/X509_EXTENSION_set_object.3 +++ b/secure/lib/libcrypto/man/man3/X509_EXTENSION_set_object.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,18 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_EXTENSION_SET_OBJECT 3" -.TH X509_EXTENSION_SET_OBJECT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_EXTENSION_SET_OBJECT 3ossl" +.TH X509_EXTENSION_SET_OBJECT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_EXTENSION_set_object, X509_EXTENSION_set_critical, X509_EXTENSION_set_data, X509_EXTENSION_create_by_NID, X509_EXTENSION_create_by_OBJ, X509_EXTENSION_get_object, X509_EXTENSION_get_critical, X509_EXTENSION_get_data \- extension utility functions +X509_EXTENSION_set_object, X509_EXTENSION_set_critical, +X509_EXTENSION_set_data, X509_EXTENSION_create_by_NID, +X509_EXTENSION_create_by_OBJ, X509_EXTENSION_get_object, +X509_EXTENSION_get_critical, X509_EXTENSION_get_data \- extension utility +functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 3 @@ -217,7 +219,7 @@ critical. .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_LOOKUP.3 b/secure/lib/libcrypto/man/man3/X509_LOOKUP.3 index 1fcaa2d48fcb..0cde28cae042 100644 --- a/secure/lib/libcrypto/man/man3/X509_LOOKUP.3 +++ b/secure/lib/libcrypto/man/man3/X509_LOOKUP.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,27 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_LOOKUP 3" -.TH X509_LOOKUP 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_LOOKUP 3ossl" +.TH X509_LOOKUP 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_LOOKUP, X509_LOOKUP_TYPE, X509_LOOKUP_new, X509_LOOKUP_free, X509_LOOKUP_init, X509_LOOKUP_shutdown, X509_LOOKUP_set_method_data, X509_LOOKUP_get_method_data, X509_LOOKUP_ctrl, X509_LOOKUP_load_file, X509_LOOKUP_add_dir, X509_LOOKUP_get_store, X509_LOOKUP_by_subject, X509_LOOKUP_by_issuer_serial, X509_LOOKUP_by_fingerprint, X509_LOOKUP_by_alias \&\- OpenSSL certificate lookup mechanisms +X509_LOOKUP, X509_LOOKUP_TYPE, +X509_LOOKUP_new, X509_LOOKUP_free, X509_LOOKUP_init, +X509_LOOKUP_shutdown, +X509_LOOKUP_set_method_data, X509_LOOKUP_get_method_data, +X509_LOOKUP_ctrl_ex, X509_LOOKUP_ctrl, +X509_LOOKUP_load_file_ex, X509_LOOKUP_load_file, +X509_LOOKUP_add_dir, +X509_LOOKUP_add_store_ex, X509_LOOKUP_add_store, +X509_LOOKUP_load_store_ex, X509_LOOKUP_load_store, +X509_LOOKUP_get_store, +X509_LOOKUP_by_subject_ex, X509_LOOKUP_by_subject, +X509_LOOKUP_by_issuer_serial, X509_LOOKUP_by_fingerprint, +X509_LOOKUP_by_alias +\&\- OpenSSL certificate lookup mechanisms .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -157,18 +168,33 @@ X509_LOOKUP, X509_LOOKUP_TYPE, X509_LOOKUP_new, X509_LOOKUP_free, X509_LOOKUP_in \& int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); \& void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); \& +\& int X509_LOOKUP_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, +\& char **ret, OSSL_LIB_CTX *libctx, const char *propq); \& int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, \& long argl, char **ret); +\& int X509_LOOKUP_load_file_ex(X509_LOOKUP *ctx, char *name, long type, +\& OSSL_LIB_CTX *libctx, const char *propq); \& int X509_LOOKUP_load_file(X509_LOOKUP *ctx, char *name, long type); +\& int X509_LOOKUP_load_file_ex(X509_LOOKUP *ctx, char *name, long type, +\& OSSL_LIB_CTX *libctx, const char *propq); \& int X509_LOOKUP_add_dir(X509_LOOKUP *ctx, char *name, long type); +\& int X509_LOOKUP_add_store_ex(X509_LOOKUP *ctx, char *uri, OSSL_LIB_CTX *libctx, +\& const char *propq); +\& int X509_LOOKUP_add_store(X509_LOOKUP *ctx, char *uri); +\& int X509_LOOKUP_load_store_ex(X509_LOOKUP *ctx, char *uri, OSSL_LIB_CTX *libctx, +\& const char *propq); +\& int X509_LOOKUP_load_store(X509_LOOKUP *ctx, char *uri); \& \& X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); \& +\& int X509_LOOKUP_by_subject_ex(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +\& const X509_NAME *name, X509_OBJECT *ret, +\& OSSL_LIB_CTX *libctx, const char *propq); \& int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, -\& X509_NAME *name, X509_OBJECT *ret); +\& const X509_NAME *name, X509_OBJECT *ret); \& int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, -\& X509_NAME *name, ASN1_INTEGER *serial, -\& X509_OBJECT *ret); +\& const X509_NAME *name, +\& const ASN1_INTEGER *serial, X509_OBJECT *ret); \& int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, \& const unsigned char *bytes, int len, \& X509_OBJECT *ret); @@ -185,7 +211,7 @@ to enable lookup in that store. \&\fBX509_LOOKUP_new()\fR creates a new \fBX509_LOOKUP\fR using the given lookup \&\fImethod\fR. It can also be created by calling \fBX509_STORE_add_lookup\fR\|(3), which -will associate an \fBX509_STORE\fR with the lookup mechanism. +will associate a \fBX509_STORE\fR with the lookup mechanism. .PP \&\fBX509_LOOKUP_init()\fR initializes the internal state and resources as needed by the given \fBX509_LOOKUP\fR to do its work. @@ -195,28 +221,34 @@ the given \fBX509_LOOKUP\fR. .PP \&\fBX509_LOOKUP_free()\fR destructs the given \fBX509_LOOKUP\fR. .PP -\&\fBX509_LOOKUP_set_method_data()\fR associates a pointer to application data -to the given \fBX509_LOOKUP\fR. -.PP -\&\fBX509_LOOKUP_get_method_data()\fR retrieves a pointer to application data -from the given \fBX509_LOOKUP\fR. +\&\fBX509_LOOKUP_set_method_data()\fR and \fBX509_LOOKUP_get_method_data()\fR +associates and retrieves a pointer to application data to and from the +given \fBX509_LOOKUP\fR, respectively. .PP -\&\fBX509_LOOKUP_ctrl()\fR is used to set or get additional data to or from an -\&\fBX509_LOOKUP\fR structure or its associated \fBX509_LOOKUP_METHOD\fR\|(3). +\&\fBX509_LOOKUP_ctrl_ex()\fR is used to set or get additional data to or from +a \fBX509_LOOKUP\fR structure or its associated \fBX509_LOOKUP_METHOD\fR\|(3). The arguments of the control command are passed via \fIargc\fR and \fIargl\fR, -its return value via \fI*ret\fR. +its return value via \fI*ret\fR. The library context \fIlibctx\fR and property +query \fIpropq\fR are used when fetching algorithms from providers. The meaning of the arguments depends on the \fIcmd\fR number of the control command. In general, this function is not called directly, but wrapped by a macro call, see below. The control \fIcmd\fRs known to OpenSSL are discussed in more depth in \*(L"Control Commands\*(R". .PP -\&\fBX509_LOOKUP_load_file()\fR passes a filename to be loaded immediately -into the associated \fBX509_STORE\fR. +\&\fBX509_LOOKUP_ctrl()\fR is similar to \fBX509_LOOKUP_ctrl_ex()\fR but +uses \s-1NULL\s0 for the library context \fIlibctx\fR and property query \fIpropq\fR. +.PP +\&\fBX509_LOOKUP_load_file_ex()\fR passes a filename to be loaded immediately +into the associated \fBX509_STORE\fR. The library context \fIlibctx\fR and property +query \fIpropq\fR are used when fetching algorithms from providers. \&\fItype\fR indicates what type of object is expected. This can only be used with a lookup using the implementation \&\fBX509_LOOKUP_file\fR\|(3). .PP +\&\fBX509_LOOKUP_load_file()\fR is similar to \fBX509_LOOKUP_load_file_ex()\fR but +uses \s-1NULL\s0 for the library context \fIlibctx\fR and property query \fIpropq\fR. +.PP \&\fBX509_LOOKUP_add_dir()\fR passes a directory specification from which certificates and CRLs are loaded on demand into the associated \&\fBX509_STORE\fR. @@ -224,39 +256,46 @@ certificates and CRLs are loaded on demand into the associated This can only be used with a lookup using the implementation \&\fBX509_LOOKUP_hash_dir\fR\|(3). .PP -\&\fBX509_LOOKUP_load_file()\fR, \fBX509_LOOKUP_add_dir()\fR, -\&\fBX509_LOOKUP_add_store()\fR, and \fBX509_LOOKUP_load_store()\fR are implemented -as macros that use \fBX509_LOOKUP_ctrl()\fR. +\&\fBX509_LOOKUP_add_store_ex()\fR passes a \s-1URI\s0 for a directory-like structure +from which containers with certificates and CRLs are loaded on demand +into the associated \fBX509_STORE\fR. The library context \fIlibctx\fR and property +query \fIpropq\fR are used when fetching algorithms from providers. +.PP +\&\fBX509_LOOKUP_add_store()\fR is similar to \fBX509_LOOKUP_add_store_ex()\fR but +uses \s-1NULL\s0 for the library context \fIlibctx\fR and property query \fIpropq\fR. .PP -\&\fBX509_LOOKUP_by_subject()\fR, \fBX509_LOOKUP_by_issuer_serial()\fR, -\&\fBX509_LOOKUP_by_fingerprint()\fR, and \fBX509_LOOKUP_by_alias()\fR look up -certificates and CRLs in the \fBX509_STORE\fR\|(3) associated with the -\&\fBX509_LOOKUP\fR using different criteria, where the looked up object is -stored in \fIret\fR. +\&\fBX509_LOOKUP_load_store_ex()\fR passes a \s-1URI\s0 for a single container from +which certificates and CRLs are immediately loaded into the associated +\&\fBX509_STORE\fR. The library context \fIlibctx\fR and property query \fIpropq\fR are used +when fetching algorithms from providers. +These functions can only be used with a lookup using the +implementation \fBX509_LOOKUP_store\fR\|(3). +.PP +\&\fBX509_LOOKUP_load_store()\fR is similar to \fBX509_LOOKUP_load_store_ex()\fR but +uses \s-1NULL\s0 for the library context \fIlibctx\fR and property query \fIpropq\fR. +.PP +\&\fBX509_LOOKUP_load_file_ex()\fR, \fBX509_LOOKUP_load_file()\fR, +\&\fBX509_LOOKUP_add_dir()\fR, +\&\fBX509_LOOKUP_add_store_ex()\fR \fBX509_LOOKUP_add_store()\fR, +\&\fBX509_LOOKUP_load_store_ex()\fR and \fBX509_LOOKUP_load_store()\fR are +implemented as macros that use \fBX509_LOOKUP_ctrl()\fR. +.PP +\&\fBX509_LOOKUP_by_subject_ex()\fR, \fBX509_LOOKUP_by_subject()\fR, +\&\fBX509_LOOKUP_by_issuer_serial()\fR, \fBX509_LOOKUP_by_fingerprint()\fR, and +\&\fBX509_LOOKUP_by_alias()\fR look up certificates and CRLs in the \fBX509_STORE\fR\|(3) +associated with the \fBX509_LOOKUP\fR using different criteria, where the looked up +object is stored in \fIret\fR. Some of the underlying \fBX509_LOOKUP_METHOD\fRs will also cache objects matching the criteria in the associated \fBX509_STORE\fR, which makes it possible to handle cases where the criteria have more than one hit. -.SS "File Types" -.IX Subsection "File Types" -\&\fBX509_LOOKUP_load_file()\fR and \fBX509_LOOKUP_add_dir()\fR take a \fItype\fR, -which can be one of the following: -.IP "\fBX509_FILETYPE_PEM\fR" 4 -.IX Item "X509_FILETYPE_PEM" -The file or files that are loaded are expected to be in \s-1PEM\s0 format. -.IP "\fBX509_FILETYPE_ASN1\fR" 4 -.IX Item "X509_FILETYPE_ASN1" -The file or files that are loaded are expected to be in raw \s-1DER\s0 format. -.IP "\fBX509_FILETYPE_DEFAULT\fR" 4 -.IX Item "X509_FILETYPE_DEFAULT" -The default certificate file or directory is used. In this case, -\&\fIname\fR is ignored. .SS "Control Commands" .IX Subsection "Control Commands" -The \fBX509_LOOKUP_METHOD\fRs built into OpenSSL recognise the following +The \fBX509_LOOKUP_METHOD\fRs built into OpenSSL recognize the following \&\fBX509_LOOKUP_ctrl()\fR \fIcmd\fRs: .IP "\fBX509_L_FILE_LOAD\fR" 4 .IX Item "X509_L_FILE_LOAD" -This is the command that \fBX509_LOOKUP_load_file()\fR uses. +This is the command that \fBX509_LOOKUP_load_file_ex()\fR and +\&\fBX509_LOOKUP_load_file()\fR use. The filename is passed in \fIargc\fR, and the type in \fIargl\fR. .IP "\fBX509_L_ADD_DIR\fR" 4 .IX Item "X509_L_ADD_DIR" @@ -265,15 +304,17 @@ The directory specification is passed in \fIargc\fR, and the type in \&\fIargl\fR. .IP "\fBX509_L_ADD_STORE\fR" 4 .IX Item "X509_L_ADD_STORE" -This is the command that \fBX509_LOOKUP_add_store()\fR uses. +This is the command that \fBX509_LOOKUP_add_store_ex()\fR and +\&\fBX509_LOOKUP_add_store()\fR use. The \s-1URI\s0 is passed in \fIargc\fR. .IP "\fBX509_L_LOAD_STORE\fR" 4 .IX Item "X509_L_LOAD_STORE" -This is the command that \fBX509_LOOKUP_load_store()\fR uses. +This is the command that \fBX509_LOOKUP_load_store_ex()\fR and +\&\fBX509_LOOKUP_load_store()\fR use. The \s-1URI\s0 is passed in \fIargc\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBX509_LOOKUP_new()\fR returns an \fBX509_LOOKUP\fR pointer when successful, +\&\fBX509_LOOKUP_new()\fR returns a \fBX509_LOOKUP\fR pointer when successful, or \s-1NULL\s0 on error. .PP \&\fBX509_LOOKUP_init()\fR and \fBX509_LOOKUP_shutdown()\fR return 1 on success, or @@ -287,22 +328,30 @@ Otherwise, it returns what the control function in the error. .IX Xref "509_LOOKUP_METHOD" .PP -\&\fBX509_LOOKUP_get_store()\fR returns an \fBX509_STORE\fR pointer if there is +\&\fBX509_LOOKUP_get_store()\fR returns a \fBX509_STORE\fR pointer if there is one, otherwise \s-1NULL.\s0 .PP -\&\fBX509_LOOKUP_by_subject()\fR, \fBX509_LOOKUP_by_issuer_serial()\fR, -\&\fBX509_LOOKUP_by_fingerprint()\fR, and \fBX509_LOOKUP_by_alias()\fR all return 0 -if there is no \fBX509_LOOKUP_METHOD\fR or that method doesn't implement -the corresponding function. +\&\fBX509_LOOKUP_by_subject_ex()\fR, \fBX509_LOOKUP_by_subject()\fR, +\&\fBX509_LOOKUP_by_issuer_serial()\fR, \fBX509_LOOKUP_by_fingerprint()\fR, and +\&\fBX509_LOOKUP_by_alias()\fR all return 0 if there is no \fBX509_LOOKUP_METHOD\fR or that +method doesn't implement the corresponding function. Otherwise, it returns what the corresponding function in the \&\fBX509_LOOKUP_METHOD\fR returns, which is usually 1 on success and 0 in error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_LOOKUP_METHOD\fR\|(3), \fBX509_STORE\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions \fBX509_LOOKUP_by_subject_ex()\fR and +\&\fBX509_LOOKUP_ctrl_ex()\fR were added in OpenSSL 3.0. +.PP +The macros \fBX509_LOOKUP_load_file_ex()\fR, +\&\fBX509_LOOKUP_load_store_ex()\fR and 509_LOOKUP_add_store_ex() were +added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3 b/secure/lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3 index 271ba64c4e30..fd701e6f596c 100644 --- a/secure/lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3 +++ b/secure/lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,18 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_LOOKUP_HASH_DIR 3" -.TH X509_LOOKUP_HASH_DIR 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_LOOKUP_HASH_DIR 3ossl" +.TH X509_LOOKUP_HASH_DIR 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_LOOKUP_hash_dir, X509_LOOKUP_file, X509_load_cert_file, X509_load_crl_file, X509_load_cert_crl_file \- Default OpenSSL certificate lookup methods +X509_LOOKUP_hash_dir, X509_LOOKUP_file, X509_LOOKUP_store, +X509_load_cert_file_ex, X509_load_cert_file, +X509_load_crl_file, +X509_load_cert_crl_file_ex, X509_load_cert_crl_file +\&\- Default OpenSSL certificate lookup methods .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -147,9 +149,14 @@ X509_LOOKUP_hash_dir, X509_LOOKUP_file, X509_load_cert_file, X509_load_crl_file, \& \& X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); \& X509_LOOKUP_METHOD *X509_LOOKUP_file(void); +\& X509_LOOKUP_METHOD *X509_LOOKUP_store(void); \& +\& int X509_load_cert_file_ex(X509_LOOKUP *ctx, const char *file, int type, +\& OSSL_LIB_CTX *libctx, const char *propq); \& int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); \& int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); +\& int X509_load_cert_crl_file_ex(X509_LOOKUP *ctx, const char *file, int type, +\& OSSL_LIB_CTX *libctx, const char *propq); \& int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); .Ve .SH "DESCRIPTION" @@ -212,10 +219,10 @@ the directory. The directory should contain one certificate or \s-1CRL\s0 per file in \s-1PEM\s0 format, with a filename of the form \fIhash\fR.\fIN\fR for a certificate, or \&\fIhash\fR.\fBr\fR\fIN\fR for a \s-1CRL.\s0 -The \fIhash\fR is the value returned by the \fBX509_NAME_hash\fR\|(3) function applied -to the subject name for certificates or issuer name for CRLs. -The hash can also be obtained via the \fB\-hash\fR option of the \fBx509\fR\|(1) or -\&\fBcrl\fR\|(1) commands. +The \fIhash\fR is the value returned by the \fBX509_NAME_hash_ex\fR\|(3) function +applied to the subject name for certificates or issuer name for CRLs. +The hash can also be obtained via the \fB\-hash\fR option of the +\&\fBopenssl\-x509\fR\|(1) or \fBopenssl\-crl\fR\|(1) commands. .PP The .\fIN\fR or .\fBr\fR\fIN\fR suffix is a sequence number that starts at zero, and is incremented consecutively for each certificate or \s-1CRL\s0 with the same \fIhash\fR @@ -238,12 +245,25 @@ Note that the hash algorithm used for subject name hashing changed in OpenSSL 1.0.0, and all certificate stores have to be rehashed when moving from OpenSSL 0.9.8 to 1.0.0. .PP -OpenSSL includes a \fBrehash\fR\|(1) utility which creates symlinks with correct -hashed names for all files with .pem suffix in a given directory. +OpenSSL includes a \fBopenssl\-rehash\fR\|(1) utility which creates symlinks with +hashed names for all files with \fI.pem\fR suffix in a given directory. +.SS "\s-1OSSL_STORE\s0 Method" +.IX Subsection "OSSL_STORE Method" +\&\fBX509_LOOKUP_store\fR is a method that allows access to any store of +certificates and CRLs through any loader supported by +\&\fBossl_store\fR\|(7). +It works with the help of URIs, which can be direct references to +certificates or CRLs, but can also be references to catalogues of such +objects (that behave like directories). +.PP +This method overlaps the \*(L"File Method\*(R" and \*(L"Hashed Directory Method\*(R" +because of the 'file:' scheme loader. +It does no caching of its own, but can use a caching \fBossl_store\fR\|(7) +loader, and therefore depends on the loader's capability. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBX509_LOOKUP_hash_dir()\fR and \fBX509_LOOKUP_file()\fR always return a valid -\&\fBX509_LOOKUP_METHOD\fR structure. +\&\fBX509_LOOKUP_hash_dir()\fR, \fBX509_LOOKUP_file()\fR and \fBX509_LOOKUP_store()\fR +always return a valid \fBX509_LOOKUP_METHOD\fR structure. .PP \&\fBX509_load_cert_file()\fR, \fBX509_load_crl_file()\fR and \fBX509_load_cert_crl_file()\fR return the number of loaded objects or 0 on error. @@ -251,14 +271,19 @@ the number of loaded objects or 0 on error. .IX Header "SEE ALSO" \&\fBPEM_read_PrivateKey\fR\|(3), \&\fBX509_STORE_load_locations\fR\|(3), -\&\fBX509_store_add_lookup\fR\|(3), \&\fBSSL_CTX_load_verify_locations\fR\|(3), \&\fBX509_LOOKUP_meth_new\fR\|(3), +\&\fBossl_store\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The functions \fBX509_load_cert_file_ex()\fR, +\&\fBX509_load_cert_crl_file_ex()\fR and \fBX509_LOOKUP_store()\fR were added in +OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_LOOKUP_meth_new.3 b/secure/lib/libcrypto/man/man3/X509_LOOKUP_meth_new.3 index 1b96a240345a..4f3fd0cbac6a 100644 --- a/secure/lib/libcrypto/man/man3/X509_LOOKUP_meth_new.3 +++ b/secure/lib/libcrypto/man/man3/X509_LOOKUP_meth_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,30 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_LOOKUP_METH_NEW 3" -.TH X509_LOOKUP_METH_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_LOOKUP_METH_NEW 3ossl" +.TH X509_LOOKUP_METH_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_LOOKUP_METHOD, X509_LOOKUP_meth_new, X509_LOOKUP_meth_free, X509_LOOKUP_meth_set_new_item, X509_LOOKUP_meth_get_new_item, X509_LOOKUP_meth_set_free, X509_LOOKUP_meth_get_free, X509_LOOKUP_meth_set_init, X509_LOOKUP_meth_get_init, X509_LOOKUP_meth_set_shutdown, X509_LOOKUP_meth_get_shutdown, X509_LOOKUP_ctrl_fn, X509_LOOKUP_meth_set_ctrl, X509_LOOKUP_meth_get_ctrl, X509_LOOKUP_get_by_subject_fn, X509_LOOKUP_meth_set_get_by_subject, X509_LOOKUP_meth_get_get_by_subject, X509_LOOKUP_get_by_issuer_serial_fn, X509_LOOKUP_meth_set_get_by_issuer_serial, X509_LOOKUP_meth_get_get_by_issuer_serial, X509_LOOKUP_get_by_fingerprint_fn, X509_LOOKUP_meth_set_get_by_fingerprint, X509_LOOKUP_meth_get_get_by_fingerprint, X509_LOOKUP_get_by_alias_fn, X509_LOOKUP_meth_set_get_by_alias, X509_LOOKUP_meth_get_get_by_alias, X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL \&\- Routines to build up X509_LOOKUP methods +X509_LOOKUP_METHOD, +X509_LOOKUP_meth_new, X509_LOOKUP_meth_free, X509_LOOKUP_meth_set_new_item, +X509_LOOKUP_meth_get_new_item, X509_LOOKUP_meth_set_free, +X509_LOOKUP_meth_get_free, X509_LOOKUP_meth_set_init, +X509_LOOKUP_meth_get_init, X509_LOOKUP_meth_set_shutdown, +X509_LOOKUP_meth_get_shutdown, +X509_LOOKUP_ctrl_fn, X509_LOOKUP_meth_set_ctrl, X509_LOOKUP_meth_get_ctrl, +X509_LOOKUP_get_by_subject_fn, X509_LOOKUP_meth_set_get_by_subject, +X509_LOOKUP_meth_get_get_by_subject, +X509_LOOKUP_get_by_issuer_serial_fn, X509_LOOKUP_meth_set_get_by_issuer_serial, +X509_LOOKUP_meth_get_get_by_issuer_serial, +X509_LOOKUP_get_by_fingerprint_fn, X509_LOOKUP_meth_set_get_by_fingerprint, +X509_LOOKUP_meth_get_get_by_fingerprint, +X509_LOOKUP_get_by_alias_fn, X509_LOOKUP_meth_set_get_by_alias, +X509_LOOKUP_meth_get_get_by_alias, +X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL +\&\- Routines to build up X509_LOOKUP methods .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -178,7 +192,7 @@ X509_LOOKUP_METHOD, X509_LOOKUP_meth_new, X509_LOOKUP_meth_free, X509_LOOKUP_met \& \& typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, \& X509_LOOKUP_TYPE type, -\& X509_NAME *name, +\& const X509_NAME *name, \& X509_OBJECT *ret); \& int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, \& X509_LOOKUP_get_by_subject_fn fn); @@ -187,8 +201,8 @@ X509_LOOKUP_METHOD, X509_LOOKUP_meth_new, X509_LOOKUP_meth_free, X509_LOOKUP_met \& \& typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, \& X509_LOOKUP_TYPE type, -\& X509_NAME *name, -\& ASN1_INTEGER *serial, +\& const X509_NAME *name, +\& const ASN1_INTEGER *serial, \& X509_OBJECT *ret); \& int X509_LOOKUP_meth_set_get_by_issuer_serial( \& X509_LOOKUP_METHOD *method, X509_LOOKUP_get_by_issuer_serial_fn fn); @@ -304,7 +318,7 @@ The functions described here were added in OpenSSL 1.1.0i. .IX Header "COPYRIGHT" Copyright 2018\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_NAME_ENTRY_get_object.3 b/secure/lib/libcrypto/man/man3/X509_NAME_ENTRY_get_object.3 index 08d6896097d0..3dfd04571f85 100644 --- a/secure/lib/libcrypto/man/man3/X509_NAME_ENTRY_get_object.3 +++ b/secure/lib/libcrypto/man/man3/X509_NAME_ENTRY_get_object.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,17 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_NAME_ENTRY_GET_OBJECT 3" -.TH X509_NAME_ENTRY_GET_OBJECT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_NAME_ENTRY_GET_OBJECT 3ossl" +.TH X509_NAME_ENTRY_GET_OBJECT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data, X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data, X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID, X509_NAME_ENTRY_create_by_OBJ \- X509_NAME_ENTRY utility functions +X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data, +X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data, +X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID, +X509_NAME_ENTRY_create_by_OBJ \- X509_NAME_ENTRY utility functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -218,7 +219,7 @@ or 0 on error. .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_NAME_add_entry_by_txt.3 b/secure/lib/libcrypto/man/man3/X509_NAME_add_entry_by_txt.3 index 19ea72b9b956..822db6ded313 100644 --- a/secure/lib/libcrypto/man/man3/X509_NAME_add_entry_by_txt.3 +++ b/secure/lib/libcrypto/man/man3/X509_NAME_add_entry_by_txt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_NAME_ADD_ENTRY_BY_TXT 3" -.TH X509_NAME_ADD_ENTRY_BY_TXT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_NAME_ADD_ENTRY_BY_TXT 3ossl" +.TH X509_NAME_ADD_ENTRY_BY_TXT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID, X509_NAME_add_entry, X509_NAME_delete_entry \- X509_NAME modification functions +X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID, +X509_NAME_add_entry, X509_NAME_delete_entry \- X509_NAME modification functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -201,13 +200,13 @@ RelativeDistinguishedName (\s-1RDN\s0). \&\fBloc\fR actually determines the index where the new entry is inserted: if it is \-1 it is appended. .PP -\&\fBset\fR determines how the new type is added. If it is zero a -new \s-1RDN\s0 is created. +\&\fBset\fR determines how the new type is added. +If it is zero a new \s-1RDN\s0 is created. .PP -If \fBset\fR is \-1 or 1 it is added to the previous or next \s-1RDN\s0 -structure respectively. This will then be a multivalued \s-1RDN:\s0 -since multivalues RDNs are very seldom used \fBset\fR is almost -always set to zero. +If \fBset\fR is \-1 or 1 it is added as a new set member +to the previous or next \s-1RDN\s0 structure, respectively. +This will then become part of a multi-valued \s-1RDN\s0 (containing a set of AVAs). +Since multi-valued RDNs are very rarely used \fBset\fR typically will be zero. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_NAME_add_entry_by_txt()\fR, \fBX509_NAME_add_entry_by_OBJ()\fR, @@ -215,7 +214,7 @@ always set to zero. success of 0 if an error occurred. .PP \&\fBX509_NAME_delete_entry()\fR returns either the deleted \fBX509_NAME_ENTRY\fR -structure of \fB\s-1NULL\s0\fR if an error occurred. +structure or \fB\s-1NULL\s0\fR if an error occurred. .SH "EXAMPLES" .IX Header "EXAMPLES" Create an \fBX509_NAME\fR structure: @@ -249,9 +248,9 @@ can result in invalid field types its use is strongly discouraged. \&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2002\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_NAME_get0_der.3 b/secure/lib/libcrypto/man/man3/X509_NAME_get0_der.3 index 1f162fee2376..c8efe471885e 100644 --- a/secure/lib/libcrypto/man/man3/X509_NAME_get0_der.3 +++ b/secure/lib/libcrypto/man/man3/X509_NAME_get0_der.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_NAME_GET0_DER 3" -.TH X509_NAME_GET0_DER 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_NAME_GET0_DER 3ossl" +.TH X509_NAME_GET0_DER 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,8 +143,8 @@ X509_NAME_get0_der \- get X509_NAME DER encoding .Vb 1 \& #include <openssl/x509.h> \& -\& int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, -\& size_t *pderlen) +\& int X509_NAME_get0_der(const X509_NAME *nm, const unsigned char **pder, +\& size_t *pderlen); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -163,9 +161,9 @@ occurred. \&\fBd2i_X509\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_NAME_get_index_by_NID.3 b/secure/lib/libcrypto/man/man3/X509_NAME_get_index_by_NID.3 index f795a4302f40..849dcf7ab0c2 100644 --- a/secure/lib/libcrypto/man/man3/X509_NAME_get_index_by_NID.3 +++ b/secure/lib/libcrypto/man/man3/X509_NAME_get_index_by_NID.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,27 +130,32 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_NAME_GET_INDEX_BY_NID 3" -.TH X509_NAME_GET_INDEX_BY_NID 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_NAME_GET_INDEX_BY_NID 3ossl" +.TH X509_NAME_GET_INDEX_BY_NID 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry, X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ \- X509_NAME lookup and enumeration functions +X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry, +X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ \- +X509_NAME lookup and enumeration functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/x509.h> \& -\& int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos); -\& int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int lastpos); +\& int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid, int lastpos); +\& int X509_NAME_get_index_by_OBJ(const X509_NAME *name, +\& const ASN1_OBJECT *obj, int lastpos); \& \& int X509_NAME_entry_count(const X509_NAME *name); \& X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc); \& -\& int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len); -\& int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf, int len); +\& int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid, +\& char *buf, int len); +\& int X509_NAME_get_text_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, +\& char *buf, int len); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -196,8 +199,8 @@ For a more general solution \fBX509_NAME_get_index_by_NID()\fR or various \fBX509_NAME_ENTRY\fR utility functions on the result. .PP The list of all relevant \fBNID_*\fR and \fBOBJ_* codes\fR can be found in -the source code header files <openssl/obj_mac.h> and/or -<openssl/objects.h>. +the source code header files \fI<openssl/obj_mac.h>\fR and/or +\&\fI<openssl/objects.h>\fR. .PP Applications which could pass invalid NIDs to \fBX509_NAME_get_index_by_NID()\fR should check for the return value of \-2. Alternatively the \s-1NID\s0 validity @@ -209,7 +212,8 @@ return the index of the next matching entry or \-1 if not found. \&\fBX509_NAME_get_index_by_NID()\fR can also return \-2 if the supplied \&\s-1NID\s0 is invalid. .PP -\&\fBX509_NAME_entry_count()\fR returns the total number of entries. +\&\fBX509_NAME_entry_count()\fR returns the total number of entries, and 0 +for failure. .PP \&\fBX509_NAME_get_entry()\fR returns an \fBX509_NAME\fR pointer to the requested entry or \fB\s-1NULL\s0\fR if the index is invalid. @@ -246,9 +250,9 @@ Process all commonName entries: \&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2002\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_NAME_print_ex.3 b/secure/lib/libcrypto/man/man3/X509_NAME_print_ex.3 index 9e29bd65174f..195a6f89dd01 100644 --- a/secure/lib/libcrypto/man/man3/X509_NAME_print_ex.3 +++ b/secure/lib/libcrypto/man/man3/X509_NAME_print_ex.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,46 +130,50 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_NAME_PRINT_EX 3" -.TH X509_NAME_PRINT_EX 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_NAME_PRINT_EX 3ossl" +.TH X509_NAME_PRINT_EX 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print, X509_NAME_oneline \- X509_NAME printing routines +X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print, +X509_NAME_oneline \- X509_NAME printing routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/x509.h> \& -\& int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, unsigned long flags); -\& int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, unsigned long flags); +\& int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, +\& int indent, unsigned long flags); +\& int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, +\& int indent, unsigned long flags); \& char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); \& int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO\s0 \fBout\fR. Each -line (for multiline formats) is indented by \fBindent\fR spaces. The output format -can be extensively customised by use of the \fBflags\fR parameter. +\&\fBX509_NAME_print_ex()\fR prints a human readable version of \fInm\fR to \s-1BIO\s0 \fIout\fR. +Each line (for multiline formats) is indented by \fIindent\fR spaces. The +output format can be extensively customised by use of the \fIflags\fR parameter. .PP -\&\fBX509_NAME_print_ex_fp()\fR is identical to \fBX509_NAME_print_ex()\fR except the output is -written to \s-1FILE\s0 pointer \fBfp\fR. +\&\fBX509_NAME_print_ex_fp()\fR is identical to \fBX509_NAME_print_ex()\fR +except the output is written to \s-1FILE\s0 pointer \fIfp\fR. .PP -\&\fBX509_NAME_oneline()\fR prints an \s-1ASCII\s0 version of \fBa\fR to \fBbuf\fR. -If \fBbuf\fR is \fB\s-1NULL\s0\fR then a buffer is dynamically allocated and returned, and -\&\fBsize\fR is ignored. -Otherwise, at most \fBsize\fR bytes will be written, including the ending '\e0', -and \fBbuf\fR is returned. +\&\fBX509_NAME_oneline()\fR prints an \s-1ASCII\s0 version of \fIa\fR to \fIbuf\fR. +This supports multi-valued RDNs and escapes \fB/\fR and \fB+\fR characters in values. +If \fIbuf\fR is \fB\s-1NULL\s0\fR then a buffer is dynamically allocated and returned, and +\&\fIsize\fR is ignored. +Otherwise, at most \fIsize\fR bytes will be written, including the ending '\e0', +and \fIbuf\fR is returned. .PP -\&\fBX509_NAME_print()\fR prints out \fBname\fR to \fBbp\fR indenting each line by \fBobase\fR +\&\fBX509_NAME_print()\fR prints out \fIname\fR to \fIbp\fR indenting each line by \fIobase\fR characters. Multiple lines are used if the output (including indent) exceeds 80 characters. .SH "NOTES" .IX Header "NOTES" The functions \fBX509_NAME_oneline()\fR and \fBX509_NAME_print()\fR -produce a non standard output form, they don't handle multi character fields and +produce a non standard output form, they don't handle multi-character fields and have various quirks and inconsistencies. Their use is strongly discouraged in new applications and they could be deprecated in a future release. @@ -187,15 +189,18 @@ The complete set of the flags supported by \fBX509_NAME_print_ex()\fR is listed Several options can be ored together. .PP The options \fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR, \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR, -\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR and \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR determine the field separators -to use. Two distinct separators are used between distinct RelativeDistinguishedName -components and separate values in the same \s-1RDN\s0 for a multi-valued \s-1RDN.\s0 Multi-valued -RDNs are currently very rare so the second separator will hardly ever be used. +\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR and \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR +determine the field separators to use. +Two distinct separators are used between distinct RelativeDistinguishedName +components and separate values in the same \s-1RDN\s0 for a multi-valued \s-1RDN.\s0 +Multi-valued RDNs are currently very rare +so the second separator will hardly ever be used. .PP -\&\fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR uses comma and plus as separators. \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR -uses comma and plus with spaces: this is more readable that plain comma and plus. -\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR uses spaced semicolon and plus. \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR uses -spaced newline and plus respectively. +\&\fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR uses comma and plus as separators. +\&\fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR uses comma and plus with spaces: +this is more readable that plain comma and plus. +\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR uses spaced semicolon and plus. +\&\fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR uses spaced newline and plus respectively. .PP If \fB\s-1XN_FLAG_DN_REV\s0\fR is set the whole \s-1DN\s0 is printed in reversed order. .PP @@ -219,34 +224,38 @@ control how each field value is displayed. .PP In addition a number options can be set for commonly used formats. .PP -\&\fB\s-1XN_FLAG_RFC2253\s0\fR sets options which produce an output compatible with \s-1RFC2253\s0 it -is equivalent to: - \fB\s-1ASN1_STRFLGS_RFC2253\s0 | \s-1XN_FLAG_SEP_COMMA_PLUS\s0 | \s-1XN_FLAG_DN_REV\s0 | \s-1XN_FLAG_FN_SN\s0 | \s-1XN_FLAG_DUMP_UNKNOWN_FIELDS\s0\fR +\&\fB\s-1XN_FLAG_RFC2253\s0\fR sets options which produce an output compatible with \s-1RFC2253.\s0 +It is equivalent to: + \f(CW\*(C`ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV + | XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS\*(C'\fR .PP \&\fB\s-1XN_FLAG_ONELINE\s0\fR is a more readable one line format which is the same as: - \fB\s-1ASN1_STRFLGS_RFC2253\s0 | \s-1ASN1_STRFLGS_ESC_QUOTE\s0 | \s-1XN_FLAG_SEP_CPLUS_SPC\s0 | \s-1XN_FLAG_SPC_EQ\s0 | \s-1XN_FLAG_FN_SN\s0\fR + \f(CW\*(C`ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC + | XN_FLAG_SPC_EQ | XN_FLAG_FN_SN\*(C'\fR .PP \&\fB\s-1XN_FLAG_MULTILINE\s0\fR is a multiline format which is the same as: - \fB\s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 | \s-1XN_FLAG_SEP_MULTILINE\s0 | \s-1XN_FLAG_SPC_EQ\s0 | \s-1XN_FLAG_FN_LN\s0 | \s-1XN_FLAG_FN_ALIGN\s0\fR + \f(CW\*(C`ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE + | XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN\*(C'\fR .PP -\&\fB\s-1XN_FLAG_COMPAT\s0\fR uses a format identical to \fBX509_NAME_print()\fR: in fact it calls \fBX509_NAME_print()\fR internally. +\&\fB\s-1XN_FLAG_COMPAT\s0\fR uses a format identical to \fBX509_NAME_print()\fR: +in fact it calls \fBX509_NAME_print()\fR internally. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_NAME_oneline()\fR returns a valid string on success or \s-1NULL\s0 on error. .PP \&\fBX509_NAME_print()\fR returns 1 on success or 0 on error. .PP -\&\fBX509_NAME_print_ex()\fR and \fBX509_NAME_print_ex_fp()\fR return 1 on success or 0 on error -if the \fB\s-1XN_FLAG_COMPAT\s0\fR is set, which is the same as \fBX509_NAME_print()\fR. Otherwise, -it returns \-1 on error or other values on success. +\&\fBX509_NAME_print_ex()\fR and \fBX509_NAME_print_ex_fp()\fR return 1 on success or 0 on +error if the \fB\s-1XN_FLAG_COMPAT\s0\fR is set, which is the same as \fBX509_NAME_print()\fR. +Otherwise, it returns \-1 on error or other values on success. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBASN1_STRING_print_ex\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_PUBKEY_new.3 b/secure/lib/libcrypto/man/man3/X509_PUBKEY_new.3 index 6127a982906f..331c116b1cc7 100644 --- a/secure/lib/libcrypto/man/man3/X509_PUBKEY_new.3 +++ b/secure/lib/libcrypto/man/man3/X509_PUBKEY_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,86 +130,113 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_PUBKEY_NEW 3" -.TH X509_PUBKEY_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_PUBKEY_NEW 3ossl" +.TH X509_PUBKEY_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_PUBKEY_new, X509_PUBKEY_free, X509_PUBKEY_set, X509_PUBKEY_get0, X509_PUBKEY_get, d2i_PUBKEY, i2d_PUBKEY, d2i_PUBKEY_bio, d2i_PUBKEY_fp, i2d_PUBKEY_fp, i2d_PUBKEY_bio, X509_PUBKEY_set0_param, X509_PUBKEY_get0_param \- SubjectPublicKeyInfo public key functions +X509_PUBKEY_new_ex, X509_PUBKEY_new, X509_PUBKEY_free, X509_PUBKEY_dup, +X509_PUBKEY_set, X509_PUBKEY_get0, X509_PUBKEY_get, +d2i_PUBKEY_ex, d2i_PUBKEY, i2d_PUBKEY, d2i_PUBKEY_bio, d2i_PUBKEY_fp, +i2d_PUBKEY_fp, i2d_PUBKEY_bio, X509_PUBKEY_set0_param, X509_PUBKEY_get0_param, +X509_PUBKEY_eq \- SubjectPublicKeyInfo public key functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/x509.h> \& +\& X509_PUBKEY *X509_PUBKEY_new_ex(OSSL_LIB_CTX *libctx, const char *propq); \& X509_PUBKEY *X509_PUBKEY_new(void); \& void X509_PUBKEY_free(X509_PUBKEY *a); +\& X509_PUBKEY *X509_PUBKEY_dup(const X509_PUBKEY *a); \& \& int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); -\& EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key); -\& EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key); +\& EVP_PKEY *X509_PUBKEY_get0(const X509_PUBKEY *key); +\& EVP_PKEY *X509_PUBKEY_get(const X509_PUBKEY *key); \& +\& EVP_PKEY *d2i_PUBKEY_ex(EVP_PKEY **a, const unsigned char **pp, long length, +\& OSSL_LIB_CTX *libctx, const char *propq); \& EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length); -\& int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp); +\& int i2d_PUBKEY(const EVP_PKEY *a, unsigned char **pp); \& \& EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); \& EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); \& -\& int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey); -\& int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey); +\& int i2d_PUBKEY_fp(const FILE *fp, EVP_PKEY *pkey); +\& int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey); \& \& int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, \& int ptype, void *pval, \& unsigned char *penc, int penclen); \& int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, \& const unsigned char **pk, int *ppklen, -\& X509_ALGOR **pa, X509_PUBKEY *pub); +\& X509_ALGOR **pa, const X509_PUBKEY *pub); +\& int X509_PUBKEY_eq(X509_PUBKEY *a, X509_PUBKEY *b); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBX509_PUBKEY\fR structure represents the \s-1ASN.1\s0 \fBSubjectPublicKeyInfo\fR structure defined in \s-1RFC5280\s0 and used in certificates and certificate requests. .PP -\&\fBX509_PUBKEY_new()\fR allocates and initializes an \fBX509_PUBKEY\fR structure. +\&\fBX509_PUBKEY_new_ex()\fR allocates and initializes an \fBX509_PUBKEY\fR structure +associated with the given \fB\s-1OSSL_LIB_CTX\s0\fR in the \fIlibctx\fR parameter. Any +algorithm fetches associated with using the \fBX509_PUBKEY\fR object will use +the property query string \fIpropq\fR. See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for +further information about algorithm fetching. +.PP +\&\fBX509_PUBKEY_new()\fR is the same as \fBX509_PUBKEY_new_ex()\fR except that the default +(\s-1NULL\s0) \fB\s-1OSSL_LIB_CTX\s0\fR and a \s-1NULL\s0 property query string are used. .PP -\&\fBX509_PUBKEY_free()\fR frees up \fBX509_PUBKEY\fR structure \fBa\fR. If \fBa\fR is \s-1NULL\s0 +\&\fBX509_PUBKEY_dup()\fR creates a duplicate copy of the \fBX509_PUBKEY\fR object +specified by \fIa\fR. +.PP +\&\fBX509_PUBKEY_free()\fR frees up \fBX509_PUBKEY\fR structure \fIa\fR. If \fIa\fR is \s-1NULL\s0 nothing is done. .PP -\&\fBX509_PUBKEY_set()\fR sets the public key in \fB*x\fR to the public key contained -in the \fB\s-1EVP_PKEY\s0\fR structure \fBpkey\fR. If \fB*x\fR is not \s-1NULL\s0 any existing +\&\fBX509_PUBKEY_set()\fR sets the public key in \fI*x\fR to the public key contained +in the \fB\s-1EVP_PKEY\s0\fR structure \fIpkey\fR. If \fI*x\fR is not \s-1NULL\s0 any existing public key structure will be freed. .PP -\&\fBX509_PUBKEY_get0()\fR returns the public key contained in \fBkey\fR. The returned +\&\fBX509_PUBKEY_get0()\fR returns the public key contained in \fIkey\fR. The returned value is an internal pointer which \fB\s-1MUST NOT\s0\fR be freed after use. .PP \&\fBX509_PUBKEY_get()\fR is similar to \fBX509_PUBKEY_get0()\fR except the reference count on the returned key is incremented so it \fB\s-1MUST\s0\fR be freed using \&\fBEVP_PKEY_free()\fR after use. .PP -\&\fBd2i_PUBKEY()\fR and \fBi2d_PUBKEY()\fR decode and encode an \fB\s-1EVP_PKEY\s0\fR structure -using \fBSubjectPublicKeyInfo\fR format. They otherwise follow the conventions of -other \s-1ASN.1\s0 functions such as \fBd2i_X509()\fR. +\&\fBd2i_PUBKEY_ex()\fR decodes an \fB\s-1EVP_PKEY\s0\fR structure using \fBSubjectPublicKeyInfo\fR +format. Some public key decoding implementations may use cryptographic +algorithms. In this case the supplied library context \fIlibctx\fR and property +query string \fIpropq\fR are used. +\&\fBd2i_PUBKEY()\fR does the same as \fBd2i_PUBKEY_ex()\fR except that the default +library context and property query string are used. +.PP +\&\fBi2d_PUBKEY()\fR encodes an \fB\s-1EVP_PKEY\s0\fR structure using \fBSubjectPublicKeyInfo\fR +format. .PP \&\fBd2i_PUBKEY_bio()\fR, \fBd2i_PUBKEY_fp()\fR, \fBi2d_PUBKEY_bio()\fR and \fBi2d_PUBKEY_fp()\fR are similar to \fBd2i_PUBKEY()\fR and \fBi2d_PUBKEY()\fR except they decode or encode using a \&\fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR pointer. .PP -\&\fBX509_PUBKEY_set0_param()\fR sets the public key parameters of \fBpub\fR. The -\&\s-1OID\s0 associated with the algorithm is set to \fBaobj\fR. The type of the -algorithm parameters is set to \fBtype\fR using the structure \fBpval\fR. -The encoding of the public key itself is set to the \fBpenclen\fR -bytes contained in buffer \fBpenc\fR. On success ownership of all the supplied -parameters is passed to \fBpub\fR so they must not be freed after the +\&\fBX509_PUBKEY_set0_param()\fR sets the public key parameters of \fIpub\fR. The +\&\s-1OID\s0 associated with the algorithm is set to \fIaobj\fR. The type of the +algorithm parameters is set to \fItype\fR using the structure \fIpval\fR. +The encoding of the public key itself is set to the \fIpenclen\fR +bytes contained in buffer \fIpenc\fR. On success ownership of all the supplied +parameters is passed to \fIpub\fR so they must not be freed after the call. .PP -\&\fBX509_PUBKEY_get0_param()\fR retrieves the public key parameters from \fBpub\fR, -\&\fB*ppkalg\fR is set to the associated \s-1OID\s0 and the encoding consists of -\&\fB*ppklen\fR bytes at \fB*pk\fR, \fB*pa\fR is set to the associated +\&\fBX509_PUBKEY_get0_param()\fR retrieves the public key parameters from \fIpub\fR, +\&\fI*ppkalg\fR is set to the associated \s-1OID\s0 and the encoding consists of +\&\fI*ppklen\fR bytes at \fI*pk\fR, \fI*pa\fR is set to the associated AlgorithmIdentifier for the public key. If the value of any of these -parameters is not required it can be set to \fB\s-1NULL\s0\fR. All of the +parameters is not required it can be set to \s-1NULL.\s0 All of the retrieved pointers are internal and must not be freed after the call. +.PP +\&\fBX509_PUBKEY_eq()\fR compares two \fBX509_PUBKEY\fR values. .SH "NOTES" .IX Header "NOTES" The \fBX509_PUBKEY\fR functions can be used to encode and decode public keys @@ -221,28 +246,33 @@ In many cases applications will not call the \fBX509_PUBKEY\fR functions directly: they will instead call wrapper functions such as \fBX509_get0_pubkey()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If the allocation fails, \fBX509_PUBKEY_new()\fR returns \fB\s-1NULL\s0\fR and sets an error -code that can be obtained by \fBERR_get_error\fR\|(3). -.PP -Otherwise it returns a pointer to the newly allocated structure. +If the allocation fails, \fBX509_PUBKEY_new()\fR and \fBX509_PUBKEY_dup()\fR return +\&\s-1NULL\s0 and set an error code that can be obtained by \fBERR_get_error\fR\|(3). +Otherwise they return a pointer to the newly allocated structure. .PP \&\fBX509_PUBKEY_free()\fR does not return a value. .PP \&\fBX509_PUBKEY_get0()\fR and \fBX509_PUBKEY_get()\fR return a pointer to an \fB\s-1EVP_PKEY\s0\fR -structure or \fB\s-1NULL\s0\fR if an error occurs. +structure or \s-1NULL\s0 if an error occurs. .PP \&\fBX509_PUBKEY_set()\fR, \fBX509_PUBKEY_set0_param()\fR and \fBX509_PUBKEY_get0_param()\fR return 1 for success and 0 if an error occurred. +.PP +\&\fBX509_PUBKEY_eq()\fR returns 1 for equal, 0 for different, and < 0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_X509\fR\|(3), \&\fBERR_get_error\fR\|(3), \&\fBX509_get_pubkey\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +The \fBX509_PUBKEY_new_ex()\fR and \fBX509_PUBKEY_eq()\fR functions were added in OpenSSL +3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_SIG_get0.3 b/secure/lib/libcrypto/man/man3/X509_SIG_get0.3 index 9f716e52967c..089c25a20cc6 100644 --- a/secure/lib/libcrypto/man/man3/X509_SIG_get0.3 +++ b/secure/lib/libcrypto/man/man3/X509_SIG_get0.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_SIG_GET0 3" -.TH X509_SIG_GET0 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_SIG_GET0 3ossl" +.TH X509_SIG_GET0 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,7 +146,7 @@ X509_SIG_get0, X509_SIG_getm \- DigestInfo functions \& void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, \& const ASN1_OCTET_STRING **pdigest); \& void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, -\& ASN1_OCTET_STRING **pdigest, +\& ASN1_OCTET_STRING **pdigest); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -164,9 +162,9 @@ for example to initialise them. \&\fBd2i_X509\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_STORE_CTX_get_error.3 b/secure/lib/libcrypto/man/man3/X509_STORE_CTX_get_error.3 index 10cea9aa4eb4..977f4b19f8b7 100644 --- a/secure/lib/libcrypto/man/man3/X509_STORE_CTX_get_error.3 +++ b/secure/lib/libcrypto/man/man3/X509_STORE_CTX_get_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,56 +130,66 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_STORE_CTX_GET_ERROR 3" -.TH X509_STORE_CTX_GET_ERROR 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_STORE_CTX_GET_ERROR 3ossl" +.TH X509_STORE_CTX_GET_ERROR 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, X509_STORE_CTX_get_error_depth, X509_STORE_CTX_set_error_depth, X509_STORE_CTX_get_current_cert, X509_STORE_CTX_set_current_cert, X509_STORE_CTX_get0_cert, X509_STORE_CTX_get1_chain, X509_verify_cert_error_string \- get or set certificate verification status information +X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, +X509_STORE_CTX_get_error_depth, X509_STORE_CTX_set_error_depth, +X509_STORE_CTX_get_current_cert, X509_STORE_CTX_set_current_cert, +X509_STORE_CTX_get0_cert, X509_STORE_CTX_get1_chain, +X509_verify_cert_error_string \- get or set certificate verification status +information .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/x509.h> \& -\& int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); +\& int X509_STORE_CTX_get_error(const X509_STORE_CTX *ctx); \& void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); -\& int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); +\& int X509_STORE_CTX_get_error_depth(const X509_STORE_CTX *ctx); \& void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); -\& X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +\& X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx); \& void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); -\& X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); +\& X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx); \& -\& STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); +\& STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx); \& \& const char *X509_verify_cert_error_string(long n); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -These functions are typically called after \fBX509_verify_cert()\fR has indicated +These functions are typically called after certificate or chain verification +using \fBX509_verify_cert\fR\|(3) or \fBX509_STORE_CTX_verify\fR\|(3) has indicated an error or in a verification callback to determine the nature of an error. .PP -\&\fBX509_STORE_CTX_get_error()\fR returns the error code of \fBctx\fR, see -the \fB\s-1ERROR CODES\s0\fR section for a full description of all error codes. +\&\fBX509_STORE_CTX_get_error()\fR returns the error code of \fIctx\fR. +See the \*(L"\s-1ERROR CODES\*(R"\s0 section for a full description of all error codes. +It may return a code != X509_V_OK even if \fBX509_verify_cert()\fR did not indicate +an error, likely because a verification callback function has waived the error. .PP -\&\fBX509_STORE_CTX_set_error()\fR sets the error code of \fBctx\fR to \fBs\fR. For example +\&\fBX509_STORE_CTX_set_error()\fR sets the error code of \fIctx\fR to \fIs\fR. For example it might be used in a verification callback to set an error based on additional checks. .PP -\&\fBX509_STORE_CTX_get_error_depth()\fR returns the \fBdepth\fR of the error. This is a +\&\fBX509_STORE_CTX_get_error_depth()\fR returns the \fIdepth\fR of the error. This is a nonnegative integer representing where in the certificate chain the error occurred. If it is zero it occurred in the end entity certificate, one if it is the certificate which signed the end entity certificate and so on. .PP -\&\fBX509_STORE_CTX_set_error_depth()\fR sets the error \fBdepth\fR. +\&\fBX509_STORE_CTX_set_error_depth()\fR sets the error \fIdepth\fR. This can be used in combination with \fBX509_STORE_CTX_set_error()\fR to set the depth at which an error condition was detected. .PP -\&\fBX509_STORE_CTX_get_current_cert()\fR returns the certificate in \fBctx\fR which -caused the error or \fB\s-1NULL\s0\fR if no certificate is relevant. +\&\fBX509_STORE_CTX_get_current_cert()\fR returns the current certificate in +\&\fIctx\fR. If an error occurred, the current certificate will be the one +that is most closely related to the error, or possibly \s-1NULL\s0 if no such +certificate is relevant. .PP -\&\fBX509_STORE_CTX_set_current_cert()\fR sets the certificate \fBx\fR in \fBctx\fR which +\&\fBX509_STORE_CTX_set_current_cert()\fR sets the certificate \fIx\fR in \fIctx\fR which caused the error. This value is not intended to remain valid for very long, and remains owned by the caller. @@ -194,20 +202,19 @@ Once such a \fIsaved\fR certificate is no longer needed it can be freed with \&\fBX509_free\fR\|(3). .PP \&\fBX509_STORE_CTX_get0_cert()\fR retrieves an internal pointer to the -certificate being verified by the \fBctx\fR. +certificate being verified by the \fIctx\fR. .PP \&\fBX509_STORE_CTX_get1_chain()\fR returns a complete validate chain if a previous -call to \fBX509_verify_cert()\fR is successful. If the call to \fBX509_verify_cert()\fR -is \fBnot\fR successful the returned chain may be incomplete or invalid. The -returned chain persists after the \fBctx\fR structure is freed, when it is -no longer needed it should be free up using: +verification is successful. Otherwise the returned chain may be incomplete or +invalid. The returned chain persists after the \fIctx\fR structure is freed. +When it is no longer needed it should be free up using: .PP .Vb 1 \& sk_X509_pop_free(chain, X509_free); .Ve .PP \&\fBX509_verify_cert_error_string()\fR returns a human readable error string for -verification error \fBn\fR. +verification error \fIn\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_STORE_CTX_get_error()\fR returns \fBX509_V_OK\fR or an error code. @@ -215,10 +222,10 @@ verification error \fBn\fR. \&\fBX509_STORE_CTX_get_error_depth()\fR returns a nonnegative error depth. .PP \&\fBX509_STORE_CTX_get_current_cert()\fR returns the certificate which caused the -error or \fB\s-1NULL\s0\fR if no certificate is relevant to the error. +error or \s-1NULL\s0 if no certificate is relevant to the error. .PP \&\fBX509_verify_cert_error_string()\fR returns a human readable error string for -verification error \fBn\fR. +verification error \fIn\fR. .SH "ERROR CODES" .IX Header "ERROR CODES" A list of error codes and messages is shown below. Some of the @@ -226,122 +233,150 @@ error codes are defined but currently never returned: these are described as \&\*(L"unused\*(R". .IP "\fBX509_V_OK: ok\fR" 4 .IX Item "X509_V_OK: ok" -the operation was successful. +The operation was successful. +.IP "\fBX509_V_ERR_UNSPECIFIED: unspecified certificate verification error\fR" 4 +.IX Item "X509_V_ERR_UNSPECIFIED: unspecified certificate verification error" +Unspecified error; should not happen. .IP "\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate\fR" 4 .IX Item "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate" -the issuer certificate of a locally looked up certificate could not be found. +The issuer certificate of a locally looked up certificate could not be found. This normally means the list of trusted certificates is not complete. +To allow any certificate (not only a self-signed one) in the trust store +to terminate the chain the \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag may be set. .IP "\fBX509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate \s-1CRL\s0\fR" 4 .IX Item "X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL" -the \s-1CRL\s0 of a certificate could not be found. +The \s-1CRL\s0 of a certificate could not be found. .IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature\fR" 4 .IX Item "X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature" -the certificate signature could not be decrypted. This means that the actual +The certificate signature could not be decrypted. This means that the actual signature value could not be determined rather than it not matching the expected value, this is only meaningful for \s-1RSA\s0 keys. .IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt \s-1CRL\s0's signature\fR" 4 .IX Item "X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature" -the \s-1CRL\s0 signature could not be decrypted: this means that the actual signature +The \s-1CRL\s0 signature could not be decrypted: this means that the actual signature value could not be determined rather than it not matching the expected value. Unused. .IP "\fBX509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key\fR" 4 .IX Item "X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key" -the public key in the certificate SubjectPublicKeyInfo could not be read. +The public key in the certificate \f(CW\*(C`SubjectPublicKeyInfo\*(C'\fR field could +not be read. .IP "\fBX509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure\fR" 4 .IX Item "X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure" -the signature of the certificate is invalid. +The signature of the certificate is invalid. .IP "\fBX509_V_ERR_CRL_SIGNATURE_FAILURE: \s-1CRL\s0 signature failure\fR" 4 .IX Item "X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure" -the signature of the certificate is invalid. +The signature of the \s-1CRL\s0 is invalid. .IP "\fBX509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid\fR" 4 .IX Item "X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid" -the certificate is not yet valid: the notBefore date is after the current time. +The certificate is not yet valid: the \f(CW\*(C`notBefore\*(C'\fR date is after the +current time. .IP "\fBX509_V_ERR_CERT_HAS_EXPIRED: certificate has expired\fR" 4 .IX Item "X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired" -the certificate has expired: that is the notAfter date is before the current time. +The certificate has expired: that is the \f(CW\*(C`notAfter\*(C'\fR date is before the +current time. .IP "\fBX509_V_ERR_CRL_NOT_YET_VALID: \s-1CRL\s0 is not yet valid\fR" 4 .IX Item "X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid" -the \s-1CRL\s0 is not yet valid. +The \s-1CRL\s0 is not yet valid. .IP "\fBX509_V_ERR_CRL_HAS_EXPIRED: \s-1CRL\s0 has expired\fR" 4 .IX Item "X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired" -the \s-1CRL\s0 has expired. +The \s-1CRL\s0 has expired. .IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field\fR" 4 .IX Item "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field" -the certificate notBefore field contains an invalid time. +The certificate \f(CW\*(C`notBefore\*(C'\fR field contains an invalid time. .IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field\fR" 4 .IX Item "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field" -the certificate notAfter field contains an invalid time. +The certificate \f(CW\*(C`notAfter\*(C'\fR field contains an invalid time. .IP "\fBX509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in \s-1CRL\s0's lastUpdate field\fR" 4 .IX Item "X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field" -the \s-1CRL\s0 lastUpdate field contains an invalid time. +The \s-1CRL\s0 \fBlastUpdate\fR field contains an invalid time. .IP "\fBX509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in \s-1CRL\s0's nextUpdate field\fR" 4 .IX Item "X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field" -the \s-1CRL\s0 nextUpdate field contains an invalid time. +The \s-1CRL\s0 \f(CW\*(C`nextUpdate\*(C'\fR field contains an invalid time. .IP "\fBX509_V_ERR_OUT_OF_MEM: out of memory\fR" 4 .IX Item "X509_V_ERR_OUT_OF_MEM: out of memory" -an error occurred trying to allocate memory. This should never happen. -.IP "\fBX509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate\fR" 4 -.IX Item "X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate" -the passed certificate is self signed and the same certificate cannot be found +An error occurred trying to allocate memory. +.IP "\fBX509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self-signed certificate\fR" 4 +.IX Item "X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self-signed certificate" +The passed certificate is self-signed and the same certificate cannot be found in the list of trusted certificates. -.IP "\fBX509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain\fR" 4 -.IX Item "X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain" -the certificate chain could be built up using the untrusted certificates but -the root could not be found locally. +.IP "\fBX509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self-signed certificate in certificate chain\fR" 4 +.IX Item "X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self-signed certificate in certificate chain" +The certificate chain could be built up using the untrusted certificates +but no suitable trust anchor (which typically is a self-signed root certificate) +could be found in the trust store. .IP "\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate\fR" 4 .IX Item "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate" -the issuer certificate could not be found: this occurs if the issuer certificate +The issuer certificate could not be found: this occurs if the issuer certificate of an untrusted certificate cannot be found. .IP "\fBX509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate\fR" 4 .IX Item "X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate" -no signatures could be verified because the chain contains only one certificate -and it is not self signed. +No signatures could be verified because the chain contains only one certificate +and it is not self-signed and the \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag is not set. .IP "\fBX509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long\fR" 4 .IX Item "X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long" -the certificate chain length is greater than the supplied maximum depth. Unused. +The certificate chain length is greater than the supplied maximum depth. .IP "\fBX509_V_ERR_CERT_REVOKED: certificate revoked\fR" 4 .IX Item "X509_V_ERR_CERT_REVOKED: certificate revoked" -the certificate has been revoked. -.IP "\fBX509_V_ERR_INVALID_CA: invalid \s-1CA\s0 certificate\fR" 4 -.IX Item "X509_V_ERR_INVALID_CA: invalid CA certificate" -a \s-1CA\s0 certificate is invalid. Either it is not a \s-1CA\s0 or its extensions are not -consistent with the supplied purpose. +The certificate has been revoked. +.IP "\fBX509_V_ERR_NO_ISSUER_PUBLIC_KEY: issuer certificate doesn't have a public key\fR" 4 +.IX Item "X509_V_ERR_NO_ISSUER_PUBLIC_KEY: issuer certificate doesn't have a public key" +The issuer certificate does not have a public key. .IP "\fBX509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded\fR" 4 .IX Item "X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded" -the basicConstraints path-length parameter has been exceeded. -.IP "\fBX509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose\fR" 4 -.IX Item "X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose" -the supplied certificate cannot be used for the specified purpose. +The basicConstraints path-length parameter has been exceeded. +.IP "\fBX509_V_ERR_INVALID_PURPOSE: unsuitable certificate purpose\fR" 4 +.IX Item "X509_V_ERR_INVALID_PURPOSE: unsuitable certificate purpose" +The target certificate cannot be used for the specified purpose. .IP "\fBX509_V_ERR_CERT_UNTRUSTED: certificate not trusted\fR" 4 .IX Item "X509_V_ERR_CERT_UNTRUSTED: certificate not trusted" -the root \s-1CA\s0 is not marked as trusted for the specified purpose. +The root \s-1CA\s0 is not marked as trusted for the specified purpose. .IP "\fBX509_V_ERR_CERT_REJECTED: certificate rejected\fR" 4 .IX Item "X509_V_ERR_CERT_REJECTED: certificate rejected" -the root \s-1CA\s0 is marked to reject the specified purpose. +The root \s-1CA\s0 is marked to reject the specified purpose. .IP "\fBX509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch\fR" 4 .IX Item "X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch" -the current candidate issuer certificate was rejected because its subject name -did not match the issuer name of the current certificate. This is only set -if issuer check debugging is enabled it is used for status notification and -is \fBnot\fR in itself an error. +The current candidate issuer certificate was rejected because its subject name +did not match the issuer name of the current certificate. .IP "\fBX509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch\fR" 4 .IX Item "X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch" -the current candidate issuer certificate was rejected because its subject key +The current candidate issuer certificate was rejected because its subject key identifier was present and did not match the authority key identifier current -certificate. This is only set if issuer check debugging is enabled it is used -for status notification and is \fBnot\fR in itself an error. +certificate. .IP "\fBX509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch\fR" 4 .IX Item "X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch" -the current candidate issuer certificate was rejected because its issuer name +The current candidate issuer certificate was rejected because its issuer name and serial number was present and did not match the authority key identifier of -the current certificate. This is only set if issuer check debugging is enabled -it is used for status notification and is \fBnot\fR in itself an error. -.IP "\fBX509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing\fR" 4 -.IX Item "X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing" -the current candidate issuer certificate was rejected because its keyUsage -extension does not permit certificate signing. This is only set if issuer check -debugging is enabled it is used for status notification and is \fBnot\fR in itself -an error. +the current certificate. +.IP "\fBX509_V_ERR_KEYUSAGE_NO_CERTSIGN: key usage does not include certificate signing\fR" 4 +.IX Item "X509_V_ERR_KEYUSAGE_NO_CERTSIGN: key usage does not include certificate signing" +The current candidate issuer certificate was rejected because its \f(CW\*(C`keyUsage\*(C'\fR +extension does not permit certificate signing. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: unable to get \s-1CRL\s0 issuer certificate\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: unable to get CRL issuer certificate" +Unable to get \s-1CRL\s0 issuer certificate. +.IP "\fBX509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: unhandled critical extension\fR" 4 +.IX Item "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: unhandled critical extension" +Unhandled critical extension. +.IP "\fBX509_V_ERR_KEYUSAGE_NO_CRL_SIGN: key usage does not include \s-1CRL\s0 signing\fR" 4 +.IX Item "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: key usage does not include CRL signing" +Key usage does not include \s-1CRL\s0 signing. +.IP "\fBX509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: unhandled critical \s-1CRL\s0 extension\fR" 4 +.IX Item "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: unhandled critical CRL extension" +Unhandled critical \s-1CRL\s0 extension. +.IP "\fBX509_V_ERR_INVALID_NON_CA: invalid non-CA certificate (has \s-1CA\s0 markings)\fR" 4 +.IX Item "X509_V_ERR_INVALID_NON_CA: invalid non-CA certificate (has CA markings)" +Invalid non-CA certificate has \s-1CA\s0 markings. +.IP "\fBX509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: proxy path length constraint exceeded\fR" 4 +.IX Item "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: proxy path length constraint exceeded" +Proxy path length constraint exceeded. +.IP "\fBX509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: key usage does not include digital signature\fR" 4 +.IX Item "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: key usage does not include digital signature" +Key usage does not include digital signature, and therefore cannot sign +certificates. +.IP "\fBX509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: proxy certificates not allowed, please set the appropriate flag\fR" 4 +.IX Item "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: proxy certificates not allowed, please set the appropriate flag" +Proxy certificates not allowed unless the \fBX509_V_FLAG_ALLOW_PROXY_CERTS\fR flag +is set. .IP "\fBX509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension\fR" 4 .IX Item "X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension" A certificate extension had an invalid value (for example an incorrect @@ -355,12 +390,15 @@ occurs if policy processing is enabled. .IX Item "X509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy" The verification flags were set to require and explicit policy but none was present. -.IP "\fBX509_V_ERR_DIFFERENT_CRL_SCOPE: Different \s-1CRL\s0 scope\fR" 4 -.IX Item "X509_V_ERR_DIFFERENT_CRL_SCOPE: Different CRL scope" +.IP "\fBX509_V_ERR_DIFFERENT_CRL_SCOPE: different \s-1CRL\s0 scope\fR" 4 +.IX Item "X509_V_ERR_DIFFERENT_CRL_SCOPE: different CRL scope" The only CRLs that could be found did not match the scope of the certificate. -.IP "\fBX509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature\fR" 4 -.IX Item "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature" +.IP "\fBX509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: unsupported extension feature\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: unsupported extension feature" Some feature of a certificate extension is not supported. Unused. +.IP "\fBX509_V_ERR_UNNESTED_RESOURCE: \s-1RFC 3779\s0 resource not subset of parent's resources\fR" 4 +.IX Item "X509_V_ERR_UNNESTED_RESOURCE: RFC 3779 resource not subset of parent's resources" +See \s-1RFC 3779\s0 for details. .IP "\fBX509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation\fR" 4 .IX Item "X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation" A name constraint violation occurred in the permitted subtrees. @@ -371,6 +409,10 @@ A name constraint violation occurred in the excluded subtrees. .IX Item "X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported" A certificate name constraints extension included a minimum or maximum field: this is not supported. +.IP "\fBX509_V_ERR_APPLICATION_VERIFICATION: application verification failure\fR" 4 +.IX Item "X509_V_ERR_APPLICATION_VERIFICATION: application verification failure" +An application specific error. This will never be returned unless explicitly +set by an application callback. .IP "\fBX509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type\fR" 4 .IX Item "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type" An unsupported name constraint type was encountered. OpenSSL currently only @@ -380,37 +422,104 @@ supports directory name, \s-1DNS\s0 name, email and \s-1URI\s0 types. The format of the name constraint is not recognised: for example an email address format of a form not mentioned in \s-1RFC3280.\s0 This could be caused by a garbage extension or some new feature not currently supported. +.IP "\fBX509_V_ERR_UNSUPPORTED_NAME_SYNTAX: unsupported or invalid name syntax\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: unsupported or invalid name syntax" +Unsupported or invalid name syntax. .IP "\fBX509_V_ERR_CRL_PATH_VALIDATION_ERROR: \s-1CRL\s0 path validation error\fR" 4 .IX Item "X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error" An error occurred when attempting to verify the \s-1CRL\s0 path. This error can only happen if extended \s-1CRL\s0 checking is enabled. -.IP "\fBX509_V_ERR_APPLICATION_VERIFICATION: application verification failure\fR" 4 -.IX Item "X509_V_ERR_APPLICATION_VERIFICATION: application verification failure" -an application specific error. This will never be returned unless explicitly -set by an application. +.IP "\fBX509_V_ERR_PATH_LOOP: path loop\fR" 4 +.IX Item "X509_V_ERR_PATH_LOOP: path loop" +Path loop. +.IP "\fBX509_V_ERR_HOSTNAME_MISMATCH: hostname mismatch\fR" 4 +.IX Item "X509_V_ERR_HOSTNAME_MISMATCH: hostname mismatch" +Hostname mismatch. +.IP "\fBX509_V_ERR_EMAIL_MISMATCH: email address mismatch\fR" 4 +.IX Item "X509_V_ERR_EMAIL_MISMATCH: email address mismatch" +Email address mismatch. +.IP "\fBX509_V_ERR_IP_ADDRESS_MISMATCH: \s-1IP\s0 address mismatch\fR" 4 +.IX Item "X509_V_ERR_IP_ADDRESS_MISMATCH: IP address mismatch" +\&\s-1IP\s0 address mismatch. +.IP "\fBX509_V_ERR_DANE_NO_MATCH: no matching \s-1DANE TLSA\s0 records\fR" 4 +.IX Item "X509_V_ERR_DANE_NO_MATCH: no matching DANE TLSA records" +\&\s-1DANE TLSA\s0 authentication is enabled, but no \s-1TLSA\s0 records matched the +certificate chain. +This error is only possible in \fBopenssl\-s_client\fR\|(1). +.IP "\fBX509_V_ERR_EE_KEY_TOO_SMALL: \s-1EE\s0 certificate key too weak\fR" 4 +.IX Item "X509_V_ERR_EE_KEY_TOO_SMALL: EE certificate key too weak" +\&\s-1EE\s0 certificate key too weak. +.IP "\fBX509_V_ERR_CA_KEY_TOO_SMALL: \s-1CA\s0 certificate key too weak\fR" 4 +.IX Item "X509_V_ERR_CA_KEY_TOO_SMALL: CA certificate key too weak" +\&\s-1CA\s0 certificate key too weak. +.IP "\fBX509_V_ERR_CA_MD_TOO_WEAK: \s-1CA\s0 signature digest algorithm too weak\fR" 4 +.IX Item "X509_V_ERR_CA_MD_TOO_WEAK: CA signature digest algorithm too weak" +\&\s-1CA\s0 signature digest algorithm too weak. +.IP "\fBX509_V_ERR_INVALID_CALL: invalid certificate verification context\fR" 4 +.IX Item "X509_V_ERR_INVALID_CALL: invalid certificate verification context" +Invalid certificate verification context. +.IP "\fBX509_V_ERR_STORE_LOOKUP: issuer certificate lookup error\fR" 4 +.IX Item "X509_V_ERR_STORE_LOOKUP: issuer certificate lookup error" +Issuer certificate lookup error. +.IP "\fBX509_V_ERR_NO_VALID_SCTS: certificate transparency required, but no valid SCTs found\fR" 4 +.IX Item "X509_V_ERR_NO_VALID_SCTS: certificate transparency required, but no valid SCTs found" +Certificate Transparency required, but no valid SCTs found. +.IP "\fBX509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION: proxy subject name violation\fR" 4 +.IX Item "X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION: proxy subject name violation" +Proxy subject name violation. +.IP "\fBX509_V_ERR_OCSP_VERIFY_NEEDED: \s-1OCSP\s0 verification needed\fR" 4 +.IX Item "X509_V_ERR_OCSP_VERIFY_NEEDED: OCSP verification needed" +Returned by the verify callback to indicate an \s-1OCSP\s0 verification is needed. +.IP "\fBX509_V_ERR_OCSP_VERIFY_FAILED: \s-1OCSP\s0 verification failed\fR" 4 +.IX Item "X509_V_ERR_OCSP_VERIFY_FAILED: OCSP verification failed" +Returned by the verify callback to indicate \s-1OCSP\s0 verification failed. +.IP "\fBX509_V_ERR_OCSP_CERT_UNKNOWN: \s-1OCSP\s0 unknown cert\fR" 4 +.IX Item "X509_V_ERR_OCSP_CERT_UNKNOWN: OCSP unknown cert" +Returned by the verify callback to indicate that the certificate is not +recognized by the \s-1OCSP\s0 responder. +.IP "\fBX509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM: unsupported signature algorithm\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM: unsupported signature algorithm" +Cannot find certificate signature algorithm. +.IP "\fBX509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH: subject signature algorithm and issuer public key algorithm mismatch\fR" 4 +.IX Item "X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH: subject signature algorithm and issuer public key algorithm mismatch" +The issuer's public key is not of the type required by the signature in +the subject's certificate. +.IP "\fBX509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY: cert info signature and signature algorithm mismatch\fR" 4 +.IX Item "X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY: cert info signature and signature algorithm mismatch" +The algorithm given in the certificate info is inconsistent + with the one used for the certificate signature. +.IP "\fBX509_V_ERR_INVALID_CA: invalid \s-1CA\s0 certificate\fR" 4 +.IX Item "X509_V_ERR_INVALID_CA: invalid CA certificate" +A \s-1CA\s0 certificate is invalid. Either it is not a \s-1CA\s0 or its extensions are not +consistent with the supplied purpose. .SH "NOTES" .IX Header "NOTES" The above functions should be used instead of directly referencing the fields in the \fBX509_VERIFY_CTX\fR structure. .PP In versions of OpenSSL before 1.0 the current certificate returned by -\&\fBX509_STORE_CTX_get_current_cert()\fR was never \fB\s-1NULL\s0\fR. Applications should +\&\fBX509_STORE_CTX_get_current_cert()\fR was never \s-1NULL.\s0 Applications should check the return value before printing out any debugging information relating to the current certificate. .PP If an unrecognised error code is passed to \fBX509_verify_cert_error_string()\fR the numerical value of the unknown code is returned in a static buffer. This is not thread safe but will never happen unless an invalid code is passed. +.SH "BUGS" +.IX Header "BUGS" +Previous versions of this documentation swapped the meaning of the +\&\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT\fR and +\&\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY\fR error codes. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBX509_verify_cert\fR\|(3), +\&\fBX509_verify_cert\fR\|(3), \fBX509_STORE_CTX_verify\fR\|(3), \&\fBX509_up_ref\fR\|(3), \&\fBX509_free\fR\|(3). .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2009\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_STORE_CTX_new.3 b/secure/lib/libcrypto/man/man3/X509_STORE_CTX_new.3 index 686e1266f725..29a519f2d05a 100644 --- a/secure/lib/libcrypto/man/man3/X509_STORE_CTX_new.3 +++ b/secure/lib/libcrypto/man/man3/X509_STORE_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,42 +130,56 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_STORE_CTX_NEW 3" -.TH X509_STORE_CTX_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_STORE_CTX_NEW 3ossl" +.TH X509_STORE_CTX_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_init, X509_STORE_CTX_set0_trusted_stack, X509_STORE_CTX_set_cert, X509_STORE_CTX_set0_crls, X509_STORE_CTX_get0_chain, X509_STORE_CTX_set0_verified_chain, X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, X509_STORE_CTX_get0_untrusted, X509_STORE_CTX_set0_untrusted, X509_STORE_CTX_get_num_untrusted, X509_STORE_CTX_set_default, X509_STORE_CTX_set_verify, X509_STORE_CTX_verify_fn, X509_STORE_CTX_set_purpose, X509_STORE_CTX_set_trust, X509_STORE_CTX_purpose_inherit \&\- X509_STORE_CTX initialisation +X509_STORE_CTX_new_ex, X509_STORE_CTX_new, X509_STORE_CTX_cleanup, +X509_STORE_CTX_free, X509_STORE_CTX_init, X509_STORE_CTX_set0_trusted_stack, +X509_STORE_CTX_set_cert, X509_STORE_CTX_set0_crls, +X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, +X509_STORE_CTX_get0_untrusted, X509_STORE_CTX_set0_untrusted, +X509_STORE_CTX_get_num_untrusted, +X509_STORE_CTX_get0_chain, X509_STORE_CTX_set0_verified_chain, +X509_STORE_CTX_set_default, +X509_STORE_CTX_set_verify, +X509_STORE_CTX_verify_fn, +X509_STORE_CTX_set_purpose, +X509_STORE_CTX_set_trust, +X509_STORE_CTX_purpose_inherit +\&\- X509_STORE_CTX initialisation .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/x509_vfy.h> \& +\& X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq); \& X509_STORE_CTX *X509_STORE_CTX_new(void); \& void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); \& void X509_STORE_CTX_free(X509_STORE_CTX *ctx); \& -\& int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, -\& X509 *x509, STACK_OF(X509) *chain); +\& int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store, +\& X509 *target, STACK_OF(X509) *untrusted); \& \& void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); \& -\& void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x); -\& STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); -\& void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *chain); +\& void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target); \& void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk); \& -\& X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); +\& X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(const X509_STORE_CTX *ctx); \& void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); -\& int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); \& -\& STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx); +\& STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx); \& void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); \& -\& int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); +\& int X509_STORE_CTX_get_num_untrusted(const X509_STORE_CTX *ctx); +\& STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *chain); \& +\& int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); \& typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); \& void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify); \& @@ -179,66 +191,100 @@ X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_ .SH "DESCRIPTION" .IX Header "DESCRIPTION" These functions initialise an \fBX509_STORE_CTX\fR structure for subsequent use -by \fBX509_verify_cert()\fR. +by \fBX509_verify_cert\fR\|(3) or \fBX509_STORE_CTX_verify\fR\|(3). +.PP +\&\fBX509_STORE_CTX_new_ex()\fR returns a newly initialised \fBX509_STORE_CTX\fR +structure associated with the specified library context \fIlibctx\fR and property +query string \fIpropq\fR. Any cryptographic algorithms fetched while performing +processing with the X509_STORE_CTX will use that library context and property +query string. .PP -\&\fBX509_STORE_CTX_new()\fR returns a newly initialised \fBX509_STORE_CTX\fR structure. +\&\fBX509_STORE_CTX_new()\fR is the same as \fBX509_STORE_CTX_new_ex()\fR except that +the default library context and a \s-1NULL\s0 property query string are used. .PP \&\fBX509_STORE_CTX_cleanup()\fR internally cleans up an \fBX509_STORE_CTX\fR structure. -The context can then be reused with a new call to \fBX509_STORE_CTX_init()\fR. +It is used by \fBX509_STORE_CTX_init()\fR and \fBX509_STORE_CTX_free()\fR. .PP -\&\fBX509_STORE_CTX_free()\fR completely frees up \fBctx\fR. After this call \fBctx\fR +\&\fBX509_STORE_CTX_free()\fR completely frees up \fIctx\fR. After this call \fIctx\fR is no longer valid. -If \fBctx\fR is \s-1NULL\s0 nothing is done. -.PP -\&\fBX509_STORE_CTX_init()\fR sets up \fBctx\fR for a subsequent verification operation. -It must be called before each call to \fBX509_verify_cert()\fR, i.e. a \fBctx\fR is only -good for one call to \fBX509_verify_cert()\fR; if you want to verify a second -certificate with the same \fBctx\fR then you must call \fBX509_STORE_CTX_cleanup()\fR -and then \fBX509_STORE_CTX_init()\fR again before the second call to -\&\fBX509_verify_cert()\fR. The trusted certificate store is set to \fBstore\fR, the end -entity certificate to be verified is set to \fBx509\fR and a set of additional -certificates (which will be untrusted but may be used to build the chain) in -\&\fBchain\fR. Any or all of the \fBstore\fR, \fBx509\fR and \fBchain\fR parameters can be -\&\fB\s-1NULL\s0\fR. +If \fIctx\fR is \s-1NULL\s0 nothing is done. +.PP +It must be called before each call to \fBX509_verify_cert\fR\|(3) or +\&\fBX509_STORE_CTX_verify\fR\|(3), i.e., a context is only good for one verification. +If you want to verify a further certificate or chain with the same \fIctx\fR +then you must call \fBX509_STORE_CTX_init()\fR again. +The trusted certificate store is set to \fItrust_store\fR of type \fBX509_STORE\fR. +This may be \s-1NULL\s0 because there are no trusted certificates or because +they are provided simply as a list using \fBX509_STORE_CTX_set0_trusted_stack()\fR. +The certificate to be verified is set to \fItarget\fR, +and a list of additional certificates may be provided in \fIuntrusted\fR, +which will be untrusted but may be used to build the chain. +Each of the \fItrust_store\fR, \fItarget\fR and \fIuntrusted\fR parameters can be \s-1NULL.\s0 +Yet note that \fBX509_verify_cert\fR\|(3) and \fBX509_STORE_CTX_verify\fR\|(3) +will need a verification target. +This can also be set using \fBX509_STORE_CTX_set_cert()\fR. +For \fBX509_STORE_CTX_verify\fR\|(3), which takes by default the first element of the +list of untrusted certificates as its verification target, +this can be also set indirectly using \fBX509_STORE_CTX_set0_untrusted()\fR. .PP \&\fBX509_STORE_CTX_set0_trusted_stack()\fR sets the set of trusted certificates of -\&\fBctx\fR to \fBsk\fR. This is an alternative way of specifying trusted certificates -instead of using an \fBX509_STORE\fR. +\&\fIctx\fR to \fIsk\fR. This is an alternative way of specifying trusted certificates +instead of using an \fBX509_STORE\fR where its complexity is not needed +or to make sure that only the given set \fIsk\fR of certificates are trusted. .PP -\&\fBX509_STORE_CTX_set_cert()\fR sets the certificate to be verified in \fBctx\fR to -\&\fBx\fR. +\&\fBX509_STORE_CTX_set_cert()\fR sets the target certificate to be verified in \fIctx\fR +to \fItarget\fR. +.PP +\&\fBX509_STORE_CTX_set0_verified_chain()\fR sets the validated chain to \fIchain\fR. +Ownership of the chain is transferred to \fIctx\fR, +and so it should not be free'd by the caller. .PP -\&\fBX509_STORE_CTX_set0_verified_chain()\fR sets the validated chain used -by \fBctx\fR to be \fBchain\fR. -Ownership of the chain is transferred to \fBctx\fR and should not be -free'd by the caller. \&\fBX509_STORE_CTX_get0_chain()\fR returns the internal pointer used by the -\&\fBctx\fR that contains the validated chain. +\&\fIctx\fR that contains the constructed (output) chain. .PP \&\fBX509_STORE_CTX_set0_crls()\fR sets a set of CRLs to use to aid certificate -verification to \fBsk\fR. These CRLs will only be used if \s-1CRL\s0 verification is +verification to \fIsk\fR. These CRLs will only be used if \s-1CRL\s0 verification is enabled in the associated \fBX509_VERIFY_PARAM\fR structure. This might be used where additional \*(L"useful\*(R" CRLs are supplied as part of a protocol, for example in a PKCS#7 structure. .PP \&\fBX509_STORE_CTX_get0_param()\fR retrieves an internal pointer -to the verification parameters associated with \fBctx\fR. +to the verification parameters associated with \fIctx\fR. +.PP +\&\fBX509_STORE_CTX_set0_param()\fR sets the internal verification parameter pointer +to \fIparam\fR. After this call \fBparam\fR should not be used. .PP \&\fBX509_STORE_CTX_get0_untrusted()\fR retrieves an internal pointer to the -stack of untrusted certificates associated with \fBctx\fR. +stack of untrusted certificates associated with \fIctx\fR. .PP -\&\fBX509_STORE_CTX_set0_untrusted()\fR sets the internal point to the stack -of untrusted certificates associated with \fBctx\fR to \fBsk\fR. +\&\fBX509_STORE_CTX_set0_untrusted()\fR sets the internal pointer to the stack +of untrusted certificates associated with \fIctx\fR to \fIsk\fR. +\&\fBX509_STORE_CTX_verify()\fR will take the first element, if any, +as its default target if the target certificate is not set explicitly. .PP -\&\fBX509_STORE_CTX_set0_param()\fR sets the internal verification parameter pointer -to \fBparam\fR. After this call \fBparam\fR should not be used. +\&\fBX509_STORE_CTX_get_num_untrusted()\fR returns the number of untrusted certificates +that were used in building the chain. +This is can be used after calling \fBX509_verify_cert\fR\|(3) and similar functions. +With \fBX509_STORE_CTX_verify\fR\|(3), this does not count the first chain element. .PP -\&\fBX509_STORE_CTX_set_default()\fR looks up and sets the default verification -method to \fBname\fR. This uses the function \fBX509_VERIFY_PARAM_lookup()\fR to -find an appropriate set of parameters from \fBname\fR. +\&\fBX509_STORE_CTX_get0_chain()\fR returns the internal pointer used by the +\&\fIctx\fR that contains the validated chain. .PP -\&\fBX509_STORE_CTX_get_num_untrusted()\fR returns the number of untrusted certificates -that were used in building the chain following a call to \fBX509_verify_cert()\fR. +Details of the chain building and checking process are described in +\&\*(L"Certification Path Building\*(R" in \fBopenssl\-verification\-options\fR\|(1) and +\&\*(L"Certification Path Validation\*(R" in \fBopenssl\-verification\-options\fR\|(1). +.PP +\&\fBX509_STORE_CTX_set0_verified_chain()\fR sets the validated chain used +by \fIctx\fR to be \fIchain\fR. +Ownership of the chain is transferred to \fIctx\fR, +and so it should not be free'd by the caller. +.PP +\&\fBX509_STORE_CTX_set_default()\fR looks up and sets the default verification +method to \fIname\fR. This uses the function \fBX509_VERIFY_PARAM_lookup()\fR to +find an appropriate set of parameters from the purpose identifier \fIname\fR. +Currently defined purposes are \f(CW\*(C`sslclient\*(C'\fR, \f(CW\*(C`sslserver\*(C'\fR, \f(CW\*(C`nssslserver\*(C'\fR, +\&\f(CW\*(C`smimesign\*(C'\fR, \f(CW\*(C`smimeencrypt\*(C'\fR, \f(CW\*(C`crlsign\*(C'\fR, \f(CW\*(C`ocsphelper\*(C'\fR, \f(CW\*(C`timestampsign\*(C'\fR, +and \f(CW\*(C`any\*(C'\fR. .PP \&\fBX509_STORE_CTX_set_verify()\fR provides the capability for overriding the default verify function. This function is responsible for verifying chain signatures and @@ -268,7 +314,7 @@ administrator might only trust it for the former. An X.509 certificate extension exists that can record extended key usage information to supplement the purpose information described above. This extended mechanism is arbitrarily extensible and not well suited for a generic library \s-1API\s0; applications that need to -validate extended key usage information in certifiates will need to define a +validate extended key usage information in certificates will need to define a custom \*(L"purpose\*(R" (see below) or supply a nondefault verification callback (\fBX509_STORE_set_verify_cb_func\fR\|(3)). .PP @@ -301,14 +347,18 @@ It should not normally be necessary for end user applications to call \&\fBX509_STORE_CTX_purpose_inherit()\fR directly. Typically applications should call \&\fBX509_STORE_CTX_set_purpose()\fR or \fBX509_STORE_CTX_set_trust()\fR instead. Using this function it is possible to set the purpose and trust values for the \fIctx\fR at -the same time. The \fIdef_purpose\fR and \fIpurpose\fR arguments can have the same +the same time. +Both \fIctx\fR and its internal verification parameter pointer must not be \s-1NULL.\s0 +The \fIdef_purpose\fR and \fIpurpose\fR arguments can have the same purpose values as described for \fBX509_STORE_CTX_set_purpose()\fR above. The \fItrust\fR argument can have the same trust values as described in \&\fBX509_STORE_CTX_set_trust()\fR above. Any of the \fIdef_purpose\fR, \fIpurpose\fR or \&\fItrust\fR values may also have the value 0 to indicate that the supplied parameter should be ignored. After calling this function the purpose to be used -for verification is set from the \fIpurpose\fR argument, and the trust is set from -the \fItrust\fR argument. If \fItrust\fR is 0 then the trust value will be set from +for verification is set from the \fIpurpose\fR argument unless the purpose was +already set in \fIctx\fR before, and the trust is set from the \fItrust\fR argument +unless the trust was already set in \fIctx\fR before. +If \fItrust\fR is 0 then the trust value will be set from the default trust value for \fIpurpose\fR. If the default trust value for the purpose is \fIX509_TRUST_DEFAULT\fR and \fItrust\fR is 0 then the default trust value associated with the \fIdef_purpose\fR value is used for the trust setting instead. @@ -323,13 +373,13 @@ be freed up until after the associated \fBX509_STORE_CTX\fR is freed. Copies should be made or reference counts increased instead. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBX509_STORE_CTX_new()\fR returns a newly allocated context or \fB\s-1NULL\s0\fR if an +\&\fBX509_STORE_CTX_new()\fR returns a newly allocated context or \s-1NULL\s0 if an error occurred. .PP \&\fBX509_STORE_CTX_init()\fR returns 1 for success or 0 if an error occurred. .PP \&\fBX509_STORE_CTX_get0_param()\fR returns a pointer to an \fBX509_VERIFY_PARAM\fR -structure or \fB\s-1NULL\s0\fR if an error occurred. +structure or \s-1NULL\s0 if an error occurred. .PP \&\fBX509_STORE_CTX_cleanup()\fR, \fBX509_STORE_CTX_free()\fR, \&\fBX509_STORE_CTX_set0_trusted_stack()\fR, @@ -343,17 +393,20 @@ values. used. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBX509_verify_cert\fR\|(3) +\&\fBX509_verify_cert\fR\|(3), \fBX509_STORE_CTX_verify\fR\|(3), \&\fBX509_VERIFY_PARAM_set_flags\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBX509_STORE_CTX_set0_crls()\fR function was added in OpenSSL 1.0.0. The \fBX509_STORE_CTX_get_num_untrusted()\fR function was added in OpenSSL 1.1.0. +The \fBX509_STORE_CTX_new_ex()\fR function was added in OpenSSL 3.0. +.PP +There is no need to call \fBX509_STORE_CTX_cleanup()\fR explicitly since OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2009\-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_STORE_CTX_set_verify_cb.3 b/secure/lib/libcrypto/man/man3/X509_STORE_CTX_set_verify_cb.3 index 2864182abb09..147e5078e0c5 100644 --- a/secure/lib/libcrypto/man/man3/X509_STORE_CTX_set_verify_cb.3 +++ b/secure/lib/libcrypto/man/man3/X509_STORE_CTX_set_verify_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,20 +130,35 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_STORE_CTX_SET_VERIFY_CB 3" -.TH X509_STORE_CTX_SET_VERIFY_CB 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_STORE_CTX_SET_VERIFY_CB 3ossl" +.TH X509_STORE_CTX_SET_VERIFY_CB 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_STORE_CTX_get_cleanup, X509_STORE_CTX_get_lookup_crls, X509_STORE_CTX_get_lookup_certs, X509_STORE_CTX_get_check_policy, X509_STORE_CTX_get_cert_crl, X509_STORE_CTX_get_check_crl, X509_STORE_CTX_get_get_crl, X509_STORE_CTX_get_check_revocation, X509_STORE_CTX_get_check_issued, X509_STORE_CTX_get_get_issuer, X509_STORE_CTX_get_verify_cb, X509_STORE_CTX_set_verify_cb, X509_STORE_CTX_verify_cb \&\- get and set verification callback +X509_STORE_CTX_get_cleanup, +X509_STORE_CTX_get_lookup_crls, +X509_STORE_CTX_get_lookup_certs, +X509_STORE_CTX_get_check_policy, +X509_STORE_CTX_get_cert_crl, +X509_STORE_CTX_get_check_crl, +X509_STORE_CTX_get_get_crl, +X509_STORE_CTX_get_check_revocation, +X509_STORE_CTX_get_check_issued, +X509_STORE_CTX_get_get_issuer, +X509_STORE_CTX_get_verify_cb, +X509_STORE_CTX_set_verify_cb, +X509_STORE_CTX_verify_cb, +X509_STORE_CTX_print_verify_cb +\&\- get and set X509_STORE_CTX components such as verification callback .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/x509_vfy.h> \& \& typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); +\& int X509_STORE_CTX_print_verify_cb(int ok, X509_STORE_CTX *ctx); \& \& X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx); \& @@ -169,7 +182,7 @@ X509_STORE_CTX_get_cleanup, X509_STORE_CTX_get_lookup_crls, X509_STORE_CTX_get_l \&\fBverify_cb\fR overwriting any existing callback. .PP The verification callback can be used to customise the operation of certificate -verification, either by overriding error conditions or logging errors for +verification, for instance by overriding error conditions or logging errors for debugging purposes. .PP However, a verification callback is \fBnot\fR essential and the default operation @@ -187,6 +200,12 @@ structure and receive additional information about the error, for example by calling \fBX509_STORE_CTX_get_current_cert()\fR. Additional application data can be passed to the callback via the \fBex_data\fR mechanism. .PP +\&\fBX509_STORE_CTX_print_verify_cb()\fR is a verification callback function that, +when a certificate verification has failed, adds an entry to the error queue +with code \fBX509_R_CERTIFICATE_VERIFICATION_FAILED\fR and with diagnostic details, +including the most relevant fields of the target certificate that failed to +verify and, if appropriate, of the available untrusted and trusted certificates. +.PP \&\fBX509_STORE_CTX_get_verify_cb()\fR returns the value of the current callback for the specific \fBctx\fR. .PP @@ -324,11 +343,13 @@ The \&\fBX509_STORE_CTX_get_cert_crl()\fR, \fBX509_STORE_CTX_get_check_policy()\fR, \&\fBX509_STORE_CTX_get_lookup_certs()\fR, \fBX509_STORE_CTX_get_lookup_crls()\fR and \fBX509_STORE_CTX_get_cleanup()\fR functions were added in OpenSSL 1.1.0. +.PP +\&\fBX509_STORE_CTX_print_verify_cb()\fR was added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2009\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_STORE_add_cert.3 b/secure/lib/libcrypto/man/man3/X509_STORE_add_cert.3 index 1185afa2b435..28810ca07fa3 100644 --- a/secure/lib/libcrypto/man/man3/X509_STORE_add_cert.3 +++ b/secure/lib/libcrypto/man/man3/X509_STORE_add_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,22 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_STORE_ADD_CERT 3" -.TH X509_STORE_ADD_CERT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_STORE_ADD_CERT 3ossl" +.TH X509_STORE_ADD_CERT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_STORE, X509_STORE_add_cert, X509_STORE_add_crl, X509_STORE_set_depth, X509_STORE_set_flags, X509_STORE_set_purpose, X509_STORE_set_trust, X509_STORE_add_lookup, X509_STORE_load_locations, X509_STORE_set_default_paths \&\- X509_STORE manipulation +X509_STORE, +X509_STORE_add_cert, X509_STORE_add_crl, X509_STORE_set_depth, +X509_STORE_set_flags, X509_STORE_set_purpose, X509_STORE_set_trust, +X509_STORE_add_lookup, +X509_STORE_load_file_ex, X509_STORE_load_file, X509_STORE_load_path, +X509_STORE_load_store_ex, X509_STORE_load_store, +X509_STORE_set_default_paths_ex, X509_STORE_set_default_paths, +X509_STORE_load_locations_ex, X509_STORE_load_locations +\&\- X509_STORE manipulation .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -157,9 +163,21 @@ X509_STORE, X509_STORE_add_cert, X509_STORE_add_crl, X509_STORE_set_depth, X509_ \& X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *store, \& X509_LOOKUP_METHOD *meth); \& +\& int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx, +\& const char *propq); +\& int X509_STORE_set_default_paths(X509_STORE *ctx); +\& int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file, +\& OSSL_LIB_CTX *libctx, const char *propq); +\& int X509_STORE_load_file(X509_STORE *ctx, const char *file); +\& int X509_STORE_load_path(X509_STORE *ctx, const char *dir); +\& int X509_STORE_load_store_ex(X509_STORE *ctx, const char *uri, +\& OSSL_LIB_CTX *libctx, const char *propq); +\& int X509_STORE_load_store(X509_STORE *ctx, const char *uri); +\& int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file, +\& const char *dir, OSSL_LIB_CTX *libctx, +\& const char *propq); \& int X509_STORE_load_locations(X509_STORE *ctx, \& const char *file, const char *dir); -\& int X509_STORE_set_default_paths(X509_STORE *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -170,6 +188,10 @@ It admits multiple lookup mechanisms and efficient scaling performance with large numbers of certificates, and a great deal of flexibility in how validation and policy checks are performed. .PP +Details of the chain building and checking process are described in +\&\*(L"Certification Path Building\*(R" in \fBopenssl\-verification\-options\fR\|(1) and +\&\*(L"Certification Path Validation\*(R" in \fBopenssl\-verification\-options\fR\|(1). +.PP \&\fBX509_STORE_new\fR\|(3) creates an empty \fBX509_STORE\fR structure, which contains no information about trusted certificates or where such certificates are located on disk, and is generally not usable. Normally, trusted @@ -208,22 +230,53 @@ pages, e.g., \fBX509_VERIFY_PARAM_set_depth\fR\|(3). \&\fIstore\fR. This also associates the \fBX509_STORE\fR with the lookup, so \&\fBX509_LOOKUP\fR functions can look up objects in that store. .PP -\&\fBX509_STORE_load_locations()\fR loads trusted certificate(s) into an -\&\fBX509_STORE\fR from a given file and/or directory path. It is permitted -to specify just a file, just a directory, or both paths. The certificates -in the directory must be in hashed form, as documented in -\&\fBX509_LOOKUP_hash_dir\fR\|(3). +\&\fBX509_STORE_load_file_ex()\fR loads trusted certificate(s) into an +\&\fBX509_STORE\fR from a given file. The library context \fIlibctx\fR and property +query \fIpropq\fR are used when fetching algorithms from providers. .PP -\&\fBX509_STORE_set_default_paths()\fR is somewhat misnamed, in that it does not -set what default paths should be used for loading certificates. Instead, -it loads certificates into the \fBX509_STORE\fR from the hardcoded default +\&\fBX509_STORE_load_file()\fR is similar to \fBX509_STORE_load_file_ex()\fR but +uses \s-1NULL\s0 for the library context \fIlibctx\fR and property query \fIpropq\fR. +.PP +\&\fBX509_STORE_load_path()\fR loads trusted certificate(s) into an +\&\fBX509_STORE\fR from a given directory path. +The certificates in the directory must be in hashed form, as +documented in \fBX509_LOOKUP_hash_dir\fR\|(3). +.PP +\&\fBX509_STORE_load_store_ex()\fR loads trusted certificate(s) into an +\&\fBX509_STORE\fR from a store at a given \s-1URI.\s0 The library context \fIlibctx\fR and +property query \fIpropq\fR are used when fetching algorithms from providers. +.PP +\&\fBX509_STORE_load_store()\fR is similar to \fBX509_STORE_load_store_ex()\fR but +uses \s-1NULL\s0 for the library context \fIlibctx\fR and property query \fIpropq\fR. +.PP +\&\fBX509_STORE_load_locations_ex()\fR combines +\&\fBX509_STORE_load_file_ex()\fR and \fBX509_STORE_load_path()\fR for a given file +and/or directory path. +It is permitted to specify just a file, just a directory, or both paths. +.PP +\&\fBX509_STORE_load_locations()\fR is similar to \fBX509_STORE_load_locations_ex()\fR +but uses \s-1NULL\s0 for the library context \fIlibctx\fR and property query \fIpropq\fR. +.PP +\&\fBX509_STORE_set_default_paths_ex()\fR is somewhat misnamed, in that it does +not set what default paths should be used for loading certificates. Instead, +it loads certificates into the \fBX509_STORE\fR from the hardcoded default +paths. The library context \fIlibctx\fR and property query \fIpropq\fR are used when +fetching algorithms from providers. +.PP +\&\fBX509_STORE_set_default_paths()\fR is similar to +\&\fBX509_STORE_set_default_paths_ex()\fR but uses \s-1NULL\s0 for the library +context \fIlibctx\fR and property query \fIpropq\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_STORE_add_cert()\fR, \fBX509_STORE_add_crl()\fR, \fBX509_STORE_set_depth()\fR, -\&\fBX509_STORE_set_flags()\fR, \fBX509_STORE_set_purpose()\fR, -\&\fBX509_STORE_set_trust()\fR, \fBX509_STORE_load_locations()\fR, and -\&\fBX509_STORE_set_default_paths()\fR return 1 on success or 0 on failure. +\&\fBX509_STORE_set_flags()\fR, \fBX509_STORE_set_purpose()\fR, \fBX509_STORE_set_trust()\fR, +\&\fBX509_STORE_load_file_ex()\fR, \fBX509_STORE_load_file()\fR, +\&\fBX509_STORE_load_path()\fR, +\&\fBX509_STORE_load_store_ex()\fR, \fBX509_STORE_load_store()\fR, +\&\fBX509_STORE_load_locations_ex()\fR, \fBX509_STORE_load_locations()\fR, +\&\fBX509_STORE_set_default_paths_ex()\fR and \fBX509_STORE_set_default_paths()\fR +return 1 on success or 0 on failure. .PP \&\fBX509_STORE_add_lookup()\fR returns the found or created \&\fBX509_LOOKUP\fR\|(3), or \s-1NULL\s0 on error. @@ -233,11 +286,16 @@ paths. \&\fBX509_VERIFY_PARAM_set_depth\fR\|(3). \&\fBX509_STORE_new\fR\|(3), \&\fBX509_STORE_get0_param\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions \fBX509_STORE_set_default_paths_ex()\fR, +\&\fBX509_STORE_load_file_ex()\fR, \fBX509_STORE_load_store_ex()\fR and +\&\fBX509_STORE_load_locations_ex()\fR were added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_STORE_get0_param.3 b/secure/lib/libcrypto/man/man3/X509_STORE_get0_param.3 index df8e9acd9c6e..75b3fac44427 100644 --- a/secure/lib/libcrypto/man/man3/X509_STORE_get0_param.3 +++ b/secure/lib/libcrypto/man/man3/X509_STORE_get0_param.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,22 +130,25 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_STORE_GET0_PARAM 3" -.TH X509_STORE_GET0_PARAM 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_STORE_GET0_PARAM 3ossl" +.TH X509_STORE_GET0_PARAM 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_STORE_get0_param, X509_STORE_set1_param, X509_STORE_get0_objects \- X509_STORE setter and getter functions +X509_STORE_get0_param, X509_STORE_set1_param, +X509_STORE_get0_objects, X509_STORE_get1_all_certs +\&\- X509_STORE setter and getter functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/x509_vfy.h> \& -\& X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); -\& int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); -\& STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *ctx); +\& X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx); +\& int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm); +\& STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *ctx); +\& STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -158,9 +159,12 @@ to \fBpm\fR for \fBctx\fR. parameters for \fBctx\fR. The returned pointer must not be freed by the calling application .PP -\&\fBX509_STORE_get0_objects()\fR retrieve an internal pointer to the store's +\&\fBX509_STORE_get0_objects()\fR retrieves an internal pointer to the store's X509 object cache. The cache contains \fBX509\fR and \fBX509_CRL\fR objects. The returned pointer must not be freed by the calling application. +.PP +\&\fBX509_STORE_get1_all_certs()\fR returns a list of all certificates in the store. +The caller is responsible for freeing the returned list. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_STORE_get0_param()\fR returns a pointer to an @@ -169,6 +173,9 @@ returned pointer must not be freed by the calling application. \&\fBX509_STORE_set1_param()\fR returns 1 for success and 0 for failure. .PP \&\fBX509_STORE_get0_objects()\fR returns a pointer to a stack of \fBX509_OBJECT\fR. +.PP +\&\fBX509_STORE_get1_all_certs()\fR returns a pointer to a stack of the retrieved +certificates on success, else \s-1NULL.\s0 .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_STORE_new\fR\|(3) @@ -176,11 +183,12 @@ returned pointer must not be freed by the calling application. .IX Header "HISTORY" \&\fBX509_STORE_get0_param\fR and \fBX509_STORE_get0_objects\fR were added in OpenSSL 1.1.0. +\&\fBX509_STORE_get1_certs\fR was added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_STORE_new.3 b/secure/lib/libcrypto/man/man3/X509_STORE_new.3 index 4ce78c466a8d..38fc0c3f37fb 100644 --- a/secure/lib/libcrypto/man/man3/X509_STORE_new.3 +++ b/secure/lib/libcrypto/man/man3/X509_STORE_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_STORE_NEW 3" -.TH X509_STORE_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_STORE_NEW 3ossl" +.TH X509_STORE_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_STORE_new, X509_STORE_up_ref, X509_STORE_free, X509_STORE_lock, X509_STORE_unlock \- X509_STORE allocation, freeing and locking functions +X509_STORE_new, X509_STORE_up_ref, X509_STORE_free, +X509_STORE_lock,X509_STORE_unlock +\&\- X509_STORE allocation, freeing and locking functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -180,9 +180,9 @@ The \fBX509_STORE_up_ref()\fR, \fBX509_STORE_lock()\fR and \fBX509_STORE_unlock( functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_STORE_set_verify_cb_func.3 b/secure/lib/libcrypto/man/man3/X509_STORE_set_verify_cb_func.3 index 201564a45b43..72d513257d1b 100644 --- a/secure/lib/libcrypto/man/man3/X509_STORE_set_verify_cb_func.3 +++ b/secure/lib/libcrypto/man/man3/X509_STORE_set_verify_cb_func.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,46 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_STORE_SET_VERIFY_CB_FUNC 3" -.TH X509_STORE_SET_VERIFY_CB_FUNC 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_STORE_SET_VERIFY_CB_FUNC 3ossl" +.TH X509_STORE_SET_VERIFY_CB_FUNC 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_STORE_set_lookup_crls_cb, X509_STORE_set_verify_func, X509_STORE_get_cleanup, X509_STORE_set_cleanup, X509_STORE_get_lookup_crls, X509_STORE_set_lookup_crls, X509_STORE_get_lookup_certs, X509_STORE_set_lookup_certs, X509_STORE_get_check_policy, X509_STORE_set_check_policy, X509_STORE_get_cert_crl, X509_STORE_set_cert_crl, X509_STORE_get_check_crl, X509_STORE_set_check_crl, X509_STORE_get_get_crl, X509_STORE_set_get_crl, X509_STORE_get_check_revocation, X509_STORE_set_check_revocation, X509_STORE_get_check_issued, X509_STORE_set_check_issued, X509_STORE_get_get_issuer, X509_STORE_set_get_issuer, X509_STORE_CTX_get_verify, X509_STORE_set_verify, X509_STORE_get_verify_cb, X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb, X509_STORE_CTX_cert_crl_fn, X509_STORE_CTX_check_crl_fn, X509_STORE_CTX_check_issued_fn, X509_STORE_CTX_check_policy_fn, X509_STORE_CTX_check_revocation_fn, X509_STORE_CTX_cleanup_fn, X509_STORE_CTX_get_crl_fn, X509_STORE_CTX_get_issuer_fn, X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn \&\- set verification callback +X509_STORE_set_lookup_crls_cb, +X509_STORE_set_verify_func, +X509_STORE_get_cleanup, +X509_STORE_set_cleanup, +X509_STORE_get_lookup_crls, +X509_STORE_set_lookup_crls, +X509_STORE_get_lookup_certs, +X509_STORE_set_lookup_certs, +X509_STORE_get_check_policy, +X509_STORE_set_check_policy, +X509_STORE_get_cert_crl, +X509_STORE_set_cert_crl, +X509_STORE_get_check_crl, +X509_STORE_set_check_crl, +X509_STORE_get_get_crl, +X509_STORE_set_get_crl, +X509_STORE_get_check_revocation, +X509_STORE_set_check_revocation, +X509_STORE_get_check_issued, +X509_STORE_set_check_issued, +X509_STORE_CTX_get1_issuer, +X509_STORE_get_get_issuer, +X509_STORE_set_get_issuer, +X509_STORE_CTX_get_verify, +X509_STORE_set_verify, +X509_STORE_get_verify_cb, +X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb, +X509_STORE_CTX_cert_crl_fn, X509_STORE_CTX_check_crl_fn, +X509_STORE_CTX_check_issued_fn, X509_STORE_CTX_check_policy_fn, +X509_STORE_CTX_check_revocation_fn, X509_STORE_CTX_cleanup_fn, +X509_STORE_CTX_get_crl_fn, X509_STORE_CTX_get_issuer_fn, +X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn +\&\- set verification callback .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -157,57 +187,65 @@ X509_STORE_set_lookup_crls_cb, X509_STORE_set_verify_func, X509_STORE_get_cleanu \& X509_CRL *crl, X509 *x); \& typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx); \& typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx, -\& X509_NAME *nm); -\& typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx, -\& X509_NAME *nm); +\& const X509_NAME *nm); +\& typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(const +\& X509_STORE_CTX *ctx, +\& const X509_NAME *nm); \& typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); \& \& void X509_STORE_set_verify_cb(X509_STORE *ctx, \& X509_STORE_CTX_verify_cb verify_cb); -\& X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE_CTX *ctx); \& \& void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); -\& X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx); \& +\& int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); +\& X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE_CTX *ctx); \& void X509_STORE_set_get_issuer(X509_STORE *ctx, \& X509_STORE_CTX_get_issuer_fn get_issuer); -\& X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE_CTX *ctx); \& \& void X509_STORE_set_check_issued(X509_STORE *ctx, \& X509_STORE_CTX_check_issued_fn check_issued); -\& X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_check_issued_fn +\& X509_STORE_get_check_issued(const X509_STORE_CTX *ctx); \& \& void X509_STORE_set_check_revocation(X509_STORE *ctx, \& X509_STORE_CTX_check_revocation_fn check_revocation); -\& X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_check_revocation_fn +\& X509_STORE_get_check_revocation(const X509_STORE_CTX *ctx); \& \& void X509_STORE_set_get_crl(X509_STORE *ctx, \& X509_STORE_CTX_get_crl_fn get_crl); -\& X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE_CTX *ctx); \& \& void X509_STORE_set_check_crl(X509_STORE *ctx, \& X509_STORE_CTX_check_crl_fn check_crl); -\& X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_check_crl_fn +\& X509_STORE_get_check_crl(const X509_STORE_CTX *ctx); \& \& void X509_STORE_set_cert_crl(X509_STORE *ctx, \& X509_STORE_CTX_cert_crl_fn cert_crl); -\& X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE_CTX *ctx); \& \& void X509_STORE_set_check_policy(X509_STORE *ctx, \& X509_STORE_CTX_check_policy_fn check_policy); -\& X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_check_policy_fn +\& X509_STORE_get_check_policy(const X509_STORE_CTX *ctx); \& \& void X509_STORE_set_lookup_certs(X509_STORE *ctx, \& X509_STORE_CTX_lookup_certs_fn lookup_certs); -\& X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_lookup_certs_fn +\& X509_STORE_get_lookup_certs(const X509_STORE_CTX *ctx); \& \& void X509_STORE_set_lookup_crls(X509_STORE *ctx, \& X509_STORE_CTX_lookup_crls_fn lookup_crls); -\& X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_lookup_crls_fn +\& X509_STORE_get_lookup_crls(const X509_STORE_CTX *ctx); \& \& void X509_STORE_set_cleanup(X509_STORE *ctx, \& X509_STORE_CTX_cleanup_fn cleanup); -\& X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE_CTX *ctx); \& \& /* Aliases */ \& void X509_STORE_set_verify_cb_func(X509_STORE *st, @@ -219,14 +257,14 @@ X509_STORE_set_lookup_crls_cb, X509_STORE_set_verify_func, X509_STORE_get_cleanu .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBX509_STORE_set_verify_cb()\fR sets the verification callback of \fBctx\fR to -\&\fBverify_cb\fR overwriting the previous callback. +\&\fBX509_STORE_set_verify_cb()\fR sets the verification callback of \fIctx\fR to +\&\fIverify_cb\fR overwriting the previous callback. The callback assigned with this function becomes a default for the one that can be assigned directly to the corresponding \fBX509_STORE_CTX\fR, please see \fBX509_STORE_CTX_set_verify_cb\fR\|(3) for further information. .PP \&\fBX509_STORE_set_verify()\fR sets the final chain verification function for -\&\fBctx\fR to \fBverify\fR. +\&\fIctx\fR to \fIverify\fR. Its purpose is to go through the chain of certificates and check that all signatures are valid and that the current time is within the limits of each certificate's first and last validity time. @@ -235,17 +273,24 @@ on success. \&\fIIf no chain verification function is provided, the internal default function will be used instead.\fR .PP -\&\fBX509_STORE_set_get_issuer()\fR sets the function to get the issuer -certificate that verifies the given certificate \fBx\fR. -When found, the issuer certificate must be assigned to \fB*issuer\fR. -This function must return 0 on failure and 1 on success. -\&\fIIf no function to get the issuer is provided, the internal default -function will be used instead.\fR +\&\fBX509_STORE_CTX_get1_issuer()\fR tries to find a certificate from the \fIstore\fR +component of \fIctx\fR with a subject name matching the issuer name of \fIx\fR. +On success it assigns to \fI*issuer\fR the first match that is currently valid, +or at least the most recently expired match if there is no currently valid one. +If the function returns 1 the caller is responsible for freeing \fI*issuer\fR. +.PP +\&\fBX509_STORE_set_get_issuer()\fR sets the function \fIget_issuer\fR +to get the \*(L"best\*(R" candidate issuer certificate of the given certificate \fIx\fR. +When such a certificate is found, \fIget_issuer\fR must up-ref and assign it +to \fI*issuer\fR and then return 1. +Otherwise \fIget_issuer\fR must return 0 if not found and \-1 (or 0) on failure. +If \fBX509_STORE_set_get_issuer()\fR is not used or \fIget_issuer\fR is \s-1NULL\s0 +then \fBX509_STORE_CTX_get1_issuer()\fR is used as the default implementation. .PP \&\fBX509_STORE_set_check_issued()\fR sets the function to check that a given -certificate \fBx\fR is issued by the issuer certificate \fBissuer\fR. -This function must return 0 on failure (among others if \fBx\fR hasn't -been issued with \fBissuer\fR) and 1 on success. +certificate \fIx\fR is issued by the issuer certificate \fIissuer\fR. +This function must return 0 on failure (among others if \fIx\fR hasn't +been issued with \fIissuer\fR) and 1 on success. \&\fIIf no function to get the issuer is provided, the internal default function will be used instead.\fR .PP @@ -258,20 +303,20 @@ It must return 0 on failure and 1 on success. function will be used instead.\fR .PP \&\fBX509_STORE_set_get_crl()\fR sets the function to get the crl for a given -certificate \fBx\fR. -When found, the crl must be assigned to \fB*crl\fR. +certificate \fIx\fR. +When found, the crl must be assigned to \fI*crl\fR. This function must return 0 on failure and 1 on success. \&\fIIf no function to get the issuer is provided, the internal default function will be used instead.\fR .PP \&\fBX509_STORE_set_check_crl()\fR sets the function to check the validity of -the given \fBcrl\fR. +the given \fIcrl\fR. This function must return 0 on failure and 1 on success. \&\fIIf no function to get the issuer is provided, the internal default function will be used instead.\fR .PP \&\fBX509_STORE_set_cert_crl()\fR sets the function to check the revocation -status of the given certificate \fBx\fR against the given \fBcrl\fR. +status of the given certificate \fIx\fR against the given \fIcrl\fR. This function must return 0 on failure and 1 on success. \&\fIIf no function to get the issuer is provided, the internal default function will be used instead.\fR @@ -284,7 +329,7 @@ function will be used instead.\fR .PP \&\fBX509_STORE_set_lookup_certs()\fR and \fBX509_STORE_set_lookup_crls()\fR set the functions to look up all the certs or all the CRLs that match the -given name \fBnm\fR. +given name \fInm\fR. These functions return \s-1NULL\s0 on failure and a pointer to a stack of certificates (\fBX509\fR) or to a stack of CRLs (\fBX509_CRL\fR) on success. @@ -331,6 +376,9 @@ The X509_STORE_set_*() functions do not return a value. .PP The X509_STORE_get_*() functions return a pointer of the appropriate function type. +.PP +\&\fBX509_STORE_CTX_get1_issuer()\fR returns +1 if a suitable certificate is found, 0 if not found, \-1 on other error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBX509_STORE_CTX_set_verify_cb\fR\|(3), \fBX509_STORE_CTX_get0_chain\fR\|(3), @@ -356,9 +404,9 @@ The functions were added in OpenSSL 1.1.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2009\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_VERIFY_PARAM_set_flags.3 b/secure/lib/libcrypto/man/man3/X509_VERIFY_PARAM_set_flags.3 index 3c4acc969783..1ae432d57f1a 100644 --- a/secure/lib/libcrypto/man/man3/X509_VERIFY_PARAM_set_flags.3 +++ b/secure/lib/libcrypto/man/man3/X509_VERIFY_PARAM_set_flags.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,30 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_VERIFY_PARAM_SET_FLAGS 3" -.TH X509_VERIFY_PARAM_SET_FLAGS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_VERIFY_PARAM_SET_FLAGS 3ossl" +.TH X509_VERIFY_PARAM_SET_FLAGS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_get_inh_flags, X509_VERIFY_PARAM_set_inh_flags, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_auth_level, X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_get_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies, X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get_hostflags, X509_VERIFY_PARAM_get0_peername, X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip, X509_VERIFY_PARAM_set1_ip_asc \&\- X509 verification parameters +X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, +X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, +X509_VERIFY_PARAM_get_inh_flags, X509_VERIFY_PARAM_set_inh_flags, +X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, +X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_auth_level, +X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time, +X509_VERIFY_PARAM_get_time, +X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies, +X509_VERIFY_PARAM_get0_host, +X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, +X509_VERIFY_PARAM_set_hostflags, +X509_VERIFY_PARAM_get_hostflags, +X509_VERIFY_PARAM_get0_peername, +X509_VERIFY_PARAM_get0_email, X509_VERIFY_PARAM_set1_email, +X509_VERIFY_PARAM_set1_ip, X509_VERIFY_PARAM_get1_ip_asc, +X509_VERIFY_PARAM_set1_ip_asc +\&\- X509 verification parameters .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -149,7 +163,7 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_ge \& unsigned long flags); \& int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, \& unsigned long flags); -\& unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param); +\& unsigned long X509_VERIFY_PARAM_get_flags(const X509_VERIFY_PARAM *param); \& \& int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, \& uint32_t flags); @@ -173,6 +187,7 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_ge \& int auth_level); \& int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param); \& +\& char *X509_VERIFY_PARAM_get0_host(X509_VERIFY_PARAM *param, int n); \& int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, \& const char *name, size_t namelen); \& int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, @@ -180,9 +195,11 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_ge \& void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, \& unsigned int flags); \& unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); -\& char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param); +\& char *X509_VERIFY_PARAM_get0_peername(const X509_VERIFY_PARAM *param); +\& char *X509_VERIFY_PARAM_get0_email(X509_VERIFY_PARAM *param); \& int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, \& const char *email, size_t emaillen); +\& char *X509_VERIFY_PARAM_get1_ip_asc(X509_VERIFY_PARAM *param); \& int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, \& const unsigned char *ip, size_t iplen); \& int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc); @@ -193,7 +210,7 @@ These functions manipulate the \fBX509_VERIFY_PARAM\fR structure associated with a certificate verification operation. .PP The \fBX509_VERIFY_PARAM_set_flags()\fR function sets the flags in \fBparam\fR by oring -it with \fBflags\fR. See the \fB\s-1VERIFICATION FLAGS\s0\fR section for a complete +it with \fBflags\fR. See \*(L"\s-1VERIFICATION FLAGS\*(R"\s0 for a complete description of values the \fBflags\fR parameter can take. .PP \&\fBX509_VERIFY_PARAM_get_flags()\fR returns the flags in \fBparam\fR. @@ -207,7 +224,8 @@ See the \fB\s-1INHERITANCE FLAGS\s0\fR section for a description of these bits. .PP \&\fBX509_VERIFY_PARAM_set_purpose()\fR sets the verification purpose in \fBparam\fR to \fBpurpose\fR. This determines the acceptable purpose of the certificate -chain, for example \s-1SSL\s0 client or \s-1SSL\s0 server. +chain, for example \fBX509_PURPOSE_SSL_CLIENT\fR. +The purpose requirement is cleared if \fBpurpose\fR is 0. .PP \&\fBX509_VERIFY_PARAM_set_trust()\fR sets the trust setting in \fBparam\fR to \&\fBtrust\fR. @@ -215,8 +233,9 @@ chain, for example \s-1SSL\s0 client or \s-1SSL\s0 server. \&\fBX509_VERIFY_PARAM_set_time()\fR sets the verification time in \fBparam\fR to \&\fBt\fR. Normally the current time is used. .PP -\&\fBX509_VERIFY_PARAM_add0_policy()\fR enables policy checking (it is disabled -by default) and adds \fBpolicy\fR to the acceptable policy set. +\&\fBX509_VERIFY_PARAM_add0_policy()\fR adds \fBpolicy\fR to the acceptable policy set. +Contrary to preexisting documentation of this function it does not enable +policy checking. .PP \&\fBX509_VERIFY_PARAM_set1_policies()\fR enables policy checking (it is disabled by default) and sets the acceptable policy set to \fBpolicies\fR. Any existing @@ -230,8 +249,8 @@ A maximal depth chain contains 2 more certificates than the limit, since neither the end-entity certificate nor the trust-anchor count against this limit. Thus a \fBdepth\fR limit of 0 only allows the end-entity certificate to be signed -directly by the trust-anchor, while with a \fBdepth\fR limit of 1 there can be one -intermediate \s-1CA\s0 certificate between the trust-anchor and the end-entity +directly by the trust anchor, while with a \fBdepth\fR limit of 1 there can be one +intermediate \s-1CA\s0 certificate between the trust anchor and the end-entity certificate. .PP \&\fBX509_VERIFY_PARAM_set_auth_level()\fR sets the authentication security level to @@ -251,8 +270,13 @@ Security level 1 requires at least 80\-bit\-equivalent security and is broadly interoperable, though it will, for example, reject \s-1MD5\s0 signatures or \s-1RSA\s0 keys shorter than 1024 bits. .PP +\&\fBX509_VERIFY_PARAM_get0_host()\fR returns the \fBn\fRth expected \s-1DNS\s0 hostname that has +been set using \fBX509_VERIFY_PARAM_set1_host()\fR or \fBX509_VERIFY_PARAM_add1_host()\fR. +To obtain all names start with \fBn\fR = 0 and increment \fBn\fR as long as no \s-1NULL\s0 +pointer is returned. +.PP \&\fBX509_VERIFY_PARAM_set1_host()\fR sets the expected \s-1DNS\s0 hostname to -\&\fBname\fR clearing any previously specified hostname or names. If +\&\fBname\fR clearing any previously specified hostname. If \&\fBname\fR is \s-1NULL,\s0 or empty the list of hostnames is cleared, and name checks are not performed on the peer certificate. If \fBname\fR is NUL-terminated, \fBnamelen\fR may be zero, otherwise \fBnamelen\fR @@ -300,12 +324,17 @@ string is allocated by the library and is no longer valid once the associated \fBparam\fR argument is freed. Applications must not free the return value. .PP +\&\fBX509_VERIFY_PARAM_get0_email()\fR returns the expected \s-1RFC822\s0 email address. +.PP \&\fBX509_VERIFY_PARAM_set1_email()\fR sets the expected \s-1RFC822\s0 email address to \&\fBemail\fR. If \fBemail\fR is NUL-terminated, \fBemaillen\fR may be zero, otherwise \&\fBemaillen\fR must be set to the length of \fBemail\fR. When an email address is specified, certificate verification automatically invokes \&\fBX509_check_email\fR\|(3). .PP +\&\fBX509_VERIFY_PARAM_get1_ip_asc()\fR returns the expected \s-1IP\s0 address as a string. +The caller is responsible for freeing it. +.PP \&\fBX509_VERIFY_PARAM_set1_ip()\fR sets the expected \s-1IP\s0 address to \fBip\fR. The \fBip\fR argument is in binary format, in network byte-order and \&\fBiplen\fR must be set to 4 for IPv4 and 16 for IPv6. When an \s-1IP\s0 @@ -327,6 +356,10 @@ IPv6. The condensed \*(L"::\*(R" notation is supported for IPv6 addresses. \&\fBX509_VERIFY_PARAM_set1_ip_asc()\fR return 1 for success and 0 for failure. .PP +\&\fBX509_VERIFY_PARAM_get0_host()\fR, \fBX509_VERIFY_PARAM_get0_email()\fR, and +\&\fBX509_VERIFY_PARAM_get1_ip_asc()\fR, return the string pointer specified above +or \s-1NULL\s0 if the respective value has not been set or on error. +.PP \&\fBX509_VERIFY_PARAM_get_flags()\fR returns the current verification flags. .PP \&\fBX509_VERIFY_PARAM_get_hostflags()\fR returns any current host flags. @@ -351,8 +384,8 @@ certificate. An error occurs if a suitable \s-1CRL\s0 cannot be found. \&\fBX509_V_FLAG_CRL_CHECK_ALL\fR enables \s-1CRL\s0 checking for the entire certificate chain. .PP -\&\fBX509_V_FLAG_IGNORE_CRITICAL\fR disabled critical extension checking. By default -any unhandled critical extensions in certificates or (if checked) CRLs results +\&\fBX509_V_FLAG_IGNORE_CRITICAL\fR disables critical extension checking. By default +any unhandled critical extensions in certificates or (if checked) CRLs result in a fatal error. If this flag is set unhandled critical extensions are ignored. \fB\s-1WARNING\s0\fR setting this option for anything other than debugging purposes can be a security risk. Finer control over which extensions are @@ -388,24 +421,24 @@ determine certificate status. If not set deltas are ignored. \&\fBX509_V_FLAG_CHECK_SS_SIGNATURE\fR requests checking the signature of the last certificate in a chain if the certificate is supposedly self-signed. This is prohibited and will result in an error if it is a non-conforming \s-1CA\s0 -certificate with key usage restrictions not including the keyCertSign bit. +certificate with key usage restrictions not including the \fIkeyCertSign\fR bit. By default this check is disabled because it doesn't add any additional security but in some cases applications might want to check the signature anyway. A side effect of not checking the self-signature of such a certificate is that disabled or unsupported message digests used for the signature are not treated as fatal errors. .PP -When \fBX509_V_FLAG_TRUSTED_FIRST\fR is set, construction of the certificate chain -in \fBX509_verify_cert\fR\|(3) will search the trust store for issuer certificates +When \fBX509_V_FLAG_TRUSTED_FIRST\fR is set, which is always the case since +OpenSSL 1.1.0, construction of the certificate chain +in \fBX509_verify_cert\fR\|(3) searches the trust store for issuer certificates before searching the provided untrusted certificates. Local issuer certificates are often more likely to satisfy local security requirements and lead to a locally trusted root. This is especially important when some certificates in the trust store have -explicit trust settings (see \*(L"\s-1TRUST SETTINGS\*(R"\s0 in \fBx509\fR\|(1)). -As of OpenSSL 1.1.0 this option is on by default. +explicit trust settings (see \*(L"\s-1TRUST SETTINGS\*(R"\s0 in \fBopenssl\-x509\fR\|(1)). .PP -The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag suppresses checking for alternative -chains. +The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag could have been used before OpenSSL 1.1.0 +to suppress checking for alternative chains. By default, unless \fBX509_V_FLAG_TRUSTED_FIRST\fR is set, when building a certificate chain, if the first certificate chain found is not trusted, then OpenSSL will attempt to replace untrusted certificates supplied by the peer @@ -414,15 +447,15 @@ found that is trusted. As of OpenSSL 1.1.0, with \fBX509_V_FLAG_TRUSTED_FIRST\fR always set, this option has no effect. .PP -The \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag causes intermediate certificates in the -trust store to be treated as trust-anchors, in the same way as the self-signed +The \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag causes non-self-signed certificates in the +trust store to be treated as trust anchors, in the same way as self-signed root \s-1CA\s0 certificates. -This makes it possible to trust certificates issued by an intermediate \s-1CA\s0 -without having to trust its ancestor root \s-1CA.\s0 -With OpenSSL 1.1.0 and later and <X509_V_FLAG_PARTIAL_CHAIN> set, chain -construction stops as soon as the first certificate from the trust store is -added to the chain, whether that certificate is a self-signed \*(L"root\*(R" -certificate or a not self-signed intermediate certificate. +This makes it possible to trust self-issued certificates as well as certificates +issued by an intermediate \s-1CA\s0 without having to trust their ancestor root \s-1CA.\s0 +With OpenSSL 1.1.0 and later and \fBX509_V_FLAG_PARTIAL_CHAIN\fR set, chain +construction stops as soon as the first certificate contained in the trust store +is added to the chain, whether that certificate is a self-signed \*(L"root\*(R" +certificate or a not self-signed \*(L"intermediate\*(R" or self-issued certificate. Thus, when an intermediate certificate is found in the trust store, the verified chain passed to callbacks may be shorter than it otherwise would be without the \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag. @@ -485,7 +518,7 @@ connections associated with an \fB\s-1SSL_CTX\s0\fR structure \fBctx\fR: \&\fBX509_check_host\fR\|(3), \&\fBX509_check_email\fR\|(3), \&\fBX509_check_ip\fR\|(3), -\&\fBx509\fR\|(1) +\&\fBopenssl\-x509\fR\|(1) .SH "HISTORY" .IX Header "HISTORY" The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag was added in OpenSSL 1.1.0. @@ -493,11 +526,18 @@ The flag \fBX509_V_FLAG_CB_ISSUER_CHECK\fR was deprecated in OpenSSL 1.1.0 and has no effect. .PP The \fBX509_VERIFY_PARAM_get_hostflags()\fR function was added in OpenSSL 1.1.0i. +.PP +The \fBX509_VERIFY_PARAM_get0_host()\fR, \fBX509_VERIFY_PARAM_get0_email()\fR, +and \fBX509_VERIFY_PARAM_get1_ip_asc()\fR functions were added in OpenSSL 3.0. +.PP +The function \fBX509_VERIFY_PARAM_add0_policy()\fR was historically documented as +enabling policy checking however the implementation has never done this. +The documentation was changed to align with the implementation. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2009\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_add_cert.3 b/secure/lib/libcrypto/man/man3/X509_add_cert.3 new file mode 100644 index 000000000000..5d93b310c497 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_add_cert.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_ADD_CERT 3ossl" +.TH X509_ADD_CERT 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_add_cert, +X509_add_certs \- +X509 certificate list addition functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509.h> +\& +\& int X509_add_cert(STACK_OF(X509) *sk, X509 *cert, int flags); +\& int X509_add_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_add_cert()\fR adds a certificate \fIcert\fR to the given list \fIsk\fR. +.PP +\&\fBX509_add_certs()\fR adds a list of certificate \fIcerts\fR to the given list \fIsk\fR. +The \fIcerts\fR argument may be \s-1NULL,\s0 which implies no effect. +It does not modify the list \fIcerts\fR but +in case the \fBX509_ADD_FLAG_UP_REF\fR flag (described below) is set +the reference counters of those of its members added to \fIsk\fR are increased. +.PP +Both these functions have a \fIflags\fR parameter, +which is used to control details of the operation. +.PP +The value \fBX509_ADD_FLAG_DEFAULT\fR, which equals 0, means no special semantics. +.PP +If \fBX509_ADD_FLAG_UP_REF\fR is set then +the reference counts of those certificates added successfully are increased. +.PP +If \fBX509_ADD_FLAG_PREPEND\fR is set then the certificates are prepended to \fIsk\fR. +By default they are appended to \fIsk\fR. +In both cases the original order of the added certificates is preserved. +.PP +If \fBX509_ADD_FLAG_NO_DUP\fR is set then certificates already contained in \fIsk\fR, +which is determined using \fBX509_cmp\fR\|(3), are ignored. +.PP +If \fBX509_ADD_FLAG_NO_SS\fR is set then certificates that are marked self-signed, +which is determined using \fBX509_self_signed\fR\|(3), are ignored. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Both functions return 1 for success and 0 for failure. +.SH "NOTES" +.IX Header "NOTES" +If \fBX509_add_certs()\fR is used with the flags \fBX509_ADD_FLAG_NO_DUP\fR or +\&\fBX509_ADD_FLAG_NO_SS\fR it is advisable to use also \fBX509_ADD_FLAG_UP_REF\fR +because otherwise likely not for all members of the \fIcerts\fR list +the ownership is transferred to the list of certificates \fIsk\fR. +.PP +Care should also be taken in case the \fIcerts\fR argument equals \fIsk\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_cmp\fR\|(3) +\&\fBX509_self_signed\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions \fBX509_add_cert()\fR and \fBX509_add_certs()\fR +were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_check_ca.3 b/secure/lib/libcrypto/man/man3/X509_check_ca.3 index af8140f72eed..ecd099fb6324 100644 --- a/secure/lib/libcrypto/man/man3/X509_check_ca.3 +++ b/secure/lib/libcrypto/man/man3/X509_check_ca.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_CHECK_CA 3" -.TH X509_CHECK_CA 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_CHECK_CA 3ossl" +.TH X509_CHECK_CA 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,7 +148,8 @@ X509_check_ca \- check if given certificate is CA certificate .SH "DESCRIPTION" .IX Header "DESCRIPTION" This function checks if given certificate is \s-1CA\s0 certificate (can be used -to sign other certificates). +to sign other certificates). The certificate must be a complete certificate +otherwise an error is returned. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Function return 0, if it is not \s-1CA\s0 certificate, 1 if it is proper X509v3 @@ -160,6 +159,8 @@ Function return 0, if it is not \s-1CA\s0 certificate, 1 if it is proper X509v3 \&\fBbasicConstraints\fR, and 5 if it has outdated Netscape Certificate Type extension telling that it is \s-1CA\s0 certificate. .PP +This function will also return 0 on error. +.PP Actually, any nonzero value means that this certificate could have been used to sign other certificates. .SH "SEE ALSO" @@ -169,9 +170,9 @@ used to sign other certificates. \&\fBX509_check_purpose\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_check_host.3 b/secure/lib/libcrypto/man/man3/X509_check_host.3 index 720fa09f8d53..d5ef9c20f4aa 100644 --- a/secure/lib/libcrypto/man/man3/X509_check_host.3 +++ b/secure/lib/libcrypto/man/man3/X509_check_host.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_CHECK_HOST 3" -.TH X509_CHECK_HOST 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_CHECK_HOST 3ossl" +.TH X509_CHECK_HOST 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -161,7 +159,7 @@ The validity of the certificate and its trust level has to be checked by other means. .PP \&\fBX509_check_host()\fR checks if the certificate Subject Alternative -Name (\s-1SAN\s0) or Subject CommonName (\s-1CN\s0) matches the specified hostname, +Name (\s-1SAN\s0) or Subject CommonName (\s-1CN\s0) matches the specified hostname, which must be encoded in the preferred name syntax described in section 3.5 of \s-1RFC 1034.\s0 By default, wildcards are supported and they match only in the left-most label; but they may match @@ -185,9 +183,13 @@ is responsible for freeing the peername via \fBOPENSSL_free()\fR when it is no longer needed. .PP \&\fBX509_check_email()\fR checks if the certificate matches the specified -email \fBaddress\fR. Only the mailbox syntax of \s-1RFC 822\s0 is supported, +email \fBaddress\fR. The mailbox syntax of \s-1RFC 822\s0 is supported, comments are not allowed, and no attempt is made to normalize quoted -characters. The \fBaddresslen\fR argument must be the number of +characters. The mailbox syntax of \s-1RFC 6531\s0 is supported for +SmtpUTF8Mailbox address in subjectAltName according to \s-1RFC 8398,\s0 +with similar limitations as for \s-1RFC 822\s0 syntax, and no attempt +is made to convert from A\-label to U\-label before comparison. +The \fBaddresslen\fR argument must be the number of characters in the address string or zero in which case the length is calculated with strlen(\fBaddress\fR). .PP @@ -195,7 +197,8 @@ is calculated with strlen(\fBaddress\fR). IPv6 address. The \fBaddress\fR array is in binary format, in network byte order. The length is either 4 (IPv4) or 16 (IPv6). Only explicitly marked addresses in the certificates are considered; \s-1IP\s0 -addresses stored in \s-1DNS\s0 names and Common Names are ignored. +addresses stored in \s-1DNS\s0 names and Common Names are ignored. There are +currently no \fBflags\fR that would affect the behavior of this call. .PP \&\fBX509_check_ip_asc()\fR is similar, except that the NUL-terminated string \fBaddress\fR is first converted to the internal representation. @@ -263,7 +266,7 @@ NULs. .SH "NOTES" .IX Header "NOTES" Applications are encouraged to use \fBX509_VERIFY_PARAM_set1_host()\fR -rather than explicitly calling \fBX509_check_host\fR\|(3). Host name +rather than explicitly calling \fBX509_check_host\fR\|(3). Hostname checks may be out of scope with the \s-1\fBDANE\-EE\s0\fR\|(3) certificate usage, and the internal checks will be suppressed as appropriate when \&\s-1DANE\s0 support is enabled. @@ -273,16 +276,15 @@ and the internal checks will be suppressed as appropriate when \&\fBX509_VERIFY_PARAM_set1_host\fR\|(3), \&\fBX509_VERIFY_PARAM_add1_host\fR\|(3), \&\fBX509_VERIFY_PARAM_set1_email\fR\|(3), -\&\fBX509_VERIFY_PARAM_set1_ip\fR\|(3), -\&\fBX509_VERIFY_PARAM_set1_ipasc\fR\|(3) +\&\fBX509_VERIFY_PARAM_set1_ip\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.0.2. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2012\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_check_issued.3 b/secure/lib/libcrypto/man/man3/X509_check_issued.3 index 177528824c02..0077072ca438 100644 --- a/secure/lib/libcrypto/man/man3/X509_check_issued.3 +++ b/secure/lib/libcrypto/man/man3/X509_check_issued.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_CHECK_ISSUED 3" -.TH X509_CHECK_ISSUED 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_CHECK_ISSUED 3ossl" +.TH X509_CHECK_ISSUED 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_check_issued \- checks if certificate is apparently issued by another certificate +X509_check_issued \- checks if certificate is apparently issued by another +certificate .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -156,21 +155,21 @@ but also compares all sub-fields of the \fBauthorityKeyIdentifier\fR extension o \&\fIsubject\fR, as far as present, with the respective \fBsubjectKeyIdentifier\fR, serial number, and issuer fields of \fIissuer\fR, as far as present. It also checks if the \fBkeyUsage\fR field (if present) of \fIissuer\fR allows certificate signing. -It does not check the certificate signature. +It does not actually check the certificate signature. An error is returned +if the \fIissuer\fR or the \fIsubject\fR are incomplete certificates. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -Function return \fBX509_V_OK\fR if certificate \fIsubject\fR is issued by -\&\fIissuer\fR or some \fBX509_V_ERR*\fR constant to indicate an error. +\&\fBX509_check_issued()\fR returns \fBX509_V_OK\fR if all checks are successful +or some \fBX509_V_ERR*\fR constant to indicate an error. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBX509_verify_cert\fR\|(3), -\&\fBX509_check_ca\fR\|(3), -\&\fBverify\fR\|(1) +\&\fBX509_verify_cert\fR\|(3), \fBX509_verify\fR\|(3), \fBX509_check_ca\fR\|(3), +\&\fBopenssl\-verify\fR\|(1), \fBX509_self_signed\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_check_private_key.3 b/secure/lib/libcrypto/man/man3/X509_check_private_key.3 index db5e6017ceab..4ab32553d595 100644 --- a/secure/lib/libcrypto/man/man3/X509_check_private_key.3 +++ b/secure/lib/libcrypto/man/man3/X509_check_private_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_CHECK_PRIVATE_KEY 3" -.TH X509_CHECK_PRIVATE_KEY 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_CHECK_PRIVATE_KEY 3ossl" +.TH X509_CHECK_PRIVATE_KEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_check_private_key, X509_REQ_check_private_key \- check the consistency of a private key with the public key in an X509 certificate or certificate request +X509_check_private_key, X509_REQ_check_private_key \- check the consistency +of a private key with the public key in an X509 certificate or certificate +request .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -177,7 +177,7 @@ return success. .IX Header "COPYRIGHT" Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_check_purpose.3 b/secure/lib/libcrypto/man/man3/X509_check_purpose.3 index 2e252e49e774..814064d4f95c 100644 --- a/secure/lib/libcrypto/man/man3/X509_check_purpose.3 +++ b/secure/lib/libcrypto/man/man3/X509_check_purpose.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_CHECK_PURPOSE 3" -.TH X509_CHECK_PURPOSE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_CHECK_PURPOSE 3ossl" +.TH X509_CHECK_PURPOSE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,14 +143,15 @@ X509_check_purpose \- Check the purpose of a certificate .Vb 1 \& #include <openssl/x509v3.h> \& -\& int X509_check_purpose(X509 *x, int id, int ca) +\& int X509_check_purpose(X509 *x, int id, int ca); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" This function checks if certificate \fIx\fR was created with the purpose represented by \fIid\fR. If \fIca\fR is nonzero, then certificate \fIx\fR is checked to determine if it's a possible \s-1CA\s0 with various levels of certainty -possibly returned. +possibly returned. The certificate \fIx\fR must be a complete certificate +otherwise the function returns an error. .PP Below are the potential \s-1ID\s0's that can be checked: .PP @@ -167,6 +166,9 @@ Below are the potential \s-1ID\s0's that can be checked: \& # define X509_PURPOSE_OCSP_HELPER 8 \& # define X509_PURPOSE_TIMESTAMP_SIGN 9 .Ve +.PP +The checks performed take into account the X.509 extensions +keyUsage, extendedKeyUsage, and basicConstraints. .SH "RETURN VALUES" .IX Header "RETURN VALUES" For non-CA checks @@ -198,7 +200,7 @@ For \s-1CA\s0 checks the below integers could be returned with the following mea .PD .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2019\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \&\s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_cmp.3 b/secure/lib/libcrypto/man/man3/X509_cmp.3 index ef43583b925d..20b8cec0f009 100644 --- a/secure/lib/libcrypto/man/man3/X509_cmp.3 +++ b/secure/lib/libcrypto/man/man3/X509_cmp.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,17 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_CMP 3" -.TH X509_CMP 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_CMP 3ossl" +.TH X509_CMP 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_cmp, X509_NAME_cmp, X509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp, X509_CRL_cmp, X509_CRL_match \&\- compare X509 certificates and related values +X509_cmp, X509_NAME_cmp, +X509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp, +X509_CRL_cmp, X509_CRL_match +\&\- compare X509 certificates and related values .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -159,16 +160,20 @@ This set of functions are used to compare X509 objects, including X509 certificates, X509 \s-1CRL\s0 objects and various values in an X509 certificate. .PP The \fBX509_cmp()\fR function compares two \fBX509\fR objects indicated by parameters -\&\fBa\fR and \fBb\fR. The comparison is based on the \fBmemcmp\fR result of the hash +\&\fIa\fR and \fIb\fR. The comparison is based on the \fBmemcmp\fR result of the hash values of two \fBX509\fR objects and the canonical (\s-1DER\s0) encoding values. .PP The \fBX509_NAME_cmp()\fR function compares two \fBX509_NAME\fR objects indicated by -parameters \fBa\fR and \fBb\fR. The comparison is based on the \fBmemcmp\fR result of -the canonical (\s-1DER\s0) encoding values of the two objects. \fBi2d_X509_NAME\fR\|(3) -has a more detailed description of the \s-1DER\s0 encoding of the \fBX509_NAME\fR structure. +parameters \fIa\fR and \fIb\fR. The comparison is based on the \fBmemcmp\fR result of the +canonical (\s-1DER\s0) encoding values of the two objects using \fBi2d_X509_NAME\fR\|(3). +This procedure adheres to the matching rules for Distinguished Names (\s-1DN\s0) +given in \s-1RFC 4517\s0 section 4.2.15 and \s-1RFC 5280\s0 section 7.1. +In particular, the order of Relative Distinguished Names (RDNs) is relevant. +On the other hand, if an \s-1RDN\s0 is multi-valued, i.e., it contains a set of +AttributeValueAssertions (AVAs), its members are effectively not ordered. .PP The \fBX509_issuer_and_serial_cmp()\fR function compares the serial number and issuer -values in the given \fBX509\fR objects \fBa\fR and \fBb\fR. +values in the given \fBX509\fR objects \fIa\fR and \fIb\fR. .PP The \fBX509_issuer_name_cmp()\fR, \fBX509_subject_name_cmp()\fR and \fBX509_CRL_cmp()\fR functions are effectively wrappers of the \fBX509_NAME_cmp()\fR function. These functions compare @@ -181,12 +186,12 @@ The \fBX509_CRL_match()\fR function compares two \fBX509_CRL\fR objects. Unlike of just the issuer name. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -Like common memory comparison functions, the \fBX509\fR comparison functions return -an integer less than, equal to, or greater than zero if object \fBa\fR is found to -be less than, to match, or be greater than object \fBb\fR, respectively. +The \fBX509\fR comparison functions return \fB\-1\fR, \fB0\fR, or \fB1\fR if object \fIa\fR is +found to be less than, to match, or be greater than object \fIb\fR, respectively. .PP \&\fBX509_NAME_cmp()\fR, \fBX509_issuer_and_serial_cmp()\fR, \fBX509_issuer_name_cmp()\fR, -\&\fBX509_subject_name_cmp()\fR and \fBX509_CRL_cmp()\fR may return \fB\-2\fR to indicate an error. +\&\fBX509_subject_name_cmp()\fR, \fBX509_CRL_cmp()\fR, and \fBX509_CRL_match()\fR +may return \fB\-2\fR to indicate an error. .SH "NOTES" .IX Header "NOTES" These functions in fact utilize the underlying \fBmemcmp\fR of the C library to do @@ -201,7 +206,7 @@ circumstances, which could cause confusion for the applications. \&\fBi2d_X509_NAME\fR\|(3), \fBi2d_X509\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/secure/lib/libcrypto/man/man3/X509_cmp_time.3 b/secure/lib/libcrypto/man/man3/X509_cmp_time.3 index 6a15a4ec15a2..82cdc2265eae 100644 --- a/secure/lib/libcrypto/man/man3/X509_cmp_time.3 +++ b/secure/lib/libcrypto/man/man3/X509_cmp_time.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,61 +130,88 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_CMP_TIME 3" -.TH X509_CMP_TIME 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_CMP_TIME 3ossl" +.TH X509_CMP_TIME 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_cmp_time, X509_cmp_current_time, X509_time_adj, X509_time_adj_ex \&\- X509 time functions +X509_cmp_time, X509_cmp_current_time, X509_cmp_timeframe, +X509_time_adj, X509_time_adj_ex, X509_gmtime_adj +\&\- X509 time functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 5 +.Vb 8 \& int X509_cmp_time(const ASN1_TIME *asn1_time, time_t *in_tm); \& int X509_cmp_current_time(const ASN1_TIME *asn1_time); +\& int X509_cmp_timeframe(const X509_VERIFY_PARAM *vpm, +\& const ASN1_TIME *start, const ASN1_TIME *end); \& ASN1_TIME *X509_time_adj(ASN1_TIME *asn1_time, long offset_sec, time_t *in_tm); \& ASN1_TIME *X509_time_adj_ex(ASN1_TIME *asn1_time, int offset_day, long \& offset_sec, time_t *in_tm); +\& ASN1_TIME *X509_gmtime_adj(ASN1_TIME *asn1_time, long offset_sec); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBX509_cmp_time()\fR compares the \s-1ASN1_TIME\s0 in \fBasn1_time\fR with the time -in <cmp_time>. \fBX509_cmp_current_time()\fR compares the \s-1ASN1_TIME\s0 in -\&\fBasn1_time\fR with the current time, expressed as time_t. \fBasn1_time\fR -must satisfy the \s-1ASN1_TIME\s0 format mandated by \s-1RFC 5280,\s0 i.e., its -format must be either \s-1YYMMDDHHMMSSZ\s0 or \s-1YYYYMMDDHHMMSSZ.\s0 +\&\fBX509_cmp_time()\fR compares the \s-1ASN1_TIME\s0 in \fIasn1_time\fR with the time +in <in_tm>. +.PP +\&\fBX509_cmp_current_time()\fR compares the \s-1ASN1_TIME\s0 in +\&\fIasn1_time\fR with the current time, expressed as time_t. +.PP +\&\fBX509_cmp_timeframe()\fR compares the given time period with the reference time +included in the verification parameters \fIvpm\fR if they are not \s-1NULL\s0 and contain +\&\fBX509_V_FLAG_USE_CHECK_TIME\fR; else the current time is used as reference time. .PP -\&\fBX509_time_adj_ex()\fR sets the \s-1ASN1_TIME\s0 structure \fBasn1_time\fR to the time -\&\fBoffset_day\fR and \fBoffset_sec\fR after \fBin_tm\fR. +\&\fBX509_time_adj_ex()\fR sets the \s-1ASN1_TIME\s0 structure \fIasn1_time\fR to the time +\&\fIoffset_day\fR and \fIoffset_sec\fR after \fIin_tm\fR. .PP -\&\fBX509_time_adj()\fR sets the \s-1ASN1_TIME\s0 structure \fBasn1_time\fR to the time -\&\fBoffset_sec\fR after \fBin_tm\fR. This method can only handle second +\&\fBX509_time_adj()\fR sets the \s-1ASN1_TIME\s0 structure \fIasn1_time\fR to the time +\&\fIoffset_sec\fR after \fIin_tm\fR. This method can only handle second offsets up to the capacity of long, so the newer \fBX509_time_adj_ex()\fR \&\s-1API\s0 should be preferred. .PP -In both methods, if \fBasn1_time\fR is \s-1NULL,\s0 a new \s-1ASN1_TIME\s0 structure +In both methods, if \fIasn1_time\fR is \s-1NULL,\s0 a new \s-1ASN1_TIME\s0 structure is allocated and returned. .PP -In all methods, if \fBin_tm\fR is \s-1NULL,\s0 the current time, expressed as +In all methods, if \fIin_tm\fR is \s-1NULL,\s0 the current time, expressed as time_t, is used. +.PP +\&\fIasn1_time\fR must satisfy the \s-1ASN1_TIME\s0 format mandated by \s-1RFC 5280,\s0 +i.e., its format must be either \s-1YYMMDDHHMMSSZ\s0 or \s-1YYYYMMDDHHMMSSZ.\s0 +.PP +\&\fBX509_gmtime_adj()\fR sets the \s-1ASN1_TIME\s0 structure \fIasn1_time\fR to the time +\&\fIoffset_sec\fR after the current time. It is equivalent to calling +\&\fBX509_time_adj()\fR with the last parameter as \s-1NULL.\s0 .SH "BUGS" .IX Header "BUGS" Unlike many standard comparison functions, \fBX509_cmp_time()\fR and \&\fBX509_cmp_current_time()\fR return 0 on error. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBX509_cmp_time()\fR and \fBX509_cmp_current_time()\fR return \-1 if \fBasn1_time\fR -is earlier than, or equal to, \fBcmp_time\fR (resp. current time), and 1 +\&\fBX509_cmp_time()\fR and \fBX509_cmp_current_time()\fR return \-1 if \fIasn1_time\fR +is earlier than, or equal to, \fIin_tm\fR (resp. current time), and 1 otherwise. These methods return 0 on error. .PP -\&\fBX509_time_adj()\fR and \fBX509_time_adj_ex()\fR return a pointer to the updated -\&\s-1ASN1_TIME\s0 structure, and \s-1NULL\s0 on error. +\&\fBX509_cmp_timeframe()\fR returns 0 if \fIvpm\fR is not \s-1NULL\s0 and the verification +parameters do not contain \fBX509_V_FLAG_USE_CHECK_TIME\fR +but do contain \fBX509_V_FLAG_NO_CHECK_TIME\fR. Otherwise it returns +1 if the end time is not \s-1NULL\s0 and the reference time (which has determined as +stated above) is past the end time, \-1 if the start time is not \s-1NULL\s0 and the +reference time is before, else 0 to indicate that the reference time is in range +(implying that the end time is not before the start time if both are present). +.PP +\&\fBX509_time_adj()\fR, \fBX509_time_adj_ex()\fR and \fBX509_gmtime_adj()\fR return a pointer to +the updated \s-1ASN1_TIME\s0 structure, and \s-1NULL\s0 on error. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBX509_cmp_timeframe()\fR was added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_digest.3 b/secure/lib/libcrypto/man/man3/X509_digest.3 index fdd6a70e10b4..73742b4fef0f 100644 --- a/secure/lib/libcrypto/man/man3/X509_digest.3 +++ b/secure/lib/libcrypto/man/man3/X509_digest.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,21 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_DIGEST 3" -.TH X509_DIGEST 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_DIGEST 3ossl" +.TH X509_DIGEST 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_digest, X509_CRL_digest, X509_pubkey_digest, X509_NAME_digest, X509_REQ_digest, PKCS7_ISSUER_AND_SERIAL_digest \&\- get digest of various objects +X509_digest, +X509_digest_sig, +X509_CRL_digest, +X509_pubkey_digest, +X509_NAME_digest, +X509_REQ_digest, +PKCS7_ISSUER_AND_SERIAL_digest +\&\- get digest of various objects .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -147,6 +152,8 @@ X509_digest, X509_CRL_digest, X509_pubkey_digest, X509_NAME_digest, X509_REQ_dig \& \& int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, \& unsigned int *len); +\& ASN1_OCTET_STRING *X509_digest_sig(const X509 *cert, +\& EVP_MD **md_used, int *md_is_fallback); \& \& int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, \& unsigned int *len); @@ -168,27 +175,46 @@ X509_digest, X509_CRL_digest, X509_pubkey_digest, X509_NAME_digest, X509_REQ_dig .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +\&\fBX509_digest_sig()\fR calculates a digest of the given certificate \fIcert\fR +using the same hash algorithm as in its signature, if the digest +is an integral part of the certificate signature algorithm identifier. +Otherwise, a fallback hash algorithm is determined as follows: +\&\s-1SHA512\s0 if the signature algorithm is \s-1ED25519, +SHAKE256\s0 if it is \s-1ED448,\s0 otherwise \s-1SHA256.\s0 +The output parameters are assigned as follows. +Unless \fImd_used\fR is \s-1NULL,\s0 the hash algorithm used is provided +in \fI*md_used\fR and must be freed by the caller (if it is not \s-1NULL\s0). +Unless \fImd_is_fallback\fR is \s-1NULL,\s0 +the \fI*md_is_fallback\fR is set to 1 if the hash algorithm used is a fallback, +otherwise to 0. +.PP \&\fBX509_pubkey_digest()\fR returns a digest of the \s-1DER\s0 representation of the public -key in the specified X509 \fBdata\fR object. +key in the specified X509 \fIdata\fR object. +.PP All other functions described here return a digest of the \s-1DER\s0 representation -of their entire \fBdata\fR objects. +of their entire \fIdata\fR objects. .PP -The \fBtype\fR parameter specifies the digest to -be used, such as \fBEVP_sha1()\fR. The \fBmd\fR is a pointer to the buffer where the +The \fItype\fR parameter specifies the digest to +be used, such as \fBEVP_sha1()\fR. The \fImd\fR is a pointer to the buffer where the digest will be copied and is assumed to be large enough; the constant -\&\fB\s-1EVP_MAX_MD_SIZE\s0\fR is suggested. The \fBlen\fR parameter, if not \s-1NULL,\s0 points +\&\fB\s-1EVP_MAX_MD_SIZE\s0\fR is suggested. The \fIlen\fR parameter, if not \s-1NULL,\s0 points to a place where the digest size will be stored. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -All functions described here return 1 for success and 0 for failure. +\&\fBX509_digest_sig()\fR returns an \s-1ASN1_OCTET_STRING\s0 pointer on success, else \s-1NULL.\s0 +.PP +All other functions described here return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBEVP_sha1\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBX509_digest_sig()\fR function was added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_dup.3 b/secure/lib/libcrypto/man/man3/X509_dup.3 index d62b2d1260a5..23e2f799fc4d 100644 --- a/secure/lib/libcrypto/man/man3/X509_dup.3 +++ b/secure/lib/libcrypto/man/man3/X509_dup.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,313 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_DUP 3" -.TH X509_DUP 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_DUP 3ossl" +.TH X509_DUP 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -DECLARE_ASN1_FUNCTIONS, IMPLEMENT_ASN1_FUNCTIONS, ASN1_ITEM, ACCESS_DESCRIPTION_free, ACCESS_DESCRIPTION_new, ADMISSIONS_free, ADMISSIONS_new, ADMISSION_SYNTAX_free, ADMISSION_SYNTAX_new, ASIdOrRange_free, ASIdOrRange_new, ASIdentifierChoice_free, ASIdentifierChoice_new, ASIdentifiers_free, ASIdentifiers_new, ASRange_free, ASRange_new, AUTHORITY_INFO_ACCESS_free, AUTHORITY_INFO_ACCESS_new, AUTHORITY_KEYID_free, AUTHORITY_KEYID_new, BASIC_CONSTRAINTS_free, BASIC_CONSTRAINTS_new, CERTIFICATEPOLICIES_free, CERTIFICATEPOLICIES_new, CMS_ContentInfo_free, CMS_ContentInfo_new, CMS_ContentInfo_print_ctx, CMS_ReceiptRequest_free, CMS_ReceiptRequest_new, CRL_DIST_POINTS_free, CRL_DIST_POINTS_new, DIRECTORYSTRING_free, DIRECTORYSTRING_new, DISPLAYTEXT_free, DISPLAYTEXT_new, DIST_POINT_NAME_free, DIST_POINT_NAME_new, DIST_POINT_free, DIST_POINT_new, DSAparams_dup, ECPARAMETERS_free, ECPARAMETERS_new, ECPKPARAMETERS_free, ECPKPARAMETERS_new, EDIPARTYNAME_free, EDIPARTYNAME_new, ESS_CERT_ID_dup, ESS_CERT_ID_free, ESS_CERT_ID_new, ESS_ISSUER_SERIAL_dup, ESS_ISSUER_SERIAL_free, ESS_ISSUER_SERIAL_new, ESS_SIGNING_CERT_dup, ESS_SIGNING_CERT_free, ESS_SIGNING_CERT_new, EXTENDED_KEY_USAGE_free, EXTENDED_KEY_USAGE_new, GENERAL_NAMES_free, GENERAL_NAMES_new, GENERAL_NAME_dup, GENERAL_NAME_free, GENERAL_NAME_new, GENERAL_SUBTREE_free, GENERAL_SUBTREE_new, IPAddressChoice_free, IPAddressChoice_new, IPAddressFamily_free, IPAddressFamily_new, IPAddressOrRange_free, IPAddressOrRange_new, IPAddressRange_free, IPAddressRange_new, ISSUING_DIST_POINT_free, ISSUING_DIST_POINT_new, NAME_CONSTRAINTS_free, NAME_CONSTRAINTS_new, NAMING_AUTHORITY_free, NAMING_AUTHORITY_new, NETSCAPE_CERT_SEQUENCE_free, NETSCAPE_CERT_SEQUENCE_new, NETSCAPE_SPKAC_free, NETSCAPE_SPKAC_new, NETSCAPE_SPKI_free, NETSCAPE_SPKI_new, NOTICEREF_free, NOTICEREF_new, OCSP_BASICRESP_free, OCSP_BASICRESP_new, OCSP_CERTID_dup, OCSP_CERTID_new, OCSP_CERTSTATUS_free, OCSP_CERTSTATUS_new, OCSP_CRLID_free, OCSP_CRLID_new, OCSP_ONEREQ_free, OCSP_ONEREQ_new, OCSP_REQINFO_free, OCSP_REQINFO_new, OCSP_RESPBYTES_free, OCSP_RESPBYTES_new, OCSP_RESPDATA_free, OCSP_RESPDATA_new, OCSP_RESPID_free, OCSP_RESPID_new, OCSP_RESPONSE_new, OCSP_REVOKEDINFO_free, OCSP_REVOKEDINFO_new, OCSP_SERVICELOC_free, OCSP_SERVICELOC_new, OCSP_SIGNATURE_free, OCSP_SIGNATURE_new, OCSP_SINGLERESP_free, OCSP_SINGLERESP_new, OTHERNAME_free, OTHERNAME_new, PBE2PARAM_free, PBE2PARAM_new, PBEPARAM_free, PBEPARAM_new, PBKDF2PARAM_free, PBKDF2PARAM_new, PKCS12_BAGS_free, PKCS12_BAGS_new, PKCS12_MAC_DATA_free, PKCS12_MAC_DATA_new, PKCS12_SAFEBAG_free, PKCS12_SAFEBAG_new, PKCS12_free, PKCS12_new, PKCS7_DIGEST_free, PKCS7_DIGEST_new, PKCS7_ENCRYPT_free, PKCS7_ENCRYPT_new, PKCS7_ENC_CONTENT_free, PKCS7_ENC_CONTENT_new, PKCS7_ENVELOPE_free, PKCS7_ENVELOPE_new, PKCS7_ISSUER_AND_SERIAL_free, PKCS7_ISSUER_AND_SERIAL_new, PKCS7_RECIP_INFO_free, PKCS7_RECIP_INFO_new, PKCS7_SIGNED_free, PKCS7_SIGNED_new, PKCS7_SIGNER_INFO_free, PKCS7_SIGNER_INFO_new, PKCS7_SIGN_ENVELOPE_free, PKCS7_SIGN_ENVELOPE_new, PKCS7_dup, PKCS7_free, PKCS7_new, PKCS7_print_ctx, PKCS8_PRIV_KEY_INFO_free, PKCS8_PRIV_KEY_INFO_new, PKEY_USAGE_PERIOD_free, PKEY_USAGE_PERIOD_new, POLICYINFO_free, POLICYINFO_new, POLICYQUALINFO_free, POLICYQUALINFO_new, POLICY_CONSTRAINTS_free, POLICY_CONSTRAINTS_new, POLICY_MAPPING_free, POLICY_MAPPING_new, PROFESSION_INFO_free, PROFESSION_INFO_new, PROFESSION_INFOS_free, PROFESSION_INFOS_new, PROXY_CERT_INFO_EXTENSION_free, PROXY_CERT_INFO_EXTENSION_new, PROXY_POLICY_free, PROXY_POLICY_new, RSAPrivateKey_dup, RSAPublicKey_dup, RSA_OAEP_PARAMS_free, RSA_OAEP_PARAMS_new, RSA_PSS_PARAMS_free, RSA_PSS_PARAMS_new, SCRYPT_PARAMS_free, SCRYPT_PARAMS_new, SXNETID_free, SXNETID_new, SXNET_free, SXNET_new, TLS_FEATURE_free, TLS_FEATURE_new, TS_ACCURACY_dup, TS_ACCURACY_free, TS_ACCURACY_new, TS_MSG_IMPRINT_dup, TS_MSG_IMPRINT_free, TS_MSG_IMPRINT_new, TS_REQ_dup, TS_REQ_free, TS_REQ_new, TS_RESP_dup, TS_RESP_free, TS_RESP_new, TS_STATUS_INFO_dup, TS_STATUS_INFO_free, TS_STATUS_INFO_new, TS_TST_INFO_dup, TS_TST_INFO_free, TS_TST_INFO_new, USERNOTICE_free, USERNOTICE_new, X509_ALGOR_free, X509_ALGOR_new, X509_ATTRIBUTE_dup, X509_ATTRIBUTE_free, X509_ATTRIBUTE_new, X509_CERT_AUX_free, X509_CERT_AUX_new, X509_CINF_free, X509_CINF_new, X509_CRL_INFO_free, X509_CRL_INFO_new, X509_CRL_dup, X509_CRL_free, X509_CRL_new, X509_EXTENSION_dup, X509_EXTENSION_free, X509_EXTENSION_new, X509_NAME_ENTRY_dup, X509_NAME_ENTRY_free, X509_NAME_ENTRY_new, X509_NAME_dup, X509_NAME_free, X509_NAME_new, X509_REQ_INFO_free, X509_REQ_INFO_new, X509_REQ_dup, X509_REQ_free, X509_REQ_new, X509_REVOKED_dup, X509_REVOKED_free, X509_REVOKED_new, X509_SIG_free, X509_SIG_new, X509_VAL_free, X509_VAL_new, X509_dup, \&\- ASN1 object utilities +DECLARE_ASN1_FUNCTIONS, +IMPLEMENT_ASN1_FUNCTIONS, +ASN1_ITEM, +ACCESS_DESCRIPTION_free, +ACCESS_DESCRIPTION_new, +ADMISSIONS_free, +ADMISSIONS_new, +ADMISSION_SYNTAX_free, +ADMISSION_SYNTAX_new, +ASIdOrRange_free, +ASIdOrRange_new, +ASIdentifierChoice_free, +ASIdentifierChoice_new, +ASIdentifiers_free, +ASIdentifiers_new, +ASRange_free, +ASRange_new, +AUTHORITY_INFO_ACCESS_free, +AUTHORITY_INFO_ACCESS_new, +AUTHORITY_KEYID_free, +AUTHORITY_KEYID_new, +BASIC_CONSTRAINTS_free, +BASIC_CONSTRAINTS_new, +CERTIFICATEPOLICIES_free, +CERTIFICATEPOLICIES_new, +CMS_ContentInfo_free, +CMS_ContentInfo_new, +CMS_ContentInfo_new_ex, +CMS_ContentInfo_print_ctx, +CMS_ReceiptRequest_free, +CMS_ReceiptRequest_new, +CRL_DIST_POINTS_free, +CRL_DIST_POINTS_new, +DIRECTORYSTRING_free, +DIRECTORYSTRING_new, +DISPLAYTEXT_free, +DISPLAYTEXT_new, +DIST_POINT_NAME_free, +DIST_POINT_NAME_new, +DIST_POINT_free, +DIST_POINT_new, +DSAparams_dup, +ECPARAMETERS_free, +ECPARAMETERS_new, +ECPKPARAMETERS_free, +ECPKPARAMETERS_new, +EDIPARTYNAME_free, +EDIPARTYNAME_new, +ESS_CERT_ID_dup, +ESS_CERT_ID_free, +ESS_CERT_ID_new, +ESS_CERT_ID_V2_dup, +ESS_CERT_ID_V2_free, +ESS_CERT_ID_V2_new, +ESS_ISSUER_SERIAL_dup, +ESS_ISSUER_SERIAL_free, +ESS_ISSUER_SERIAL_new, +ESS_SIGNING_CERT_dup, +ESS_SIGNING_CERT_free, +ESS_SIGNING_CERT_it, +ESS_SIGNING_CERT_new, +ESS_SIGNING_CERT_V2_dup, +ESS_SIGNING_CERT_V2_free, +ESS_SIGNING_CERT_V2_it, +ESS_SIGNING_CERT_V2_new, +EXTENDED_KEY_USAGE_free, +EXTENDED_KEY_USAGE_new, +GENERAL_NAMES_free, +GENERAL_NAMES_new, +GENERAL_NAME_dup, +GENERAL_NAME_free, +GENERAL_NAME_new, +GENERAL_SUBTREE_free, +GENERAL_SUBTREE_new, +IPAddressChoice_free, +IPAddressChoice_new, +IPAddressFamily_free, +IPAddressFamily_new, +IPAddressOrRange_free, +IPAddressOrRange_new, +IPAddressRange_free, +IPAddressRange_new, +ISSUER_SIGN_TOOL_free, +ISSUER_SIGN_TOOL_it, +ISSUER_SIGN_TOOL_new, +ISSUING_DIST_POINT_free, +ISSUING_DIST_POINT_it, +ISSUING_DIST_POINT_new, +NAME_CONSTRAINTS_free, +NAME_CONSTRAINTS_new, +NAMING_AUTHORITY_free, +NAMING_AUTHORITY_new, +NETSCAPE_CERT_SEQUENCE_free, +NETSCAPE_CERT_SEQUENCE_new, +NETSCAPE_SPKAC_free, +NETSCAPE_SPKAC_new, +NETSCAPE_SPKI_free, +NETSCAPE_SPKI_new, +NOTICEREF_free, +NOTICEREF_new, +OCSP_BASICRESP_free, +OCSP_BASICRESP_new, +OCSP_CERTID_dup, +OCSP_CERTID_new, +OCSP_CERTSTATUS_free, +OCSP_CERTSTATUS_new, +OCSP_CRLID_free, +OCSP_CRLID_new, +OCSP_ONEREQ_free, +OCSP_ONEREQ_new, +OCSP_REQINFO_free, +OCSP_REQINFO_new, +OCSP_RESPBYTES_free, +OCSP_RESPBYTES_new, +OCSP_RESPDATA_free, +OCSP_RESPDATA_new, +OCSP_RESPID_free, +OCSP_RESPID_new, +OCSP_RESPONSE_new, +OCSP_REVOKEDINFO_free, +OCSP_REVOKEDINFO_new, +OCSP_SERVICELOC_free, +OCSP_SERVICELOC_new, +OCSP_SIGNATURE_free, +OCSP_SIGNATURE_new, +OCSP_SINGLERESP_free, +OCSP_SINGLERESP_new, +OSSL_CMP_ITAV_dup, +OSSL_CMP_ITAV_free, +OSSL_CMP_MSG_dup, +OSSL_CMP_MSG_it, +OSSL_CMP_MSG_free, +OSSL_CMP_PKIHEADER_free, +OSSL_CMP_PKIHEADER_it, +OSSL_CMP_PKIHEADER_new, +OSSL_CMP_PKISI_dup, +OSSL_CMP_PKISI_free, +OSSL_CMP_PKISI_it, +OSSL_CMP_PKISI_new, +OSSL_CMP_PKISTATUS_it, +OSSL_CRMF_CERTID_dup, +OSSL_CRMF_CERTID_free, +OSSL_CRMF_CERTID_it, +OSSL_CRMF_CERTID_new, +OSSL_CRMF_CERTTEMPLATE_free, +OSSL_CRMF_CERTTEMPLATE_it, +OSSL_CRMF_CERTTEMPLATE_new, +OSSL_CRMF_ENCRYPTEDVALUE_free, +OSSL_CRMF_ENCRYPTEDVALUE_it, +OSSL_CRMF_ENCRYPTEDVALUE_new, +OSSL_CRMF_MSGS_free, +OSSL_CRMF_MSGS_it, +OSSL_CRMF_MSGS_new, +OSSL_CRMF_MSG_dup, +OSSL_CRMF_MSG_free, +OSSL_CRMF_MSG_it, +OSSL_CRMF_MSG_new, +OSSL_CRMF_PBMPARAMETER_free, +OSSL_CRMF_PBMPARAMETER_it, +OSSL_CRMF_PBMPARAMETER_new, +OSSL_CRMF_PKIPUBLICATIONINFO_free, +OSSL_CRMF_PKIPUBLICATIONINFO_it, +OSSL_CRMF_PKIPUBLICATIONINFO_new, +OSSL_CRMF_SINGLEPUBINFO_free, +OSSL_CRMF_SINGLEPUBINFO_it, +OSSL_CRMF_SINGLEPUBINFO_new, +OTHERNAME_free, +OTHERNAME_new, +PBE2PARAM_free, +PBE2PARAM_new, +PBEPARAM_free, +PBEPARAM_new, +PBKDF2PARAM_free, +PBKDF2PARAM_new, +PKCS12_BAGS_free, +PKCS12_BAGS_new, +PKCS12_MAC_DATA_free, +PKCS12_MAC_DATA_new, +PKCS12_SAFEBAG_free, +PKCS12_SAFEBAG_new, +PKCS12_free, +PKCS12_new, +PKCS7_DIGEST_free, +PKCS7_DIGEST_new, +PKCS7_ENCRYPT_free, +PKCS7_ENCRYPT_new, +PKCS7_ENC_CONTENT_free, +PKCS7_ENC_CONTENT_new, +PKCS7_ENVELOPE_free, +PKCS7_ENVELOPE_new, +PKCS7_ISSUER_AND_SERIAL_free, +PKCS7_ISSUER_AND_SERIAL_new, +PKCS7_RECIP_INFO_free, +PKCS7_RECIP_INFO_new, +PKCS7_SIGNED_free, +PKCS7_SIGNED_new, +PKCS7_SIGNER_INFO_free, +PKCS7_SIGNER_INFO_new, +PKCS7_SIGN_ENVELOPE_free, +PKCS7_SIGN_ENVELOPE_new, +PKCS7_dup, +PKCS7_free, +PKCS7_new_ex, +PKCS7_new, +PKCS7_print_ctx, +PKCS8_PRIV_KEY_INFO_free, +PKCS8_PRIV_KEY_INFO_new, +PKEY_USAGE_PERIOD_free, +PKEY_USAGE_PERIOD_new, +POLICYINFO_free, +POLICYINFO_new, +POLICYQUALINFO_free, +POLICYQUALINFO_new, +POLICY_CONSTRAINTS_free, +POLICY_CONSTRAINTS_new, +POLICY_MAPPING_free, +POLICY_MAPPING_new, +PROFESSION_INFOS_free, +PROFESSION_INFOS_new, +PROFESSION_INFO_free, +PROFESSION_INFO_new, +PROXY_CERT_INFO_EXTENSION_free, +PROXY_CERT_INFO_EXTENSION_new, +PROXY_POLICY_free, +PROXY_POLICY_new, +RSAPrivateKey_dup, +RSAPublicKey_dup, +RSA_OAEP_PARAMS_free, +RSA_OAEP_PARAMS_new, +RSA_PSS_PARAMS_free, +RSA_PSS_PARAMS_new, +RSA_PSS_PARAMS_dup, +SCRYPT_PARAMS_free, +SCRYPT_PARAMS_new, +SXNETID_free, +SXNETID_new, +SXNET_free, +SXNET_new, +TLS_FEATURE_free, +TLS_FEATURE_new, +TS_ACCURACY_dup, +TS_ACCURACY_free, +TS_ACCURACY_new, +TS_MSG_IMPRINT_dup, +TS_MSG_IMPRINT_free, +TS_MSG_IMPRINT_new, +TS_REQ_dup, +TS_REQ_free, +TS_REQ_new, +TS_RESP_dup, +TS_RESP_free, +TS_RESP_new, +TS_STATUS_INFO_dup, +TS_STATUS_INFO_free, +TS_STATUS_INFO_new, +TS_TST_INFO_dup, +TS_TST_INFO_free, +TS_TST_INFO_new, +USERNOTICE_free, +USERNOTICE_new, +X509_ALGOR_free, +X509_ALGOR_it, +X509_ALGOR_new, +X509_ATTRIBUTE_dup, +X509_ATTRIBUTE_free, +X509_ATTRIBUTE_new, +X509_CERT_AUX_free, +X509_CERT_AUX_new, +X509_CINF_free, +X509_CINF_new, +X509_CRL_INFO_free, +X509_CRL_INFO_new, +X509_CRL_dup, +X509_CRL_free, +X509_CRL_new_ex, +X509_CRL_new, +X509_EXTENSION_dup, +X509_EXTENSION_free, +X509_EXTENSION_new, +X509_NAME_ENTRY_dup, +X509_NAME_ENTRY_free, +X509_NAME_ENTRY_new, +X509_NAME_dup, +X509_NAME_free, +X509_NAME_new, +X509_REQ_INFO_free, +X509_REQ_INFO_new, +X509_REQ_dup, +X509_REQ_free, +X509_REQ_new, +X509_REQ_new_ex, +X509_REVOKED_dup, +X509_REVOKED_free, +X509_REVOKED_new, +X509_SIG_free, +X509_SIG_new, +X509_VAL_free, +X509_VAL_new, +X509_dup, +\&\- ASN1 object utilities .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -152,14 +449,24 @@ DECLARE_ASN1_FUNCTIONS, IMPLEMENT_ASN1_FUNCTIONS, ASN1_ITEM, ACCESS_DESCRIPTION_ \& \& extern const ASN1_ITEM TYPE_it; \& TYPE *TYPE_new(void); -\& TYPE *TYPE_dup(TYPE *a); +\& TYPE *TYPE_dup(const TYPE *a); \& void TYPE_free(TYPE *a); \& int TYPE_print_ctx(BIO *out, TYPE *a, int indent, const ASN1_PCTX *pctx); .Ve +.PP +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 3 +\& DSA *DSAparams_dup(const DSA *dsa); +\& RSA *RSAPrivateKey_dup(const RSA *rsa); +\& RSA *RSAPublicKey_dup(const RSA *rsa); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -In the description below, \fI\s-1TYPE\s0\fR is used -as a placeholder for any of the OpenSSL datatypes, such as \fIX509\fR. +In the description below, \fB\f(BI\s-1TYPE\s0\fB\fR is used +as a placeholder for any of the OpenSSL datatypes, such as \fBX509\fR. .PP The OpenSSL \s-1ASN1\s0 parsing library templates are like a data-driven bytecode interpreter. @@ -174,29 +481,42 @@ to generate the function declarations. The macro \s-1\fBIMPLEMENT_ASN1_FUNCTIONS\s0()\fR is used once in a source file to generate the function bodies. .PP -\&\fBTYPE_new()\fR allocates an empty object of the indicated type. -The object returned must be released by calling \fBTYPE_free()\fR. +\&\fB\f(BI\s-1TYPE\s0\fB_new\fR() allocates an empty object of the indicated type. +The object returned must be released by calling \fB\f(BI\s-1TYPE\s0\fB_free\fR(). +.PP +\&\fB\f(BI\s-1TYPE\s0\fB_new_ex\fR() is similar to \fB\f(BI\s-1TYPE\s0\fB_new\fR() but also passes the +library context \fIlibctx\fR and the property query \fIpropq\fR to use when retrieving +algorithms from providers. This created object can then be used when loading +binary data using \fBd2i_\f(BI\s-1TYPE\s0\fB\fR(). .PP -\&\fBTYPE_dup()\fR copies an existing object. +\&\fB\f(BI\s-1TYPE\s0\fB_dup\fR() copies an existing object, leaving it untouched. .PP -\&\fBTYPE_free()\fR releases the object and all pointers and sub-objects +\&\fB\f(BI\s-1TYPE\s0\fB_free\fR() releases the object and all pointers and sub-objects within it. .PP -\&\fBTYPE_print_ctx()\fR prints the object \fBa\fR on the specified \s-1BIO\s0 \fBout\fR. -Each line will be prefixed with \fBindent\fR spaces. -The \fBpctx\fR specifies the printing context and is for internal +\&\fB\f(BI\s-1TYPE\s0\fB_print_ctx\fR() prints the object \fIa\fR on the specified \s-1BIO\s0 \fIout\fR. +Each line will be prefixed with \fIindent\fR spaces. +The \fIpctx\fR specifies the printing context and is for internal use; use \s-1NULL\s0 to get the default behavior. If a print function is -user-defined, then pass in any \fBpctx\fR down to any nested calls. +user-defined, then pass in any \fIpctx\fR down to any nested calls. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBTYPE_new()\fR and \fBTYPE_dup()\fR return a pointer to the object or \s-1NULL\s0 on failure. +\&\fB\f(BI\s-1TYPE\s0\fB_new\fR(), \fB\f(BI\s-1TYPE\s0\fB_new_ex\fR() and \fB\f(BI\s-1TYPE\s0\fB_dup\fR() return a pointer to +the object or \s-1NULL\s0 on failure. +.PP +\&\fB\f(BI\s-1TYPE\s0\fB_print_ctx\fR() returns 1 on success or zero on failure. +.SH "HISTORY" +.IX Header "HISTORY" +The functions \fBX509_REQ_new_ex()\fR, \fBX509_CRL_new_ex()\fR, \fBPKCS7_new_ex()\fR and +\&\fBCMS_ContentInfo_new_ex()\fR were added in OpenSSL 3.0. .PP -\&\fBTYPE_print_ctx()\fR returns 1 on success or zero on failure. +The functions \fBDSAparams_dup()\fR, \fBRSAPrivateKey_dup()\fR and \fBRSAPublicKey_dup()\fR were +deprecated in 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_get0_distinguishing_id.3 b/secure/lib/libcrypto/man/man3/X509_get0_distinguishing_id.3 new file mode 100644 index 000000000000..e9ab7cbe81b6 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_get0_distinguishing_id.3 @@ -0,0 +1,198 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET0_DISTINGUISHING_ID 3ossl" +.TH X509_GET0_DISTINGUISHING_ID 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get0_distinguishing_id, X509_set0_distinguishing_id, +X509_REQ_get0_distinguishing_id, X509_REQ_set0_distinguishing_id +\&\- get or set the Distinguishing ID for certificate operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509.h> +\& +\& ASN1_OCTET_STRING *X509_get0_distinguishing_id(X509 *x); +\& void X509_set0_distinguishing_id(X509 *x, ASN1_OCTET_STRING *distid); +\& ASN1_OCTET_STRING *X509_REQ_get0_distinguishing_id(X509_REQ *x); +\& void X509_REQ_set0_distinguishing_id(X509_REQ *x, ASN1_OCTET_STRING *distid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The Distinguishing \s-1ID\s0 is defined in \s-1FIPS 196\s0 as follows: +.IP "\fIDistinguishing identifier\fR" 4 +.IX Item "Distinguishing identifier" +Information which unambiguously distinguishes +an entity in the authentication process. +.PP +The \s-1SM2\s0 signature algorithm requires a Distinguishing \s-1ID\s0 value when generating +and verifying a signature, but the Ddistinguishing \s-1ID\s0 may also find other uses. +In the context of \s-1SM2,\s0 the Distinguishing \s-1ID\s0 is often referred to as the \*(L"\s-1SM2 +ID\*(R".\s0 +.PP +For the purpose off verifying a certificate or a certification request, a +Distinguishing \s-1ID\s0 may be attached to it, so functions like \fBX509_verify\fR\|(3) +or \fBX509_REQ_verify\fR\|(3) have easy access to that identity for signature +verification. +.PP +\&\fBX509_get0_distinguishing_id()\fR gets the Distinguishing \s-1ID\s0 value of a certificate +\&\fBx\fR by returning an \fB\s-1ASN1_OCTET_STRING\s0\fR object which should not be freed by +the caller. +.PP +\&\fBX509_set0_distinguishing_id()\fR assigns \fBdistid\fR to the certificate \fBx\fR. +Calling this function transfers the memory management of the value to the X509 +object, and therefore the value that has been passed in should not be freed by +the caller after this function has been called. +.PP +\&\fBX509_REQ_get0_distinguishing_id()\fR and \fBX509_REQ_set0_distinguishing_id()\fR +have the same functionality as \fBX509_get0_distinguishing_id()\fR and +\&\fBX509_set0_distinguishing_id()\fR except that they deal with \fBX509_REQ\fR +objects instead of \fBX509\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_set0_distinguishing_id()\fR and \fBX509_REQ_set0_distinguishing_id()\fR do not +return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_verify\fR\|(3), \s-1\fBSM2\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_get0_notBefore.3 b/secure/lib/libcrypto/man/man3/X509_get0_notBefore.3 index 70b39d8e77fa..7b8c563eeef4 100644 --- a/secure/lib/libcrypto/man/man3/X509_get0_notBefore.3 +++ b/secure/lib/libcrypto/man/man3/X509_get0_notBefore.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,17 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_GET0_NOTBEFORE 3" -.TH X509_GET0_NOTBEFORE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_GET0_NOTBEFORE 3ossl" +.TH X509_GET0_NOTBEFORE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_get0_notBefore, X509_getm_notBefore, X509_get0_notAfter, X509_getm_notAfter, X509_set1_notBefore, X509_set1_notAfter, X509_CRL_get0_lastUpdate, X509_CRL_get0_nextUpdate, X509_CRL_set1_lastUpdate, X509_CRL_set1_nextUpdate \- get or set certificate or CRL dates +X509_get0_notBefore, X509_getm_notBefore, X509_get0_notAfter, +X509_getm_notAfter, X509_set1_notBefore, X509_set1_notAfter, +X509_CRL_get0_lastUpdate, X509_CRL_get0_nextUpdate, X509_CRL_set1_lastUpdate, +X509_CRL_set1_nextUpdate \- get or set certificate or CRL dates .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -225,7 +226,7 @@ These functions are available in all versions of OpenSSL. .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_get0_signature.3 b/secure/lib/libcrypto/man/man3/X509_get0_signature.3 index c15a32ce7f3e..c96605ffbab7 100644 --- a/secure/lib/libcrypto/man/man3/X509_get0_signature.3 +++ b/secure/lib/libcrypto/man/man3/X509_get0_signature.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,17 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_GET0_SIGNATURE 3" -.TH X509_GET0_SIGNATURE 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_GET0_SIGNATURE 3ossl" +.TH X509_GET0_SIGNATURE 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_get0_signature, X509_REQ_set0_signature, X509_REQ_set1_signature_algo, X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature, X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get, X509_SIG_INFO_set \- signature information +X509_get0_signature, X509_REQ_set0_signature, X509_REQ_set1_signature_algo, +X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0_signature, +X509_REQ_get_signature_nid, X509_CRL_get0_signature, X509_CRL_get_signature_nid, +X509_get_signature_info, X509_SIG_INFO_get, X509_SIG_INFO_set \- signature information .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -261,9 +262,9 @@ The \fBX509_REQ_set0_signature()\fR and \fBX509_REQ_set1_signature_algo()\fR were added in OpenSSL 1.1.1e. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_get0_uids.3 b/secure/lib/libcrypto/man/man3/X509_get0_uids.3 index fc12e901adcd..32e15dcf2cda 100644 --- a/secure/lib/libcrypto/man/man3/X509_get0_uids.3 +++ b/secure/lib/libcrypto/man/man3/X509_get0_uids.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_GET0_UIDS 3" -.TH X509_GET0_UIDS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_GET0_UIDS 3ossl" +.TH X509_GET0_UIDS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -182,7 +180,7 @@ practice outside test cases. .IX Header "COPYRIGHT" Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_get_extension_flags.3 b/secure/lib/libcrypto/man/man3/X509_get_extension_flags.3 index aff3ce4f9182..2f28ceb5c5b8 100644 --- a/secure/lib/libcrypto/man/man3/X509_get_extension_flags.3 +++ b/secure/lib/libcrypto/man/man3/X509_get_extension_flags.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,24 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_GET_EXTENSION_FLAGS 3" -.TH X509_GET_EXTENSION_FLAGS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_GET_EXTENSION_FLAGS 3ossl" +.TH X509_GET_EXTENSION_FLAGS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_get0_subject_key_id, X509_get0_authority_key_id, X509_get0_authority_issuer, X509_get0_authority_serial, X509_get_pathlen, X509_get_extension_flags, X509_get_key_usage, X509_get_extended_key_usage, X509_set_proxy_flag, X509_set_proxy_pathlen, X509_get_proxy_pathlen \- retrieve certificate extension data +X509_get0_subject_key_id, +X509_get0_authority_key_id, +X509_get0_authority_issuer, +X509_get0_authority_serial, +X509_get_pathlen, +X509_get_extension_flags, +X509_get_key_usage, +X509_get_extended_key_usage, +X509_set_proxy_flag, +X509_set_proxy_pathlen, +X509_get_proxy_pathlen \- retrieve certificate extension data .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -201,7 +209,7 @@ processing the X509 object, so it may not be related to the processed \&\s-1ASN1\s0 object itself. .IP "\fB\s-1EXFLAG_NO_FINGERPRINT\s0\fR" 4 .IX Item "EXFLAG_NO_FINGERPRINT" -Failed to compute the internal \s-1SHA1\s0 hash value of the certificate. +Failed to compute the internal \s-1SHA1\s0 hash value of the certificate or \s-1CRL.\s0 This may be due to malloc failure or because no \s-1SHA1\s0 implementation was found. .IP "\fB\s-1EXFLAG_INVALID_POLICY\s0\fR" 4 .IX Item "EXFLAG_INVALID_POLICY" @@ -306,7 +314,7 @@ certificate is a proxy one and has a path length set, and \-1 otherwise. .IX Header "COPYRIGHT" Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_get_pubkey.3 b/secure/lib/libcrypto/man/man3/X509_get_pubkey.3 index 7d787cdbd593..20113a4e32ab 100644 --- a/secure/lib/libcrypto/man/man3/X509_get_pubkey.3 +++ b/secure/lib/libcrypto/man/man3/X509_get_pubkey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,17 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_GET_PUBKEY 3" -.TH X509_GET_PUBKEY 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_GET_PUBKEY 3ossl" +.TH X509_GET_PUBKEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_get_pubkey, X509_get0_pubkey, X509_set_pubkey, X509_get_X509_PUBKEY, X509_REQ_get_pubkey, X509_REQ_get0_pubkey, X509_REQ_set_pubkey, X509_REQ_get_X509_PUBKEY \- get or set certificate or certificate request public key +X509_get_pubkey, X509_get0_pubkey, X509_set_pubkey, X509_get_X509_PUBKEY, +X509_REQ_get_pubkey, X509_REQ_get0_pubkey, X509_REQ_set_pubkey, +X509_REQ_get_X509_PUBKEY \- get or set certificate or certificate request +public key .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -148,7 +149,7 @@ X509_get_pubkey, X509_get0_pubkey, X509_set_pubkey, X509_get_X509_PUBKEY, X509_R \& EVP_PKEY *X509_get_pubkey(X509 *x); \& EVP_PKEY *X509_get0_pubkey(const X509 *x); \& int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); -\& X509_PUBKEY *X509_get_X509_PUBKEY(X509 *x); +\& X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x); \& \& EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); \& EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req); @@ -207,9 +208,9 @@ for failure. \&\fBX509_verify_cert\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_get_serialNumber.3 b/secure/lib/libcrypto/man/man3/X509_get_serialNumber.3 index e106d65e12f0..4fee9f22e51f 100644 --- a/secure/lib/libcrypto/man/man3/X509_get_serialNumber.3 +++ b/secure/lib/libcrypto/man/man3/X509_get_serialNumber.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,17 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_GET_SERIALNUMBER 3" -.TH X509_GET_SERIALNUMBER 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_GET_SERIALNUMBER 3ossl" +.TH X509_GET_SERIALNUMBER 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_get_serialNumber, X509_get0_serialNumber, X509_set_serialNumber \&\- get or set certificate serial number +X509_get_serialNumber, +X509_get0_serialNumber, +X509_set_serialNumber +\&\- get or set certificate serial number .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -194,7 +195,7 @@ The \fBX509_get0_serialNumber()\fR function was added in OpenSSL 1.1.0. .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_get_subject_name.3 b/secure/lib/libcrypto/man/man3/X509_get_subject_name.3 index 163af487ad07..77aa6f9ecef7 100644 --- a/secure/lib/libcrypto/man/man3/X509_get_subject_name.3 +++ b/secure/lib/libcrypto/man/man3/X509_get_subject_name.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,43 +130,74 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_GET_SUBJECT_NAME 3" -.TH X509_GET_SUBJECT_NAME 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_GET_SUBJECT_NAME 3ossl" +.TH X509_GET_SUBJECT_NAME 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_get_subject_name, X509_set_subject_name, X509_get_issuer_name, X509_set_issuer_name, X509_REQ_get_subject_name, X509_REQ_set_subject_name, X509_CRL_get_issuer, X509_CRL_set_issuer_name \- get and set issuer or subject names +X509_NAME_hash_ex, X509_NAME_hash, +X509_get_subject_name, X509_set_subject_name, X509_subject_name_hash, +X509_get_issuer_name, X509_set_issuer_name, X509_issuer_name_hash, +X509_REQ_get_subject_name, X509_REQ_set_subject_name, +X509_CRL_get_issuer, X509_CRL_set_issuer_name \- +get X509_NAME hashes or get and set issuer or subject names .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/x509.h> \& +\& unsigned long X509_NAME_hash_ex(const X509_NAME *x, OSSL_LIB_CTX *libctx, +\& const char *propq, int *ok); +\& \& X509_NAME *X509_get_subject_name(const X509 *x); -\& int X509_set_subject_name(X509 *x, X509_NAME *name); +\& int X509_set_subject_name(X509 *x, const X509_NAME *name); +\& unsigned long X509_subject_name_hash(X509 *x); \& \& X509_NAME *X509_get_issuer_name(const X509 *x); -\& int X509_set_issuer_name(X509 *x, X509_NAME *name); +\& int X509_set_issuer_name(X509 *x, const X509_NAME *name); +\& unsigned long X509_issuer_name_hash(X509 *x); \& \& X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); -\& int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); +\& int X509_REQ_set_subject_name(X509_REQ *req, const X509_NAME *name); \& \& X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); -\& int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); +\& int X509_CRL_set_issuer_name(X509_CRL *x, const X509_NAME *name); +.Ve +.PP +The following macro has been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& #define X509_NAME_hash(x) X509_NAME_hash_ex(x, NULL, NULL, NULL) .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBX509_get_subject_name()\fR returns the subject name of certificate \fBx\fR. The +\&\fBX509_NAME_hash_ex()\fR returns a hash value of name \fIx\fR or 0 on failure, +using any given library context \fIlibctx\fR and property query \fIpropq\fR. +The \fIok\fR result argument may be \s-1NULL\s0 +or else is used to return 1 for success and 0 for failure. +Failure may happen on malloc error or if no \s-1SHA1\s0 implementation is available. +.PP +\&\fBX509_NAME_hash()\fR returns a hash value of name \fIx\fR or 0 on failure, +using the default library context and default property query. +.PP +\&\fBX509_get_subject_name()\fR returns the subject name of certificate \fIx\fR. The returned value is an internal pointer which \fB\s-1MUST NOT\s0\fR be freed. .PP -\&\fBX509_set_subject_name()\fR sets the issuer name of certificate \fBx\fR to -\&\fBname\fR. The \fBname\fR parameter is copied internally and should be freed +\&\fBX509_set_subject_name()\fR sets the issuer name of certificate \fIx\fR to +\&\fIname\fR. The \fIname\fR parameter is copied internally and should be freed up when it is no longer needed. .PP -\&\fBX509_get_issuer_name()\fR and \fBX509_set_issuer_name()\fR are identical to -\&\fBX509_get_subject_name()\fR and \fBX509_set_subject_name()\fR except the get and -set the issuer name of \fBx\fR. +\&\fBX509_subject_name_hash()\fR returns a hash value of the subject name of +certificate \fIx\fR. +.PP +\&\fBX509_get_issuer_name()\fR, \fBX509_set_issuer_name()\fR, and \fBX509_issuer_name_hash()\fR +are identical to +\&\fBX509_get_subject_name()\fR, \fBX509_set_subject_name()\fR, and \fBX509_subject_name_hash()\fR +except they relate to the issuer name of \fIx\fR. .PP Similarly \fBX509_REQ_get_subject_name()\fR, \fBX509_REQ_set_subject_name()\fR, \&\fBX509_CRL_get_issuer()\fR and \fBX509_CRL_set_issuer_name()\fR get or set the subject @@ -178,8 +207,19 @@ or issuer names of certificate requests of CRLs respectively. \&\fBX509_get_subject_name()\fR, \fBX509_get_issuer_name()\fR, \fBX509_REQ_get_subject_name()\fR and \fBX509_CRL_get_issuer()\fR return an \fBX509_NAME\fR pointer. .PP +\&\fBX509_NAME_hash_ex()\fR, \fBX509_NAME_hash()\fR, +\&\fBX509_subject_name_hash()\fR and \fBX509_issuer_name_hash()\fR +return the first four bytes of the \s-1SHA1\s0 hash value, +converted to \fBunsigned long\fR in little endian order, +or 0 on failure. +.PP \&\fBX509_set_subject_name()\fR, \fBX509_set_issuer_name()\fR, \fBX509_REQ_set_subject_name()\fR and \fBX509_CRL_set_issuer_name()\fR return 1 for success and 0 for failure. +.SH "BUGS" +.IX Header "BUGS" +In case \fBX509_NAME_hash()\fR, \fBX509_subject_name_hash()\fR, or \fBX509_issuer_name_hash()\fR +returns 0 it remains unclear if this is the real hash value or due to failure. +Better use \fBX509_NAME_hash_ex()\fR instead. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_X509\fR\|(3), @@ -204,11 +244,13 @@ earlier versions. .PP \&\fBX509_CRL_get_issuer()\fR is a function in OpenSSL 1.1.0. It was previously added in OpenSSL 1.0.0 as a macro. +.PP +\&\fBX509_NAME_hash()\fR was turned into a macro and deprecated in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_get_version.3 b/secure/lib/libcrypto/man/man3/X509_get_version.3 index 50f9a07f10e7..ce02daa5979d 100644 --- a/secure/lib/libcrypto/man/man3/X509_get_version.3 +++ b/secure/lib/libcrypto/man/man3/X509_get_version.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_GET_VERSION 3" -.TH X509_GET_VERSION 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_GET_VERSION 3ossl" +.TH X509_GET_VERSION 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_get_version, X509_set_version, X509_REQ_get_version, X509_REQ_set_version, X509_CRL_get_version, X509_CRL_set_version \- get or set certificate, certificate request or CRL version +X509_get_version, X509_set_version, X509_REQ_get_version, X509_REQ_set_version, +X509_CRL_get_version, X509_CRL_set_version \- get or set certificate, +certificate request or CRL version .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -157,16 +157,18 @@ X509_get_version, X509_set_version, X509_REQ_get_version, X509_REQ_set_version, .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBX509_get_version()\fR returns the numerical value of the version field of -certificate \fBx\fR. Note: this is defined by standards (X.509 et al) to be one -less than the certificate version. So a version 3 certificate will return 2 and -a version 1 certificate will return 0. +certificate \fBx\fR. These correspond to the constants \fBX509_VERSION_1\fR, +\&\fBX509_VERSION_2\fR, and \fBX509_VERSION_3\fR. Note: the values of these constants +are defined by standards (X.509 et al) to be one less than the certificate +version. So \fBX509_VERSION_3\fR has value 2 and \fBX509_VERSION_1\fR has value 0. .PP \&\fBX509_set_version()\fR sets the numerical value of the version field of certificate \&\fBx\fR to \fBversion\fR. .PP Similarly \fBX509_REQ_get_version()\fR, \fBX509_REQ_set_version()\fR, \&\fBX509_CRL_get_version()\fR and \fBX509_CRL_set_version()\fR get and set the version -number of certificate requests and CRLs. +number of certificate requests and CRLs. They use constants +\&\fBX509_REQ_VERSION_1\fR, \fBX509_CRL_VERSION_1\fR, and \fBX509_CRL_VERSION_2\fR. .SH "NOTES" .IX Header "NOTES" The version field of certificates, certificate requests and CRLs has a @@ -203,9 +205,9 @@ return 1 for success and 0 for failure. functions in OpenSSL 1.1.0, in previous versions they were macros. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_load_http.3 b/secure/lib/libcrypto/man/man3/X509_load_http.3 new file mode 100644 index 000000000000..5767e998f0a8 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_load_http.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_LOAD_HTTP 3ossl" +.TH X509_LOAD_HTTP 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_load_http, +X509_http_nbio, +X509_CRL_load_http, +X509_CRL_http_nbio +\&\- certificate and CRL loading functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509.h> +\& +\& X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout); +\& X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout); +.Ve +.PP +The following macros have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& #define X509_http_nbio(rctx, pcert) +\& #define X509_CRL_http_nbio(rctx, pcrl) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_load_http()\fR and \fBX509_CRL_load_http()\fR loads a certificate or a \s-1CRL,\s0 +respectively, in \s-1ASN.1\s0 format using \s-1HTTP\s0 from the given \fBurl\fR. +.PP +If \fBbio\fR is given and \fBrbio\fR is \s-1NULL\s0 then this \s-1BIO\s0 is used instead of an +internal one for connecting, writing the request, and reading the response. +If both \fBbio\fR and \fBrbio\fR are given (which may be memory BIOs, for instance) +then no explicit connection is attempted, +\&\fBbio\fR is used for writing the request, and \fBrbio\fR for reading the response. +.PP +If the \fBtimeout\fR parameter is > 0 this indicates the maximum number of seconds +to wait until the transfer is complete. +A value of 0 enables waiting indefinitely, +while a value < 0 immediately leads to a timeout condition. +.PP +\&\fBX509_http_nbio()\fR and \fBX509_CRL_http_nbio()\fR are macros for backward compatibility +that have the same effect as the functions above but with infinite timeout +and without the possibility to specify custom BIOs. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +On success the function yield the loaded value, else \s-1NULL.\s0 +Error conditions include connection/transfer timeout, parse errors, etc. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOSSL_HTTP_get\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBX509_load_http()\fR and \fBX509_CRL_load_http()\fR were added in OpenSSL 3.0. +\&\fBX509_http_nbio()\fR and \fBX509_CRL_http_nbio()\fR were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_new.3 b/secure/lib/libcrypto/man/man3/X509_new.3 index 4f6d95847b24..c3a6d58ebb13 100644 --- a/secure/lib/libcrypto/man/man3/X509_new.3 +++ b/secure/lib/libcrypto/man/man3/X509_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,20 +130,23 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_NEW 3" -.TH X509_NEW 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_NEW 3ossl" +.TH X509_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_chain_up_ref, X509_new, X509_free, X509_up_ref \- X509 certificate ASN1 allocation functions +X509_new, X509_new_ex, +X509_free, X509_up_ref, +X509_chain_up_ref \- X509 certificate ASN1 allocation functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/x509.h> \& \& X509 *X509_new(void); +\& X509 *X509_new_ex(OSSL_LIB_CTX *libctx, const char *propq); \& void X509_free(X509 *a); \& int X509_up_ref(X509 *a); \& STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *x); @@ -155,8 +156,16 @@ X509_chain_up_ref, X509_new, X509_free, X509_up_ref \- X509 certificate ASN1 all The X509 \s-1ASN1\s0 allocation routines, allocate and free an X509 structure, which represents an X509 certificate. .PP -\&\fBX509_new()\fR allocates and initializes a X509 structure with reference count -\&\fB1\fR. +\&\fBX509_new_ex()\fR allocates and initializes a X509 structure with a +library context of \fIlibctx\fR, property query of \fIpropq\fR and a reference +count of \fB1\fR. Many X509 functions such as \fBX509_check_purpose()\fR, and +\&\fBX509_verify()\fR use this library context to select which providers supply the +fetched algorithms (\s-1SHA1\s0 is used internally). This created X509 object can then +be used when loading binary data using \fBd2i_X509()\fR. +.PP +\&\fBX509_new()\fR is similar to \fBX509_new_ex()\fR but sets the library context +and property query to \s-1NULL.\s0 This results in the default (\s-1NULL\s0) library context +being used for any X509 operations requiring algorithm fetches. .PP \&\fBX509_free()\fR decrements the reference count of \fBX509\fR structure \fBa\fR and frees it up if the reference count is zero. If \fBa\fR is \s-1NULL\s0 nothing is done. @@ -164,7 +173,7 @@ frees it up if the reference count is zero. If \fBa\fR is \s-1NULL\s0 nothing is \&\fBX509_up_ref()\fR increments the reference count of \fBa\fR. .PP \&\fBX509_chain_up_ref()\fR increases the reference count of all certificates in -chain \fBx\fR and returns a copy of the stack. +chain \fBx\fR and returns a copy of the stack, or an empty stack if \fBa\fR is \s-1NULL.\s0 .SH "NOTES" .IX Header "NOTES" The function \fBX509_up_ref()\fR if useful if a certificate structure is being @@ -172,19 +181,18 @@ used by several different operations each of which will free it up after use: this avoids the need to duplicate the entire certificate structure. .PP The function \fBX509_chain_up_ref()\fR doesn't just up the reference count of -each certificate it also returns a copy of the stack, using \fBsk_X509_dup()\fR, +each certificate. It also returns a copy of the stack, using \fBsk_X509_dup()\fR, but it serves a similar purpose: the returned chain persists after the original has been freed. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -If the allocation fails, \fBX509_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +If the allocation fails, \fBX509_new()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns a pointer to the newly allocated structure. .PP \&\fBX509_up_ref()\fR returns 1 for success and 0 for failure. .PP -\&\fBX509_chain_up_ref()\fR returns a copy of the stack or \fB\s-1NULL\s0\fR if an error -occurred. +\&\fBX509_chain_up_ref()\fR returns a copy of the stack or \s-1NULL\s0 if an error occurred. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBd2i_X509\fR\|(3), @@ -203,11 +211,14 @@ occurred. \&\fBX509_sign\fR\|(3), \&\fBX509V3_get_d2i\fR\|(3), \&\fBX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The function \fBX509_new_ex()\fR was added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_sign.3 b/secure/lib/libcrypto/man/man3/X509_sign.3 index ac68a2b06b2e..f7b41e4cb8e4 100644 --- a/secure/lib/libcrypto/man/man3/X509_sign.3 +++ b/secure/lib/libcrypto/man/man3/X509_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,17 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_SIGN 3" -.TH X509_SIGN 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_SIGN 3ossl" +.TH X509_SIGN 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_sign, X509_sign_ctx, X509_verify, X509_REQ_sign, X509_REQ_sign_ctx, X509_REQ_verify, X509_CRL_sign, X509_CRL_sign_ctx, X509_CRL_verify \- sign or verify certificate, certificate request or CRL signature +X509_sign, X509_sign_ctx, +X509_REQ_sign, X509_REQ_sign_ctx, +X509_CRL_sign, X509_CRL_sign_ctx \- +sign certificate, certificate request, or CRL signature .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -147,29 +148,22 @@ X509_sign, X509_sign_ctx, X509_verify, X509_REQ_sign, X509_REQ_sign_ctx, X509_RE \& \& int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); \& int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); -\& int X509_verify(X509 *a, EVP_PKEY *r); \& \& int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); \& int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); -\& int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); \& \& int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); \& int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); -\& int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBX509_sign()\fR signs certificate \fBx\fR using private key \fBpkey\fR and message -digest \fBmd\fR and sets the signature in \fBx\fR. \fBX509_sign_ctx()\fR also signs -certificate \fBx\fR but uses the parameters contained in digest context \fBctx\fR. -.PP -\&\fBX509_verify()\fR verifies the signature of certificate \fBx\fR using public key -\&\fBpkey\fR. Only the signature is checked: no other checks (such as certificate -chain validity) are performed. +\&\fBX509_sign()\fR signs certificate \fIx\fR using private key \fIpkey\fR and message +digest \fImd\fR and sets the signature in \fIx\fR. \fBX509_sign_ctx()\fR also signs +certificate \fIx\fR but uses the parameters contained in digest context \fIctx\fR. .PP -\&\fBX509_REQ_sign()\fR, \fBX509_REQ_sign_ctx()\fR, \fBX509_REQ_verify()\fR, -\&\fBX509_CRL_sign()\fR, \fBX509_CRL_sign_ctx()\fR and \fBX509_CRL_verify()\fR sign and verify -certificate requests and CRLs respectively. +\&\fBX509_REQ_sign()\fR, \fBX509_REQ_sign_ctx()\fR, +\&\fBX509_CRL_sign()\fR, and \fBX509_CRL_sign_ctx()\fR +sign certificate requests and CRLs, respectively. .SH "NOTES" .IX Header "NOTES" \&\fBX509_sign_ctx()\fR is used where the default parameters for the corresponding @@ -184,44 +178,29 @@ normally a problem because modifying the signed portion will invalidate the signature and signing will always update the encoding. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBX509_sign()\fR, \fBX509_sign_ctx()\fR, \fBX509_REQ_sign()\fR, \fBX509_REQ_sign_ctx()\fR, -\&\fBX509_CRL_sign()\fR and \fBX509_CRL_sign_ctx()\fR return the size of the signature +All functions return the size of the signature in bytes for success and zero for failure. -.PP -\&\fBX509_verify()\fR, \fBX509_REQ_verify()\fR and \fBX509_CRL_verify()\fR return 1 if the -signature is valid and 0 if the signature check fails. If the signature -could not be checked at all because it was invalid or some other error -occurred then \-1 is returned. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBd2i_X509\fR\|(3), \&\fBERR_get_error\fR\|(3), -\&\fBX509_CRL_get0_by_serial\fR\|(3), -\&\fBX509_get0_signature\fR\|(3), -\&\fBX509_get_ext_d2i\fR\|(3), -\&\fBX509_get_extension_flags\fR\|(3), -\&\fBX509_get_pubkey\fR\|(3), -\&\fBX509_get_subject_name\fR\|(3), -\&\fBX509_get_version\fR\|(3), \&\fBX509_NAME_add_entry_by_txt\fR\|(3), -\&\fBX509_NAME_ENTRY_get_object\fR\|(3), -\&\fBX509_NAME_get_index_by_NID\fR\|(3), -\&\fBX509_NAME_print_ex\fR\|(3), \&\fBX509_new\fR\|(3), -\&\fBX509V3_get_d2i\fR\|(3), -\&\fBX509_verify_cert\fR\|(3) +\&\fBX509_verify_cert\fR\|(3), +\&\fBX509_verify\fR\|(3), +\&\fBX509_REQ_verify_ex\fR\|(3), \fBX509_REQ_verify\fR\|(3), +\&\fBX509_CRL_verify\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fBX509_sign()\fR, \fBX509_REQ_sign()\fR and \fBX509_CRL_sign()\fR functions are available in all versions of OpenSSL. .PP The \fBX509_sign_ctx()\fR, \fBX509_REQ_sign_ctx()\fR -and \fBX509_CRL_sign_ctx()\fR functions were added OpenSSL 1.0.1. +and \fBX509_CRL_sign_ctx()\fR functions were added in OpenSSL 1.0.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_verify.3 b/secure/lib/libcrypto/man/man3/X509_verify.3 new file mode 100644 index 000000000000..c338bca47ddc --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_verify.3 @@ -0,0 +1,212 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_VERIFY 3ossl" +.TH X509_VERIFY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_verify, X509_self_signed, +X509_REQ_verify_ex, X509_REQ_verify, +X509_CRL_verify \- +verify certificate, certificate request, or CRL signature +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509.h> +\& +\& int X509_verify(X509 *x, EVP_PKEY *pkey); +\& int X509_self_signed(X509 *cert, int verify_signature); +\& +\& int X509_REQ_verify_ex(X509_REQ *a, EVP_PKEY *pkey, OSSL_LIB_CTX *libctx, +\& const char *propq); +\& int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); +\& int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_verify()\fR verifies the signature of certificate \fIx\fR using public key +\&\fIpkey\fR. Only the signature is checked: no other checks (such as certificate +chain validity) are performed. +.PP +\&\fBX509_self_signed()\fR checks whether certificate \fIcert\fR is self-signed. +For success the issuer and subject names must match, the components of the +authority key identifier (if present) must match the subject key identifier etc. +The signature itself is actually verified only if \fBverify_signature\fR is 1, as +for explicitly trusted certificates this verification is not worth the effort. +.PP +\&\fBX509_REQ_verify_ex()\fR, \fBX509_REQ_verify()\fR and \fBX509_CRL_verify()\fR +verify the signatures of certificate requests and CRLs, respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_verify()\fR, +\&\fBX509_REQ_verify_ex()\fR, \fBX509_REQ_verify()\fR and \fBX509_CRL_verify()\fR +return 1 if the signature is valid and 0 if the signature check fails. +If the signature could not be checked at all because it was ill-formed, +the certificate or the request was not complete or some other error occurred +then \-1 is returned. +.PP +\&\fBX509_self_signed()\fR returns the same values but also returns 1 +if all respective fields match and \fBverify_signature\fR is 0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3), +\&\s-1\fBOSSL_LIB_CTX\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBX509_verify()\fR, \fBX509_REQ_verify()\fR, and \fBX509_CRL_verify()\fR +functions are available in all versions of OpenSSL. +.PP +\&\fBX509_REQ_verify_ex()\fR, and \fBX509_self_signed()\fR were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509_verify_cert.3 b/secure/lib/libcrypto/man/man3/X509_verify_cert.3 index 9fd580ad133f..fc91f231d3ca 100644 --- a/secure/lib/libcrypto/man/man3/X509_verify_cert.3 +++ b/secure/lib/libcrypto/man/man3/X509_verify_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,59 +130,99 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_VERIFY_CERT 3" -.TH X509_VERIFY_CERT 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509_VERIFY_CERT 3ossl" +.TH X509_VERIFY_CERT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_verify_cert \- discover and verify X509 certificate chain +X509_build_chain, +X509_verify_cert, +X509_STORE_CTX_verify \- build and verify X509 certificate chain .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& #include <openssl/x509.h> +\& #include <openssl/x509_vfy.h> \& +\& STACK_OF(X509) *X509_build_chain(X509 *target, STACK_OF(X509) *certs, +\& X509_STORE *store, int with_self_signed, +\& OSSL_LIB_CTX *libctx, const char *propq); \& int X509_verify_cert(X509_STORE_CTX *ctx); +\& int X509_STORE_CTX_verify(X509_STORE_CTX *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +\&\fBX509_build_chain()\fR builds a certificate chain starting from \fItarget\fR +using the optional list of intermediate \s-1CA\s0 certificates \fIcerts\fR. +If \fIstore\fR is \s-1NULL\s0 it builds the chain as far down as possible, ignoring errors. +Else the chain must reach a trust anchor contained in \fIstore\fR. +It internally uses a \fBX509_STORE_CTX\fR structure associated with the library +context \fIlibctx\fR and property query string \fIpropq\fR, both of which may be \s-1NULL.\s0 +In case there is more than one possibility for the chain, only one is taken. +.PP +On success it returns a pointer to a new stack of (up_ref'ed) certificates +starting with \fItarget\fR and followed by all available intermediate certificates. +A self-signed trust anchor is included only if \fItarget\fR is the trust anchor +of \fIwith_self_signed\fR is 1. +If a non-NULL stack is returned the caller is responsible for freeing it. +.PP The \fBX509_verify_cert()\fR function attempts to discover and validate a -certificate chain based on parameters in \fBctx\fR. A complete description of -the process is contained in the \fBverify\fR\|(1) manual page. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -If a complete chain can be built and validated this function returns 1, -otherwise it return zero, in exceptional circumstances it can also -return a negative code. +certificate chain based on parameters in \fIctx\fR. +The verification context, of type \fBX509_STORE_CTX\fR, can be constructed +using \fBX509_STORE_CTX_new\fR\|(3) and \fBX509_STORE_CTX_init\fR\|(3). +It usually includes a target certificate to be verified, +a set of certificates serving as trust anchors, +a list of non-trusted certificates that may be helpful for chain construction, +flags such as X509_V_FLAG_X509_STRICT, and various other optional components +such as a callback function that allows customizing the verification outcome. +A complete description of the certificate verification process is contained in +the \fBopenssl\-verification\-options\fR\|(1) manual page. .PP -If the function fails additional error information can be obtained by -examining \fBctx\fR using, for example \fBX509_STORE_CTX_get_error()\fR. -.SH "NOTES" -.IX Header "NOTES" Applications rarely call this function directly but it is used by OpenSSL internally for certificate validation, in both the S/MIME and \&\s-1SSL/TLS\s0 code. .PP A negative return value from \fBX509_verify_cert()\fR can occur if it is invoked -incorrectly, such as with no certificate set in \fBctx\fR, or when it is called -twice in succession without reinitialising \fBctx\fR for the second call. -A negative return value can also happen due to internal resource problems or if -a retry operation is requested during internal lookups (which never happens -with standard lookup methods). -Applications must check for <= 0 return value on error. -.SH "BUGS" -.IX Header "BUGS" -This function uses the header \fBx509.h\fR as opposed to most chain verification -functions which use \fBx509_vfy.h\fR. +incorrectly, such as with no certificate set in \fIctx\fR, or when it is called +twice in succession without reinitialising \fIctx\fR for the second call. +A negative return value can also happen due to internal resource problems +or because an internal inconsistency has been detected. +Applications must interpret any return value <= 0 as an error. +.PP +The \fBX509_STORE_CTX_verify()\fR behaves like \fBX509_verify_cert()\fR except that its +target certificate is the first element of the list of untrusted certificates +in \fIctx\fR unless a target certificate is set explicitly. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_build_chain()\fR returns \s-1NULL\s0 on error, else a stack of certificates. +.PP +Both \fBX509_verify_cert()\fR and \fBX509_STORE_CTX_verify()\fR +return 1 if a complete chain can be built and validated, +otherwise they return 0, and in exceptional circumstances (such as malloc +failure and internal errors) they can also return a negative code. +.PP +If a complete chain can be built and validated both functions return 1. +If the certificate must be rejected on the basis of the data available +or any required certificate status data is not available they return 0. +If no definite answer possible they usually return a negative code. +.PP +On error or failure additional error information can be obtained by +examining \fIctx\fR using, for example, \fBX509_STORE_CTX_get_error\fR\|(3). Even if +verification indicated success, the stored error code may be different from +X509_V_OK, likely because a verification callback function has waived the error. .SH "SEE ALSO" .IX Header "SEE ALSO" +\&\fBX509_STORE_CTX_new\fR\|(3), \fBX509_STORE_CTX_init\fR\|(3), \&\fBX509_STORE_CTX_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBX509_build_chain()\fR and \fBX509_STORE_CTX_verify()\fR were added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/X509v3_get_ext_by_NID.3 b/secure/lib/libcrypto/man/man3/X509v3_get_ext_by_NID.3 index 77a678f802d0..62b27506a161 100644 --- a/secure/lib/libcrypto/man/man3/X509v3_get_ext_by_NID.3 +++ b/secure/lib/libcrypto/man/man3/X509v3_get_ext_by_NID.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,23 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509V3_GET_EXT_BY_NID 3" -.TH X509V3_GET_EXT_BY_NID 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "X509V3_GET_EXT_BY_NID 3ossl" +.TH X509V3_GET_EXT_BY_NID 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509v3_get_ext_count, X509v3_get_ext, X509v3_get_ext_by_NID, X509v3_get_ext_by_OBJ, X509v3_get_ext_by_critical, X509v3_delete_ext, X509v3_add_ext, X509_get_ext_count, X509_get_ext, X509_get_ext_by_NID, X509_get_ext_by_OBJ, X509_get_ext_by_critical, X509_delete_ext, X509_add_ext, X509_CRL_get_ext_count, X509_CRL_get_ext, X509_CRL_get_ext_by_NID, X509_CRL_get_ext_by_OBJ, X509_CRL_get_ext_by_critical, X509_CRL_delete_ext, X509_CRL_add_ext, X509_REVOKED_get_ext_count, X509_REVOKED_get_ext, X509_REVOKED_get_ext_by_NID, X509_REVOKED_get_ext_by_OBJ, X509_REVOKED_get_ext_by_critical, X509_REVOKED_delete_ext, X509_REVOKED_add_ext \- extension stack utility functions +X509v3_get_ext_count, X509v3_get_ext, X509v3_get_ext_by_NID, +X509v3_get_ext_by_OBJ, X509v3_get_ext_by_critical, X509v3_delete_ext, +X509v3_add_ext, X509_get_ext_count, X509_get_ext, +X509_get_ext_by_NID, X509_get_ext_by_OBJ, X509_get_ext_by_critical, +X509_delete_ext, X509_add_ext, X509_CRL_get_ext_count, X509_CRL_get_ext, +X509_CRL_get_ext_by_NID, X509_CRL_get_ext_by_OBJ, X509_CRL_get_ext_by_critical, +X509_CRL_delete_ext, X509_CRL_add_ext, X509_REVOKED_get_ext_count, +X509_REVOKED_get_ext, X509_REVOKED_get_ext_by_NID, X509_REVOKED_get_ext_by_OBJ, +X509_REVOKED_get_ext_by_critical, X509_REVOKED_delete_ext, +X509_REVOKED_add_ext \- extension stack utility functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -169,7 +176,8 @@ X509v3_get_ext_count, X509v3_get_ext, X509v3_get_ext_by_NID, X509v3_get_ext_by_O \& int X509_CRL_get_ext_count(const X509_CRL *x); \& X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); \& int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); -\& int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, int lastpos); +\& int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, +\& int lastpos); \& int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos); \& X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); \& int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); @@ -185,70 +193,79 @@ X509v3_get_ext_count, X509v3_get_ext, X509v3_get_ext_by_NID, X509v3_get_ext_by_O .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBX509v3_get_ext_count()\fR retrieves the number of extensions in \fBx\fR. +\&\fBX509v3_get_ext_count()\fR retrieves the number of extensions in \fIx\fR. .PP -\&\fBX509v3_get_ext()\fR retrieves extension \fBloc\fR from \fBx\fR. The index \fBloc\fR -can take any value from \fB0\fR to X509_get_ext_count(x) \- 1. The returned -extension is an internal pointer which \fBmust not\fR be freed up by the +\&\fBX509v3_get_ext()\fR retrieves extension \fIloc\fR from \fIx\fR. The index \fIloc\fR +can take any value from 0 to X509_get_ext_count(\fIx\fR) \- 1. The returned +extension is an internal pointer which \fB\s-1MUST NOT\s0\fR be freed by the application. .PP \&\fBX509v3_get_ext_by_NID()\fR and \fBX509v3_get_ext_by_OBJ()\fR look for an extension -with \fBnid\fR or \fBobj\fR from extension stack \fBx\fR. The search starts from the -extension after \fBlastpos\fR or from the beginning if <lastpos> is \fB\-1\fR. If -the extension is found its index is returned otherwise \fB\-1\fR is returned. +with \fInid\fR or \fIobj\fR from extension \s-1STACK\s0 \fIx\fR. The search starts from the +extension after \fIlastpos\fR or from the beginning if \fIlastpos\fR is \-1. If +the extension is found, its index is returned, otherwise \-1 is returned. .PP \&\fBX509v3_get_ext_by_critical()\fR is similar to \fBX509v3_get_ext_by_NID()\fR except it -looks for an extension of criticality \fBcrit\fR. A zero value for \fBcrit\fR -looks for a non-critical extension a nonzero value looks for a critical +looks for an extension of criticality \fIcrit\fR. A zero value for \fIcrit\fR +looks for a non-critical extension. A nonzero value looks for a critical extension. .PP -\&\fBX509v3_delete_ext()\fR deletes the extension with index \fBloc\fR from \fBx\fR. The -deleted extension is returned and must be freed by the caller. If \fBloc\fR -is in invalid index value \fB\s-1NULL\s0\fR is returned. +\&\fBX509v3_delete_ext()\fR deletes the extension with index \fIloc\fR from \fIx\fR. +The deleted extension is returned and must be freed by the caller. +If \fIloc\fR is an invalid index value, \s-1NULL\s0 is returned. .PP -\&\fBX509v3_add_ext()\fR adds extension \fBex\fR to stack \fB*x\fR at position \fBloc\fR. If -\&\fBloc\fR is \fB\-1\fR the new extension is added to the end. If \fB*x\fR is \fB\s-1NULL\s0\fR -a new stack will be allocated. The passed extension \fBex\fR is duplicated +\&\fBX509v3_add_ext()\fR adds extension \fIex\fR to \s-1STACK\s0 \fI*x\fR at position \fIloc\fR. If +\&\fIloc\fR is \-1, the new extension is added to the end. If \fI*x\fR is \s-1NULL,\s0 +a new \s-1STACK\s0 will be allocated. The passed extension \fIex\fR is duplicated internally so it must be freed after use. .PP \&\fBX509_get_ext_count()\fR, \fBX509_get_ext()\fR, \fBX509_get_ext_by_NID()\fR, \&\fBX509_get_ext_by_OBJ()\fR, \fBX509_get_ext_by_critical()\fR, \fBX509_delete_ext()\fR -and \fBX509_add_ext()\fR operate on the extensions of certificate \fBx\fR they are +and \fBX509_add_ext()\fR operate on the extensions of certificate \fIx\fR. They are otherwise identical to the X509v3 functions. .PP \&\fBX509_CRL_get_ext_count()\fR, \fBX509_CRL_get_ext()\fR, \fBX509_CRL_get_ext_by_NID()\fR, \&\fBX509_CRL_get_ext_by_OBJ()\fR, \fBX509_CRL_get_ext_by_critical()\fR, \&\fBX509_CRL_delete_ext()\fR and \fBX509_CRL_add_ext()\fR operate on the extensions of -\&\s-1CRL\s0 \fBx\fR they are otherwise identical to the X509v3 functions. +\&\s-1CRL\s0 \fIx\fR. They are otherwise identical to the X509v3 functions. .PP \&\fBX509_REVOKED_get_ext_count()\fR, \fBX509_REVOKED_get_ext()\fR, \&\fBX509_REVOKED_get_ext_by_NID()\fR, \fBX509_REVOKED_get_ext_by_OBJ()\fR, \&\fBX509_REVOKED_get_ext_by_critical()\fR, \fBX509_REVOKED_delete_ext()\fR and -\&\fBX509_REVOKED_add_ext()\fR operate on the extensions of \s-1CRL\s0 entry \fBx\fR -they are otherwise identical to the X509v3 functions. +\&\fBX509_REVOKED_add_ext()\fR operate on the extensions of \s-1CRL\s0 entry \fIx\fR. +They are otherwise identical to the X509v3 functions. .SH "NOTES" .IX Header "NOTES" -These functions are used to examine stacks of extensions directly. Many -applications will want to parse or encode and add an extension: they should -use the extension encode and decode functions instead such as +These functions are used to examine stacks of extensions directly. +Applications that want to parse or encode and add an extension should +use the extension encode and decode functions instead, such as \&\fBX509_add1_ext_i2d()\fR and \fBX509_get_ext_d2i()\fR. .PP -Extension indices start from zero, so a zero index return value is \fBnot\fR an -error. These search functions start from the extension \fBafter\fR the \fBlastpos\fR -parameter so it should initially be set to \fB\-1\fR, if it is set to zero the -initial extension will not be checked. +For \fBX509v3_get_ext_by_NID()\fR, \fBX509v3_get_ext_by_OBJ()\fR, +\&\fBX509v3_get_ext_by_critical()\fR and its variants, a zero index return value +is not an error since extension \s-1STACK\s0 \fIx\fR indices start from zero. +These search functions start from the extension \fBafter\fR the \fIlastpos\fR parameter +so it should initially be set to \-1. If it is set to zero, the initial extension +will not be checked. +.PP +\&\fBX509v3_delete_ext()\fR and its variants are a bit counter-intuitive +because these functions do not free the extension they delete. +They return an \fBX509_EXTENSION\fR object which must be explicitly freed +using \fBX509_EXTENSION_free()\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBX509v3_get_ext_count()\fR returns the extension count. +\&\fBX509v3_get_ext_count()\fR returns the extension count or 0 for failure. .PP \&\fBX509v3_get_ext()\fR, \fBX509v3_delete_ext()\fR and \fBX509_delete_ext()\fR return an -\&\fBX509_EXTENSION\fR pointer or \fB\s-1NULL\s0\fR if an error occurs. +\&\fBX509_EXTENSION\fR structure or \s-1NULL\s0 if an error occurs. +.PP +\&\fBX509v3_get_ext_by_OBJ()\fR and \fBX509v3_get_ext_by_critical()\fR return +the extension index or \-1 if an error occurs. .PP -\&\fBX509v3_get_ext_by_NID()\fR \fBX509v3_get_ext_by_OBJ()\fR and -\&\fBX509v3_get_ext_by_critical()\fR return the an extension index or \fB\-1\fR if an +\&\fBX509v3_get_ext_by_NID()\fR returns the extension index or negative values if an error occurs. .PP -\&\fBX509v3_add_ext()\fR returns a stack of extensions or \fB\s-1NULL\s0\fR on error. +\&\fBX509v3_add_ext()\fR returns a \s-1STACK\s0 of extensions or \s-1NULL\s0 on error. .PP \&\fBX509_add_ext()\fR returns 1 on success and 0 on error. .SH "SEE ALSO" @@ -256,9 +273,9 @@ error occurs. \&\fBX509V3_get_d2i\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/b2i_PVK_bio_ex.3 b/secure/lib/libcrypto/man/man3/b2i_PVK_bio_ex.3 new file mode 100644 index 000000000000..927c6a60df5f --- /dev/null +++ b/secure/lib/libcrypto/man/man3/b2i_PVK_bio_ex.3 @@ -0,0 +1,198 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "B2I_PVK_BIO_EX 3ossl" +.TH B2I_PVK_BIO_EX 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +b2i_PVK_bio, b2i_PVK_bio_ex, i2b_PVK_bio, i2b_PVK_bio_ex \- Decode and encode +functions for reading and writing MSBLOB format private keys +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/pem.h> +\& +\& EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u); +\& EVP_PKEY *b2i_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u, +\& OSSL_LIB_CTX *libctx, const char *propq); +\& int i2b_PVK_bio(BIO *out, const EVP_PKEY *pk, int enclevel, +\& pem_password_cb *cb, void *u); +\& int i2b_PVK_bio_ex(BIO *out, const EVP_PKEY *pk, int enclevel, +\& pem_password_cb *cb, void *u, +\& OSSL_LIB_CTX *libctx, const char *propq); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBb2i_PVK_bio_ex()\fR decodes a private key of \s-1MSBLOB\s0 format read from a \fB\s-1BIO\s0\fR. It +attempts to automatically determine the key type. If the key is encrypted then +\&\fIcb\fR is called with the user data \fIu\fR in order to obtain a password to decrypt +the key. The supplied library context \fIlibctx\fR and property query +string \fIpropq\fR are used in any decrypt operation. +.PP +\&\fBb2i_PVK_bio()\fR does the same as \fBb2i_PVK_bio_ex()\fR except that the default +library context and property query string are used. +.PP +\&\fBi2b_PVK_bio_ex()\fR encodes \fIpk\fR using \s-1MSBLOB\s0 format. If \fIenclevel\fR is 1 then +a password obtained via \fIpem_password_cb\fR is used to encrypt the private key. +If \fIenclevel\fR is 0 then no encryption is applied. The user data in \fIu\fR is +passed to the password callback. The supplied library context \fIlibctx\fR and +property query string \fIpropq\fR are used in any decrypt operation. +.PP +\&\fBi2b_PVK_bio()\fR does the same as \fBi2b_PVK_bio_ex()\fR except that the default +library context and property query string are used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fBb2i_PVK_bio()\fR and \fBb2i_PVK_bio_ex()\fR functions return a valid \fB\s-1EVP_KEY\s0\fR +structure or \fB\s-1NULL\s0\fR if an error occurs. The error code can be obtained by calling +\&\fBERR_get_error\fR\|(3). +.PP +\&\fBi2b_PVK_bio()\fR and \fBi2b_PVK_bio_ex()\fR return the number of bytes successfully +encoded or a negative value if an error occurs. The error code can be obtained +by calling \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), +\&\fBd2i_PKCS8PrivateKey_bio\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBb2i_PVK_bio_ex()\fR and \fBi2b_PVK_bio_ex()\fR were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/d2i_PKCS8PrivateKey_bio.3 b/secure/lib/libcrypto/man/man3/d2i_PKCS8PrivateKey_bio.3 index 8e071d73618f..01b0cac7b2b4 100644 --- a/secure/lib/libcrypto/man/man3/d2i_PKCS8PrivateKey_bio.3 +++ b/secure/lib/libcrypto/man/man3/d2i_PKCS8PrivateKey_bio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,16 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "D2I_PKCS8PRIVATEKEY_BIO 3" -.TH D2I_PKCS8PRIVATEKEY_BIO 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "D2I_PKCS8PRIVATEKEY_BIO 3ossl" +.TH D2I_PKCS8PRIVATEKEY_BIO 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp, i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp, i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp \- PKCS#8 format private key functions +d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp, +i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp, +i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp \- PKCS#8 format private key functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -148,19 +148,19 @@ d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp, i2d_PKCS8PrivateKey_bio, i2d_PK \& EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); \& EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); \& -\& int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& int i2d_PKCS8PrivateKey_bio(BIO *bp, const EVP_PKEY *x, const EVP_CIPHER *enc, \& char *kstr, int klen, \& pem_password_cb *cb, void *u); \& -\& int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& int i2d_PKCS8PrivateKey_fp(FILE *fp, const EVP_PKEY *x, const EVP_CIPHER *enc, \& char *kstr, int klen, \& pem_password_cb *cb, void *u); \& -\& int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, +\& int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, const EVP_PKEY *x, int nid, \& char *kstr, int klen, \& pem_password_cb *cb, void *u); \& -\& int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, +\& int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, const EVP_PKEY *x, int nid, \& char *kstr, int klen, \& pem_password_cb *cb, void *u); .Ve @@ -197,7 +197,7 @@ and \fBi2d_PKCS8PrivateKey_nid_fp()\fR return 1 on success or 0 on error. .IX Header "COPYRIGHT" Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/d2i_PrivateKey.3 b/secure/lib/libcrypto/man/man3/d2i_PrivateKey.3 index c59a8f66388b..461cf769f25f 100644 --- a/secure/lib/libcrypto/man/man3/d2i_PrivateKey.3 +++ b/secure/lib/libcrypto/man/man3/d2i_PrivateKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,47 +130,94 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "D2I_PRIVATEKEY 3" -.TH D2I_PRIVATEKEY 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "D2I_PRIVATEKEY 3ossl" +.TH D2I_PRIVATEKEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -d2i_PrivateKey, d2i_PublicKey, d2i_AutoPrivateKey, i2d_PrivateKey, i2d_PublicKey, d2i_PrivateKey_bio, d2i_PrivateKey_fp \&\- decode and encode functions for reading and saving EVP_PKEY structures +d2i_PrivateKey_ex, d2i_PrivateKey, d2i_PublicKey, d2i_KeyParams, +d2i_AutoPrivateKey_ex, d2i_AutoPrivateKey, i2d_PrivateKey, i2d_PublicKey, +i2d_KeyParams, i2d_KeyParams_bio, d2i_PrivateKey_ex_bio, d2i_PrivateKey_bio, +d2i_PrivateKey_ex_fp, d2i_PrivateKey_fp, d2i_KeyParams_bio, i2d_PrivateKey_bio, +i2d_PrivateKey_fp +\&\- decode and encode functions for reading and saving EVP_PKEY structures .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> \& +\& EVP_PKEY *d2i_PrivateKey_ex(int type, EVP_PKEY **a, const unsigned char **pp, +\& long length, OSSL_LIB_CTX *libctx, +\& const char *propq); \& EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, \& long length); \& EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, \& long length); +\& EVP_PKEY *d2i_KeyParams(int type, EVP_PKEY **a, const unsigned char **pp, +\& long length); +\& EVP_PKEY *d2i_AutoPrivateKey_ex(EVP_PKEY **a, const unsigned char **pp, +\& long length, OSSL_LIB_CTX *libctx, +\& const char *propq); \& EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, \& long length); -\& int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); -\& int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); \& +\& int i2d_PrivateKey(const EVP_PKEY *a, unsigned char **pp); +\& int i2d_PublicKey(const EVP_PKEY *a, unsigned char **pp); +\& int i2d_KeyParams(const EVP_PKEY *a, unsigned char **pp); +\& int i2d_KeyParams_bio(BIO *bp, const EVP_PKEY *pkey); +\& EVP_PKEY *d2i_KeyParams_bio(int type, EVP_PKEY **a, BIO *in); +\& +\& +\& #include <openssl/x509.h> +\& +\& EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, +\& const char *propq); \& EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); -\& EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a) +\& EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, +\& const char *propq); +\& EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); +\& +\& int i2d_PrivateKey_bio(BIO *bp, const EVP_PKEY *pkey); +\& int i2d_PrivateKey_fp(FILE *fp, const EVP_PKEY *pkey); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBd2i_PrivateKey()\fR decodes a private key using algorithm \fBtype\fR. It attempts to -use any key specific format or PKCS#8 unencrypted PrivateKeyInfo format. The -\&\fBtype\fR parameter should be a public key algorithm constant such as -\&\fB\s-1EVP_PKEY_RSA\s0\fR. An error occurs if the decoded key does not match \fBtype\fR. +\&\fBd2i_PrivateKey_ex()\fR decodes a private key using algorithm \fItype\fR. It attempts +to use any key-specific format or PKCS#8 unencrypted PrivateKeyInfo format. +The \fItype\fR parameter should be a public key algorithm constant such as +\&\fB\s-1EVP_PKEY_RSA\s0\fR. An error occurs if the decoded key does not match \fItype\fR. Some +private key decoding implementations may use cryptographic algorithms (for +example to automatically derive the public key if it is not explicitly +included in the encoding). In this case the supplied library context \fIlibctx\fR +and property query string \fIpropq\fR are used. +If successful and the \fIa\fR parameter is not \s-1NULL\s0 the function assigns the +returned \fB\s-1EVP_PKEY\s0\fR structure pointer to \fI*a\fR, overwriting any previous value. +.PP +\&\fBd2i_PrivateKey()\fR does the same as \fBd2i_PrivateKey_ex()\fR except that the default +library context and property query string are used. \&\fBd2i_PublicKey()\fR does the same for public keys. +\&\fBd2i_KeyParams()\fR does the same for key parameters. +.PP +The \fBd2i_PrivateKey_ex_bio()\fR and \fBd2i_PrivateKey_bio()\fR functions are similar to +\&\fBd2i_PrivateKey_ex()\fR and \fBd2i_PrivateKey()\fR respectively except that they decode +the data read from the given \s-1BIO.\s0 The \fBd2i_PrivateKey_ex_fp()\fR and +\&\fBd2i_PrivateKey_fp()\fR functions are the same except that they read the data from +the given \s-1FILE.\s0 .PP -\&\fBd2i_AutoPrivateKey()\fR is similar to \fBd2i_PrivateKey()\fR except it attempts to -automatically detect the private key format. +\&\fBd2i_AutoPrivateKey_ex()\fR and \fBd2i_AutoPrivateKey()\fR are similar to +\&\fBd2i_PrivateKey_ex()\fR and \fBd2i_PrivateKey()\fR respectively except that they attempt +to automatically detect the private key format. .PP -\&\fBi2d_PrivateKey()\fR encodes \fBkey\fR. It uses a key specific format or, if none is +\&\fBi2d_PrivateKey()\fR encodes \fIa\fR. It uses a key specific format or, if none is defined for that key type, PKCS#8 unencrypted PrivateKeyInfo format. \&\fBi2d_PublicKey()\fR does the same for public keys. -.PP +\&\fBi2d_KeyParams()\fR does the same for key parameters. These functions are similar to the \fBd2i_X509()\fR functions; see \fBd2i_X509\fR\|(3). +\&\fBi2d_PrivateKey_bio()\fR and \fBi2d_PrivateKey_fp()\fR do the same thing except that they +encode to a \fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR respectively. Again, these work similarly to the +functions described in \fBd2i_X509\fR\|(3). .SH "NOTES" .IX Header "NOTES" All the functions that operate on data in memory update the data pointer \fI*pp\fR @@ -183,31 +228,36 @@ All these functions use \s-1DER\s0 format and unencrypted keys. Applications wis to encrypt or decrypt private keys should use other functions such as \&\fBd2i_PKCS8PrivateKey()\fR instead. .PP -If the \fB*a\fR is not \s-1NULL\s0 when calling \fBd2i_PrivateKey()\fR or \fBd2i_AutoPrivateKey()\fR -(i.e. an existing structure is being reused) and the key format is PKCS#8 -then \fB*a\fR will be freed and replaced on a successful call. -.PP -To decode a key with type \fB\s-1EVP_PKEY_EC\s0\fR, \fBd2i_PublicKey()\fR requires \fB*a\fR to be +To decode a key with type \fB\s-1EVP_PKEY_EC\s0\fR, \fBd2i_PublicKey()\fR requires \fI*a\fR to be a non-NULL \s-1EVP_PKEY\s0 structure assigned an \s-1EC_KEY\s0 structure referencing the proper \&\s-1EC_GROUP.\s0 .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The \fBd2i_PrivateKey()\fR, \fBd2i_AutoPrivateKey()\fR, \fBd2i_PrivateKey_bio()\fR, \fBd2i_PrivateKey_fp()\fR, -and \fBd2i_PublicKey()\fR functions return a valid \fB\s-1EVP_KEY\s0\fR structure or \fB\s-1NULL\s0\fR if an -error occurs. The error code can be obtained by calling \fBERR_get_error\fR\|(3). +The \fBd2i_PrivateKey_ex()\fR, \fBd2i_PrivateKey()\fR, \fBd2i_AutoPrivateKey_ex()\fR, +\&\fBd2i_AutoPrivateKey()\fR, \fBd2i_PrivateKey_ex_bio()\fR, \fBd2i_PrivateKey_bio()\fR, +\&\fBd2i_PrivateKey_ex_fp()\fR, \fBd2i_PrivateKey_fp()\fR, \fBd2i_PublicKey()\fR, \fBd2i_KeyParams()\fR +and \fBd2i_KeyParams_bio()\fR functions return a valid \fB\s-1EVP_PKEY\s0\fR structure or \s-1NULL\s0 if +an error occurs. The error code can be obtained by calling \fBERR_get_error\fR\|(3). +.PP +\&\fBi2d_PrivateKey()\fR, \fBi2d_PublicKey()\fR and \fBi2d_KeyParams()\fR return the number of +bytes successfully encoded or a negative value if an error occurs. The error +code can be obtained by calling \fBERR_get_error\fR\|(3). .PP -\&\fBi2d_PrivateKey()\fR and \fBi2d_PublicKey()\fR return the number of bytes successfully -encoded or a negative value if an error occurs. The error code can be obtained -by calling \fBERR_get_error\fR\|(3). +\&\fBi2d_PrivateKey_bio()\fR, \fBi2d_PrivateKey_fp()\fR and \fBi2d_KeyParams_bio()\fR return 1 if +successfully encoded or zero if an error occurs. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBcrypto\fR\|(7), \&\fBd2i_PKCS8PrivateKey_bio\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBd2i_PrivateKey_ex()\fR, \fBd2i_PrivateKey_ex_bio()\fR, \fBd2i_PrivateKey_ex_fp()\fR, and +\&\fBd2i_AutoPrivateKey_ex()\fR were added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2017\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/d2i_RSAPrivateKey.3 b/secure/lib/libcrypto/man/man3/d2i_RSAPrivateKey.3 new file mode 100644 index 000000000000..81d0c4c28c98 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/d2i_RSAPrivateKey.3 @@ -0,0 +1,424 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "D2I_RSAPRIVATEKEY 3ossl" +.TH D2I_RSAPRIVATEKEY 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_DSAPrivateKey, +d2i_DSAPrivateKey_bio, +d2i_DSAPrivateKey_fp, +d2i_DSAPublicKey, +d2i_DSA_PUBKEY, +d2i_DSA_PUBKEY_bio, +d2i_DSA_PUBKEY_fp, +d2i_DSAparams, +d2i_RSAPrivateKey, +d2i_RSAPrivateKey_bio, +d2i_RSAPrivateKey_fp, +d2i_RSAPublicKey, +d2i_RSAPublicKey_bio, +d2i_RSAPublicKey_fp, +d2i_RSA_PUBKEY, +d2i_RSA_PUBKEY_bio, +d2i_RSA_PUBKEY_fp, +d2i_DHparams, +d2i_DHparams_bio, +d2i_DHparams_fp, +d2i_ECParameters, +d2i_ECPrivateKey, +d2i_ECPrivateKey_bio, +d2i_ECPrivateKey_fp, +d2i_EC_PUBKEY, +d2i_EC_PUBKEY_bio, +d2i_EC_PUBKEY_fp, +i2d_RSAPrivateKey, +i2d_RSAPrivateKey_bio, +i2d_RSAPrivateKey_fp, +i2d_RSAPublicKey, +i2d_RSAPublicKey_bio, +i2d_RSAPublicKey_fp, +i2d_RSA_PUBKEY, +i2d_RSA_PUBKEY_bio, +i2d_RSA_PUBKEY_fp, +i2d_DHparams, +i2d_DHparams_bio, +i2d_DHparams_fp, +i2d_DSAPrivateKey, +i2d_DSAPrivateKey_bio, +i2d_DSAPrivateKey_fp, +i2d_DSAPublicKey, +i2d_DSA_PUBKEY, +i2d_DSA_PUBKEY_bio, +i2d_DSA_PUBKEY_fp, +i2d_DSAparams, +i2d_ECParameters, +i2d_ECPrivateKey, +i2d_ECPrivateKey_bio, +i2d_ECPrivateKey_fp, +i2d_EC_PUBKEY, +i2d_EC_PUBKEY_bio, +i2d_EC_PUBKEY_fp +\&\- DEPRECATED +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, +see \fBopenssl_user_macros\fR\|(7): +.PP +.Vb 12 +\& TYPE *d2i_TYPEPrivateKey(TYPE **a, const unsigned char **ppin, long length); +\& TYPE *d2i_TYPEPrivateKey_bio(BIO *bp, TYPE **a); +\& TYPE *d2i_TYPEPrivateKey_fp(FILE *fp, TYPE **a); +\& TYPE *d2i_TYPEPublicKey(TYPE **a, const unsigned char **ppin, long length); +\& TYPE *d2i_TYPEPublicKey_bio(BIO *bp, TYPE **a); +\& TYPE *d2i_TYPEPublicKey_fp(FILE *fp, TYPE **a); +\& TYPE *d2i_TYPEparams(TYPE **a, const unsigned char **ppin, long length); +\& TYPE *d2i_TYPEparams_bio(BIO *bp, TYPE **a); +\& TYPE *d2i_TYPEparams_fp(FILE *fp, TYPE **a); +\& TYPE *d2i_TYPE_PUBKEY(TYPE **a, const unsigned char **ppin, long length); +\& TYPE *d2i_TYPE_PUBKEY_bio(BIO *bp, TYPE **a); +\& TYPE *d2i_TYPE_PUBKEY_fp(FILE *fp, TYPE **a); +\& +\& int i2d_TYPEPrivateKey(const TYPE *a, unsigned char **ppout); +\& int i2d_TYPEPrivateKey(TYPE *a, unsigned char **ppout); +\& int i2d_TYPEPrivateKey_fp(FILE *fp, const TYPE *a); +\& int i2d_TYPEPrivateKey_fp(FILE *fp, TYPE *a); +\& int i2d_TYPEPrivateKey_bio(BIO *bp, const TYPE *a); +\& int i2d_TYPEPrivateKey_bio(BIO *bp, TYPE *a); +\& int i2d_TYPEPublicKey(const TYPE *a, unsigned char **ppout); +\& int i2d_TYPEPublicKey(TYPE *a, unsigned char **ppout); +\& int i2d_TYPEPublicKey_fp(FILE *fp, const TYPE *a); +\& int i2d_TYPEPublicKey_fp(FILE *fp, TYPE *a); +\& int i2d_TYPEPublicKey_bio(BIO *bp, const TYPE *a); +\& int i2d_TYPEPublicKey_bio(BIO *bp, TYPE *a); +\& int i2d_TYPEparams(const TYPE *a, unsigned char **ppout); +\& int i2d_TYPEparams(TYPE *a, unsigned char **ppout); +\& int i2d_TYPEparams_fp(FILE *fp, const TYPE *a); +\& int i2d_TYPEparams_fp(FILE *fp, TYPE *a); +\& int i2d_TYPEparams_bio(BIO *bp, const TYPE *a); +\& int i2d_TYPEparams_bio(BIO *bp, TYPE *a); +\& int i2d_TYPE_PUBKEY(const TYPE *a, unsigned char **ppout); +\& int i2d_TYPE_PUBKEY(TYPE *a, unsigned char **ppout); +\& int i2d_TYPE_PUBKEY_fp(FILE *fp, const TYPE *a); +\& int i2d_TYPE_PUBKEY_fp(FILE *fp, TYPE *a); +\& int i2d_TYPE_PUBKEY_bio(BIO *bp, const TYPE *a); +\& int i2d_TYPE_PUBKEY_bio(BIO *bp, TYPE *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All functions described here are deprecated. Please use \s-1\fBOSSL_DECODER\s0\fR\|(3) +instead of the \fBd2i\fR functions and \s-1\fBOSSL_ENCODER\s0\fR\|(3) instead of the \fBi2d\fR +functions. See \*(L"Migration\*(R" below. +.PP +In the description here, \fB\f(BI\s-1TYPE\s0\fB\fR is used a placeholder for any of the +OpenSSL datatypes, such as \fB\s-1RSA\s0\fR. +The function parameters \fIppin\fR and \fIppout\fR are generally either both named +\&\fIpp\fR in the headers, or \fIin\fR and \fIout\fR. +.PP +All the functions here behave the way that's described in \fBd2i_X509\fR\|(3). +.PP +Please note that not all functions in the synopsis are available for all key +types. For example, there are no \fBd2i_RSAparams()\fR or \fBi2d_RSAparams()\fR, +because the PKCS#1 \fB\s-1RSA\s0\fR structure doesn't include any key parameters. +.PP +\&\fBd2i_\f(BI\s-1TYPE\s0\fBPrivateKey\fR() and derivates thereof decode \s-1DER\s0 encoded +\&\fB\f(BI\s-1TYPE\s0\fB\fR private key data organized in a type specific structure. +.PP +\&\fBd2i_\f(BI\s-1TYPE\s0\fBPublicKey\fR() and derivates thereof decode \s-1DER\s0 encoded +\&\fB\f(BI\s-1TYPE\s0\fB\fR public key data organized in a type specific structure. +.PP +\&\fBd2i_\f(BI\s-1TYPE\s0\fBparams\fR() and derivates thereof decode \s-1DER\s0 encoded \fB\f(BI\s-1TYPE\s0\fB\fR +key parameters organized in a type specific structure. +.PP +\&\fBd2i_\f(BI\s-1TYPE\s0\fB_PUBKEY\fR() and derivates thereof decode \s-1DER\s0 encoded \fB\f(BI\s-1TYPE\s0\fB\fR +public key data organized in a \fBSubjectPublicKeyInfo\fR structure. +.PP +\&\fBi2d_\f(BI\s-1TYPE\s0\fBPrivateKey\fR() and derivates thereof encode the private key +\&\fB\f(BI\s-1TYPE\s0\fB\fR data into a type specific \s-1DER\s0 encoded structure. +.PP +\&\fBi2d_\f(BI\s-1TYPE\s0\fBPublicKey\fR() and derivates thereof encode the public key +\&\fB\f(BI\s-1TYPE\s0\fB\fR data into a type specific \s-1DER\s0 encoded structure. +.PP +\&\fBi2d_\f(BI\s-1TYPE\s0\fBparams\fR() and derivates thereof encode the \fB\f(BI\s-1TYPE\s0\fB\fR key +parameters data into a type specific \s-1DER\s0 encoded structure. +.PP +\&\fBi2d_\f(BI\s-1TYPE\s0\fB_PUBKEY\fR() and derivates thereof encode the public key +\&\fB\f(BI\s-1TYPE\s0\fB\fR data into a \s-1DER\s0 encoded \fBSubjectPublicKeyInfo\fR structure. +.PP +For example, \fBd2i_RSAPrivateKey()\fR and \fBd2i_RSAPublicKey()\fR expects the +structure defined by PKCS#1. +Similarly, \fBi2d_RSAPrivateKey()\fR and \fBi2d_RSAPublicKey()\fR produce \s-1DER\s0 encoded +string organized according to PKCS#1. +.SS "Migration" +.IX Subsection "Migration" +Migration from the diverse \fB\f(BI\s-1TYPE\s0\fB\fRs requires using corresponding new +OpenSSL types. For all \fB\f(BI\s-1TYPE\s0\fB\fRs described here, the corresponding new +type is \fB\s-1EVP_PKEY\s0\fR. The rest of this section assumes that this has been +done, exactly how to do that is described elsewhere. +.PP +There are two migration paths: +.IP "\(bu" 4 +Replace +b<d2i_\fI\s-1TYPE\s0\fR\fBPrivateKey()\fR> with \fBd2i_PrivateKey\fR\|(3), +b<d2i_\fI\s-1TYPE\s0\fR\fBPublicKey()\fR> with \fBd2i_PublicKey\fR\|(3), +b<d2i_\fI\s-1TYPE\s0\fR\fBparams()\fR> with \fBd2i_KeyParams\fR\|(3), +b<d2i_\fI\s-1TYPE\s0\fR\fB_PUBKEY()\fR> with \fBd2i_PUBKEY\fR\|(3), +b<i2d_\fI\s-1TYPE\s0\fR\fBPrivateKey()\fR> with \fBi2d_PrivateKey\fR\|(3), +b<i2d_\fI\s-1TYPE\s0\fR\fBPublicKey()\fR> with \fBi2d_PublicKey\fR\|(3), +b<i2d_\fI\s-1TYPE\s0\fR\fBparams()\fR> with \fBi2d_KeyParams\fR\|(3), +b<i2d_\fI\s-1TYPE\s0\fR\fB_PUBKEY()\fR> with \fBi2d_PUBKEY\fR\|(3). +A caveat is that \fBi2d_PrivateKey\fR\|(3) may output a \s-1DER\s0 encoded PKCS#8 +outermost structure instead of the type specific structure, and that +\&\fBd2i_PrivateKey\fR\|(3) recognises and unpacks a PKCS#8 structures. +.IP "\(bu" 4 +Use \s-1\fBOSSL_DECODER\s0\fR\|(3) and \s-1\fBOSSL_ENCODER\s0\fR\|(3). How to migrate is described +below. All those descriptions assume that the key to be encoded is in the +variable \fIpkey\fR. +.PP +\fIMigrating \f(BIi2d\fI functions to \f(BI\s-1OSSL_ENCODER\s0\fI\fR +.IX Subsection "Migrating i2d functions to OSSL_ENCODER" +.PP +The exact \s-1\fBOSSL_ENCODER\s0\fR\|(3) output is driven by arguments rather than by +function names. The sample code to get \s-1DER\s0 encoded output in a type +specific structure is uniform, the only things that vary are the selection +of what part of the \fB\s-1EVP_PKEY\s0\fR should be output, and the structure. The +\&\fBi2d\fR functions names can therefore be translated into two variables, +\&\fIselection\fR and \fIstructure\fR as follows: +.IP "\fBi2d_\f(BI\s-1TYPE\s0\fBPrivateKey\fR() translates into:" 4 +.IX Item "i2d_TYPEPrivateKey() translates into:" +.Vb 2 +\& int selection = EVP_PKEY_KEYPAIR; +\& const char *structure = "type\-specific"; +.Ve +.IP "\fBi2d_\f(BI\s-1TYPE\s0\fBPublicKey\fR() translates into:" 4 +.IX Item "i2d_TYPEPublicKey() translates into:" +.Vb 2 +\& int selection = EVP_PKEY_PUBLIC_KEY; +\& const char *structure = "type\-specific"; +.Ve +.IP "\fBi2d_\f(BI\s-1TYPE\s0\fBparams\fR() translates into:" 4 +.IX Item "i2d_TYPEparams() translates into:" +.Vb 2 +\& int selection = EVP_PKEY_PARAMETERS; +\& const char *structure = "type\-specific"; +.Ve +.IP "\fBi2d_\f(BI\s-1TYPE\s0\fB_PUBKEY\fR() translates into:" 4 +.IX Item "i2d_TYPE_PUBKEY() translates into:" +.Vb 2 +\& int selection = EVP_PKEY_PUBLIC_KEY; +\& const char *structure = "SubjectPublicKeyInfo"; +.Ve +.PP +The following sample code does the rest of the work: +.PP +.Vb 10 +\& unsigned char *p = buffer; /* |buffer| is supplied by the caller */ +\& size_t len = buffer_size; /* assumed be the size of |buffer| */ +\& OSSL_ENCODER_CTX *ctx = +\& OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, "DER", structure, +\& NULL, NULL); +\& if (ctx == NULL) { +\& /* fatal error handling */ +\& } +\& if (OSSL_ENCODER_CTX_get_num_encoders(ctx) == 0) { +\& OSSL_ENCODER_CTX_free(ctx); +\& /* non\-fatal error handling */ +\& } +\& if (!OSSL_ENCODER_to_data(ctx, &p, &len)) { +\& OSSL_ENCODER_CTX_free(ctx); +\& /* error handling */ +\& } +\& OSSL_ENCODER_CTX_free(ctx); +.Ve +.SH "NOTES" +.IX Header "NOTES" +The letters \fBi\fR and \fBd\fR in \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() stand for +\&\*(L"internal\*(R" (that is, an internal C structure) and \*(L"\s-1DER\*(R"\s0 respectively. +So \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() converts from internal to \s-1DER.\s0 +.PP +The functions can also understand \fB\s-1BER\s0\fR forms. +.PP +The actual \s-1TYPE\s0 structure passed to \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() must be a valid +populated \fB\f(BI\s-1TYPE\s0\fB\fR structure \*(-- it \fBcannot\fR simply be fed with an +empty structure such as that returned by \fBTYPE_new()\fR. +.PP +The encoded data is in binary form and may contain embedded zeros. +Therefore, any \s-1FILE\s0 pointers or BIOs should be opened in binary mode. +Functions such as \fBstrlen()\fR will \fBnot\fR return the correct length +of the encoded structure. +.PP +The ways that \fI*ppin\fR and \fI*ppout\fR are incremented after the operation +can trap the unwary. See the \fB\s-1WARNINGS\s0\fR section in \fBd2i_X509\fR\|(3) for some +common errors. +The reason for this-auto increment behaviour is to reflect a typical +usage of \s-1ASN1\s0 functions: after one structure is encoded or decoded +another will be processed after it. +.PP +The following points about the data types might be useful: +.IP "\fB\s-1DSA_PUBKEY\s0\fR" 4 +.IX Item "DSA_PUBKEY" +Represents a \s-1DSA\s0 public key using a \fBSubjectPublicKeyInfo\fR structure. +.IP "\fBDSAPublicKey\fR, \fBDSAPrivateKey\fR" 4 +.IX Item "DSAPublicKey, DSAPrivateKey" +Use a non-standard OpenSSL format and should be avoided; use \fB\s-1DSA_PUBKEY\s0\fR, +\&\fBPEM_write_PrivateKey\fR\|(3), or similar instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBd2i_\f(BI\s-1TYPE\s0\fB\fR(), \fBd2i_\f(BI\s-1TYPE\s0\fB_bio\fR() and \fBd2i_\f(BI\s-1TYPE\s0\fB_fp\fR() return a valid +\&\fB\f(BI\s-1TYPE\s0\fB\fR structure or \s-1NULL\s0 if an error occurs. If the \*(L"reuse\*(R" capability has +been used with a valid structure being passed in via \fIa\fR, then the object is +freed in the event of error and \fI*a\fR is set to \s-1NULL.\s0 +.PP +\&\fBi2d_\f(BI\s-1TYPE\s0\fB\fR() returns the number of bytes successfully encoded or a negative +value if an error occurs. +.PP +\&\fBi2d_\f(BI\s-1TYPE\s0\fB_bio\fR() and \fBi2d_\f(BI\s-1TYPE\s0\fB_fp\fR() return 1 for success and 0 if an +error occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBOSSL_ENCODER\s0\fR\|(3), \s-1\fBOSSL_DECODER\s0\fR\|(3), +\&\fBd2i_PrivateKey\fR\|(3), \fBd2i_PublicKey\fR\|(3), \fBd2i_KeyParams\fR\|(3), +\&\fBd2i_PUBKEY\fR\|(3), +\&\fBi2d_PrivateKey\fR\|(3), \fBi2d_PublicKey\fR\|(3), \fBi2d_KeyParams\fR\|(3), +\&\fBi2d_PUBKEY\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/d2i_SSL_SESSION.3 b/secure/lib/libcrypto/man/man3/d2i_SSL_SESSION.3 index 5efa29c266cc..f9e9941afffc 100644 --- a/secure/lib/libcrypto/man/man3/d2i_SSL_SESSION.3 +++ b/secure/lib/libcrypto/man/man3/d2i_SSL_SESSION.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "D2I_SSL_SESSION 3" -.TH D2I_SSL_SESSION 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "D2I_SSL_SESSION 3ossl" +.TH D2I_SSL_SESSION 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -176,7 +174,7 @@ When the session is not valid, \fB0\fR is returned and no operation is performed .IX Header "COPYRIGHT" Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/d2i_X509.3 b/secure/lib/libcrypto/man/man3/d2i_X509.3 index 9bd29ce50892..c5c045b2437e 100644 --- a/secure/lib/libcrypto/man/man3/d2i_X509.3 +++ b/secure/lib/libcrypto/man/man3/d2i_X509.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,359 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "D2I_X509 3" -.TH D2I_X509 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "D2I_X509 3ossl" +.TH D2I_X509 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -d2i_ACCESS_DESCRIPTION, d2i_ADMISSIONS, d2i_ADMISSION_SYNTAX, d2i_ASIdOrRange, d2i_ASIdentifierChoice, d2i_ASIdentifiers, d2i_ASN1_BIT_STRING, d2i_ASN1_BMPSTRING, d2i_ASN1_ENUMERATED, d2i_ASN1_GENERALIZEDTIME, d2i_ASN1_GENERALSTRING, d2i_ASN1_IA5STRING, d2i_ASN1_INTEGER, d2i_ASN1_NULL, d2i_ASN1_OBJECT, d2i_ASN1_OCTET_STRING, d2i_ASN1_PRINTABLE, d2i_ASN1_PRINTABLESTRING, d2i_ASN1_SEQUENCE_ANY, d2i_ASN1_SET_ANY, d2i_ASN1_T61STRING, d2i_ASN1_TIME, d2i_ASN1_TYPE, d2i_ASN1_UINTEGER, d2i_ASN1_UNIVERSALSTRING, d2i_ASN1_UTCTIME, d2i_ASN1_UTF8STRING, d2i_ASN1_VISIBLESTRING, d2i_ASRange, d2i_AUTHORITY_INFO_ACCESS, d2i_AUTHORITY_KEYID, d2i_BASIC_CONSTRAINTS, d2i_CERTIFICATEPOLICIES, d2i_CMS_ContentInfo, d2i_CMS_ReceiptRequest, d2i_CMS_bio, d2i_CRL_DIST_POINTS, d2i_DHxparams, d2i_DIRECTORYSTRING, d2i_DISPLAYTEXT, d2i_DIST_POINT, d2i_DIST_POINT_NAME, d2i_DSAPrivateKey, d2i_DSAPrivateKey_bio, d2i_DSAPrivateKey_fp, d2i_DSAPublicKey, d2i_DSA_PUBKEY, d2i_DSA_PUBKEY_bio, d2i_DSA_PUBKEY_fp, d2i_DSA_SIG, d2i_DSAparams, d2i_ECDSA_SIG, d2i_ECPKParameters, d2i_ECParameters, d2i_ECPrivateKey, d2i_ECPrivateKey_bio, d2i_ECPrivateKey_fp, d2i_EC_PUBKEY, d2i_EC_PUBKEY_bio, d2i_EC_PUBKEY_fp, d2i_EDIPARTYNAME, d2i_ESS_CERT_ID, d2i_ESS_ISSUER_SERIAL, d2i_ESS_SIGNING_CERT, d2i_EXTENDED_KEY_USAGE, d2i_GENERAL_NAME, d2i_GENERAL_NAMES, d2i_IPAddressChoice, d2i_IPAddressFamily, d2i_IPAddressOrRange, d2i_IPAddressRange, d2i_ISSUING_DIST_POINT, d2i_NAMING_AUTHORITY, d2i_NETSCAPE_CERT_SEQUENCE, d2i_NETSCAPE_SPKAC, d2i_NETSCAPE_SPKI, d2i_NOTICEREF, d2i_OCSP_BASICRESP, d2i_OCSP_CERTID, d2i_OCSP_CERTSTATUS, d2i_OCSP_CRLID, d2i_OCSP_ONEREQ, d2i_OCSP_REQINFO, d2i_OCSP_REQUEST, d2i_OCSP_RESPBYTES, d2i_OCSP_RESPDATA, d2i_OCSP_RESPID, d2i_OCSP_RESPONSE, d2i_OCSP_REVOKEDINFO, d2i_OCSP_SERVICELOC, d2i_OCSP_SIGNATURE, d2i_OCSP_SINGLERESP, d2i_OTHERNAME, d2i_PBE2PARAM, d2i_PBEPARAM, d2i_PBKDF2PARAM, d2i_PKCS12, d2i_PKCS12_BAGS, d2i_PKCS12_MAC_DATA, d2i_PKCS12_SAFEBAG, d2i_PKCS12_bio, d2i_PKCS12_fp, d2i_PKCS7, d2i_PKCS7_DIGEST, d2i_PKCS7_ENCRYPT, d2i_PKCS7_ENC_CONTENT, d2i_PKCS7_ENVELOPE, d2i_PKCS7_ISSUER_AND_SERIAL, d2i_PKCS7_RECIP_INFO, d2i_PKCS7_SIGNED, d2i_PKCS7_SIGNER_INFO, d2i_PKCS7_SIGN_ENVELOPE, d2i_PKCS7_bio, d2i_PKCS7_fp, d2i_PKCS8_PRIV_KEY_INFO, d2i_PKCS8_PRIV_KEY_INFO_bio, d2i_PKCS8_PRIV_KEY_INFO_fp, d2i_PKCS8_bio, d2i_PKCS8_fp, d2i_PKEY_USAGE_PERIOD, d2i_POLICYINFO, d2i_POLICYQUALINFO, d2i_PROFESSION_INFO, d2i_PROXY_CERT_INFO_EXTENSION, d2i_PROXY_POLICY, d2i_RSAPrivateKey, d2i_RSAPrivateKey_bio, d2i_RSAPrivateKey_fp, d2i_RSAPublicKey, d2i_RSAPublicKey_bio, d2i_RSAPublicKey_fp, d2i_RSA_OAEP_PARAMS, d2i_RSA_PSS_PARAMS, d2i_RSA_PUBKEY, d2i_RSA_PUBKEY_bio, d2i_RSA_PUBKEY_fp, d2i_SCRYPT_PARAMS, d2i_SCT_LIST, d2i_SXNET, d2i_SXNETID, d2i_TS_ACCURACY, d2i_TS_MSG_IMPRINT, d2i_TS_MSG_IMPRINT_bio, d2i_TS_MSG_IMPRINT_fp, d2i_TS_REQ, d2i_TS_REQ_bio, d2i_TS_REQ_fp, d2i_TS_RESP, d2i_TS_RESP_bio, d2i_TS_RESP_fp, d2i_TS_STATUS_INFO, d2i_TS_TST_INFO, d2i_TS_TST_INFO_bio, d2i_TS_TST_INFO_fp, d2i_USERNOTICE, d2i_X509, d2i_X509_bio, d2i_X509_fp, d2i_X509_ALGOR, d2i_X509_ALGORS, d2i_X509_ATTRIBUTE, d2i_X509_CERT_AUX, d2i_X509_CINF, d2i_X509_CRL, d2i_X509_CRL_INFO, d2i_X509_CRL_bio, d2i_X509_CRL_fp, d2i_X509_EXTENSION, d2i_X509_EXTENSIONS, d2i_X509_NAME, d2i_X509_NAME_ENTRY, d2i_X509_PUBKEY, d2i_X509_REQ, d2i_X509_REQ_INFO, d2i_X509_REQ_bio, d2i_X509_REQ_fp, d2i_X509_REVOKED, d2i_X509_SIG, d2i_X509_VAL, i2d_ACCESS_DESCRIPTION, i2d_ADMISSIONS, i2d_ADMISSION_SYNTAX, i2d_ASIdOrRange, i2d_ASIdentifierChoice, i2d_ASIdentifiers, i2d_ASN1_BIT_STRING, i2d_ASN1_BMPSTRING, i2d_ASN1_ENUMERATED, i2d_ASN1_GENERALIZEDTIME, i2d_ASN1_GENERALSTRING, i2d_ASN1_IA5STRING, i2d_ASN1_INTEGER, i2d_ASN1_NULL, i2d_ASN1_OBJECT, i2d_ASN1_OCTET_STRING, i2d_ASN1_PRINTABLE, i2d_ASN1_PRINTABLESTRING, i2d_ASN1_SEQUENCE_ANY, i2d_ASN1_SET_ANY, i2d_ASN1_T61STRING, i2d_ASN1_TIME, i2d_ASN1_TYPE, i2d_ASN1_UNIVERSALSTRING, i2d_ASN1_UTCTIME, i2d_ASN1_UTF8STRING, i2d_ASN1_VISIBLESTRING, i2d_ASN1_bio_stream, i2d_ASRange, i2d_AUTHORITY_INFO_ACCESS, i2d_AUTHORITY_KEYID, i2d_BASIC_CONSTRAINTS, i2d_CERTIFICATEPOLICIES, i2d_CMS_ContentInfo, i2d_CMS_ReceiptRequest, i2d_CMS_bio, i2d_CRL_DIST_POINTS, i2d_DHxparams, i2d_DIRECTORYSTRING, i2d_DISPLAYTEXT, i2d_DIST_POINT, i2d_DIST_POINT_NAME, i2d_DSAPrivateKey, i2d_DSAPrivateKey_bio, i2d_DSAPrivateKey_fp, i2d_DSAPublicKey, i2d_DSA_PUBKEY, i2d_DSA_PUBKEY_bio, i2d_DSA_PUBKEY_fp, i2d_DSA_SIG, i2d_DSAparams, i2d_ECDSA_SIG, i2d_ECPKParameters, i2d_ECParameters, i2d_ECPrivateKey, i2d_ECPrivateKey_bio, i2d_ECPrivateKey_fp, i2d_EC_PUBKEY, i2d_EC_PUBKEY_bio, i2d_EC_PUBKEY_fp, i2d_EDIPARTYNAME, i2d_ESS_CERT_ID, i2d_ESS_ISSUER_SERIAL, i2d_ESS_SIGNING_CERT, i2d_EXTENDED_KEY_USAGE, i2d_GENERAL_NAME, i2d_GENERAL_NAMES, i2d_IPAddressChoice, i2d_IPAddressFamily, i2d_IPAddressOrRange, i2d_IPAddressRange, i2d_ISSUING_DIST_POINT, i2d_NAMING_AUTHORITY, i2d_NETSCAPE_CERT_SEQUENCE, i2d_NETSCAPE_SPKAC, i2d_NETSCAPE_SPKI, i2d_NOTICEREF, i2d_OCSP_BASICRESP, i2d_OCSP_CERTID, i2d_OCSP_CERTSTATUS, i2d_OCSP_CRLID, i2d_OCSP_ONEREQ, i2d_OCSP_REQINFO, i2d_OCSP_REQUEST, i2d_OCSP_RESPBYTES, i2d_OCSP_RESPDATA, i2d_OCSP_RESPID, i2d_OCSP_RESPONSE, i2d_OCSP_REVOKEDINFO, i2d_OCSP_SERVICELOC, i2d_OCSP_SIGNATURE, i2d_OCSP_SINGLERESP, i2d_OTHERNAME, i2d_PBE2PARAM, i2d_PBEPARAM, i2d_PBKDF2PARAM, i2d_PKCS12, i2d_PKCS12_BAGS, i2d_PKCS12_MAC_DATA, i2d_PKCS12_SAFEBAG, i2d_PKCS12_bio, i2d_PKCS12_fp, i2d_PKCS7, i2d_PKCS7_DIGEST, i2d_PKCS7_ENCRYPT, i2d_PKCS7_ENC_CONTENT, i2d_PKCS7_ENVELOPE, i2d_PKCS7_ISSUER_AND_SERIAL, i2d_PKCS7_NDEF, i2d_PKCS7_RECIP_INFO, i2d_PKCS7_SIGNED, i2d_PKCS7_SIGNER_INFO, i2d_PKCS7_SIGN_ENVELOPE, i2d_PKCS7_bio, i2d_PKCS7_fp, i2d_PKCS8PrivateKeyInfo_bio, i2d_PKCS8PrivateKeyInfo_fp, i2d_PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO_bio, i2d_PKCS8_PRIV_KEY_INFO_fp, i2d_PKCS8_bio, i2d_PKCS8_fp, i2d_PKEY_USAGE_PERIOD, i2d_POLICYINFO, i2d_POLICYQUALINFO, i2d_PROFESSION_INFO, i2d_PROXY_CERT_INFO_EXTENSION, i2d_PROXY_POLICY, i2d_RSAPrivateKey, i2d_RSAPrivateKey_bio, i2d_RSAPrivateKey_fp, i2d_RSAPublicKey, i2d_RSAPublicKey_bio, i2d_RSAPublicKey_fp, i2d_RSA_OAEP_PARAMS, i2d_RSA_PSS_PARAMS, i2d_RSA_PUBKEY, i2d_RSA_PUBKEY_bio, i2d_RSA_PUBKEY_fp, i2d_SCRYPT_PARAMS, i2d_SCT_LIST, i2d_SXNET, i2d_SXNETID, i2d_TS_ACCURACY, i2d_TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT_bio, i2d_TS_MSG_IMPRINT_fp, i2d_TS_REQ, i2d_TS_REQ_bio, i2d_TS_REQ_fp, i2d_TS_RESP, i2d_TS_RESP_bio, i2d_TS_RESP_fp, i2d_TS_STATUS_INFO, i2d_TS_TST_INFO, i2d_TS_TST_INFO_bio, i2d_TS_TST_INFO_fp, i2d_USERNOTICE, i2d_X509, i2d_X509_bio, i2d_X509_fp, i2d_X509_ALGOR, i2d_X509_ALGORS, i2d_X509_ATTRIBUTE, i2d_X509_CERT_AUX, i2d_X509_CINF, i2d_X509_CRL, i2d_X509_CRL_INFO, i2d_X509_CRL_bio, i2d_X509_CRL_fp, i2d_X509_EXTENSION, i2d_X509_EXTENSIONS, i2d_X509_NAME, i2d_X509_NAME_ENTRY, i2d_X509_PUBKEY, i2d_X509_REQ, i2d_X509_REQ_INFO, i2d_X509_REQ_bio, i2d_X509_REQ_fp, i2d_X509_REVOKED, i2d_X509_SIG, i2d_X509_VAL, \&\- convert objects from/to ASN.1/DER representation +d2i_ACCESS_DESCRIPTION, +d2i_ADMISSIONS, +d2i_ADMISSION_SYNTAX, +d2i_ASIdOrRange, +d2i_ASIdentifierChoice, +d2i_ASIdentifiers, +d2i_ASN1_BIT_STRING, +d2i_ASN1_BMPSTRING, +d2i_ASN1_ENUMERATED, +d2i_ASN1_GENERALIZEDTIME, +d2i_ASN1_GENERALSTRING, +d2i_ASN1_IA5STRING, +d2i_ASN1_INTEGER, +d2i_ASN1_NULL, +d2i_ASN1_OBJECT, +d2i_ASN1_OCTET_STRING, +d2i_ASN1_PRINTABLE, +d2i_ASN1_PRINTABLESTRING, +d2i_ASN1_SEQUENCE_ANY, +d2i_ASN1_SET_ANY, +d2i_ASN1_T61STRING, +d2i_ASN1_TIME, +d2i_ASN1_TYPE, +d2i_ASN1_UINTEGER, +d2i_ASN1_UNIVERSALSTRING, +d2i_ASN1_UTCTIME, +d2i_ASN1_UTF8STRING, +d2i_ASN1_VISIBLESTRING, +d2i_ASRange, +d2i_AUTHORITY_INFO_ACCESS, +d2i_AUTHORITY_KEYID, +d2i_BASIC_CONSTRAINTS, +d2i_CERTIFICATEPOLICIES, +d2i_CMS_ContentInfo, +d2i_CMS_ReceiptRequest, +d2i_CMS_bio, +d2i_CRL_DIST_POINTS, +d2i_DHxparams, +d2i_DIRECTORYSTRING, +d2i_DISPLAYTEXT, +d2i_DIST_POINT, +d2i_DIST_POINT_NAME, +d2i_DSA_SIG, +d2i_ECDSA_SIG, +d2i_ECPKParameters, +d2i_EDIPARTYNAME, +d2i_ESS_CERT_ID, +d2i_ESS_CERT_ID_V2, +d2i_ESS_ISSUER_SERIAL, +d2i_ESS_SIGNING_CERT, +d2i_ESS_SIGNING_CERT_V2, +d2i_EXTENDED_KEY_USAGE, +d2i_GENERAL_NAME, +d2i_GENERAL_NAMES, +d2i_IPAddressChoice, +d2i_IPAddressFamily, +d2i_IPAddressOrRange, +d2i_IPAddressRange, +d2i_ISSUER_SIGN_TOOL, +d2i_ISSUING_DIST_POINT, +d2i_NAMING_AUTHORITY, +d2i_NETSCAPE_CERT_SEQUENCE, +d2i_NETSCAPE_SPKAC, +d2i_NETSCAPE_SPKI, +d2i_NOTICEREF, +d2i_OCSP_BASICRESP, +d2i_OCSP_CERTID, +d2i_OCSP_CERTSTATUS, +d2i_OCSP_CRLID, +d2i_OCSP_ONEREQ, +d2i_OCSP_REQINFO, +d2i_OCSP_REQUEST, +d2i_OCSP_RESPBYTES, +d2i_OCSP_RESPDATA, +d2i_OCSP_RESPID, +d2i_OCSP_RESPONSE, +d2i_OCSP_REVOKEDINFO, +d2i_OCSP_SERVICELOC, +d2i_OCSP_SIGNATURE, +d2i_OCSP_SINGLERESP, +d2i_OSSL_CMP_MSG, +d2i_OSSL_CMP_PKIHEADER, +d2i_OSSL_CMP_PKISI, +d2i_OSSL_CRMF_CERTID, +d2i_OSSL_CRMF_CERTTEMPLATE, +d2i_OSSL_CRMF_ENCRYPTEDVALUE, +d2i_OSSL_CRMF_MSG, +d2i_OSSL_CRMF_MSGS, +d2i_OSSL_CRMF_PBMPARAMETER, +d2i_OSSL_CRMF_PKIPUBLICATIONINFO, +d2i_OSSL_CRMF_SINGLEPUBINFO, +d2i_OTHERNAME, +d2i_PBE2PARAM, +d2i_PBEPARAM, +d2i_PBKDF2PARAM, +d2i_PKCS12, +d2i_PKCS12_BAGS, +d2i_PKCS12_MAC_DATA, +d2i_PKCS12_SAFEBAG, +d2i_PKCS12_bio, +d2i_PKCS12_fp, +d2i_PKCS7, +d2i_PKCS7_DIGEST, +d2i_PKCS7_ENCRYPT, +d2i_PKCS7_ENC_CONTENT, +d2i_PKCS7_ENVELOPE, +d2i_PKCS7_ISSUER_AND_SERIAL, +d2i_PKCS7_RECIP_INFO, +d2i_PKCS7_SIGNED, +d2i_PKCS7_SIGNER_INFO, +d2i_PKCS7_SIGN_ENVELOPE, +d2i_PKCS7_bio, +d2i_PKCS7_fp, +d2i_PKCS8_PRIV_KEY_INFO, +d2i_PKCS8_PRIV_KEY_INFO_bio, +d2i_PKCS8_PRIV_KEY_INFO_fp, +d2i_PKCS8_bio, +d2i_PKCS8_fp, +d2i_PKEY_USAGE_PERIOD, +d2i_POLICYINFO, +d2i_POLICYQUALINFO, +d2i_PROFESSION_INFO, +d2i_PROXY_CERT_INFO_EXTENSION, +d2i_PROXY_POLICY, +d2i_RSA_OAEP_PARAMS, +d2i_RSA_PSS_PARAMS, +d2i_SCRYPT_PARAMS, +d2i_SCT_LIST, +d2i_SXNET, +d2i_SXNETID, +d2i_TS_ACCURACY, +d2i_TS_MSG_IMPRINT, +d2i_TS_MSG_IMPRINT_bio, +d2i_TS_MSG_IMPRINT_fp, +d2i_TS_REQ, +d2i_TS_REQ_bio, +d2i_TS_REQ_fp, +d2i_TS_RESP, +d2i_TS_RESP_bio, +d2i_TS_RESP_fp, +d2i_TS_STATUS_INFO, +d2i_TS_TST_INFO, +d2i_TS_TST_INFO_bio, +d2i_TS_TST_INFO_fp, +d2i_USERNOTICE, +d2i_X509, +d2i_X509_bio, +d2i_X509_fp, +d2i_X509_ALGOR, +d2i_X509_ALGORS, +d2i_X509_ATTRIBUTE, +d2i_X509_CERT_AUX, +d2i_X509_CINF, +d2i_X509_CRL, +d2i_X509_CRL_INFO, +d2i_X509_CRL_bio, +d2i_X509_CRL_fp, +d2i_X509_EXTENSION, +d2i_X509_EXTENSIONS, +d2i_X509_NAME, +d2i_X509_NAME_ENTRY, +d2i_X509_PUBKEY, +d2i_X509_PUBKEY_bio, +d2i_X509_PUBKEY_fp, +d2i_X509_REQ, +d2i_X509_REQ_INFO, +d2i_X509_REQ_bio, +d2i_X509_REQ_fp, +d2i_X509_REVOKED, +d2i_X509_SIG, +d2i_X509_VAL, +i2d_ACCESS_DESCRIPTION, +i2d_ADMISSIONS, +i2d_ADMISSION_SYNTAX, +i2d_ASIdOrRange, +i2d_ASIdentifierChoice, +i2d_ASIdentifiers, +i2d_ASN1_BIT_STRING, +i2d_ASN1_BMPSTRING, +i2d_ASN1_ENUMERATED, +i2d_ASN1_GENERALIZEDTIME, +i2d_ASN1_GENERALSTRING, +i2d_ASN1_IA5STRING, +i2d_ASN1_INTEGER, +i2d_ASN1_NULL, +i2d_ASN1_OBJECT, +i2d_ASN1_OCTET_STRING, +i2d_ASN1_PRINTABLE, +i2d_ASN1_PRINTABLESTRING, +i2d_ASN1_SEQUENCE_ANY, +i2d_ASN1_SET_ANY, +i2d_ASN1_T61STRING, +i2d_ASN1_TIME, +i2d_ASN1_TYPE, +i2d_ASN1_UNIVERSALSTRING, +i2d_ASN1_UTCTIME, +i2d_ASN1_UTF8STRING, +i2d_ASN1_VISIBLESTRING, +i2d_ASN1_bio_stream, +i2d_ASRange, +i2d_AUTHORITY_INFO_ACCESS, +i2d_AUTHORITY_KEYID, +i2d_BASIC_CONSTRAINTS, +i2d_CERTIFICATEPOLICIES, +i2d_CMS_ContentInfo, +i2d_CMS_ReceiptRequest, +i2d_CMS_bio, +i2d_CRL_DIST_POINTS, +i2d_DHxparams, +i2d_DIRECTORYSTRING, +i2d_DISPLAYTEXT, +i2d_DIST_POINT, +i2d_DIST_POINT_NAME, +i2d_DSA_SIG, +i2d_ECDSA_SIG, +i2d_ECPKParameters, +i2d_EDIPARTYNAME, +i2d_ESS_CERT_ID, +i2d_ESS_CERT_ID_V2, +i2d_ESS_ISSUER_SERIAL, +i2d_ESS_SIGNING_CERT, +i2d_ESS_SIGNING_CERT_V2, +i2d_EXTENDED_KEY_USAGE, +i2d_GENERAL_NAME, +i2d_GENERAL_NAMES, +i2d_IPAddressChoice, +i2d_IPAddressFamily, +i2d_IPAddressOrRange, +i2d_IPAddressRange, +i2d_ISSUER_SIGN_TOOL, +i2d_ISSUING_DIST_POINT, +i2d_NAMING_AUTHORITY, +i2d_NETSCAPE_CERT_SEQUENCE, +i2d_NETSCAPE_SPKAC, +i2d_NETSCAPE_SPKI, +i2d_NOTICEREF, +i2d_OCSP_BASICRESP, +i2d_OCSP_CERTID, +i2d_OCSP_CERTSTATUS, +i2d_OCSP_CRLID, +i2d_OCSP_ONEREQ, +i2d_OCSP_REQINFO, +i2d_OCSP_REQUEST, +i2d_OCSP_RESPBYTES, +i2d_OCSP_RESPDATA, +i2d_OCSP_RESPID, +i2d_OCSP_RESPONSE, +i2d_OCSP_REVOKEDINFO, +i2d_OCSP_SERVICELOC, +i2d_OCSP_SIGNATURE, +i2d_OCSP_SINGLERESP, +i2d_OSSL_CMP_MSG, +i2d_OSSL_CMP_PKIHEADER, +i2d_OSSL_CMP_PKISI, +i2d_OSSL_CRMF_CERTID, +i2d_OSSL_CRMF_CERTTEMPLATE, +i2d_OSSL_CRMF_ENCRYPTEDVALUE, +i2d_OSSL_CRMF_MSG, +i2d_OSSL_CRMF_MSGS, +i2d_OSSL_CRMF_PBMPARAMETER, +i2d_OSSL_CRMF_PKIPUBLICATIONINFO, +i2d_OSSL_CRMF_SINGLEPUBINFO, +i2d_OTHERNAME, +i2d_PBE2PARAM, +i2d_PBEPARAM, +i2d_PBKDF2PARAM, +i2d_PKCS12, +i2d_PKCS12_BAGS, +i2d_PKCS12_MAC_DATA, +i2d_PKCS12_SAFEBAG, +i2d_PKCS12_bio, +i2d_PKCS12_fp, +i2d_PKCS7, +i2d_PKCS7_DIGEST, +i2d_PKCS7_ENCRYPT, +i2d_PKCS7_ENC_CONTENT, +i2d_PKCS7_ENVELOPE, +i2d_PKCS7_ISSUER_AND_SERIAL, +i2d_PKCS7_NDEF, +i2d_PKCS7_RECIP_INFO, +i2d_PKCS7_SIGNED, +i2d_PKCS7_SIGNER_INFO, +i2d_PKCS7_SIGN_ENVELOPE, +i2d_PKCS7_bio, +i2d_PKCS7_fp, +i2d_PKCS8PrivateKeyInfo_bio, +i2d_PKCS8PrivateKeyInfo_fp, +i2d_PKCS8_PRIV_KEY_INFO, +i2d_PKCS8_PRIV_KEY_INFO_bio, +i2d_PKCS8_PRIV_KEY_INFO_fp, +i2d_PKCS8_bio, +i2d_PKCS8_fp, +i2d_PKEY_USAGE_PERIOD, +i2d_POLICYINFO, +i2d_POLICYQUALINFO, +i2d_PROFESSION_INFO, +i2d_PROXY_CERT_INFO_EXTENSION, +i2d_PROXY_POLICY, +i2d_RSA_OAEP_PARAMS, +i2d_RSA_PSS_PARAMS, +i2d_SCRYPT_PARAMS, +i2d_SCT_LIST, +i2d_SXNET, +i2d_SXNETID, +i2d_TS_ACCURACY, +i2d_TS_MSG_IMPRINT, +i2d_TS_MSG_IMPRINT_bio, +i2d_TS_MSG_IMPRINT_fp, +i2d_TS_REQ, +i2d_TS_REQ_bio, +i2d_TS_REQ_fp, +i2d_TS_RESP, +i2d_TS_RESP_bio, +i2d_TS_RESP_fp, +i2d_TS_STATUS_INFO, +i2d_TS_TST_INFO, +i2d_TS_TST_INFO_bio, +i2d_TS_TST_INFO_fp, +i2d_USERNOTICE, +i2d_X509, +i2d_X509_bio, +i2d_X509_fp, +i2d_X509_ALGOR, +i2d_X509_ALGORS, +i2d_X509_ATTRIBUTE, +i2d_X509_CERT_AUX, +i2d_X509_CINF, +i2d_X509_CRL, +i2d_X509_CRL_INFO, +i2d_X509_CRL_bio, +i2d_X509_CRL_fp, +i2d_X509_EXTENSION, +i2d_X509_EXTENSIONS, +i2d_X509_NAME, +i2d_X509_NAME_ENTRY, +i2d_X509_PUBKEY, +i2d_X509_PUBKEY_bio, +i2d_X509_PUBKEY_fp, +i2d_X509_REQ, +i2d_X509_REQ_INFO, +i2d_X509_REQ_bio, +i2d_X509_REQ_fp, +i2d_X509_REVOKED, +i2d_X509_SIG, +i2d_X509_VAL, +\&\- convert objects from/to ASN.1/DER representation .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 3 @@ -147,14 +490,17 @@ d2i_ACCESS_DESCRIPTION, d2i_ADMISSIONS, d2i_ADMISSION_SYNTAX, d2i_ASIdOrRange, d \& TYPE *d2i_TYPE_bio(BIO *bp, TYPE **a); \& TYPE *d2i_TYPE_fp(FILE *fp, TYPE **a); \& +\& int i2d_TYPE(const TYPE *a, unsigned char **ppout); \& int i2d_TYPE(TYPE *a, unsigned char **ppout); +\& int i2d_TYPE_fp(FILE *fp, const TYPE *a); \& int i2d_TYPE_fp(FILE *fp, TYPE *a); +\& int i2d_TYPE_bio(BIO *bp, const TYPE *a); \& int i2d_TYPE_bio(BIO *bp, TYPE *a); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -In the description here, \fI\s-1TYPE\s0\fR is used a placeholder -for any of the OpenSSL datatypes, such as \fIX509_CRL\fR. +In the description here, \fB\f(BI\s-1TYPE\s0\fB\fR is used a placeholder +for any of the OpenSSL datatypes, such as \fBX509_CRL\fR. The function parameters \fIppin\fR and \fIppout\fR are generally either both named \fIpp\fR in the headers, or \fIin\fR and \fIout\fR. .PP @@ -163,54 +509,54 @@ encoding. Unlike the C structures which can have pointers to sub-objects within, the \s-1DER\s0 is a serialized encoding, suitable for sending over the network, writing to a file, and so on. .PP -\&\fBd2i_TYPE()\fR attempts to decode \fBlen\fR bytes at \fB*ppin\fR. If successful a -pointer to the \fB\s-1TYPE\s0\fR structure is returned and \fB*ppin\fR is incremented to -the byte following the parsed data. If \fBa\fR is not \fB\s-1NULL\s0\fR then a pointer -to the returned structure is also written to \fB*a\fR. If an error occurred -then \fB\s-1NULL\s0\fR is returned. +\&\fBd2i_\f(BI\s-1TYPE\s0\fB\fR() attempts to decode \fIlen\fR bytes at \fI*ppin\fR. If successful a +pointer to the \fB\f(BI\s-1TYPE\s0\fB\fR structure is returned and \fI*ppin\fR is incremented to +the byte following the parsed data. If \fIa\fR is not \s-1NULL\s0 then a pointer +to the returned structure is also written to \fI*a\fR. If an error occurred +then \s-1NULL\s0 is returned. .PP -On a successful return, if \fB*a\fR is not \fB\s-1NULL\s0\fR then it is assumed that \fB*a\fR -contains a valid \fB\s-1TYPE\s0\fR structure and an attempt is made to reuse it. This +On a successful return, if \fI*a\fR is not \s-1NULL\s0 then it is assumed that \fI*a\fR +contains a valid \fB\f(BI\s-1TYPE\s0\fB\fR structure and an attempt is made to reuse it. This \&\*(L"reuse\*(R" capability is present for historical compatibility but its use is \&\fBstrongly discouraged\fR (see \s-1BUGS\s0 below, and the discussion in the \s-1RETURN VALUES\s0 section). .PP -\&\fBd2i_TYPE_bio()\fR is similar to \fBd2i_TYPE()\fR except it attempts -to parse data from \s-1BIO\s0 \fBbp\fR. +\&\fBd2i_\f(BI\s-1TYPE\s0\fB_bio\fR() is similar to \fBd2i_\f(BI\s-1TYPE\s0\fB\fR() except it attempts +to parse data from \s-1BIO\s0 \fIbp\fR. .PP -\&\fBd2i_TYPE_fp()\fR is similar to \fBd2i_TYPE()\fR except it attempts -to parse data from \s-1FILE\s0 pointer \fBfp\fR. +\&\fBd2i_\f(BI\s-1TYPE\s0\fB_fp\fR() is similar to \fBd2i_\f(BI\s-1TYPE\s0\fB\fR() except it attempts +to parse data from \s-1FILE\s0 pointer \fIfp\fR. .PP -\&\fBi2d_TYPE()\fR encodes the structure pointed to by \fBa\fR into \s-1DER\s0 format. -If \fBppout\fR is not \fB\s-1NULL\s0\fR, it writes the \s-1DER\s0 encoded data to the buffer -at \fB*ppout\fR, and increments it to point after the data just written. +\&\fBi2d_\f(BI\s-1TYPE\s0\fB\fR() encodes the structure pointed to by \fIa\fR into \s-1DER\s0 format. +If \fIppout\fR is not \s-1NULL,\s0 it writes the \s-1DER\s0 encoded data to the buffer +at \fI*ppout\fR, and increments it to point after the data just written. If the return value is negative an error occurred, otherwise it returns the length of the encoded data. .PP -If \fB*ppout\fR is \fB\s-1NULL\s0\fR memory will be allocated for a buffer and the encoded -data written to it. In this case \fB*ppout\fR is not incremented and it points +If \fI*ppout\fR is \s-1NULL\s0 memory will be allocated for a buffer and the encoded +data written to it. In this case \fI*ppout\fR is not incremented and it points to the start of the data just written. .PP -\&\fBi2d_TYPE_bio()\fR is similar to \fBi2d_TYPE()\fR except it writes -the encoding of the structure \fBa\fR to \s-1BIO\s0 \fBbp\fR and it +\&\fBi2d_\f(BI\s-1TYPE\s0\fB_bio\fR() is similar to \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() except it writes +the encoding of the structure \fIa\fR to \s-1BIO\s0 \fIbp\fR and it returns 1 for success and 0 for failure. .PP -\&\fBi2d_TYPE_fp()\fR is similar to \fBi2d_TYPE()\fR except it writes -the encoding of the structure \fBa\fR to \s-1BIO\s0 \fBbp\fR and it +\&\fBi2d_\f(BI\s-1TYPE\s0\fB_fp\fR() is similar to \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() except it writes +the encoding of the structure \fIa\fR to \s-1FILE\s0 pointer \fIfp\fR and it returns 1 for success and 0 for failure. .PP These routines do not encrypt private keys and therefore offer no security; use \fBPEM_write_PrivateKey\fR\|(3) or similar for writing to files. .SH "NOTES" .IX Header "NOTES" -The letters \fBi\fR and \fBd\fR in \fBi2d_TYPE\fR stand for +The letters \fBi\fR and \fBd\fR in \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() stand for \&\*(L"internal\*(R" (that is, an internal C structure) and \*(L"\s-1DER\*(R"\s0 respectively. -So \fBi2d_TYPE\fR converts from internal to \s-1DER.\s0 +So \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() converts from internal to \s-1DER.\s0 .PP The functions can also understand \fB\s-1BER\s0\fR forms. .PP -The actual \s-1TYPE\s0 structure passed to \fBi2d_TYPE()\fR must be a valid -populated \fB\s-1TYPE\s0\fR structure \*(-- it \fBcannot\fR simply be fed with an +The actual \s-1TYPE\s0 structure passed to \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() must be a valid +populated \fB\f(BI\s-1TYPE\s0\fB\fR structure \*(-- it \fBcannot\fR simply be fed with an empty structure such as that returned by \fBTYPE_new()\fR. .PP The encoded data is in binary form and may contain embedded zeros. @@ -218,7 +564,7 @@ Therefore, any \s-1FILE\s0 pointers or BIOs should be opened in binary mode. Functions such as \fBstrlen()\fR will \fBnot\fR return the correct length of the encoded structure. .PP -The ways that \fB*ppin\fR and \fB*ppout\fR are incremented after the operation +The ways that \fI*ppin\fR and \fI*ppout\fR are incremented after the operation can trap the unwary. See the \fB\s-1WARNINGS\s0\fR section for some common errors. The reason for this-auto increment behaviour is to reflect a typical @@ -235,25 +581,15 @@ Represents a PKCS#3 \s-1DH\s0 parameters structure. .IP "\fBDHxparams\fR" 4 .IX Item "DHxparams" Represents an \s-1ANSI X9.42 DH\s0 parameters structure. -.IP "\fB\s-1DSA_PUBKEY\s0\fR" 4 -.IX Item "DSA_PUBKEY" -Represents a \s-1DSA\s0 public key using a \fBSubjectPublicKeyInfo\fR structure. -.IP "\fBDSAPublicKey, DSAPrivateKey\fR" 4 -.IX Item "DSAPublicKey, DSAPrivateKey" -Use a non-standard OpenSSL format and should be avoided; use \fB\s-1DSA_PUBKEY\s0\fR, -\&\fB\fBPEM_write_PrivateKey\fB\|(3)\fR, or similar instead. .IP "\fB\s-1ECDSA_SIG\s0\fR" 4 .IX Item "ECDSA_SIG" Represents an \s-1ECDSA\s0 signature. -.IP "\fBRSAPublicKey\fR" 4 -.IX Item "RSAPublicKey" -Represents a PKCS#1 \s-1RSA\s0 public key structure. .IP "\fBX509_ALGOR\fR" 4 .IX Item "X509_ALGOR" Represents an \fBAlgorithmIdentifier\fR structure as used in \s-1IETF RFC 6960\s0 and elsewhere. -.IP "\fBX509_Name\fR" 4 -.IX Item "X509_Name" +.IP "\fBX509_NAME\fR" 4 +.IX Item "X509_NAME" Represents a \fBName\fR type as used for subject and issuer names in \&\s-1IETF RFC 6960\s0 and elsewhere. .IP "\fBX509_REQ\fR" 4 @@ -264,16 +600,16 @@ Represents a PKCS#10 certificate request. Represents the \fBDigestInfo\fR structure defined in PKCS#1 and PKCS#7. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBd2i_TYPE()\fR, \fBd2i_TYPE_bio()\fR and \fBd2i_TYPE_fp()\fR return a valid \fB\s-1TYPE\s0\fR structure -or \fB\s-1NULL\s0\fR if an error occurs. If the \*(L"reuse\*(R" capability has been used with -a valid structure being passed in via \fBa\fR, then the object is freed in -the event of error and \fB*a\fR is set to \s-1NULL.\s0 +\&\fBd2i_\f(BI\s-1TYPE\s0\fB\fR(), \fBd2i_\f(BI\s-1TYPE\s0\fB_bio\fR() and \fBd2i_\f(BI\s-1TYPE\s0\fB_fp\fR() return a valid +\&\fB\f(BI\s-1TYPE\s0\fB\fR structure or \s-1NULL\s0 if an error occurs. If the \*(L"reuse\*(R" capability has +been used with a valid structure being passed in via \fIa\fR, then the object is +freed in the event of error and \fI*a\fR is set to \s-1NULL.\s0 .PP -\&\fBi2d_TYPE()\fR returns the number of bytes successfully encoded or a negative +\&\fBi2d_\f(BI\s-1TYPE\s0\fB\fR() returns the number of bytes successfully encoded or a negative value if an error occurs. .PP -\&\fBi2d_TYPE_bio()\fR and \fBi2d_TYPE_fp()\fR return 1 for success and 0 if an error -occurs. +\&\fBi2d_\f(BI\s-1TYPE\s0\fB_bio\fR() and \fBi2d_\f(BI\s-1TYPE\s0\fB_fp\fR() return 1 for success and 0 if an +error occurs. .SH "EXAMPLES" .IX Header "EXAMPLES" Allocate and encode the \s-1DER\s0 encoding of an X509 structure: @@ -335,12 +671,12 @@ mistake is to attempt to use a buffer directly as follows: \& OPENSSL_free(buf); .Ve .PP -This code will result in \fBbuf\fR apparently containing garbage because +This code will result in \fIbuf\fR apparently containing garbage because it was incremented after the call to point after the data just written. -Also \fBbuf\fR will no longer contain the pointer allocated by \fBOPENSSL_malloc()\fR +Also \fIbuf\fR will no longer contain the pointer allocated by \fBOPENSSL_malloc()\fR and the subsequent call to \fBOPENSSL_free()\fR is likely to crash. .PP -Another trap to avoid is misuse of the \fBa\fR argument to \fBd2i_TYPE()\fR: +Another trap to avoid is misuse of the \fIa\fR argument to \fBd2i_\f(BI\s-1TYPE\s0\fB\fR(): .PP .Vb 1 \& X509 *x; @@ -350,38 +686,38 @@ Another trap to avoid is misuse of the \fBa\fR argument to \fBd2i_TYPE()\fR: .Ve .PP This will probably crash somewhere in \fBd2i_X509()\fR. The reason for this -is that the variable \fBx\fR is uninitialized and an attempt will be made to +is that the variable \fIx\fR is uninitialized and an attempt will be made to interpret its (invalid) value as an \fBX509\fR structure, typically causing -a segmentation violation. If \fBx\fR is set to \s-1NULL\s0 first then this will not +a segmentation violation. If \fIx\fR is set to \s-1NULL\s0 first then this will not happen. .SH "BUGS" .IX Header "BUGS" -In some versions of OpenSSL the \*(L"reuse\*(R" behaviour of \fBd2i_TYPE()\fR when -\&\fB*a\fR is valid is broken and some parts of the reused structure may +In some versions of OpenSSL the \*(L"reuse\*(R" behaviour of \fBd2i_\f(BI\s-1TYPE\s0\fB\fR() when +\&\fI*a\fR is valid is broken and some parts of the reused structure may persist if they are not present in the new one. Additionally, in versions of OpenSSL prior to 1.1.0, when the \*(L"reuse\*(R" behaviour is used and an error occurs the behaviour is inconsistent. Some functions behaved as described here, while -some did not free \fB*a\fR on error and did not set \fB*a\fR to \s-1NULL.\s0 +some did not free \fI*a\fR on error and did not set \fI*a\fR to \s-1NULL.\s0 .PP As a result of the above issues the \*(L"reuse\*(R" behaviour is strongly discouraged. .PP -\&\fBi2d_TYPE()\fR will not return an error in many versions of OpenSSL, +\&\fBi2d_\f(BI\s-1TYPE\s0\fB\fR() will not return an error in many versions of OpenSSL, if mandatory fields are not initialized due to a programming error then the encoded structure may contain invalid data or omit the -fields entirely and will not be parsed by \fBd2i_TYPE()\fR. This may be -fixed in future so code should not assume that \fBi2d_TYPE()\fR will +fields entirely and will not be parsed by \fBd2i_\f(BI\s-1TYPE\s0\fB\fR(). This may be +fixed in future so code should not assume that \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() will always succeed. .PP -Any function which encodes a structure (\fBi2d_TYPE()\fR, -\&\fBi2d_TYPE()\fR or \fBi2d_TYPE()\fR) may return a stale encoding if the +Any function which encodes a structure (\fBi2d_\f(BI\s-1TYPE\s0\fB\fR(), +\&\fBi2d_\f(BI\s-1TYPE\s0\fB_bio\fR() or \fBi2d_\f(BI\s-1TYPE\s0\fB_fp\fR()) may return a stale encoding if the structure has been modified after deserialization or previous serialization. This is because some objects cache the encoding for efficiency reasons. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 1998\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 1998\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/i2d_CMS_bio_stream.3 b/secure/lib/libcrypto/man/man3/i2d_CMS_bio_stream.3 index d687e6ee5f2b..1219848ea3fd 100644 --- a/secure/lib/libcrypto/man/man3/i2d_CMS_bio_stream.3 +++ b/secure/lib/libcrypto/man/man3/i2d_CMS_bio_stream.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "I2D_CMS_BIO_STREAM 3" -.TH I2D_CMS_BIO_STREAM 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "I2D_CMS_BIO_STREAM 3ossl" +.TH I2D_CMS_BIO_STREAM 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -176,7 +174,7 @@ The \fBi2d_CMS_bio_stream()\fR function was added in OpenSSL 1.0.0. .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/i2d_PKCS7_bio_stream.3 b/secure/lib/libcrypto/man/man3/i2d_PKCS7_bio_stream.3 index 356a07cfc1f8..07f63661c368 100644 --- a/secure/lib/libcrypto/man/man3/i2d_PKCS7_bio_stream.3 +++ b/secure/lib/libcrypto/man/man3/i2d_PKCS7_bio_stream.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "I2D_PKCS7_BIO_STREAM 3" -.TH I2D_PKCS7_BIO_STREAM 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "I2D_PKCS7_BIO_STREAM 3ossl" +.TH I2D_PKCS7_BIO_STREAM 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -176,7 +174,7 @@ The \fBi2d_PKCS7_bio_stream()\fR function was added in OpenSSL 1.0.0. .IX Header "COPYRIGHT" Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/i2d_re_X509_tbs.3 b/secure/lib/libcrypto/man/man3/i2d_re_X509_tbs.3 index f1538cbc9fc1..d11f56af6920 100644 --- a/secure/lib/libcrypto/man/man3/i2d_re_X509_tbs.3 +++ b/secure/lib/libcrypto/man/man3/i2d_re_X509_tbs.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,21 +130,23 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "I2D_RE_X509_TBS 3" -.TH I2D_RE_X509_TBS 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "I2D_RE_X509_TBS 3ossl" +.TH I2D_RE_X509_TBS 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -d2i_X509_AUX, i2d_X509_AUX, i2d_re_X509_tbs, i2d_re_X509_CRL_tbs, i2d_re_X509_REQ_tbs \&\- X509 encode and decode functions +d2i_X509_AUX, i2d_X509_AUX, +i2d_re_X509_tbs, i2d_re_X509_CRL_tbs, i2d_re_X509_REQ_tbs +\&\- X509 encode and decode functions .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/x509.h> \& \& X509 *d2i_X509_AUX(X509 **px, const unsigned char **in, long len); -\& int i2d_X509_AUX(X509 *x, unsigned char **out); +\& int i2d_X509_AUX(const X509 *x, unsigned char **out); \& int i2d_re_X509_tbs(X509 *x, unsigned char **out); \& int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp); \& int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); @@ -189,7 +189,7 @@ TBSCertificate portion of the \fBX509\fR can be manually renewed by calling \&\fBi2d_X509_AUX()\fR returns the length of encoded data or \-1 on error. .PP \&\fBi2d_re_X509_tbs()\fR, \fBi2d_re_X509_CRL_tbs()\fR and \fBi2d_re_X509_REQ_tbs()\fR return the -length of encoded data or 0 on error. +length of encoded data or <=0 on error. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBERR_get_error\fR\|(3) @@ -210,9 +210,9 @@ length of encoded data or 0 on error. \&\fBX509_verify_cert\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/o2i_SCT_LIST.3 b/secure/lib/libcrypto/man/man3/o2i_SCT_LIST.3 index 11314af957dd..9014a09df279 100644 --- a/secure/lib/libcrypto/man/man3/o2i_SCT_LIST.3 +++ b/secure/lib/libcrypto/man/man3/o2i_SCT_LIST.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,15 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "O2I_SCT_LIST 3" -.TH O2I_SCT_LIST 3 "2022-07-05" "1.1.1q" "OpenSSL" +.IX Title "O2I_SCT_LIST 3ossl" +.TH O2I_SCT_LIST 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -o2i_SCT_LIST, i2o_SCT_LIST, o2i_SCT, i2o_SCT \- decode and encode Signed Certificate Timestamp lists in TLS wire format +o2i_SCT_LIST, i2o_SCT_LIST, o2i_SCT, i2o_SCT \- +decode and encode Signed Certificate Timestamp lists in TLS wire format .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -155,12 +154,12 @@ o2i_SCT_LIST, i2o_SCT_LIST, o2i_SCT, i2o_SCT \- decode and encode Signed Certifi .IX Header "DESCRIPTION" The \s-1SCT_LIST\s0 and \s-1SCT\s0 functions are very similar to the i2d and d2i family of functions, except that they convert to and from \s-1TLS\s0 wire format, as described in -\&\s-1RFC 6962.\s0 See d2i_SCT_LIST for more information about how the parameters are +\&\s-1RFC 6962.\s0 See \fBd2i_SCT_LIST\fR\|(3) for more information about how the parameters are treated and the return values. .SH "RETURN VALUES" .IX Header "RETURN VALUES" All of the functions have return values consistent with those stated for -d2i_SCT_LIST and i2d_SCT_LIST. +\&\fBd2i_SCT_LIST\fR\|(3) and \fBi2d_SCT_LIST\fR\|(3). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBct\fR\|(7), @@ -173,7 +172,7 @@ These functions were added in OpenSSL 1.1.0. .IX Header "COPYRIGHT" Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. diff --git a/secure/lib/libcrypto/man/man3/s2i_ASN1_IA5STRING.3 b/secure/lib/libcrypto/man/man3/s2i_ASN1_IA5STRING.3 new file mode 100644 index 000000000000..85d9473dc81b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/s2i_ASN1_IA5STRING.3 @@ -0,0 +1,228 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "S2I_ASN1_IA5STRING 3ossl" +.TH S2I_ASN1_IA5STRING 3ossl "2023-09-19" "3.0.11" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +i2s_ASN1_IA5STRING, +s2i_ASN1_IA5STRING, +i2s_ASN1_INTEGER, +s2i_ASN1_INTEGER, +i2s_ASN1_OCTET_STRING, +s2i_ASN1_OCTET_STRING, +i2s_ASN1_ENUMERATED, +i2s_ASN1_ENUMERATED_TABLE, +i2s_ASN1_UTF8STRING, +s2i_ASN1_UTF8STRING +\&\- convert objects from/to ASN.1/string representation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509v3.h> +\& +\& char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); +\& ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, +\& X509V3_CTX *ctx, const char *str); +\& char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, const ASN1_INTEGER *a); +\& ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value); +\& char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, +\& const ASN1_OCTET_STRING *oct); +\& ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, +\& X509V3_CTX *ctx, const char *str); +\& char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, const ASN1_ENUMERATED *a); +\& char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, +\& const ASN1_ENUMERATED *e); +\& +\& char *i2s_ASN1_UTF8STRING(X509V3_EXT_METHOD *method, +\& ASN1_UTF8STRING *utf8); +\& ASN1_UTF8STRING *s2i_ASN1_UTF8STRING(X509V3_EXT_METHOD *method, +\& X509V3_CTX *ctx, const char *str); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions convert OpenSSL objects to and from their \s-1ASN\s0.1/string +representation. This function is used for \fBX509v3\fR extensions. +.SH "NOTES" +.IX Header "NOTES" +The letters \fBi\fR and \fBs\fR in \fBi2s\fR and \fBs2i\fR stand for +\&\*(L"internal\*(R" (that is, an internal C structure) and string respectively. +So \fBi2s_ASN1_IA5STRING\fR() converts from internal to string. +.PP +It is the caller's responsibility to free the returned string. +In the \fBi2s_ASN1_IA5STRING\fR() function the string is copied and +the ownership of the original string remains with the caller. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBi2s_ASN1_IA5STRING\fR() returns the pointer to a \s-1IA5\s0 string +or \s-1NULL\s0 if an error occurs. +.PP +\&\fBs2i_ASN1_IA5STRING\fR() return a valid +\&\fB\s-1ASN1_IA5STRING\s0\fR structure or \s-1NULL\s0 if an error occurs. +.PP +\&\fBi2s_ASN1_INTEGER\fR() return a valid +string or \s-1NULL\s0 if an error occurs. +.PP +\&\fBs2i_ASN1_INTEGER\fR() returns the pointer to a \fB\s-1ASN1_INTEGER\s0\fR +structure or \s-1NULL\s0 if an error occurs. +.PP +\&\fBi2s_ASN1_OCTET_STRING\fR() returns the pointer to a \s-1OCTET_STRING\s0 string +or \s-1NULL\s0 if an error occurs. +.PP +\&\fBs2i_ASN1_OCTET_STRING\fR() return a valid +\&\fB\s-1ASN1_OCTET_STRING\s0\fR structure or \s-1NULL\s0 if an error occurs. +.PP +\&\fBi2s_ASN1_ENUMERATED\fR() return a valid +string or \s-1NULL\s0 if an error occurs. +.PP +\&\fBs2i_ASN1_ENUMERATED\fR() returns the pointer to a \fB\s-1ASN1_ENUMERATED\s0\fR +structure or \s-1NULL\s0 if an error occurs. +.PP +\&\fBs2i_ASN1_UTF8STRING\fR() return a valid +\&\fB\s-1ASN1_UTF8STRING\s0\fR structure or \s-1NULL\s0 if an error occurs. +.PP +\&\fBi2s_ASN1_UTF8STRING\fR() returns the pointer to a \s-1UTF\-8\s0 string +or \s-1NULL\s0 if an error occurs. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBi2s_ASN1_UTF8STRING()\fR and \fBs2i_ASN1_UTF8STRING()\fR were made public in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020\-2021 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. |